diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f09161f
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+midpoint-dist.tar.gz
+tmp
+demo/complex/tmp
+demo/complex2/tmp
+
diff --git a/Dockerfile b/Dockerfile
index 94bcac4..c9ea017 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@
# Building assumes midpoint-dist.tar.gz is present in the current directory.
#
-FROM tier/shibboleth_sp
+FROM tier/shibboleth_sp:3.0.4_03122019
MAINTAINER info@evolveum.com
@@ -10,7 +10,7 @@ RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems
RUN curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo
RUN yum -y update
RUN yum -y install \
- zulu-8 \
+ zulu-11 \
cron \
supervisor \
libcurl \
@@ -47,7 +47,7 @@ RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
# Build arguments
-ARG MP_VERSION=4.0
+ARG MP_VERSION=4.0.1
ARG MP_DIST_FILE=midpoint-dist.tar.gz
ENV MP_DIR /opt/midpoint
@@ -60,7 +60,9 @@ COPY container_files/mp-dir/ ${MP_DIR}/
RUN echo 'Extracting midPoint archive...' \
&& tar xzf ${MP_DIR}/${MP_DIST_FILE} -C ${MP_DIR} --strip-components=1
-VOLUME ${MP_DIR}/var
+# Disabled because of wider compatibility issues (e.g. AWS)
+# TODO: consider all the consequences
+#VOLUME ${MP_DIR}/var
# Repository parameters
diff --git a/Jenkinsfile b/Jenkinsfile
index 2021ac0..ef55f92 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -61,7 +61,7 @@ pipeline {
sh '(cd demo/simple ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
sh '(cd demo/shibboleth ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
sh '(cd demo/postgresql ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
- sh '(cd demo/complex ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
+ //sh '(cd demo/complex ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
} catch (error) {
def error_details = readFile('./debug')
def message = "BUILD ERROR: There was a problem testing ${imagename}:${tag}. \n\n ${error_details}"
diff --git a/container_files/usr-local-bin/start-httpd.sh b/container_files/usr-local-bin/start-httpd.sh
index 7d002cd..29827f8 100755
--- a/container_files/usr-local-bin/start-httpd.sh
+++ b/container_files/usr-local-bin/start-httpd.sh
@@ -21,7 +21,8 @@ case $AUTHENTICATION in
echo "*** Starting httpd WITH Shibboleth support"
set -e
rm -f /etc/httpd/logs/httpd.pid
- (/usr/sbin/shibd) & httpd -DFOREGROUND
+ export LD_LIBRARY_PATH=/opt/shibboleth/lib64:$LD_LIBRARY_PATH
+ (/usr/sbin/shibd -f) & httpd -DFOREGROUND
;;
internal)
echo "*** Starting httpd WITHOUT Shibboleth support"
diff --git a/demo/complex/.env b/demo/complex/.env
deleted file mode 100644
index 75949b1..0000000
--- a/demo/complex/.env
+++ /dev/null
@@ -1,14 +0,0 @@
-AUTHENTICATION=internal
-ENV=demo
-REPO_DATABASE_TYPE=mariadb
-REPO_JDBC_URL=default
-REPO_HOST=midpoint_data
-REPO_PORT=default
-REPO_DATABASE=registry
-REPO_USER=registry_user
-REPO_MISSING_SCHEMA_ACTION=create
-REPO_UPGRADEABLE_SCHEMA_ACTION=stop
-MP_MEM_MAX=2048m
-MP_MEM_INIT=1024m
-SSO_HEADER=uid
-TIMEZONE=UTC
diff --git a/demo/complex/README.md b/demo/complex/README.md
deleted file mode 100644
index 9b7f0f6..0000000
--- a/demo/complex/README.md
+++ /dev/null
@@ -1,9 +0,0 @@
-This is a demonstration of using midPoint dockerization for TIER environment in a broader context. It is a work in progress.
-
-# Building and execution
-```
-$ ../../build.sh
-$ docker-compose up --build
-```
-
-Please see a detailed description [here](https://spaces.at.internet2.edu/display/MID/Complex+midPoint+integration+demo).
diff --git a/demo/complex/add-ref-groups.gsh b/demo/complex/add-ref-groups.gsh
deleted file mode 100644
index 679910c..0000000
--- a/demo/complex/add-ref-groups.gsh
+++ /dev/null
@@ -1,23 +0,0 @@
-
-def addGroups(gs,stem) {
- def supergroup = GroupFinder.findByName(gs, "etc:midpointGroups", true)
- for (group in stem.childGroups) {
- if (!group.name.endsWith('_includes') &&
- !group.name.endsWith('_excludes') &&
- !group.name.endsWith('_systemOfRecord') &&
- !group.name.endsWith('_systemOfRecordAndIncludes')) {
- println 'Adding: ' + group
- def s = SubjectFinder.findById(group.getId(), 'group', 'g:gsa')
- supergroup.addMember(s, false)
- } else {
- println 'Ignoring: ' + group
- }
- }
-}
-
-gs = GrouperSession.startRootSession()
-
-addGroups(gs, StemFinder.findByName(gs, 'ref:affiliation'))
-addGroups(gs, StemFinder.findByName(gs, 'ref:dept'))
-addGroups(gs, StemFinder.findByName(gs, 'ref:course'))
-
diff --git a/demo/complex/add-ref-groups.sh b/demo/complex/add-ref-groups.sh
deleted file mode 100755
index 735b5ae..0000000
--- a/demo/complex/add-ref-groups.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-docker cp add-ref-groups.gsh complex_grouper_daemon_1:/tmp/
-docker exec complex_grouper_daemon_1 bash -c "/opt/grouper/grouper.apiBinary/bin/gsh /tmp/add-ref-groups.gsh"
diff --git a/demo/complex/after-installation.sh b/demo/complex/after-installation.sh
deleted file mode 100755
index 68582e3..0000000
--- a/demo/complex/after-installation.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-
-B='\033[1;33m'
-N='\033[0m'
-
-echo -e "${B} * Uploading objects...${N}"
-$(dirname "$0")/upload-objects.sh
-
-echo -e "${B} * Testing LDAP and SQL resources...${N}"
-$(dirname "$0")/test-resources-1.sh
-
-echo -e "${B} * Recomputing Grouper admin group and user object...${N}"
-$(dirname "$0")/recompute.sh
-
-echo -e "${B} * Waiting 120 seconds for changes to propagate to Grouper...${N}"
-sleep 120
-
-echo -e "${B} * Testing Grouper resource...${N}"
-$(dirname "$0")/test-resource-grouper.sh
-
-echo -e "${B} * Done${N}"
diff --git a/demo/complex/configs-and-secrets/grouper/application/database_password.txt b/demo/complex/configs-and-secrets/grouper/application/database_password.txt
deleted file mode 100644
index e69de29..0000000
diff --git a/demo/complex/configs-and-secrets/grouper/application/grouper-loader.properties b/demo/complex/configs-and-secrets/grouper/application/grouper-loader.properties
deleted file mode 100644
index 777376c..0000000
--- a/demo/complex/configs-and-secrets/grouper/application/grouper-loader.properties
+++ /dev/null
@@ -1,64 +0,0 @@
-#################################
-## LDAP connections
-#################################
-# specify the ldap connection with user, pass, url
-# the string after "ldap." is the ID of the connection, and it should not have
-# spaces or other special chars in it. In this case is it "personLdap"
-
-#note the URL should start with ldap: or ldaps: if it is SSL.
-#It should contain the server and port (optional if not default), and baseDn,
-#e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu
-ldap.demo.url = ldap://directory:389/dc=internet2,dc=edu
-
-#optional, if authenticated
-ldap.demo.user = cn=admin,dc=internet2,dc=edu
-#ldap.demo.user = cn=admin
-
-#optional, if authenticated note the password can be stored encrypted in an external file
-#ldap.demo.pass = ${java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD')}
-ldap.demo.pass = password
-
-#optional, if you are using tls, set this to true. Generally you will not be using an SSL URL to use TLS...
-ldap.demo.tls = false
-
-#optional, if using sasl
-#ldap.personLdap.saslAuthorizationId =
-#ldap.personLdap.saslRealm =
-
-#optional (note, time limit is for search operations, timeout is for connection timeouts),
-#most of these default to vt-ldap defaults. times are in millis
-#validateOnCheckout defaults to true if all other validate methods are false
-#ldap.personLdap.batchSize =
-#ldap.personLdap.countLimit =
-#ldap.personLdap.timeLimit =
-#ldap.personLdap.timeout =
-#ldap.personLdap.minPoolSize =
-#ldap.personLdap.maxPoolSize =
-#ldap.personLdap.validateOnCheckIn =
-#ldap.personLdap.validateOnCheckOut =
-#ldap.personLdap.validatePeriodically =
-#ldap.personLdap.validateTimerPeriod =
-#ldap.personLdap.pruneTimerPeriod =
-#if connections expire after a certain amount of time, this is it, in millis, defaults to 300000 (5 minutes)
-#ldap.personLdap.expirationTime =
-
-#make the paths fully qualified and not relative to the loader group.
-loader.ldap.requireTopStemAsStemFromConfigGroup=false
-
-#####################################
-## Messaging integration with change log
-#####################################
-changeLog.consumer.rabbitMqMessagingSample.quartzCron = 0 * * * * ?
-
-# note, change "messagingSample" in key to be the name of the consumer. e.g. changeLog.consumer.someNameAnyName.class
-changeLog.consumer.rabbitMqMessagingSample.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
-
-changeLog.consumer.rabbitMqMessagingSample.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher
-changeLog.consumer.rabbitMqMessagingSample.publisher.messagingSystemName = rabbitmq
-# note, routingKey property is valid only for rabbitmq. For other messaging systems, it is ignored.
-changeLog.consumer.rabbitMqMessagingSample.publisher.routingKey =
-## queue or topic
-changeLog.consumer.rabbitMqMessagingSample.publisher.messageQueueType = queue
-changeLog.consumer.rabbitMqMessagingSample.publisher.queueOrTopicName = sampleQueue
-## this is optional if not using "id" for subjectId, need to be a subject attribute in the sources.xml
-#changeLog.consumer.rabbitMqMessagingSample.publisher.addSubjectAttributes = email
diff --git a/demo/complex/configs-and-secrets/grouper/application/grouper.client.properties b/demo/complex/configs-and-secrets/grouper/application/grouper.client.properties
deleted file mode 100644
index d25ad96..0000000
--- a/demo/complex/configs-and-secrets/grouper/application/grouper.client.properties
+++ /dev/null
@@ -1,112 +0,0 @@
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# Grouper client configuration
-# $Id: grouper.client.example.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $
-#
-
-# The grouper client uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from grouper.client.base.properties
-# (which should not be edited), and the grouper.client.properties overlays
-# the base settings. See the grouper.client.base.properties for the possible
-# settings that can be applied to the grouper.client.properties
-
-########################################
-## LDAP connection settings
-########################################
-
-# url of directory, including the base DN (distinguished name)
-# e.g. ldap://server.school.edu/dc=school,dc=edu
-# e.g. ldaps://server.school.edu/dc=school,dc=edu
-grouperClient.ldap.url =
-
-# kerberos principal used to connect to ldap
-grouperClient.ldap.login =
-
-# password for shared secret authentication to ldap
-# or you can put a filename with an encrypted password
-grouperClient.ldap.password =
-
-########################################
-## Web service Connection settings
-########################################
-
-# url of web service, should include everything up to the first resource to access
-# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
-# e.g. https://groups.school.edu/grouper-ws/servicesRest
-grouperClient.webService.url = https://grouper_ws/grouper-ws/servicesRest
-
-# kerberos principal used to connect to web service
-grouperClient.webService.login = banderson
-
-# password for shared secret authentication to web service
-# or you can put a filename with an encrypted password
-grouperClient.webService.password.elConfig = ${java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD') }
-
-
-################################
-## Grouper Messaging System
-################################
-
-# name of messaging system which is the default
-grouper.messaging.default.name.of.messaging.system = rabbitmq
-
-# name of a messaging system. note, "grouperBuiltinMessaging" can be arbitrary
-# grouper.messaging.system.grouperBuiltinMessaging.name = grouperBuiltinMessaging
-
-# class that implements edu.internet2.middleware.grouperClient.messaging.GrouperMessagingSystem
-# grouper.messaging.system.grouperBuiltinMessaging.class = edu.internet2.middleware.grouper.messaging.GrouperBuiltinMessagingSystem
-
-# name of a messaging system. note, "grouperBuiltinMessaging" can be arbitrary
-grouper.messaging.system.rabbitmqSystem.name = rabbitmqSystem
-
-# class that implements edu.internet2.middleware.grouperClient.messaging.GrouperMessagingSystem
-grouper.messaging.system.rabbitmqSystem.class = edu.internet2.middleware.grouperMessagingRabbitmq.GrouperMessagingRabbitmqSystem
-
-# host address of rabbitmq queue
-grouper.messaging.system.rabbitmqSystem.host = mq
-
-# virtual host of rabbitmq queue
-grouper.messaging.system.rabbitmqSystem.virtualhost =
-
-# port of rabbitmq queue
-grouper.messaging.system.rabbitmqSystem.port =
-
-grouper.messaging.system.rabbitmqSystem.defaultPageSize = 10
-
-grouper.messaging.system.rabbitmqSystem.maxPageSize = 50
-
-
-# name of a messaging system, required
-grouper.messaging.system.rabbitmq.name = rabbitmq
-
-# default system settings to this messaging system, note, there is only one level of inheritance
-grouper.messaging.system.rabbitmq.defaultSystemName = rabbitmqSystem
-
-grouper.messaging.system.rabbitmq.user = guest
-
-#pass
-grouper.messaging.system.rabbitmq.password.elConfig = ${java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('RABBITMQ_PASSWORD') }
-# set the following three properties if you want to use TLS connection to rabbitmq. All three need to be populated.
-# TLS Version
-#grouper.messaging.system.rabbitmqSystem.tlsVersion = TLSv1.1
-
-# path to trust store file
-#grouper.messaging.system.rabbitmqSystem.pathToTrustStore =
-
-# trust passphrase
-#grouper.messaging.system.rabbitmqSystem.trustPassphrase =
diff --git a/demo/complex/configs-and-secrets/grouper/application/grouper.hibernate.properties b/demo/complex/configs-and-secrets/grouper/application/grouper.hibernate.properties
deleted file mode 100644
index deb0d75..0000000
--- a/demo/complex/configs-and-secrets/grouper/application/grouper.hibernate.properties
+++ /dev/null
@@ -1,29 +0,0 @@
-#
-# Grouper Hibernate Configuration
-# $Id: grouper.hibernate.example.properties,v 1.9 2009-08-11 20:18:09 mchyzer Exp $
-#
-
-# The grouper hibernate config uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from grouper.hibernate.base.properties
-# (which should not be edited), and the grouper.hibernate.properties overlays
-# the base settings. See the grouper.hibernate.base.properties for the possible
-# settings that can be applied to the grouper.hibernate.properties
-
-########################################
-## DB settings
-########################################
-
-# e.g. mysql: jdbc:mysql://localhost:3306/grouper
-# e.g. p6spy (log sql): [use the URL that your DB requires]
-# e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid
-# e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true
-# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper
-# e.g. postgres: jdbc:postgresql://localhost:5432/database
-# e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper
-hibernate.connection.url = jdbc:mysql://grouper_data:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8
-
-hibernate.connection.username = root
-# If you are using an empty password, depending upon your version of
-# Java and Ant you may need to specify a password of "".
-# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122
-hibernate.connection.password.elConfig = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') }
diff --git a/demo/complex/configs-and-secrets/grouper/application/grouper.properties b/demo/complex/configs-and-secrets/grouper/application/grouper.properties
deleted file mode 100644
index c931287..0000000
--- a/demo/complex/configs-and-secrets/grouper/application/grouper.properties
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Grouper Configuration
-# $Id: grouper.example.properties,v 1.48 2009-12-16 06:02:30 mchyzer Exp $
-#
-
-# Grouper uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from grouper.base.properties
-# (which should not be edited), and the grouper.properties overlays
-# the base settings. See the grouper.base.properties for the possible
-# settings that can be applied to the grouper.properties
-
-#if groups like the wheel group should be auto-created for convenience (note: check config needs to be on)
-configuration.autocreate.system.groups = true
-
-# A wheel group allows you to enable non-GrouperSystem subjects to act
-# like a root user when interacting with the registry.
-groups.wheel.use = true
-
-# Set to the name of the group you want to treat as the wheel group.
-# The members of this group will be treated as root-like users.
-groups.wheel.group = etc:sysadmingroup
-
-# Used to allow Include Exclude groups
-grouperIncludeExclude.use = true
-grouperIncludeExclude.requireGroups.use = true
diff --git a/demo/complex/configs-and-secrets/grouper/application/rabbitmq_password.txt b/demo/complex/configs-and-secrets/grouper/application/rabbitmq_password.txt
deleted file mode 100644
index 158f675..0000000
--- a/demo/complex/configs-and-secrets/grouper/application/rabbitmq_password.txt
+++ /dev/null
@@ -1 +0,0 @@
-guest
\ No newline at end of file
diff --git a/demo/complex/configs-and-secrets/grouper/application/subject.properties b/demo/complex/configs-and-secrets/grouper/application/subject.properties
deleted file mode 100644
index 577db03..0000000
--- a/demo/complex/configs-and-secrets/grouper/application/subject.properties
+++ /dev/null
@@ -1,78 +0,0 @@
-#subject.sources.xml.location =
-
-subjectApi.source.ldap.param.ldapServerId.value = demo
-
-subjectApi.source.ldap.id = ldap
-subjectApi.source.ldap.name = EDU Ldap
-subjectApi.source.ldap.types = person
-subjectApi.source.ldap.adapterClass = edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter
-#subjectApi.source.ldap.param.INITIAL_CONTEXT_FACTORY.value = com.sun.jndi.ldap.LdapCtxFactory
-#subjectApi.source.ldap.param.PROVIDER_URL.value = ldap://directory:389
-#subjectApi.source.ldap.param.SECURITY_AUTHENTICATION.value = simple
-#subjectApi.source.ldap.param.SECURITY_PRINCIPAL.value = cn=admin,dc=internet2,dc=edu
-#subjectApi.source.ldap.param.SECURITY_CREDENTIALS.value.elConfig = ${java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD')}
-#subjectApi.source.ldap.param.VTLDAP_VALIDATOR.value = ConnectLdapValidator
-
-subjectApi.source.ldap.param.SubjectID_AttributeType.value = uid
-subjectApi.source.ldap.param.SubjectID_formatToLowerCase.value = false
-subjectApi.source.ldap.param.Name_AttributeType.value = cn
-subjectApi.source.ldap.param.Description_AttributeType.value = cn
-subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value = ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")}
-subjectApi.source.ldap.param.sortAttribute0.value = cn
-subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0
-
-# STATUS SECTION for searches to filter out inactives and allow
-# the user to filter by status with e.g. status=all
-# this is optional, and advanced
-#
-# field in database or ldap or endpoint that is the status field
-#subjectApi.source.example.param.statusDatastoreFieldName.value = status
-
-# search string from user which represents the status. e.g. status=active
-#subjectApi.source.example.param.statusLabel.value = status
-
-# available statuses from screen (if not specified, any will be allowed). comma separated list.
-# Note, this is optional and you probably dont want to configure it, it is mostly necessary
-# when you have multiple sources with statuses... if someone types an invalid status
-# and you have this configured, it will not filter by it
-#subjectApi.source.example.param.statusesFromUser.value = Active, Inactive, Pending, All
-
-# all label from the user
-#subjectApi.source.example.param.statusAllFromUser.value = All
-
-# if no status is specified, this will be used (e.g. for active only). Note, the value should be of the
-# form the user would type in
-#subjectApi.source.example.param.statusSearchDefault.value = status=active
-
-# translate between screen values of status, and the data store value. Increment the 0 to 1, 2, etc for more translations.
-# so the user could enter: status=active, and that could translate to status_col=A. The 'user' is what the user types in,
-# the 'datastore' is what is in the datastore. The user part is not case-sensitive. Note, this could be a many to one
-#subjectApi.source.example.param.statusTranslateUser0.value = active
-#subjectApi.source.example.param.statusTranslateDatastore0.value = A
-
-# subject identifier to store in grouper's member table. this is used to increase speed of loader and perhaps for provisioning
-# you can have up to max 1 subject identifier
-#subjectApi.source.example.param.subjectIdentifierAttribute0.value = uid
-
-#searchSubject: find a subject by ID. ID is generally an opaque and permanent identifier, e.g. 12345678.
-# Each subject has one and only on ID. Returns one result when searching for one ID.
-subjectApi.source.ldap.search.searchSubject.param.filter.value = (&(uid=%TERM%)(objectclass=person))
-subjectApi.source.ldap.search.searchSubject.param.scope.value = SUBTREE_SCOPE
-subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people
-
-#searchSubjectByIdentifier: find a subject by identifier. Identifier is anything that uniquely
-# identifies the user, e.g. jsmith or jsmith@institution.edu.
-# Subjects can have multiple identifiers. Note: it is nice to have if identifiers are unique
-# even across sources. Returns one result when searching for one identifier.
-subjectApi.source.ldap.search.searchSubjectByIdentifier.param.filter.value = (&(|(uid=%TERM%)(employeeNumber=%TERM%))(objectclass=person))
-subjectApi.source.ldap.search.searchSubjectByIdentifier.param.scope.value = SUBTREE_SCOPE
-subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value = ou=people
-
-# search: find subjects by free form search. Returns multiple results.
-
-subjectApi.source.ldap.search.search.param.filter.value = (&(|(|(uid=%TERM%)(cn=*%TERM%*))(uid=%TERM%*))(objectclass=person))
-subjectApi.source.ldap.search.search.param.scope.value = SUBTREE_SCOPE
-subjectApi.source.ldap.search.search.param.base.value = ou=people
-
-subjectApi.source.ldap.attributes = givenName, sn, uid, mail, employeeNumber
-subjectApi.source.ldap.internalAttributes = searchAttribute0
diff --git a/demo/complex/configs-and-secrets/grouper/httpd/cachain-cer.pem b/demo/complex/configs-and-secrets/grouper/httpd/cachain-cer.pem
deleted file mode 100644
index e69de29..0000000
diff --git a/demo/complex/configs-and-secrets/grouper/httpd/host-cert.pem b/demo/complex/configs-and-secrets/grouper/httpd/host-cert.pem
deleted file mode 100644
index 9cc228a..0000000
--- a/demo/complex/configs-and-secrets/grouper/httpd/host-cert.pem
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDPDCCAiQCCQDNZe8r0hVtuTANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
-ZXJuZXQyL1RJRVIxFzAVBgNVBAMMDnNwLmV4YW1wbGUub3JnMB4XDTE3MDkyMjE5
-NTAzNVoXDTI3MDkyMDE5NTAzNVowYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1J
-MRIwEAYDVQQHDAlBbm4gQXJib3IxFzAVBgNVBAoMDkludGVybmV0Mi9USUVSMRcw
-FQYDVQQDDA5zcC5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAMTNJmsNpTpR4NrDJwOgK/o3UYlNdi1c6xBflt+liLAsQc160QReV4dS
-SGK8LZvN58a/BTIsH8dLhQlUQ8qQUY2AfolVrNxb7Waumeh/POzYUTRylnoGpU3W
-bGMEPxE/AdgP5U/adYvyu4XI5epv7wjZJOTqcVag15SalY+aso+ZC/5l+UzRxmWB
-ZxKTsSL1y7PFehY4/Zl3Y3oGVsVl/zspt5lteoZQeeVxUX29S3Af11yHY4xpEp+7
-rvAzY/nlsTiHAsUoCFK/NFQ2evvSRx52B9Fk1cWP1MDVDm2QjQqD9xBGYSnX6bhQ
-ejVx7JUJHlblu2Q5p5XdW0BihgFluoECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
-n/qhYnIviPs4tglCdrw+M7gbqKNWadDC3F9HDYzlJMFeS/ae2turhEUgQPbYPDQQ
-eO3oOILtvCXNFUPM58jf8V5YFRrOqrTgx44kexQDaHO5YYNft5tF5TdvBYE2gOVr
-GdYrH2iSP8WX+Yy7JH5uqkfwWzEntWHJdey39rCWKAUCCB35+/2b4N53Qmlv2+ug
-CpNJYFtXInd4YMmM5HjXLyoWXtjnKiwDqYUCeYPSwAajnCqRqRXUX0gYTFDRiwRP
-HbmO9We0nqoc/71nikmGGoSRMO/zWVMFjwmAx1fGiWdU61sjGX8sHifzmVyJVEBI
-Z75p+JrWYZJYrx/vpWxL8g==
------END CERTIFICATE-----
diff --git a/demo/complex/configs-and-secrets/grouper/httpd/host-key.pem b/demo/complex/configs-and-secrets/grouper/httpd/host-key.pem
deleted file mode 100644
index 1b0b579..0000000
--- a/demo/complex/configs-and-secrets/grouper/httpd/host-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEzSZrDaU6UeDa
-wycDoCv6N1GJTXYtXOsQX5bfpYiwLEHNetEEXleHUkhivC2bzefGvwUyLB/HS4UJ
-VEPKkFGNgH6JVazcW+1mrpnofzzs2FE0cpZ6BqVN1mxjBD8RPwHYD+VP2nWL8ruF
-yOXqb+8I2STk6nFWoNeUmpWPmrKPmQv+ZflM0cZlgWcSk7Ei9cuzxXoWOP2Zd2N6
-BlbFZf87KbeZbXqGUHnlcVF9vUtwH9dch2OMaRKfu67wM2P55bE4hwLFKAhSvzRU
-Nnr70kcedgfRZNXFj9TA1Q5tkI0Kg/cQRmEp1+m4UHo1ceyVCR5W5btkOaeV3VtA
-YoYBZbqBAgMBAAECggEAA/5t0ypZug9DUu0283niqpdIzlKGHXGPS6vE8hD37ytW
-wobFiyMm/5YJ5gcPnePV2lCyGEyQ8Ih10LSnE4tOPGLpLnxQn8A11ymf8fnzEJNr
-Qnc42o0b+bJqTLAfX4g5z1qzOqWiUQ7CA3sKP3G6FiHh/8tKNYnaFif09Q8cpJFb
-YDDkvm48NJgsrIoCgmaFIQIn+yDzGQKWwTNMIks+RByWpc67j1x1kiyQM1RfrEev
-Yyq/ZkP66IYZzmZKpFCWGs5qbRZdxyXNpq85DjwA99lAH7vxtMJHQM4z1h1eDH4L
-Ma5hEnmmHu4D5lF2GDQYflvuFdDGH5tThO6MV0IrSQKBgQD+kvEtNxJCMxLOVFyV
-NWF3pk/i2nkD+53t/VPXjMPtW7IesouEGzU82I/fT2wUTkNwFdkVpv37qoLypKZm
-npJFxr6abQNjiDh2Fsh8/iuJfvdZUFJbCEY6NS58qgjix8XCQKRD06EugK7uekIZ
-zJnttF3qVBBD8Z8Uwxz8i+jF1wKBgQDF51y/5XB6Bz47cdxw7P8NsfnTz2V3H0HU
-OnlEBANbhmBadjU8dqbM54Nxbn7VOdooXPuSnAKJ9vPDg1n5Y/GO+lgldNzfyK6g
-HnbldSu0zBvAaGvmAjLjetEtOkBqYkrHJlT6JAems/Kc/YX5uooAz9/jNJFXP9++
-KbjH3CzHZwKBgQC6ppxEDZPKi83nD/2NvMTIyFzcNFj0LaEepFW7vc7NkiSn0zrt
-0lEXWqUqEv5oaPWTEcHH2VdxFRTLuSL0LKGMnWqUqQcKDA9xrcSzuFvNhRTwHC81
-5XwwI1wBNV4sgFKj2WdW/6y2/szDt0oNxnC50zvkmlwOpPKBc4kmNaKmowKBgBmC
-uXIDIXyZcmw3QTNNWZNqXcnv8iRo4xN4dilOWyBxMfp3QmWI5feD4G2+0Jqr2nNZ
-iRRdB/bA3qtVQ0PinkDQBIzPg6lVNS1uv+TUNc4YgXtL+pyrq+Om8U/jMmqEQR9q
-0YltG49houSZyatnYGK6aSHgpNuaYD0jI66fsyYBAoGAMefyD0I/ncArjuf58hVQ
-zSjxfcvlja9okrC8ZgqsVluezcm4rQNcSjBnESGTCjJC7O29AofGLHkvnsBQDiGk
-hE38IRisd+okXdApr41ifWDhmtASud5q6wlhOpMmQxg+OALf1rTvFYhbnFEXV/KY
-e5A4iXLRIbxbmXZDa35Rebw=
------END PRIVATE KEY-----
diff --git a/demo/complex/configs-and-secrets/grouper/shibboleth/idp-metadata.xml b/demo/complex/configs-and-secrets/grouper/shibboleth/idp-metadata.xml
deleted file mode 100644
index 4fa67a7..0000000
--- a/demo/complex/configs-and-secrets/grouper/shibboleth/idp-metadata.xml
+++ /dev/null
@@ -1,207 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- This is example metadata only. Do *NOT* supply it as is without review,
- and do *NOT* provide it in real time to your partners.
-
- This metadata is not dynamic - it will not change as your configuration changes.
--->
-<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://idptestbed/idp/shibboleth">
-
- <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-
- <Extensions>
- <shibmd:Scope regexp="false">example.org</shibmd:Scope>
-<!--
- Fill in the details for your IdP here
-
- <mdui:UIInfo>
- <mdui:DisplayName xml:lang="en">A Name for the IdP at idptestbed</mdui:DisplayName>
- <mdui:Description xml:lang="en">Enter a description of your IdP at idptestbed</mdui:Description>
- <mdui:Logo height="80" width="80">https://localhost/Path/To/Logo.png</mdui:Logo>
- </mdui:UIInfo>
--->
- </Extensions>
-
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
-MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
-YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
-SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
-03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
-5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
-XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
-DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
-ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
-NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
-j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
-IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
-t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
-CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
-MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
-u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
-Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
-Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
-MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
-uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
-HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
-ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
-CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
-sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
-RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
-Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
-DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
-s00xrv14zLifcc8oj5DYzOhYRifRXgHX
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
- <KeyDescriptor use="encryption">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
-MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
-cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
-l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
-ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
-9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
-VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
-DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
-QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
-jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
-xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
-+PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
-p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
-
- <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
- <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
-
- <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://localhost/idp/profile/Shibboleth/SSO"/>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/idp/profile/SAML2/POST/SSO"/>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost/idp/profile/SAML2/POST-SimpleSign/SSO"/>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost/idp/profile/SAML2/Redirect/SSO"/>
-
- </IDPSSODescriptor>
-
-
- <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-
- <Extensions>
- <shibmd:Scope regexp="false">localhost</shibmd:Scope>
- </Extensions>
-
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
-MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
-YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
-SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
-03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
-5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
-XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
-DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
-ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
-NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
-j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
-IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
-t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
-CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
-MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
-u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
-Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
-Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
-MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
-uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
-HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
-ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
-CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
-sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
-RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
-Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
-DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
-s00xrv14zLifcc8oj5DYzOhYRifRXgHX
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
- <KeyDescriptor use="encryption">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
-MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
-cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
-l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
-ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
-9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
-VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
-DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
-QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
-jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
-xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
-+PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
-p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
-
-
- <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://localhost/idp/profile/SAML1/SOAP/AttributeQuery"/>
- <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost/idp/profile/SAML2/SOAP/AttributeQuery"/>
- <!-- If you uncomment the above you should add urn:oasis:names:tc:SAML:2.0:protocol to the protocolSupportEnumeration above -->
-
- </AttributeAuthorityDescriptor>
-
-</EntityDescriptor>
diff --git a/demo/complex/configs-and-secrets/grouper/shibboleth/shibboleth2.xml b/demo/complex/configs-and-secrets/grouper/shibboleth/shibboleth2.xml
deleted file mode 100644
index 0c38f82..0000000
--- a/demo/complex/configs-and-secrets/grouper/shibboleth/shibboleth2.xml
+++ /dev/null
@@ -1,136 +0,0 @@
-<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
- xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
- xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
- xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
- xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
- clockSkew="180">
-
- <!--
- By default, in-memory StorageService, ReplayCache, ArtifactMap, and SessionCache
- are used. See example-shibboleth2.xml for samples of explicitly configuring them.
- -->
-
- <!--
- To customize behavior for specific resources on Apache, and to link vhosts or
- resources to ApplicationOverride settings below, use web server options/commands.
- See https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPConfigurationElements for help.
-
- For examples with the RequestMap XML syntax instead, see the example-shibboleth2.xml
- file, and the https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPRequestMapHowTo topic.
- -->
- <TCPListener address="127.0.0.1" port="1600"/>
-
-
- <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
- <ApplicationDefaults entityID="https://grouperdemo/shibboleth"
- REMOTE_USER="uid">
-
- <!--
- Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
- You MUST supply an effectively unique handlerURL value for each of your applications.
- The value defaults to /Shibboleth.sso, and should be a relative path, with the SP computing
- a relative value based on the virtual host. Using handlerSSL="true", the default, will force
- the protocol to be https. You should also set cookieProps to "https" for SSL-only sites.
- Note that while we default checkAddress to "false", this has a negative impact on the
- security of your site. Stealing sessions via cookie theft is much easier with this disabled.
- -->
- <Sessions lifetime="28800" timeout="28800" relayState="ss:mem"
- checkAddress="false" handlerSSL="true" cookieProps="https">
-
- <!--
- Configures SSO for a default IdP. To allow for >1 IdP, remove
- entityID property and adjust discoveryURL to point to discovery service.
- (Set discoveryProtocol to "WAYF" for legacy Shibboleth WAYF support.)
- You can also override entityID on /Login query string, or in RequestMap/htaccess.
- -->
- <SSO entityID="https://idptestbed/idp/shibboleth">
- SAML2
- </SSO>
-
- <!-- SAML and local-only logout. -->
- <Logout>SAML2 Local</Logout>
-
- <!-- Extension service that generates "approximate" metadata based on SP configuration. -->
- <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
-
- <!-- Status reporting service. -->
- <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>
-
- <!-- Session diagnostic service. -->
- <Handler type="Session" Location="/Session" showAttributeValues="true"/>
-
- <!-- JSON feed of discovery information. -->
- <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
- </Sessions>
-
- <!--
- Allows overriding of error template information/filenames. You can
- also add attributes with values that can be plugged into the templates.
- -->
- <Errors supportContact="root@localhost"
- helpLocation="/about.html"
- styleSheet="/shibboleth-sp/main.css"/>
-
- <!-- Example of remotely supplied batch of signed metadata. -->
- <!--
- <MetadataProvider type="XML" validate="true"
- uri="http://example.org/federation-metadata.xml"
- backingFilePath="federation-metadata.xml" reloadInterval="7200">
- <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
- <MetadataFilter type="Signature" certificate="fedsigner.pem"/>
- <DiscoveryFilter type="Blacklist" matcher="EntityAttributes" trimTags="true"
- attributeName="http://macedir.org/entity-category"
- attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
- attributeValue="http://refeds.org/category/hide-from-discovery" />
- </MetadataProvider>
- -->
-
- <MetadataProvider type="XML" validate="true" file="idp-metadata.xml"/>
-
- <!--
- InCommon
- <MetadataProvider type="XML" validate="true"
- uri="http://md.incommon.org/InCommon/InCommon-metadata.xml"
- backingFilePath="federation-metadata.xml" reloadInterval="7200">
- <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
- <MetdataFilter type="Signature" certificate="inc-md-cert.pem"/>
- <DiscoveryFilter type="Blacklist" matcher="EntityAttributes" trimTags="true"
- attributeName="http://macedir.org/entity-category"
- attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
- attributeValue="http://refeds.org/category/hide-from-discovery" />
- </MetadataProvider>
- -->
-
- <!-- Map to extract attributes from SAML assertions. -->
- <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
-
- <!-- Use a SAML query if no attributes are supplied during SSO. -->
- <AttributeResolver type="Query" subjectMatch="true"/>
-
- <!-- Default filtering policy for recognized attributes, lets other data pass. -->
- <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
-
- <!-- Simple file-based resolver for using a single keypair. -->
- <CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
-
- <!--
- The default settings can be overridden by creating ApplicationOverride elements (see
- the https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplicationOverride topic).
- Resource requests are mapped by web server commands, or the RequestMapper, to an
- applicationId setting.
-
- Example of a second application (for a second vhost) that has a different entityID.
- Resources on the vhost would map to an applicationId of "admin":
- -->
- <!--
- <ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/>
- -->
- </ApplicationDefaults>
-
- <!-- Policies that determine how to process and authenticate runtime messages. -->
- <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
-
- <!-- Low-level configuration about protocols and bindings available for use. -->
- <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
-
-</SPConfig>
diff --git a/demo/complex/configs-and-secrets/grouper/shibboleth/sp-cert.pem b/demo/complex/configs-and-secrets/grouper/shibboleth/sp-cert.pem
deleted file mode 100644
index 9cc228a..0000000
--- a/demo/complex/configs-and-secrets/grouper/shibboleth/sp-cert.pem
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDPDCCAiQCCQDNZe8r0hVtuTANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
-ZXJuZXQyL1RJRVIxFzAVBgNVBAMMDnNwLmV4YW1wbGUub3JnMB4XDTE3MDkyMjE5
-NTAzNVoXDTI3MDkyMDE5NTAzNVowYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1J
-MRIwEAYDVQQHDAlBbm4gQXJib3IxFzAVBgNVBAoMDkludGVybmV0Mi9USUVSMRcw
-FQYDVQQDDA5zcC5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAMTNJmsNpTpR4NrDJwOgK/o3UYlNdi1c6xBflt+liLAsQc160QReV4dS
-SGK8LZvN58a/BTIsH8dLhQlUQ8qQUY2AfolVrNxb7Waumeh/POzYUTRylnoGpU3W
-bGMEPxE/AdgP5U/adYvyu4XI5epv7wjZJOTqcVag15SalY+aso+ZC/5l+UzRxmWB
-ZxKTsSL1y7PFehY4/Zl3Y3oGVsVl/zspt5lteoZQeeVxUX29S3Af11yHY4xpEp+7
-rvAzY/nlsTiHAsUoCFK/NFQ2evvSRx52B9Fk1cWP1MDVDm2QjQqD9xBGYSnX6bhQ
-ejVx7JUJHlblu2Q5p5XdW0BihgFluoECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
-n/qhYnIviPs4tglCdrw+M7gbqKNWadDC3F9HDYzlJMFeS/ae2turhEUgQPbYPDQQ
-eO3oOILtvCXNFUPM58jf8V5YFRrOqrTgx44kexQDaHO5YYNft5tF5TdvBYE2gOVr
-GdYrH2iSP8WX+Yy7JH5uqkfwWzEntWHJdey39rCWKAUCCB35+/2b4N53Qmlv2+ug
-CpNJYFtXInd4YMmM5HjXLyoWXtjnKiwDqYUCeYPSwAajnCqRqRXUX0gYTFDRiwRP
-HbmO9We0nqoc/71nikmGGoSRMO/zWVMFjwmAx1fGiWdU61sjGX8sHifzmVyJVEBI
-Z75p+JrWYZJYrx/vpWxL8g==
------END CERTIFICATE-----
diff --git a/demo/complex/configs-and-secrets/grouper/shibboleth/sp-key.pem b/demo/complex/configs-and-secrets/grouper/shibboleth/sp-key.pem
deleted file mode 100644
index 1b0b579..0000000
--- a/demo/complex/configs-and-secrets/grouper/shibboleth/sp-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEzSZrDaU6UeDa
-wycDoCv6N1GJTXYtXOsQX5bfpYiwLEHNetEEXleHUkhivC2bzefGvwUyLB/HS4UJ
-VEPKkFGNgH6JVazcW+1mrpnofzzs2FE0cpZ6BqVN1mxjBD8RPwHYD+VP2nWL8ruF
-yOXqb+8I2STk6nFWoNeUmpWPmrKPmQv+ZflM0cZlgWcSk7Ei9cuzxXoWOP2Zd2N6
-BlbFZf87KbeZbXqGUHnlcVF9vUtwH9dch2OMaRKfu67wM2P55bE4hwLFKAhSvzRU
-Nnr70kcedgfRZNXFj9TA1Q5tkI0Kg/cQRmEp1+m4UHo1ceyVCR5W5btkOaeV3VtA
-YoYBZbqBAgMBAAECggEAA/5t0ypZug9DUu0283niqpdIzlKGHXGPS6vE8hD37ytW
-wobFiyMm/5YJ5gcPnePV2lCyGEyQ8Ih10LSnE4tOPGLpLnxQn8A11ymf8fnzEJNr
-Qnc42o0b+bJqTLAfX4g5z1qzOqWiUQ7CA3sKP3G6FiHh/8tKNYnaFif09Q8cpJFb
-YDDkvm48NJgsrIoCgmaFIQIn+yDzGQKWwTNMIks+RByWpc67j1x1kiyQM1RfrEev
-Yyq/ZkP66IYZzmZKpFCWGs5qbRZdxyXNpq85DjwA99lAH7vxtMJHQM4z1h1eDH4L
-Ma5hEnmmHu4D5lF2GDQYflvuFdDGH5tThO6MV0IrSQKBgQD+kvEtNxJCMxLOVFyV
-NWF3pk/i2nkD+53t/VPXjMPtW7IesouEGzU82I/fT2wUTkNwFdkVpv37qoLypKZm
-npJFxr6abQNjiDh2Fsh8/iuJfvdZUFJbCEY6NS58qgjix8XCQKRD06EugK7uekIZ
-zJnttF3qVBBD8Z8Uwxz8i+jF1wKBgQDF51y/5XB6Bz47cdxw7P8NsfnTz2V3H0HU
-OnlEBANbhmBadjU8dqbM54Nxbn7VOdooXPuSnAKJ9vPDg1n5Y/GO+lgldNzfyK6g
-HnbldSu0zBvAaGvmAjLjetEtOkBqYkrHJlT6JAems/Kc/YX5uooAz9/jNJFXP9++
-KbjH3CzHZwKBgQC6ppxEDZPKi83nD/2NvMTIyFzcNFj0LaEepFW7vc7NkiSn0zrt
-0lEXWqUqEv5oaPWTEcHH2VdxFRTLuSL0LKGMnWqUqQcKDA9xrcSzuFvNhRTwHC81
-5XwwI1wBNV4sgFKj2WdW/6y2/szDt0oNxnC50zvkmlwOpPKBc4kmNaKmowKBgBmC
-uXIDIXyZcmw3QTNNWZNqXcnv8iRo4xN4dilOWyBxMfp3QmWI5feD4G2+0Jqr2nNZ
-iRRdB/bA3qtVQ0PinkDQBIzPg6lVNS1uv+TUNc4YgXtL+pyrq+Om8U/jMmqEQR9q
-0YltG49houSZyatnYGK6aSHgpNuaYD0jI66fsyYBAoGAMefyD0I/ncArjuf58hVQ
-zSjxfcvlja9okrC8ZgqsVluezcm4rQNcSjBnESGTCjJC7O29AofGLHkvnsBQDiGk
-hE38IRisd+okXdApr41ifWDhmtASud5q6wlhOpMmQxg+OALf1rTvFYhbnFEXV/KY
-e5A4iXLRIbxbmXZDa35Rebw=
------END PRIVATE KEY-----
diff --git a/demo/complex/configs-and-secrets/midpoint/application/database_password.txt b/demo/complex/configs-and-secrets/midpoint/application/database_password.txt
deleted file mode 100644
index 11bff19..0000000
--- a/demo/complex/configs-and-secrets/midpoint/application/database_password.txt
+++ /dev/null
@@ -1 +0,0 @@
-WJzesbe3poNZ91qIbmR7
diff --git a/demo/complex/configs-and-secrets/midpoint/application/keystore_password.txt b/demo/complex/configs-and-secrets/midpoint/application/keystore_password.txt
deleted file mode 100644
index 1d40192..0000000
--- a/demo/complex/configs-and-secrets/midpoint/application/keystore_password.txt
+++ /dev/null
@@ -1 +0,0 @@
-changeit
diff --git a/demo/complex/configs-and-secrets/midpoint/httpd/host-cert.pem b/demo/complex/configs-and-secrets/midpoint/httpd/host-cert.pem
deleted file mode 100644
index 9b1021b..0000000
--- a/demo/complex/configs-and-secrets/midpoint/httpd/host-cert.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDqDCCApCgAwIBAgIJAMOSkn4oS2aAMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRcwFQYDVQQK
-DA5JbnRlcm5ldDIvVElFUjEgMB4GA1UEAwwXbWlkcG9pbnQuc3AuZXhhbXBsZS5v
-cmcwHhcNMTgwOTE0MDU1OTQ1WhcNMTkwOTE0MDU1OTQ1WjBpMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
-ZXJuZXQyL1RJRVIxIDAeBgNVBAMMF21pZHBvaW50LnNwLmV4YW1wbGUub3JnMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj/b7MEUSfu3oXMfNgRwTse7
-a5UV7Jswf1M/ZN/ZZkAkIxNBevZgozjesvLPWrmsTgONi7XigJUJvCjdjmlW9eDM
-lri/rkD8HuOR1DQCVKL9nvoS2c3D7sq5Emda3V8Tlj82VqfEmePd3sajx7mcTfbH
-8jwAL9NhkC+WMib5IpjLGpG0FEAC0ha7Lxb+7jIiqHVJaqLXJGCyGN4mh6c1Q9S1
-f8RVTiW2a8x22G+9wnZYbkiA2Kxls177imHlhSz8EdvV4IpGw1amrEWhhuDEum7B
-vZ1xQDLatgRqh4qAKLIVYeRnJ8H1FelMa90qB4G08MIPifmTsQwqJyBYaEdgWQID
-AQABo1MwUTAdBgNVHQ4EFgQUqb9BteODF6wv5R57aEON/wGXMiowHwYDVR0jBBgw
-FoAUqb9BteODF6wv5R57aEON/wGXMiowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
-9w0BAQsFAAOCAQEAAcKhxI+tSItrXmqC0PSmgWyAYpqbkz6W/cefTutXqhIgY09f
-h0LSv7ogTahoGpyiZk9vy6u3OE9bYwxapEfa4KBjO6HxBMIVBBb3RegVjoPzjElN
-BDwAx0VGFcZTXwMxDWycWdG8ql7rCZBvS50w04uTaIgnGmqXAdWWmBgfJ9cRbxW+
-JwO/mOl1QM1lR/5142NpvuUVWlmZSKEGydE5A1qPz2wpDbBR1ym1BQNS4NEqw6Kp
-GSB8jKyCS1Ve0v2wVze2038Wukz02dq9uKPTIO3T+B+ibZmxn6Op/kFCc1/kK5NS
-Q6JdO1B6KquGAYdGmKAcQ19mv+jqGktqWEEf0g==
------END CERTIFICATE-----
diff --git a/demo/complex/configs-and-secrets/midpoint/httpd/host-key.pem b/demo/complex/configs-and-secrets/midpoint/httpd/host-key.pem
deleted file mode 100644
index 5746e59..0000000
--- a/demo/complex/configs-and-secrets/midpoint/httpd/host-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmP9vswRRJ+7eh
-cx82BHBOx7trlRXsmzB/Uz9k39lmQCQjE0F69mCjON6y8s9auaxOA42LteKAlQm8
-KN2OaVb14MyWuL+uQPwe45HUNAJUov2e+hLZzcPuyrkSZ1rdXxOWPzZWp8SZ493e
-xqPHuZxN9sfyPAAv02GQL5YyJvkimMsakbQUQALSFrsvFv7uMiKodUlqotckYLIY
-3iaHpzVD1LV/xFVOJbZrzHbYb73CdlhuSIDYrGWzXvuKYeWFLPwR29XgikbDVqas
-RaGG4MS6bsG9nXFAMtq2BGqHioAoshVh5GcnwfUV6Uxr3SoHgbTwwg+J+ZOxDCon
-IFhoR2BZAgMBAAECggEAEIRBpjjceiku6jRUwnoYaks/nIWYQwR8AfpUTwJKR/VR
-Yca097Fokm7A+UhUP3A45RtHQb0VPq8P44iv0kk24YCu8r5yFK7SHYOAZnOwU5ZJ
-2jSAEPF3aM7tKh3okhuzB3dKP7u1NZDE5zAW723KUJiW7sL1RcsbY0bHBj6G+9/H
-NplmsjuGt684vRBB0qOBfKF7EiG7mT69tHuNj4gRza9SMY31UtKbZdt2fNY6mp5V
-HscMba7egZP+Ke0pVX4+go9j7K8GG8hYaQDLjrzlPqrxZ2c5X9cC+CRDI/CHuL/s
-V/2yGZJ6n6UabwZoH83RdFrbQ94rU8Hkli6EvxXvMQKBgQDRpheNW5jDG5TfeJKh
-yfKTDQqH2Tk3BsBYYBN7Hf3m7vbkzlxnAKJAoSLmtRMuoeXvI5MrhzaHGsNIUS76
-LDIZnvB7DLUxhFUZsCPkpAA1QHuTWY96oR3PHnPjpk8lSUvtbOPwDLdzVApeFJgZ
-VqMNArZ7AHsK3Kkyi+f4WVQjbQKBgQDLAWiGb5dx6fAM2W6B6HjNmzjBWOuVEXa2
-76to9jzupBZmETfZgxtWUaWUDuNS+f7dtVUTE+p6v/w8clrHEhEZYkqunIOLo/UA
-LFPiuoTfEsWb1rh+nsCjCgy4uimixj/bSkf7NC6NyKTvCygA1mGnVVJUEPegYlDy
-LXCkaKWxHQKBgQCmyHSKL2lrJkEcOwakEU2acNCE3Gno/cT9SYmV83kvQ8JEqmrW
-QqnRsp9aXIljGscapPmKsmnNt5vNp1AxFAHTYh88NRLczsMIyZj0ZwgHVUI6KhC7
-5Psa78YQQBlMt2/g9TSsnuE+rYgF6mpKFiNm0Vasqeg47uzn2mdzqlUGTQKBgE04
-JutkTUY+h1pL5vYxWKpVDfy19z7H2tFxT1FowPrBneeLSyRI88Ac5I/yLdRlVeY9
-0LOmEr5Igwj3MsKgg7KVKfVLgdo/LrW3Jt2Kt3onKNXDkoBPoNUjwH0QC0Boiue+
-VK0gR0kVdm+bXccbxR+im+NwZNE0NLg6Qqu3RredAoGBALuVoqbPPmTCZXYG328H
-bzOs2aiR7BzPSVByV+qG6jW7w03RAnFPJZp7HMU+ViI5VY0wabUscMSvz5163+gM
-4KwY3v9ZjZzZGukIfLuudkdqtaiVOx/KeAC0n+nG21YU+wpZww8gkfHh1/sa2CME
-CWYCgOnmiTHcj83UaTqEXtmv
------END PRIVATE KEY-----
diff --git a/demo/complex/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml b/demo/complex/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
deleted file mode 100644
index 4fa67a7..0000000
--- a/demo/complex/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
+++ /dev/null
@@ -1,207 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- This is example metadata only. Do *NOT* supply it as is without review,
- and do *NOT* provide it in real time to your partners.
-
- This metadata is not dynamic - it will not change as your configuration changes.
--->
-<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://idptestbed/idp/shibboleth">
-
- <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-
- <Extensions>
- <shibmd:Scope regexp="false">example.org</shibmd:Scope>
-<!--
- Fill in the details for your IdP here
-
- <mdui:UIInfo>
- <mdui:DisplayName xml:lang="en">A Name for the IdP at idptestbed</mdui:DisplayName>
- <mdui:Description xml:lang="en">Enter a description of your IdP at idptestbed</mdui:Description>
- <mdui:Logo height="80" width="80">https://localhost/Path/To/Logo.png</mdui:Logo>
- </mdui:UIInfo>
--->
- </Extensions>
-
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
-MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
-YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
-SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
-03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
-5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
-XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
-DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
-ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
-NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
-j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
-IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
-t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
-CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
-MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
-u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
-Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
-Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
-MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
-uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
-HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
-ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
-CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
-sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
-RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
-Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
-DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
-s00xrv14zLifcc8oj5DYzOhYRifRXgHX
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
- <KeyDescriptor use="encryption">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
-MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
-cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
-l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
-ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
-9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
-VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
-DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
-QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
-jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
-xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
-+PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
-p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
-
- <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
- <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
-
- <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://localhost/idp/profile/Shibboleth/SSO"/>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/idp/profile/SAML2/POST/SSO"/>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost/idp/profile/SAML2/POST-SimpleSign/SSO"/>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost/idp/profile/SAML2/Redirect/SSO"/>
-
- </IDPSSODescriptor>
-
-
- <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-
- <Extensions>
- <shibmd:Scope regexp="false">localhost</shibmd:Scope>
- </Extensions>
-
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
-MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
-YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
-SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
-03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
-5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
-XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
-DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
-ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
-NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
-j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
-IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
-t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
-CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
-MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
-u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
-Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
-Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
-MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
-uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
-HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
-ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
-CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
-sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
-RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
-Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
-DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
-s00xrv14zLifcc8oj5DYzOhYRifRXgHX
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
- <KeyDescriptor use="encryption">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
-MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
-cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
-l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
-ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
-9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
-VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
-DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
-QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
-jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
-xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
-+PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
-p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
-
-
- <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://localhost/idp/profile/SAML1/SOAP/AttributeQuery"/>
- <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost/idp/profile/SAML2/SOAP/AttributeQuery"/>
- <!-- If you uncomment the above you should add urn:oasis:names:tc:SAML:2.0:protocol to the protocolSupportEnumeration above -->
-
- </AttributeAuthorityDescriptor>
-
-</EntityDescriptor>
diff --git a/demo/complex/configs-and-secrets/midpoint/shibboleth/shibboleth2.xml b/demo/complex/configs-and-secrets/midpoint/shibboleth/shibboleth2.xml
deleted file mode 100644
index ee05a97..0000000
--- a/demo/complex/configs-and-secrets/midpoint/shibboleth/shibboleth2.xml
+++ /dev/null
@@ -1,139 +0,0 @@
-<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
- xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
- xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
- xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
- xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
- clockSkew="180">
-
- <!--
- By default, in-memory StorageService, ReplayCache, ArtifactMap, and SessionCache
- are used. See example-shibboleth2.xml for samples of explicitly configuring them.
- -->
-
- <!--
- To customize behavior for specific resources on Apache, and to link vhosts or
- resources to ApplicationOverride settings below, use web server options/commands.
- See https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPConfigurationElements for help.
-
- For examples with the RequestMap XML syntax instead, see the example-shibboleth2.xml
- file, and the https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPRequestMapHowTo topic.
- -->
- <TCPListener address="127.0.0.1" port="1600"/>
-
-
- <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
- <ApplicationDefaults entityID="https://midpointdemo/shibboleth"
- REMOTE_USER="uid">
-
- <!--
- Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
- You MUST supply an effectively unique handlerURL value for each of your applications.
- The value defaults to /Shibboleth.sso, and should be a relative path, with the SP computing
- a relative value based on the virtual host. Using handlerSSL="true", the default, will force
- the protocol to be https. You should also set cookieProps to "https" for SSL-only sites.
- Note that while we default checkAddress to "false", this has a negative impact on the
- security of your site. Stealing sessions via cookie theft is much easier with this disabled.
- -->
- <Sessions lifetime="28800" timeout="28800" relayState="ss:mem"
- checkAddress="false" handlerSSL="true" cookieProps="https">
-
- <!--
- Configures SSO for a default IdP. To allow for >1 IdP, remove
- entityID property and adjust discoveryURL to point to discovery service.
- (Set discoveryProtocol to "WAYF" for legacy Shibboleth WAYF support.)
- You can also override entityID on /Login query string, or in RequestMap/htaccess.
- -->
- <SSO entityID="https://idptestbed/idp/shibboleth">
- SAML2
- </SSO>
-
- <!-- SAML and local-only logout. -->
- <Logout>SAML2 Local</Logout>
-
- <!-- Extension service that generates "approximate" metadata based on SP configuration. -->
- <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
-
- <!-- Status reporting service. -->
- <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>
-
- <!-- Session diagnostic service. -->
- <Handler type="Session" Location="/Session" showAttributeValues="true"/>
-
- <!-- JSON feed of discovery information. -->
- <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
- </Sessions>
-
- <!--
- Allows overriding of error template information/filenames. You can
- also add attributes with values that can be plugged into the templates.
- -->
- <Errors supportContact="root@localhost"
- helpLocation="/about.html"
- styleSheet="/shibboleth-sp/main.css"/>
-
- <!-- Example of remotely supplied batch of signed metadata. -->
- <!--
- <MetadataProvider type="XML" validate="true"
- uri="http://example.org/federation-metadata.xml"
- backingFilePath="federation-metadata.xml" reloadInterval="7200">
- <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
- <MetadataFilter type="Signature" certificate="fedsigner.pem"/>
- <DiscoveryFilter type="Blacklist" matcher="EntityAttributes" trimTags="true"
- attributeName="http://macedir.org/entity-category"
- attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
- attributeValue="http://refeds.org/category/hide-from-discovery" />
- </MetadataProvider>
- -->
-
- <MetadataProvider type="XML" validate="true" file="idp-metadata.xml"/>
-
- <!--
- InCommon
- <MetadataProvider type="XML" validate="true"
- uri="http://md.incommon.org/InCommon/InCommon-metadata.xml"
- backingFilePath="federation-metadata.xml" reloadInterval="7200">
- <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
- <MetdataFilter type="Signature" certificate="inc-md-cert.pem"/>
- <DiscoveryFilter type="Blacklist" matcher="EntityAttributes" trimTags="true"
- attributeName="http://macedir.org/entity-category"
- attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
- attributeValue="http://refeds.org/category/hide-from-discovery" />
- </MetadataProvider>
- -->
-
- <!-- Map to extract attributes from SAML assertions. -->
- <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
-
- <!-- Use a SAML query if no attributes are supplied during SSO. -->
- <AttributeResolver type="Query" subjectMatch="true"/>
-
- <!-- Default filtering policy for recognized attributes, lets other data pass. -->
- <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
-
- <!-- Simple file-based resolvers for separate signing/encryption keys. -->
- <CredentialResolver type="File" use="signing"
- key="sp-signing-key.pem" certificate="sp-signing-cert.pem"/>
- <CredentialResolver type="File" use="encryption"
- key="sp-encrypt-key.pem" certificate="sp-encrypt-cert.pem"/>
-
- <!--
- The default settings can be overridden by creating ApplicationOverride elements (see
- the https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplicationOverride topic).
- Resource requests are mapped by web server commands, or the RequestMapper, to an
- applicationId setting.
-
- Example of a second application (for a second vhost) that has a different entityID.
- Resources on the vhost would map to an applicationId of "admin":
- -->
- <!--
- <ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/>
- -->
- </ApplicationDefaults>
-
- <!-- Policies that determine how to process and authenticate runtime messages. -->
- <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
-
- <!-- Low-level configuration about protocols and bindings available for use. -->
- <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
-
-</SPConfig>
diff --git a/demo/complex/configs-and-secrets/midpoint/shibboleth/sp-encrypt-cert.pem b/demo/complex/configs-and-secrets/midpoint/shibboleth/sp-encrypt-cert.pem
deleted file mode 100644
index 7a66196..0000000
--- a/demo/complex/configs-and-secrets/midpoint/shibboleth/sp-encrypt-cert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID/TCCAmWgAwIBAgIJAINng1bI63LGMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV
-BAMTEnNwdGVzdC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4MDJaFw0yODEyMTcy
-MjM4MDJaMB0xGzAZBgNVBAMTEnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZI
-hvcNAQEBBQADggGPADCCAYoCggGBAOjmPSBzRsjbPBBA6jYVW+QtsYM5fvIuNErG
-VDRvKHyCTNbmdFZ37qEl/fwsrdF4hn4V7fAZ6jW6R1aMGFl1vQyJ289B8l5HOPjf
-GuB2gL9IxulOmrkYVN8nfgjlbFNNktMQJ8NprYEyl3o786xCCxx3AiA5Mgdv400L
-6vlmEfNHIwsOHAUTNRyCwMS9P6jBJ5IIxD0Mef+3oUjAvVsPZu24EJnzTUasZnI0
-F8aC/YzVbxObBNcymtA2Ipec/gLe1B09eDZUduXPL/as57QWvgJrWj8bCK+Ldj0P
-MPSvWzr4BnN58dxaYgCgRH7tnhZudPvCjBakQzkxo/njsRIKtm3lN9UmUYiXbl+e
-bu0DSQFUaFfO2hOOUTNAr/QuC+GQL+U7VAdybTbP+KcH5LbNUSqYkxSwhbFz5aym
-o5KppnYB9K5iySRWvGIhnwXHNv5yFrmUbet2BPJlMzv7NaePaZ76ypobzNjjNBbg
-aNECsQ1ZD9fe2Q8UBe0m2gQP5Yux5QIDAQABo0AwPjAdBgNVHREEFjAUghJzcHRl
-c3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFGcLIl5kg+GFIh9HXeZyLzsv5e7qMA0G
-CSqGSIb3DQEBCwUAA4IBgQAf8/iZXUWtWGMBw2OfonDDWbuhgLnNWddpllcVx7v/
-Yu75+wgfIdNXg6XM4WkGkpbhlkpDLRt2c6rMQpxrQtq/5G3OKEXKyjUOl5pZsYkG
-asVENYPSCfuu3rlK85XaW3H1SSJqSax/UKcYXyB1TIW6mNy3OxuvHak6y4LzFnug
-CO7p/W2jvffwmxfqjbO7wQfXUQz3SZS04sHMqQoStOwy2N5xxQ3uTF34EoXBto+n
-XIEOptKPhV2NkEzj+UUIi1588dck8T0SstbSElbTnJ4sNZFriX6JOPFNW08fezot
-izerOHuAFpFQvtugWoZT87YYaFwG+Zr5QNa4fNOcAL+FHvbOfEqIGs+H6GSf0dZV
-lkcJyzWZvuK/4RGqWbLvfAYRm0PAGTQSLdO8QJSYWdJtJvZFEMgddQ2HoIzeO5wo
-B42FKDSHottI9avilApQBdRCtust8XRPtEAzDB/t/1jbO7u2tkzgY3614mX5xgut
-Ileaae5eVCjw4uYbkh+Mt5M=
------END CERTIFICATE-----
diff --git a/demo/complex/configs-and-secrets/midpoint/shibboleth/sp-encrypt-key.pem b/demo/complex/configs-and-secrets/midpoint/shibboleth/sp-encrypt-key.pem
deleted file mode 100644
index 1622ef3..0000000
--- a/demo/complex/configs-and-secrets/midpoint/shibboleth/sp-encrypt-key.pem
+++ /dev/null
@@ -1,40 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDo5j0gc0bI2zwQ
-QOo2FVvkLbGDOX7yLjRKxlQ0byh8gkzW5nRWd+6hJf38LK3ReIZ+Fe3wGeo1ukdW
-jBhZdb0MidvPQfJeRzj43xrgdoC/SMbpTpq5GFTfJ34I5WxTTZLTECfDaa2BMpd6
-O/OsQgscdwIgOTIHb+NNC+r5ZhHzRyMLDhwFEzUcgsDEvT+owSeSCMQ9DHn/t6FI
-wL1bD2btuBCZ801GrGZyNBfGgv2M1W8TmwTXMprQNiKXnP4C3tQdPXg2VHblzy/2
-rOe0Fr4Ca1o/Gwivi3Y9DzD0r1s6+AZzefHcWmIAoER+7Z4WbnT7wowWpEM5MaP5
-47ESCrZt5TfVJlGIl25fnm7tA0kBVGhXztoTjlEzQK/0LgvhkC/lO1QHcm02z/in
-B+S2zVEqmJMUsIWxc+WspqOSqaZ2AfSuYskkVrxiIZ8Fxzb+cha5lG3rdgTyZTM7
-+zWnj2me+sqaG8zY4zQW4GjRArENWQ/X3tkPFAXtJtoED+WLseUCAwEAAQKCAYBM
-3eCC20kbdbAnNSWX4AjKEIKr6sgJKlK78yVLgPx9y4uMydbPyxmJOj7PgfeEUSEi
-cB5txj/Up7xvxiErNX7FqqJPj1Zs41jcWtZGCxaHC4AK9JSATpWEaUZhrUbJX6r7
-2jMlfbV0FLyF7U+JJOsB5A1hkT7/0V/Vx/8vfQ6jmnDobym0SxiWZlk1Fbjy+30R
-567M71c8nOCwYFyet0CjaMKh7PkuQCw3uRW3wPfqCW91qw438E3ENnnITFpRnDUI
-iZIXJSj3Sqcx/W7Q6xei+y95U4tksT3/SQ7hVXp+BhfyjXdK/k0vNzxZfWk9nCD8
-h7HeiQuLPENzrlOwuWtI+gLDIdFplXUJ+/piK3okdstdHJcWcNUelW8yr7JSpv1I
-a2KMgHI2F4UVcTYLZrevzxd5a0cpvFW7vmvdw2vFrCb5JsVsmqBu5OLeaVGDIbIA
-2SLfJqq12fi2rxk28VtwXXgaCTttSM+8VY7dlT/mPCqX3Sx2eM7EPt6RVHuri4EC
-gcEA+3q6Vht60YXNaw7m4BFISntVm4Z2gGFNswLlrgPRHOacaQVMKhpqt3HmNKAT
-1MD/a5C60HkUjMB95m2nE4k1Iade8EzUPXD1FvFbE9/+ifNx2OrC8pKrEmRiTmCY
-oel45uoXsksNGJynfuRp2TpAVSZrXaIbGKZiMJZv0QZAilVBurZnZyV0jKQYkSFM
-FOt60PDJJEqZzG01dvDJxsIYQURtjNscO0R2ncloLXm7qu1/fcP7CAawWgFYyer2
-WEdVAoHBAO0WAhxCvFoev348Wf33lQi9c6w7WN/WEkhNOJ5p4PKsJphSZbt2bjCt
-RdRmvahSXeiGrDPuaxoWaQqcXprcu3ndFYBcK2xZpIl/mf0wr1QTEHCkRXzfxRjC
-Mmy+yTeKT4L18xKgg6pJn+wC3hwsv2BQPkp+NPJhD2bmVUWorqXq5fiBV2b7lTg0
-q1HHXYtxk22bw7xtstFENGTqa22KwD5Wd6nj9DamLzKhUhOdcJ7yGVu9se7YcGGh
-pg57muigUQKBwQD5feH96Zdo5UFN9GPTavH4ivH8sWNBrMeEUNyDTuAYtyX3/zx4
-DOtRAhwsm5/xFGSTV+wvReDAX3zIroLym85ti/phlyd9qWJOl7cPOcvzGuYZGZe9
-RwuX3KW3MphbEiFTnm1SAqmEgG6gMoZc8DDBCbO9GkWdp/yETcuzaWuAkmL6lVpy
-97LwkSCaY5lyq8iWIDy915FMQhCn5u2YVhnwLq4s73jLx/mSQy4q57nrM2Kn6FZV
-uSUetnVbJdOu810CgcBNCzbaWjF9E7rk2dXguwD6Wx5o3MxPyPAeAMIicIPCOIE+
-RKB8n8rFFLm5gT2mokWUF5eENLknPBsccJ4pswtVWavwD4Oo7SST7hxrc9O1/Y/9
-GtTd9JXHKuxZ/FHFM7QM+cHozrKattw6ROBKxZvXP5xOdt7b2QC5TqZtQZinoELl
-U5rEg4MFRdBafe//LYRcPR8Jb5iJeqGQHcGVUl6Qo2a1lbc5vx1dVaEncKU1cbUd
-4/IbjMhQYchlsnMvn1ECgcEAxwT/UvLwhYeFK6UHRwJ/z1eKGAC8R2B9tlmgddZx
-T93qbVq4lZXKw3osqdi+pgWvvmg9aK9r/dO1E93S11msnoTI+W9xTr+y5y9dN/hx
-5deQMUK+3woLog6LsGiKE2IamCNQBFkgd4VvhXgG+2pTPYJ9nyuEA+na+tfE6bSa
-foJ8KQT1rmRFQYRboBY/xxqtsl6Nh84JK7kCw27NNdhssyuiipfa8NLM4m+yeA6n
-/oz8xKl5PKwOrvk2DH+FwaAg
------END PRIVATE KEY-----
diff --git a/demo/complex/configs-and-secrets/midpoint/shibboleth/sp-signing-cert.pem b/demo/complex/configs-and-secrets/midpoint/shibboleth/sp-signing-cert.pem
deleted file mode 100644
index 73aaaab..0000000
--- a/demo/complex/configs-and-secrets/midpoint/shibboleth/sp-signing-cert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID/TCCAmWgAwIBAgIJAJZqOL69C6nRMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV
-BAMTEnNwdGVzdC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4NDhaFw0yODEyMTcy
-MjM4NDhaMB0xGzAZBgNVBAMTEnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZI
-hvcNAQEBBQADggGPADCCAYoCggGBANJ1OC6Ql4te2/7PArBkuM/EF1NcQILv7bJa
-ecJDGYBVoWgL0a2KQ0XMESusgkVmVjj/jcbtvwIiXI/6BEu815OF6eSZIwxWdQBp
-eKbrWTbt07GiGgdXoXot6oMs5a9YXuWLt8pTXrFVMmwXU+ZfWJtuU8OIgm9esAEI
-QBHvDVOJtdKdBMWJFa5nUzkaVvA0Fr8r+/FHUvSCnlKOMaUIfTgtoS9AQnaRQ1dV
-l39Z2KAh87JYvRIxvbaPaKgar2eGQ+PQD8rqsB5K5wgnADAxYM9Vo0YXSpPH+Fvw
-N3EJgURUSEY2E0Jx8JOx368ERNLXx3kfnRxCiZRDkTZF9WP6lBnDwc1WXRwpVCDT
-RnF+SIh6IC1Bj/qpkpCD3nri7tycejoeAtVj1YZHWarf9iqdcLYOAWmeyGbFl3hj
-v6qcXnIfy1KyHLCAdIrg1TymLovXXKW09pEbVLdsHmLz0h+DxPs4FsinK2AQBMn1
-6u8BJJ/+spCzIQ2QNPcGORh6XemBpQIDAQABo0AwPjAdBgNVHREEFjAUghJzcHRl
-c3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFPC8rkASWHQxrtCQ4wwtnsJRy6K5MA0G
-CSqGSIb3DQEBCwUAA4IBgQCks2nY7YzdIKV02NHD9STWD3yPtEwPYZZ3NBno0WW2
-0rS6cU+fxFx37nY8ULve4cFQkLR8fOO44e1qIuTgLGCauSGTx/Ts/tbmZXbpGTwV
-7cjZDCfC7yEFAVrfQFOMNKeQEssuLFj+d4STGLorxsM+2YygdOgohJz0e3xOcmCN
-HqEuC9RbzrnLc/A4/mOHKwnwCCg71zA1/Ew9NUoRm2n8IfaONIUaMg9opNiHxX4e
-u3UFaaPmn/mInuWYYMXzbIbdlU/XhKvXrujWYWj7anTDWvGQmNEecsQH92SrO0pf
-+9WwcWUQTQiWUdq8/OxjXfzs1PrQnSlp0eizgcdKHDKbCUaSuK1i2wdxfEsu5sbZ
-AIW0+dXJ2IyzM+0sv2g4DOsXsnSvinGqjr82A54mXGSr7edhPdlQhILFkJfhTwLq
-+mjnyQSNe3s24VNeGc76jbHIrkEWuA460QGqz1Fa2CsQo5SH1IkxNIKpBZWt+w2L
-dAza/NzYyDruY5IJCrZa9Qw=
------END CERTIFICATE-----
diff --git a/demo/complex/configs-and-secrets/midpoint/shibboleth/sp-signing-key.pem b/demo/complex/configs-and-secrets/midpoint/shibboleth/sp-signing-key.pem
deleted file mode 100644
index 9e979fe..0000000
--- a/demo/complex/configs-and-secrets/midpoint/shibboleth/sp-signing-key.pem
+++ /dev/null
@@ -1,40 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDSdTgukJeLXtv+
-zwKwZLjPxBdTXECC7+2yWnnCQxmAVaFoC9GtikNFzBErrIJFZlY4/43G7b8CIlyP
-+gRLvNeThenkmSMMVnUAaXim61k27dOxohoHV6F6LeqDLOWvWF7li7fKU16xVTJs
-F1PmX1ibblPDiIJvXrABCEAR7w1TibXSnQTFiRWuZ1M5GlbwNBa/K/vxR1L0gp5S
-jjGlCH04LaEvQEJ2kUNXVZd/WdigIfOyWL0SMb22j2ioGq9nhkPj0A/K6rAeSucI
-JwAwMWDPVaNGF0qTx/hb8DdxCYFEVEhGNhNCcfCTsd+vBETS18d5H50cQomUQ5E2
-RfVj+pQZw8HNVl0cKVQg00ZxfkiIeiAtQY/6qZKQg9564u7cnHo6HgLVY9WGR1mq
-3/YqnXC2DgFpnshmxZd4Y7+qnF5yH8tSshywgHSK4NU8pi6L11yltPaRG1S3bB5i
-89Ifg8T7OBbIpytgEATJ9ervASSf/rKQsyENkDT3BjkYel3pgaUCAwEAAQKCAYEA
-kmBxGQH8RTVO8eTtS95iJC+QwavyOp/BxUDkWtbsj7P/NSyzQ25c59jNQIEVgktx
-QOeNpoSJS2S22HTeNAc+MR781MAl/ljLu+OfxQj/3hKAIJZMYDr01tPEvkOl5NUj
-+6e3xwNBYzmMfl2jPyGlsUWFAQSbI/bJl44zccXAkQ/A5KHNRc7Yw5qd6aOGQD8a
-axCehOxEqEeI8oZvxQcogMBL0V9yWqEiI0Ymvq6w2n+CzdKmflcWSjloYzNcODbL
-Ef2+8/fBZhHTS0GLCIqQpK+tZxt4K77DK2p2L9dYuHK7vtWn1j0YIwPqD+QVVtuT
-d7BOOmakPj2E7EXq/GvFw8gB/gRLoLuJSq5vvhPrSVuJqWdxDuxSutGgIoN3mQxd
-2AjuBXvqwYaZ3UGHZlBYAQx5ICiAGjxv/1zmKp+9OJHge/a1e6Z8jgQcpS7OWNhU
-dj6qfs+IiWKEaMM7D8dj4ncoArBpE7/BzlVuJ377cqRx35alMcKlawQWF1YqSDrB
-AoHBAPSipCLz4sr3U2jluXehntYsKevWcBtFkEd49Ay5uZTu/aweKWIozjDt7T3L
-mjYi+QGpt28MdNmpoofYOmpt+lrc0HWrv+UB9k/qFxfwgZKaXa1nm/VLfK77L4IB
-8I9dpjvDi724Xg/JJ1jsGM13+jGEfTQTl4Hi0lZwMydUO+O4oWB4kG9qhF8C+yQc
-12CCFH+Da8uwcwM+zCJwRm3qMKceifhEGAuFJ430Rp7cuqlJYfQZ4pVhRxwP6vns
-cLCz+QKBwQDcPB5bCjci/HMe0V19HxPrKh0hGPLIRCPAakT8Mz8N2lVAtWDXFL5q
-eHskl6cf8RQLfrcUiL+jQvD5VV8I7BkolCv0GZT/q36I/Z1QKlQC1O0IGG/hNqwt
-PS85YM6yC84YIKx0rN6O03/nYcslRv19q+MNiR9sZEeN6cScUc6aUINhWjzQ4mb8
-Z9ErguJrq0sCoAVU+t/yRo/YB/d2xdN9XLe+2cgsM6s0TiHo4v2SeFHKewBw+RLp
-yrShY6COzg0CgcEA0EFwt2ylgiGgeSkvhV8qJ6s7GNDZaO4EUEPwhrDJAredbhvT
-IQQZ29+AWl3sbu/AySCgzsFs7CsT+M8jk50CRr26HKJUXvEXrZpbhH6y34nX+5m7
-U8uqXg/ptqROFM4liLUETkMYmBmnDHUY/DmJ3QOrzlxrWyAr7XfgpDd6MHbpsoWQ
-d7jW7UdNYsXGuBqktpS7fJA+qOGZyCuKWWHHf01pKNdXHN+C976fK/g+U4TsBXDP
-ylkgvwvx/kbA/DyJAoHAQxXA/WRYNT0G6B1ISAO+coTKiLlrwtsWtNbqGpSVoWef
-Tm2xiPKVqiL3B8d2LgGmZHX92LBrB5UtiBWcNECOzVCNLvbX7yVTDvGKCNBL9Ozd
-Ivkmo0ifG8ymZOj7LTrxVWImhgfeZ00/icC9O6arMqu4Jvhc7QyCy1SpAiDdOR5L
-Vs1A9zPvwPTyvzlINRnhaHRMC32717XsvRZ4J+LMsEQc6HK4SdaXUQB3zdPO/93M
-tEvRb5g/TZ3kdcC+OKHFAoHAO9R3y6ZjUM8T8/4XcyRD968V4sZIvVQfpSaH86GO
-TrECZp5SqSWUTqAWTJWS0yIctAML60nWF+OPRUlrq0yk2veN9Re6eWfyoyQOFd92
-U+bxh3QEue5LGOwpqrPV/1cJSFdv88eS+F8q7i/dD765Tio6kJjKzXPN3FJqAvNB
-lAnaO4Apbuzob25Qkmm0NVQHap+TJGJMvX2vVX9CjE6haVWq1lJMakkoQOeIlyi5
-iDjt9rDlIwDYeGWk4KFgsKM7
------END PRIVATE KEY-----
diff --git a/demo/complex/directory/Dockerfile b/demo/complex/directory/Dockerfile
deleted file mode 100644
index 5df66ad..0000000
--- a/demo/complex/directory/Dockerfile
+++ /dev/null
@@ -1,28 +0,0 @@
-FROM centos:centos7
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
-
-RUN yum install -y epel-release \
- && yum update -y \
- && yum install -y 389-ds-base 389-admin 389-adminutil \
- && yum clean all \
- && rm -rf /var/cache/yum
-
-COPY container_files/seed-data/ /seed-data/
-
-RUN useradd ldapadmin \
- && rm -fr /var/lock /usr/lib/systemd/system \
- # The 389-ds setup will fail because the hostname can't reliable be determined, so we'll bypass it and then install. \
- && sed -i 's/checkHostname {/checkHostname {\nreturn();/g' /usr/lib64/dirsrv/perl/DSUtil.pm \
- # Not doing SELinux \
- && sed -i 's/updateSelinuxPolicy($inf);//g' /usr/lib64/dirsrv/perl/* \
- # Do not restart at the end \
- && sed -i '/if (@errs = startServer($inf))/,/}/d' /usr/lib64/dirsrv/perl/* \
- && setup-ds.pl --silent --file /seed-data/ds-setup.inf \
- && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir \
- && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
- ldapadd -H ldap:/// -f /seed-data/users.ldif -x -D "cn=Directory Manager" -w password
-
-EXPOSE 389
-
-CMD rm -rf /var/lock/dirsrv/slapd-dir/server/* && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && sleep infinity
diff --git a/demo/complex/directory/container_files/seed-data/ds-setup.inf b/demo/complex/directory/container_files/seed-data/ds-setup.inf
deleted file mode 100644
index 96c29a1..0000000
--- a/demo/complex/directory/container_files/seed-data/ds-setup.inf
+++ /dev/null
@@ -1,28 +0,0 @@
-[General]
-AdminDomain = internet2.edu
-ConfigDirectoryAdminID = admin
-ConfigDirectoryAdminPwd = admin
-ConfigDirectoryLdapURL = ldap://localhost:389/o=NetscapeRoot
-FullMachineName = localhost
-ServerRoot = /usr/lib64/dirsrv
-SuiteSpotGroup = nobody
-SuiteSpotUserID = nobody
-
-[admin]
-Port = 9830
-ServerAdminID = admin
-ServerAdminPwd = admin
-ServerIpAddress = 0.0.0.0
-SysUser = nobody
-
-[slapd]
-AddOrgEntries = No
-AddSampleEntries = No
-InstallLdifFile = suggest
-RootDN = cn=Directory Manager
-RootDNPwd = password
-ServerIdentifier = dir
-ServerPort = 389
-SlapdConfigForMC = yes
-Suffix = dc=internet2,dc=edu
-UseExistingMC = No
diff --git a/demo/complex/directory/container_files/seed-data/users.ldif b/demo/complex/directory/container_files/seed-data/users.ldif
deleted file mode 100644
index 5381f7d..0000000
--- a/demo/complex/directory/container_files/seed-data/users.ldif
+++ /dev/null
@@ -1,20 +0,0 @@
-dn: cn=admin,dc=internet2,dc=edu
-objectClass: simpleSecurityObject
-objectClass: organizationalRole
-cn: admin
-userPassword: password
-description: LDAP administrator
-
-dn: cn=users,ou=Groups,dc=internet2,dc=edu
-objectClass: groupOfUniqueNames
-objectClass: top
-uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu
-uniqueMember: uid=jsmith,ou=People,dc=internet2,dc=edu
-cn: users
-
-dn: ou=Courses,ou=Groups,dc=internet2,dc=edu
-objectClass: top
-objectClass: organizationalUnit
-ou: Courses
-
-
diff --git a/demo/complex/docker-compose.yml b/demo/complex/docker-compose.yml
deleted file mode 100644
index d35f63e..0000000
--- a/demo/complex/docker-compose.yml
+++ /dev/null
@@ -1,307 +0,0 @@
-version: "3.3"
-
-services:
- grouper_daemon:
- build: ./grouper_daemon/
- command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec daemon"
- depends_on:
- - grouper_data
- - directory
- environment:
- - ENV
- - USERTOKEN
- - GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE=password
- - GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
- - RABBITMQ_PASSWORD_FILE=/run/secrets/rabbitmq_password.txt
- - SUBJECT_SOURCE_LDAP_PASSWORD=password
- networks:
- net:
- aliases:
- - grouper-daemon
- secrets:
- - g_database_password.txt
- - rabbitmq_password.txt
- - source: grouper.hibernate.properties
- target: grouper_grouper.hibernate.properties
- - source: grouper-loader.properties
- target: grouper_grouper-loader.properties
- - source: subject.properties
- target: grouper_subject.properties
- volumes:
- - type: bind
- source: ./configs-and-secrets/grouper/application/grouper.properties
- target: /opt/grouper/conf/grouper.properties
- - type: bind
- source: ./configs-and-secrets/grouper/application/grouper.client.properties
- target: /opt/grouper/conf/grouper.client.properties
-
- grouper_ui:
- build: ./grouper_ui/
- command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ui"
- depends_on:
- - grouper_data
- - directory
- environment:
- - ENV
- - USERTOKEN
- - GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
- - SUBJECT_SOURCE_LDAP_PASSWORD=password
- networks:
- net:
- aliases:
- - grouper-ui
- ports:
- - 4443:443
- secrets:
- - g_database_password.txt
- - source: grouper.hibernate.properties
- target: grouper_grouper.hibernate.properties
- - source: grouper-loader.properties
- target: grouper_grouper-loader.properties
- - source: subject.properties
- target: grouper_subject.properties
- - source: g_sp-key.pem
- target: shib_sp-key.pem
- - source: g_host-key.pem
- target: host-key.pem
- volumes:
- - type: bind
- source: ./configs-and-secrets/grouper/application/grouper.properties
- target: /opt/grouper/conf/grouper.properties
- - type: bind
- source: ./configs-and-secrets/grouper/application/grouper.client.properties
- target: /opt/grouper/conf/grouper.client.properties
- - type: bind
- source: ./configs-and-secrets/grouper/shibboleth/sp-cert.pem
- target: /etc/shibboleth/sp-cert.pem
- - type: bind
- source: ./configs-and-secrets/grouper/shibboleth/shibboleth2.xml
- target: /etc/shibboleth/shibboleth2.xml
- - type: bind
- source: ./configs-and-secrets/grouper/shibboleth/idp-metadata.xml
- target: /etc/shibboleth/idp-metadata.xml
- - type: bind
- source: ./configs-and-secrets/grouper/httpd/host-cert.pem
- target: /etc/pki/tls/certs/host-cert.pem
- - type: bind
- source: ./configs-and-secrets/grouper/httpd/host-cert.pem
- target: /etc/pki/tls/certs/cachain.pem
-
- grouper_ws:
- build: ./grouper_ws/
- command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap to start; sleep 3; done; exec ws"
- depends_on:
- - grouper_data
- - directory
- environment:
- - ENV
- - GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
- - SUBJECT_SOURCE_LDAP_PASSWORD=password
- - USERTOKEN
- networks:
- net:
- aliases:
- - grouper-ws
- ports:
- - 9443:443
- secrets:
- - g_database_password.txt
- - source: grouper.hibernate.properties
- target: grouper_grouper.hibernate.properties
- - source: grouper-loader.properties
- target: grouper_grouper-loader.properties
- - source: subject.properties
- target: grouper_subject.properties
- - source: g_sp-key.pem
- target: shib_sp-key.pem
- - source: g_host-key.pem
- target: host-key.pem
- volumes:
- - type: bind
- source: ./configs-and-secrets/grouper/application/grouper.properties
- target: /opt/grouper/conf/grouper.properties
- - type: bind
- source: ./configs-and-secrets/grouper/application/grouper.client.properties
- target: /opt/grouper/conf/grouper.client.properties
- - type: bind
- source: ./configs-and-secrets/grouper/httpd/host-cert.pem
- target: /etc/pki/tls/certs/host-cert.pem
- - type: bind
- source: ./configs-and-secrets/grouper/httpd/host-cert.pem
- target: /etc/pki/tls/certs/cachain.pem
-
- grouper_data:
- build: ./grouper_data/
- networks:
- net:
- aliases:
- - grouper-data
- ports:
- - 3306:3306
- volumes:
- - grouper_data:/var/lib/mysql
-
- directory:
- build: ./directory/
- ports:
- - 389:389
- networks:
- - net
- volumes:
- - ldap:/var/lib/dirsrv
-
- sources:
- build: ./sources/
- ports:
- - 13306:3306
- networks:
- - net
- volumes:
- - source_data:/var/lib/mysql
-
- targets:
- build: ./targets/
- ports:
- - 23306:389
- networks:
- - net
- volumes:
- - target_data:/var/lib/mysql
-
- midpoint_data:
- image: tier/mariadb:mariadb10
- ports:
- - 33306:3306
- networks:
- net:
- aliases:
- - midpoint-data
- volumes:
- - midpoint_mysql:/var/lib/mysql
- - midpoint_data:/var/lib/mysqlmounted
- environment:
- - CREATE_NEW_DATABASE=if_needed
-
- midpoint_server:
- build: ./midpoint_server/
- depends_on:
- - midpoint_data
- ports:
- - 8443:443
- environment:
- - AUTHENTICATION
- - ENV
- - USERTOKEN
- - REPO_DATABASE_TYPE
- - REPO_JDBC_URL
- - REPO_HOST
- - REPO_PORT
- - REPO_DATABASE
- - REPO_USER
- - REPO_MISSING_SCHEMA_ACTION
- - REPO_UPGRADEABLE_SCHEMA_ACTION
- - REPO_SCHEMA_VERSION_IF_MISSING
- - REPO_SCHEMA_VARIANT
- - MP_MEM_MAX
- - MP_MEM_INIT
- - MP_JAVA_OPTS
- - SSO_HEADER
- - TIER_BEACON_OPT_OUT
- - TIMEZONE
- networks:
- net:
- aliases:
- - midpoint-server
- secrets:
- - mp_database_password.txt
- - mp_keystore_password.txt
- - mp_sp-encrypt-key.pem
- - mp_sp-signing-key.pem
- - mp_host-key.pem
- volumes:
- - midpoint_home:/opt/midpoint/var
- - type: bind
- source: ./configs-and-secrets/midpoint/shibboleth/shibboleth2.xml
- target: /etc/shibboleth/shibboleth2.xml
- - type: bind
- source: ./configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
- target: /etc/shibboleth/idp-metadata.xml
- - type: bind
- source: ./configs-and-secrets/midpoint/shibboleth/sp-signing-cert.pem
- target: /etc/shibboleth/sp-signing-cert.pem
- - type: bind
- source: ./configs-and-secrets/midpoint/shibboleth/sp-encrypt-cert.pem
- target: /etc/shibboleth/sp-encrypt-cert.pem
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
- target: /etc/pki/tls/certs/host-cert.pem
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
- target: /etc/pki/tls/certs/cachain.pem
-
- idp:
- build: ./idp/
- depends_on:
- - directory
- environment:
- - JETTY_MAX_HEAP=64m
- - JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password
- - JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=password
- networks:
- - net
- ports:
- - 443:443
-
- mq:
- build: ./mq/
- environment:
- - RABBITMQ_NODENAME=docker-rabbit
- hostname: rabbitmq
- networks:
- - net
- ports:
- - 15672:15672
- volumes:
- - mq:/var/lib/rabbitmq
-
-networks:
- net:
- driver: bridge
-
-secrets:
-# grouper
- g_host-key.pem:
- file: ./configs-and-secrets/grouper/httpd/host-key.pem
- g_sp-key.pem:
- file: ./configs-and-secrets/grouper/shibboleth/sp-key.pem
- g_database_password.txt:
- file: ./configs-and-secrets/grouper/application/database_password.txt
- rabbitmq_password.txt:
- file: ./configs-and-secrets/grouper/application/rabbitmq_password.txt
- grouper.hibernate.properties:
- file: ./configs-and-secrets/grouper/application/grouper.hibernate.properties
- grouper-loader.properties:
- file: ./configs-and-secrets/grouper/application/grouper-loader.properties
- subject.properties:
- file: ./configs-and-secrets/grouper/application/subject.properties
-# midPoint
- mp_host-key.pem:
- file: ./configs-and-secrets/midpoint/httpd/host-key.pem
- mp_sp-signing-key.pem:
- file: ./configs-and-secrets/midpoint/shibboleth/sp-signing-key.pem
- mp_sp-encrypt-key.pem:
- file: ./configs-and-secrets/midpoint/shibboleth/sp-encrypt-key.pem
- mp_database_password.txt:
- file: ./configs-and-secrets/midpoint/application/database_password.txt
- mp_keystore_password.txt:
- file: ./configs-and-secrets/midpoint/application/keystore_password.txt
-
-volumes:
- grouper_data:
- source_data:
- target_data:
- ldap:
- midpoint_data:
- midpoint_mysql:
- midpoint_home:
- mq:
diff --git a/demo/complex/grouper_daemon/Dockerfile b/demo/complex/grouper_daemon/Dockerfile
deleted file mode 100644
index 4ed3dc7..0000000
--- a/demo/complex/grouper_daemon/Dockerfile
+++ /dev/null
@@ -1,5 +0,0 @@
-FROM tier/grouper:2.4.0-a2-u1-w0-p0
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
-
-CMD ["daemon"]
diff --git a/demo/complex/grouper_data/Dockerfile b/demo/complex/grouper_data/Dockerfile
deleted file mode 100644
index 15d196a..0000000
--- a/demo/complex/grouper_data/Dockerfile
+++ /dev/null
@@ -1,40 +0,0 @@
-FROM tier/grouper:2.4.0-a2-u1-w0-p0
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
-
-RUN yum install -y epel-release \
- && yum update -y \
- && yum install -y mariadb-server mariadb \
- && yum clean all \
- && rm -rf /var/cache/yum
-
-COPY container_files/seed-data/ /seed-data/
-COPY container_files/conf/ /opt/grouper/grouper.apiBinary/conf/
-
-RUN mysql_install_db \
- && chown -R mysql:mysql /var/lib/mysql/ \
- && sed -i 's/^\(bind-address\s.*\)/# \1/' /etc/my.cnf \
- && sed -i 's/^\(log_error\s.*\)/# \1/' /etc/my.cnf \
- && sed -i 's/\[mysqld\]/\[mysqld\]\ncharacter_set_server = utf8/' /etc/my.cnf \
- && sed -i 's/\[mysqld\]/\[mysqld\]\ncollation_server = utf8_general_ci/' /etc/my.cnf \
- && sed -i 's/\[mysqld\]/\[mysqld\]\nport = 3306/' /etc/my.cnf \
- && cat /etc/my.cnf \
- && echo "/usr/bin/mysqld_safe &" > /tmp/config \
- && echo "mysqladmin --silent --wait=30 ping || exit 1" >> /tmp/config \
- && echo "mysql -e 'GRANT ALL PRIVILEGES ON *.* TO \"root\"@\"%\" WITH GRANT OPTION;'" >> /tmp/config \
- && echo "mysql -e 'CREATE DATABASE grouper CHARACTER SET utf8 COLLATE utf8_bin;'" >> /tmp/config \
- && bash /tmp/config \
- && rm -f /tmp/config
-
-RUN (mysqld_safe & ) \
- && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 1; done; \
- bin/gsh -registry -check -runscript -noprompt && \
- echo "Running demo.gsh" && \
- sleep 10 && \
- bin/gsh /seed-data/demo.gsh && \
- echo "demo.gsh DONE" && \
- rm /seed-data/demo.gsh
-
-EXPOSE 3306
-
-CMD mysqld_safe
diff --git a/demo/complex/grouper_data/container_files/conf/grouper-loader.properties b/demo/complex/grouper_data/container_files/conf/grouper-loader.properties
deleted file mode 100644
index 777376c..0000000
--- a/demo/complex/grouper_data/container_files/conf/grouper-loader.properties
+++ /dev/null
@@ -1,64 +0,0 @@
-#################################
-## LDAP connections
-#################################
-# specify the ldap connection with user, pass, url
-# the string after "ldap." is the ID of the connection, and it should not have
-# spaces or other special chars in it. In this case is it "personLdap"
-
-#note the URL should start with ldap: or ldaps: if it is SSL.
-#It should contain the server and port (optional if not default), and baseDn,
-#e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu
-ldap.demo.url = ldap://directory:389/dc=internet2,dc=edu
-
-#optional, if authenticated
-ldap.demo.user = cn=admin,dc=internet2,dc=edu
-#ldap.demo.user = cn=admin
-
-#optional, if authenticated note the password can be stored encrypted in an external file
-#ldap.demo.pass = ${java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD')}
-ldap.demo.pass = password
-
-#optional, if you are using tls, set this to true. Generally you will not be using an SSL URL to use TLS...
-ldap.demo.tls = false
-
-#optional, if using sasl
-#ldap.personLdap.saslAuthorizationId =
-#ldap.personLdap.saslRealm =
-
-#optional (note, time limit is for search operations, timeout is for connection timeouts),
-#most of these default to vt-ldap defaults. times are in millis
-#validateOnCheckout defaults to true if all other validate methods are false
-#ldap.personLdap.batchSize =
-#ldap.personLdap.countLimit =
-#ldap.personLdap.timeLimit =
-#ldap.personLdap.timeout =
-#ldap.personLdap.minPoolSize =
-#ldap.personLdap.maxPoolSize =
-#ldap.personLdap.validateOnCheckIn =
-#ldap.personLdap.validateOnCheckOut =
-#ldap.personLdap.validatePeriodically =
-#ldap.personLdap.validateTimerPeriod =
-#ldap.personLdap.pruneTimerPeriod =
-#if connections expire after a certain amount of time, this is it, in millis, defaults to 300000 (5 minutes)
-#ldap.personLdap.expirationTime =
-
-#make the paths fully qualified and not relative to the loader group.
-loader.ldap.requireTopStemAsStemFromConfigGroup=false
-
-#####################################
-## Messaging integration with change log
-#####################################
-changeLog.consumer.rabbitMqMessagingSample.quartzCron = 0 * * * * ?
-
-# note, change "messagingSample" in key to be the name of the consumer. e.g. changeLog.consumer.someNameAnyName.class
-changeLog.consumer.rabbitMqMessagingSample.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
-
-changeLog.consumer.rabbitMqMessagingSample.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher
-changeLog.consumer.rabbitMqMessagingSample.publisher.messagingSystemName = rabbitmq
-# note, routingKey property is valid only for rabbitmq. For other messaging systems, it is ignored.
-changeLog.consumer.rabbitMqMessagingSample.publisher.routingKey =
-## queue or topic
-changeLog.consumer.rabbitMqMessagingSample.publisher.messageQueueType = queue
-changeLog.consumer.rabbitMqMessagingSample.publisher.queueOrTopicName = sampleQueue
-## this is optional if not using "id" for subjectId, need to be a subject attribute in the sources.xml
-#changeLog.consumer.rabbitMqMessagingSample.publisher.addSubjectAttributes = email
diff --git a/demo/complex/grouper_data/container_files/conf/grouper.hibernate.properties b/demo/complex/grouper_data/container_files/conf/grouper.hibernate.properties
deleted file mode 100644
index 154b8eb..0000000
--- a/demo/complex/grouper_data/container_files/conf/grouper.hibernate.properties
+++ /dev/null
@@ -1,29 +0,0 @@
-#
-# Grouper Hibernate Configuration
-# $Id: grouper.hibernate.example.properties,v 1.9 2009-08-11 20:18:09 mchyzer Exp $
-#
-
-# The grouper hibernate config uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from grouper.hibernate.base.properties
-# (which should not be edited), and the grouper.hibernate.properties overlays
-# the base settings. See the grouper.hibernate.base.properties for the possible
-# settings that can be applied to the grouper.hibernate.properties
-
-########################################
-## DB settings
-########################################
-
-# e.g. mysql: jdbc:mysql://localhost:3306/grouper
-# e.g. p6spy (log sql): [use the URL that your DB requires]
-# e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid
-# e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true
-# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper
-# e.g. postgres: jdbc:postgresql://localhost:5432/database
-# e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper
-hibernate.connection.url = jdbc:mysql://localhost:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8
-
-hibernate.connection.username = root
-# If you are using an empty password, depending upon your version of
-# Java and Ant you may need to specify a password of "".
-# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122
-hibernate.connection.password =
diff --git a/demo/complex/grouper_data/container_files/conf/grouper.properties b/demo/complex/grouper_data/container_files/conf/grouper.properties
deleted file mode 100644
index c931287..0000000
--- a/demo/complex/grouper_data/container_files/conf/grouper.properties
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Grouper Configuration
-# $Id: grouper.example.properties,v 1.48 2009-12-16 06:02:30 mchyzer Exp $
-#
-
-# Grouper uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from grouper.base.properties
-# (which should not be edited), and the grouper.properties overlays
-# the base settings. See the grouper.base.properties for the possible
-# settings that can be applied to the grouper.properties
-
-#if groups like the wheel group should be auto-created for convenience (note: check config needs to be on)
-configuration.autocreate.system.groups = true
-
-# A wheel group allows you to enable non-GrouperSystem subjects to act
-# like a root user when interacting with the registry.
-groups.wheel.use = true
-
-# Set to the name of the group you want to treat as the wheel group.
-# The members of this group will be treated as root-like users.
-groups.wheel.group = etc:sysadmingroup
-
-# Used to allow Include Exclude groups
-grouperIncludeExclude.use = true
-grouperIncludeExclude.requireGroups.use = true
diff --git a/demo/complex/grouper_data/container_files/conf/subject.properties b/demo/complex/grouper_data/container_files/conf/subject.properties
deleted file mode 100644
index 4a31712..0000000
--- a/demo/complex/grouper_data/container_files/conf/subject.properties
+++ /dev/null
@@ -1,78 +0,0 @@
-#subject.sources.xml.location =
-
-subjectApi.source.ldap.param.ldapServerId.value = demo
-
-subjectApi.source.ldap.id = ldap
-subjectApi.source.ldap.name = EDU Ldap
-subjectApi.source.ldap.types = person
-subjectApi.source.ldap.adapterClass = edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter
-#subjectApi.source.ldap.param.INITIAL_CONTEXT_FACTORY.value = com.sun.jndi.ldap.LdapCtxFactory
-#subjectApi.source.ldap.param.PROVIDER_URL.value = ldap://localhost:389
-#subjectApi.source.ldap.param.SECURITY_AUTHENTICATION.value = simple
-#subjectApi.source.ldap.param.SECURITY_PRINCIPAL.value = cn=admin,dc=internet2,dc=edu
-#subjectApi.source.ldap.param.SECURITY_CREDENTIALS.value = password
-#subjectApi.source.ldap.param.VTLDAP_VALIDATOR.value = ConnectLdapValidator
-
-subjectApi.source.ldap.param.SubjectID_AttributeType.value = uid
-subjectApi.source.ldap.param.SubjectID_formatToLowerCase.value = false
-subjectApi.source.ldap.param.Name_AttributeType.value = cn
-subjectApi.source.ldap.param.Description_AttributeType.value = cn
-subjectApi.source.ldap.param.subjectVirtualAttribute_0_searchAttribute0.value = ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")}
-subjectApi.source.ldap.param.sortAttribute0.value = cn
-subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0
-
-# STATUS SECTION for searches to filter out inactives and allow
-# the user to filter by status with e.g. status=all
-# this is optional, and advanced
-#
-# field in database or ldap or endpoint that is the status field
-#subjectApi.source.example.param.statusDatastoreFieldName.value = status
-
-# search string from user which represents the status. e.g. status=active
-#subjectApi.source.example.param.statusLabel.value = status
-
-# available statuses from screen (if not specified, any will be allowed). comma separated list.
-# Note, this is optional and you probably dont want to configure it, it is mostly necessary
-# when you have multiple sources with statuses... if someone types an invalid status
-# and you have this configured, it will not filter by it
-#subjectApi.source.example.param.statusesFromUser.value = Active, Inactive, Pending, All
-
-# all label from the user
-#subjectApi.source.example.param.statusAllFromUser.value = All
-
-# if no status is specified, this will be used (e.g. for active only). Note, the value should be of the
-# form the user would type in
-#subjectApi.source.example.param.statusSearchDefault.value = status=active
-
-# translate between screen values of status, and the data store value. Increment the 0 to 1, 2, etc for more translations.
-# so the user could enter: status=active, and that could translate to status_col=A. The 'user' is what the user types in,
-# the 'datastore' is what is in the datastore. The user part is not case-sensitive. Note, this could be a many to one
-#subjectApi.source.example.param.statusTranslateUser0.value = active
-#subjectApi.source.example.param.statusTranslateDatastore0.value = A
-
-# subject identifier to store in grouper's member table. this is used to increase speed of loader and perhaps for provisioning
-# you can have up to max 1 subject identifier
-#subjectApi.source.example.param.subjectIdentifierAttribute0.value = uid
-
-#searchSubject: find a subject by ID. ID is generally an opaque and permanent identifier, e.g. 12345678.
-# Each subject has one and only on ID. Returns one result when searching for one ID.
-subjectApi.source.ldap.search.searchSubject.param.filter.value = (&(uid=%TERM%)(objectclass=person))
-subjectApi.source.ldap.search.searchSubject.param.scope.value = SUBTREE_SCOPE
-subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people
-
-#searchSubjectByIdentifier: find a subject by identifier. Identifier is anything that uniquely
-# identifies the user, e.g. jsmith or jsmith@institution.edu.
-# Subjects can have multiple identifiers. Note: it is nice to have if identifiers are unique
-# even across sources. Returns one result when searching for one identifier.
-subjectApi.source.ldap.search.searchSubjectByIdentifier.param.filter.value = (&(|(uid=%TERM%)(employeeNumber=%TERM%))(objectclass=person))
-subjectApi.source.ldap.search.searchSubjectByIdentifier.param.scope.value = SUBTREE_SCOPE
-subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value = ou=people
-
-# search: find subjects by free form search. Returns multiple results.
-
-subjectApi.source.ldap.search.search.param.filter.value = (&(|(|(uid=%TERM%)(cn=*%TERM%*))(uid=%TERM%*))(objectclass=person))
-subjectApi.source.ldap.search.search.param.scope.value = SUBTREE_SCOPE
-subjectApi.source.ldap.search.search.param.base.value = ou=people
-
-subjectApi.source.ldap.attributes = givenName, sn, uid, mail, employeeNumber
-subjectApi.source.ldap.internalAttributes = searchAttribute0
diff --git a/demo/complex/grouper_data/container_files/seed-data/demo.gsh b/demo/complex/grouper_data/container_files/seed-data/demo.gsh
deleted file mode 100644
index e584add..0000000
--- a/demo/complex/grouper_data/container_files/seed-data/demo.gsh
+++ /dev/null
@@ -1,79 +0,0 @@
-System.out.println("************** demo.gsh starting...");
-
-gs = GrouperSession.startRootSession();
-
-addStem("", "app", "app")
-addStem("", "basis", "basis")
-addStem("", "bundle", "bundle")
-addStem("", "org", "org")
-addStem("", "test", "test")
-addStem("", "midpoint", "midpoint")
-
-addRootStem("ref", "ref")
-addStem("ref", "course", "course")
-addStem("ref", "affiliation", "affiliation")
-
-group = new GroupSave(gs).assignName("etc:affiliationLoader").assignCreateParentStemsIfNotExist(true).save();
-group.getAttributeDelegate().assignAttribute(LoaderLdapUtils.grouperLoaderLdapAttributeDefName()).getAttributeAssign();
-attributeAssign = group.getAttributeDelegate().retrieveAssignment(null, LoaderLdapUtils.grouperLoaderLdapAttributeDefName(), false, true);
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapQuartzCronName(), "0 * * * * ?");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_GROUPS_FROM_ATTRIBUTES");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "demo");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(eduPersonAffiliation=*)");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=People");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "uid");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSourceIdName(), "ldap");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupAttributeName(), "eduPersonAffiliation");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectId");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupNameExpressionName(), 'ref:affiliation:${groupAttribute}_systemOfRecord');
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupDisplayNameExpressionName(), '${groupAttribute} system of record');
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupTypesName(), "addIncludeExclude");
-
-group = new GroupSave(gs).assignName("etc:deptLoader").assignCreateParentStemsIfNotExist(true).save();
-group.getAttributeDelegate().assignAttribute(LoaderLdapUtils.grouperLoaderLdapAttributeDefName()).getAttributeAssign();
-attributeAssign = group.getAttributeDelegate().retrieveAssignment(null, LoaderLdapUtils.grouperLoaderLdapAttributeDefName(), false, true);
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapQuartzCronName(), "0 * * * * ?");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_GROUPS_FROM_ATTRIBUTES");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "demo");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(businessCategory=*)");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=People");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "uid");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSourceIdName(), "ldap");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupAttributeName(), "businessCategory");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectId");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupNameExpressionName(), 'ref:dept:${groupAttribute}');
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupDisplayNameExpressionName(), '${groupAttribute}');
-
-group = new GroupSave(gs).assignName("etc:coursesLoader").assignCreateParentStemsIfNotExist(true).save();
-group.getAttributeDelegate().assignAttribute(LoaderLdapUtils.grouperLoaderLdapAttributeDefName()).getAttributeAssign();
-attributeAssign = group.getAttributeDelegate().retrieveAssignment(null, LoaderLdapUtils.grouperLoaderLdapAttributeDefName(), false, true);
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapQuartzCronName(), "0 * * * * ?");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_GROUP_LIST");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(cn=*)");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=Courses,ou=Groups");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "demo");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSourceIdName(), "ldap");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectExpressionName(), '${loaderLdapElUtils.convertDnToSpecificValue(subjectId)}');
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "uniqueMember");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectId");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapExtraAttributesName(), "cn");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapGroupNameExpressionName(), 'ref:course:${groupAttributes["cn"]}');
-
-group = GroupFinder.findByName(gs, "etc:sysadmingroup", true);
-group.getAttributeDelegate().assignAttribute(LoaderLdapUtils.grouperLoaderLdapAttributeDefName()).getAttributeAssign();
-attributeAssign = group.getAttributeDelegate().retrieveAssignment(null, LoaderLdapUtils.grouperLoaderLdapAttributeDefName(), false, true);
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapQuartzCronName(), "0 * * * * ?");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_SIMPLE");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(cn=sysadmingroup)");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=Groups");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "demo");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSourceIdName(), "ldap");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectExpressionName(), '${loaderLdapElUtils.convertDnToSpecificValue(subjectId)}');
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "uniqueMember");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectId");
-
-midpointGroupsGroup = new GroupSave(gs).assignName("etc:midpointGroups").assignCreateParentStemsIfNotExist(true).save();
-testGroup = new GroupSave(gs).assignName("midpoint:test").assignCreateParentStemsIfNotExist(true).save();
-
-s = SubjectFinder.findById(testGroup.getId(), 'group', 'g:gsa');
-midpointGroupsGroup.addMember(s, false);
diff --git a/demo/complex/grouper_ui/Dockerfile b/demo/complex/grouper_ui/Dockerfile
deleted file mode 100644
index 3551f04..0000000
--- a/demo/complex/grouper_ui/Dockerfile
+++ /dev/null
@@ -1,7 +0,0 @@
-FROM tier/grouper:2.4.0-a2-u1-w0-p0
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
-
-#COPY in custom css, images, etc
-
-CMD ["ui"]
diff --git a/demo/complex/grouper_ui/container_files/shibboleth/shibd.logger b/demo/complex/grouper_ui/container_files/shibboleth/shibd.logger
deleted file mode 100644
index 2589b43..0000000
--- a/demo/complex/grouper_ui/container_files/shibboleth/shibd.logger
+++ /dev/null
@@ -1,69 +0,0 @@
-# set overall behavior
-log4j.rootCategory=DEBUG, shibd_log, warn_log
-
-# fairly verbose for DEBUG, so generally leave at DEBUG
-log4j.category.XMLTooling.XMLObject=DEBUG
-log4j.category.XMLTooling.KeyInfoResolver=DEBUG
-log4j.category.Shibboleth.IPRange=DEBUG
-log4j.category.Shibboleth.PropertySet=DEBUG
-
-# raise for low-level tracing of SOAP client HTTP/SSL behavior
-log4j.category.XMLTooling.libcurl=DEBUG
-
-# useful categories to tune independently:
-#
-# tracing of SAML messages and security policies
-#log4j.category.OpenSAML.MessageDecoder=DEBUG
-#log4j.category.OpenSAML.MessageEncoder=DEBUG
-#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
-#log4j.category.XMLTooling.SOAPClient=DEBUG
-# interprocess message remoting
-#log4j.category.Shibboleth.Listener=DEBUG
-# mapping of requests to applicationId
-#log4j.category.Shibboleth.RequestMapper=DEBUG
-# high level session cache operations
-#log4j.category.Shibboleth.SessionCache=DEBUG
-# persistent storage and caching
-#log4j.category.XMLTooling.StorageService=DEBUG
-
-# logs XML being signed or verified if set to DEBUG
-log4j.category.XMLTooling.Signature.Debugger=DEBUG, sig_log
-log4j.additivity.XMLTooling.Signature.Debugger=false
-
-# the tran log blocks the "default" appender(s) at runtime
-# Level should be left at DEBUG for this category
-log4j.category.Shibboleth-TRANSACTION=DEBUG, tran_log
-log4j.additivity.Shibboleth-TRANSACTION=false
-# uncomment to suppress particular event types
-#log4j.category.Shibboleth-TRANSACTION.AuthnRequest=WARN
-#log4j.category.Shibboleth-TRANSACTION.Login=WARN
-#log4j.category.Shibboleth-TRANSACTION.Logout=WARN
-
-# define the appenders
-
-log4j.appender.shibd_log=org.apache.log4j.RollingFileAppender
-log4j.appender.shibd_log.fileName=/var/log/shibboleth/shibd.log
-log4j.appender.shibd_log.maxFileSize=1000000
-log4j.appender.shibd_log.maxBackupIndex=10
-log4j.appender.shibd_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.shibd_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-
-log4j.appender.warn_log=org.apache.log4j.RollingFileAppender
-log4j.appender.warn_log.fileName=/var/log/shibboleth/shibd_warn.log
-log4j.appender.warn_log.maxFileSize=1000000
-log4j.appender.warn_log.maxBackupIndex=10
-log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.warn_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-log4j.appender.warn_log.threshold=WARN
-
-log4j.appender.tran_log=org.apache.log4j.RollingFileAppender
-log4j.appender.tran_log.fileName=/var/log/shibboleth/transaction.log
-log4j.appender.tran_log.maxFileSize=1000000
-log4j.appender.tran_log.maxBackupIndex=20
-log4j.appender.tran_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.tran_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-
-log4j.appender.sig_log=org.apache.log4j.FileAppender
-log4j.appender.sig_log.fileName=/var/log/shibboleth/signature.log
-log4j.appender.sig_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.sig_log.layout.ConversionPattern=%m
diff --git a/demo/complex/grouper_ws/Dockerfile b/demo/complex/grouper_ws/Dockerfile
deleted file mode 100644
index ca4cf1a..0000000
--- a/demo/complex/grouper_ws/Dockerfile
+++ /dev/null
@@ -1,9 +0,0 @@
-FROM tier/grouper:2.4.0-a2-u1-w0-p0
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
-
-COPY container_files/web.xml /opt/grouper/grouper.ws/WEB-INF/
-COPY container_files/tomcat-users.xml /opt/tomcat/conf/
-COPY container_files/server.xml /opt/tomcat/conf/
-
-CMD ["ws"]
diff --git a/demo/complex/grouper_ws/container_files/server.xml b/demo/complex/grouper_ws/container_files/server.xml
deleted file mode 100644
index 3c919f5..0000000
--- a/demo/complex/grouper_ws/container_files/server.xml
+++ /dev/null
@@ -1,180 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<!-- Note: A "Server" is not itself a "Container", so you may not
- define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/server.html
- -->
-<Server port="8005" shutdown="SHUTDOWN">
- <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
- <!-- Security listener. Documentation at /docs/config/listeners.html
- <Listener className="org.apache.catalina.security.SecurityListener" />
- -->
- <!--APR library loader. Documentation at /docs/apr.html -->
- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
- <!-- Prevent memory leaks due to use of particular java/javax APIs-->
- <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
- <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
- <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
-
- <!-- Global JNDI resources
- Documentation at /docs/jndi-resources-howto.html
- -->
- <GlobalNamingResources>
- <!-- Editable user database that can also be used by
- UserDatabaseRealm to authenticate users
- -->
- <Resource name="UserDatabase" auth="Container"
- type="org.apache.catalina.UserDatabase"
- description="User database that can be updated and saved"
- factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
- pathname="conf/tomcat-users.xml" />
- </GlobalNamingResources>
-
- <!-- A "Service" is a collection of one or more "Connectors" that share
- a single "Container" Note: A "Service" is not itself a "Container",
- so you may not define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/service.html
- -->
- <Service name="Catalina">
-
- <!--The connectors can use a shared executor, you can define one or more named thread pools-->
- <!--
- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
- maxThreads="150" minSpareThreads="4"/>
- -->
-
-
- <!-- A "Connector" represents an endpoint by which requests are received
- and responses are returned. Documentation at :
- Java HTTP Connector: /docs/config/http.html
- Java AJP Connector: /docs/config/ajp.html
- APR (HTTP/AJP) Connector: /docs/apr.html
- Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
- -->
- <Connector port="8080" protocol="HTTP/1.1" URIEncoding="UTF-8"
- connectionTimeout="20000"
- redirectPort="8443" />
- <!-- A "Connector" using the shared thread pool-->
- <!--
- <Connector executor="tomcatThreadPool"
- port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
- -->
- <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
- This connector uses the NIO implementation. The default
- SSLImplementation will depend on the presence of the APR/native
- library and the useOpenSSL attribute of the
- AprLifecycleListener.
- Either JSSE or OpenSSL style configuration may be used regardless of
- the SSLImplementation selected. JSSE style configuration is used below.
- -->
- <!--
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true">
- <SSLHostConfig>
- <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
- -->
- <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
- This connector uses the APR/native implementation which always uses
- OpenSSL for TLS.
- Either JSSE or OpenSSL style configuration may be used. OpenSSL style
- configuration is used below.
- -->
- <!--
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
- maxThreads="150" SSLEnabled="true" >
- <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
- <SSLHostConfig>
- <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
- certificateFile="conf/localhost-rsa-cert.pem"
- certificateChainFile="conf/localhost-rsa-chain.pem"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
- -->
-
- <!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" />
-
-
- <!-- An Engine represents the entry point (within Catalina) that processes
- every request. The Engine implementation for Tomcat stand alone
- analyzes the HTTP headers included with the request, and passes them
- on to the appropriate Host (virtual host).
- Documentation at /docs/config/engine.html -->
-
- <!-- You should set jvmRoute to support load-balancing via AJP ie :
- <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
- -->
- <Engine name="Catalina" defaultHost="localhost">
-
- <!--For clustering, please take a look at documentation at:
- /docs/cluster-howto.html (simple how to)
- /docs/config/cluster.html (reference documentation) -->
- <!--
- <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
- -->
-
- <!-- Use the LockOutRealm to prevent attempts to guess user passwords
- via a brute-force attack -->
- <Realm className="org.apache.catalina.realm.LockOutRealm">
- <!-- This Realm uses the UserDatabase configured in the global JNDI
- resources under the key "UserDatabase". Any edits
- that are performed against this UserDatabase are immediately
- available for use by the Realm. -->
- <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
- resourceName="UserDatabase"/> <!-- we can log in with tomcat-users.xml accounts -->
-
- <Realm className="org.apache.catalina.realm.JNDIRealm"
- connectionURL="ldap://directory"
- userBase="ou=people,dc=internet2,dc=edu"
- userSearch="(uid={0})"
- userSubtree="true"
- connectionName="cn=admin,dc=internet2,dc=edu"
- connectionPassword="password"
- allRolesMode="authOnly" /> <!-- Or we can log in with ldap accounts -->
- </Realm>
-
- <!-- Define the default virtual host
- Note: XML Schema validation will not work with Xerces 2.2.
- -->
-
- <Host name="localhost" appBase="webapps"
- unpackWARs="true" autoDeploy="true">
-
- <!-- SingleSignOn valve, share authentication between web applications
- Documentation at: /docs/config/valve.html -->
- <!--
- <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
- -->
-
- <!-- Access log processes all example.
- Documentation at: /docs/config/valve.html
- Note: The pattern used is equivalent to using pattern="common" -->
- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
- prefix="localhost_access_log" suffix=".txt"
- pattern="%h %l %u %t "%r" %s %b" />
-
- </Host>
- </Engine>
- </Service>
-</Server>
diff --git a/demo/complex/grouper_ws/container_files/tomcat-users.xml b/demo/complex/grouper_ws/container_files/tomcat-users.xml
deleted file mode 100644
index f5d6945..0000000
--- a/demo/complex/grouper_ws/container_files/tomcat-users.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<tomcat-users xmlns="http://tomcat.apache.org/xml"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
- version="1.0">
-<role rolename="grouper_user"/>
-<user username="banderson" password="password1" roles="grouper_user"/>
-<!--
- NOTE: By default, no user is included in the "manager-gui" role required
- to operate the "/manager/html" web application. If you wish to use this app,
- you must define such a user - the username and password are arbitrary. It is
- strongly recommended that you do NOT use one of the users in the commented out
- section below since they are intended for use with the examples web
- application.
--->
-<!--
- NOTE: The sample user and role entries below are intended for use with the
- examples web application. They are wrapped in a comment and thus are ignored
- when reading this file. If you wish to configure these users for use with the
- examples web application, do not forget to remove the <!.. ..> that surrounds
- them. You will also need to set the passwords to something appropriate.
--->
-<!--
- <role rolename="tomcat"/>
- <role rolename="role1"/>
- <user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
- <user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
- <user username="role1" password="<must-be-changed>" roles="role1"/>
--->
-</tomcat-users>
\ No newline at end of file
diff --git a/demo/complex/grouper_ws/container_files/web.xml b/demo/complex/grouper_ws/container_files/web.xml
deleted file mode 100644
index 03d3deb..0000000
--- a/demo/complex/grouper_ws/container_files/web.xml
+++ /dev/null
@@ -1,128 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-
-
-<!DOCTYPE web-app PUBLIC
- "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
- "http://java.sun.com/dtd/web-app_2_3.dtd">
-
-<web-app>
- <filter>
- <!-- keeps the request and response in threadlocal so they dont have to be passed around -->
- <filter-name>Grouper service filter</filter-name>
- <filter-class>edu.internet2.middleware.grouper.ws.GrouperServiceJ2ee</filter-class>
- </filter>
-
- <filter>
- <!-- logging filter -->
- <filter-name>Grouper logging filter</filter-name>
- <filter-class>edu.internet2.middleware.grouper.ws.j2ee.ServletFilterLogger</filter-class>
- </filter>
-
- <!-- filter-mapping>
- <filter-name>Grouper logging filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping -->
- <!-- Map the filter to a Servlet or URL -->
- <filter-mapping>
- <filter-name>Grouper service filter</filter-name>
- <url-pattern>/services/*</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>Grouper service filter</filter-name>
- <url-pattern>/servicesRest/*</url-pattern>
- </filter-mapping>
- <servlet>
- <servlet-name>AxisServlet</servlet-name>
- <display-name>Apache-Axis Servlet</display-name>
- <servlet-class>edu.internet2.middleware.grouper.ws.GrouperServiceAxisServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- <!-- hint that this is the wssec servlet -->
- <!-- init-param>
- <param-name>wssec</param-name>
- <param-value>true</param-value>
- </init-param -->
- </servlet>
- <servlet>
- <servlet-name>RestServlet</servlet-name>
- <display-name>WS REST Servlet</display-name>
- <servlet-class>edu.internet2.middleware.grouper.ws.rest.GrouperRestServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet>
- <servlet-name>StatusServlet</servlet-name>
- <display-name>Status Servlet</display-name>
- <servlet-class>edu.internet2.middleware.grouper.j2ee.status.GrouperStatusServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>StatusServlet</servlet-name>
- <url-pattern>/status</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>AxisServlet</servlet-name>
- <url-pattern>/services/*</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>RestServlet</servlet-name>
- <url-pattern>/servicesRest/*</url-pattern>
- </servlet-mapping>
-
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>Web services</web-resource-name>
- <url-pattern>/services/*</url-pattern>
- </web-resource-collection>
- <auth-constraint>
- <role-name>*</role-name>
- </auth-constraint>
- </security-constraint>
-
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>Web services</web-resource-name>
- <url-pattern>/servicesRest/*</url-pattern>
- </web-resource-collection>
- <auth-constraint>
- <!-- NOTE: This role is not present in the default users file -->
- <role-name>*</role-name>
- </auth-constraint>
- </security-constraint>
-
- <!-- Define the Login Configuration for this Application -->
- <login-config>
- <auth-method>BASIC</auth-method>
- <realm-name>Grouper Application</realm-name>
- </login-config>
-
- <!-- Security roles referenced by this web application -->
- <security-role>
- <description>
- The role that is required to log in to web service
- </description>
- <role-name>*</role-name>
- </security-role>
-
- <session-config>
- <session-timeout>1</session-timeout>
- </session-config>
- <!-- config to enable ESB listener servlet
- <servlet>
- <servlet-name>EsbServlet</servlet-name>
- <display-name>Esb Servlet</display-name>
- <servlet-class>edu.internet2.middleware.grouper.esb.EsbHttpHandler</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>EsbServlet</servlet-name>
- <url-pattern>/servicesEsb/*</url-pattern>
- </servlet-mapping>
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>Web services</web-resource-name>
- <url-pattern>/servicesEsb/*</url-pattern>
- </web-resource-collection>
- <auth-constraint>
- <role-name>grouper_user</role-name>
- </auth-constraint>
- </security-constraint> -->
-</web-app>
diff --git a/demo/complex/idp/Dockerfile b/demo/complex/idp/Dockerfile
deleted file mode 100644
index 0f6f508..0000000
--- a/demo/complex/idp/Dockerfile
+++ /dev/null
@@ -1,5 +0,0 @@
-FROM tier/shib-idp
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
-
-COPY shibboleth-idp/ /opt/shibboleth-idp/
diff --git a/demo/complex/idp/shibboleth-idp/conf/attribute-filter.xml b/demo/complex/idp/shibboleth-idp/conf/attribute-filter.xml
deleted file mode 100644
index 21ffdb8..0000000
--- a/demo/complex/idp/shibboleth-idp/conf/attribute-filter.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- This file is an EXAMPLE policy file. While the policy presented in this
- example file is illustrative of some simple cases, it relies on the names of
- non-existent example services and the example attributes demonstrated in the
- default attribute-resolver.xml file.
-
- Deployers should refer to the documentation for a complete list of components
- and their options.
--->
-<afp:AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
- xmlns:afp="urn:mace:shibboleth:2.0:afp"
- xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic"
- xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd
- urn:mace:shibboleth:2.0:afp:mf:basic http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd
- urn:mace:shibboleth:2.0:afp:mf:saml http://shibboleth.net/schema/idp/shibboleth-afp-mf-saml.xsd">
-
- <!-- Release some attributes to an SP. -->
- <afp:AttributeFilterPolicy id="example1">
- <afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://grouperdemo/shibboleth" />
-
- <afp:AttributeRule attributeID="eduPersonPrincipalName">
- <afp:PermitValueRule xsi:type="basic:ANY" />
- </afp:AttributeRule>
-
- <afp:AttributeRule attributeID="uid">
- <afp:PermitValueRule xsi:type="basic:ANY" />
- </afp:AttributeRule>
-
- <afp:AttributeRule attributeID="mail">
- <afp:PermitValueRule xsi:type="basic:ANY" />
- </afp:AttributeRule>
-
- </afp:AttributeFilterPolicy>
-
- <afp:AttributeFilterPolicy id="midpoint">
- <afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://midpointdemo/shibboleth" />
-
- <afp:AttributeRule attributeID="uid">
- <afp:PermitValueRule xsi:type="basic:ANY" />
- </afp:AttributeRule>
-
- </afp:AttributeFilterPolicy>
-
-</afp:AttributeFilterPolicyGroup>
diff --git a/demo/complex/idp/shibboleth-idp/conf/attribute-resolver.xml b/demo/complex/idp/shibboleth-idp/conf/attribute-resolver.xml
deleted file mode 100644
index ee9519f..0000000
--- a/demo/complex/idp/shibboleth-idp/conf/attribute-resolver.xml
+++ /dev/null
@@ -1,293 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- This file is an EXAMPLE configuration file containing lots of commented
- example attributes, encoders, and a couple of example data connectors.
-
- Not all attribute definitions or data connectors are demonstrated, but
- a variety of LDAP attributes, some common to Shibboleth deployments and
- many not, are included.
-
- Deployers should refer to the Shibboleth 2 documentation for a complete
- list of components and their options.
--->
-<resolver:AttributeResolver
- xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
- xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
- xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad"
- xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
- xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder"
- xmlns:sec="urn:mace:shibboleth:2.0:security"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
- urn:mace:shibboleth:2.0:resolver:pc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-pc.xsd
- urn:mace:shibboleth:2.0:resolver:ad http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-ad.xsd
- urn:mace:shibboleth:2.0:resolver:dc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-dc.xsd
- urn:mace:shibboleth:2.0:attribute:encoder http://shibboleth.net/schema/idp/shibboleth-attribute-encoder.xsd
- urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd">
-
- <!-- ========================================== -->
- <!-- Attribute Definitions -->
- <!-- ========================================== -->
-
- <!-- Schema: Core schema attributes-->
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="uid" sourceAttributeID="uid">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="mail" sourceAttributeID="mail">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
- </resolver:AttributeDefinition>
-<!--
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="homePhone" sourceAttributeID="homePhone">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:homePhone" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.20" friendlyName="homePhone" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="homePostalAddress" sourceAttributeID="homePostalAddress">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:homePostalAddress" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.39" friendlyName="homePostalAddress" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="mobileNumber" sourceAttributeID="mobile">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:mobile" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.41" friendlyName="mobile" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="pagerNumber" sourceAttributeID="pager">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:pager" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.42" friendlyName="pager" encodeType="false" />
- </resolver:AttributeDefinition>
--->
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="surname" sourceAttributeID="sn">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:sn" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.4" friendlyName="sn" encodeType="false" />
- </resolver:AttributeDefinition>
-<!--
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="locality" sourceAttributeID="l">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:l" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.7" friendlyName="l" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="stateProvince" sourceAttributeID="st">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:st" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.8" friendlyName="st" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="street" sourceAttributeID="street">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:street" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.9" friendlyName="street" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="organizationName" sourceAttributeID="o">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:o" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.10" friendlyName="o" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="organizationalUnit" sourceAttributeID="ou">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:ou" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.11" friendlyName="ou" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="title" sourceAttributeID="title">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:title" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.12" friendlyName="title" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="postalAddress" sourceAttributeID="postalAddress">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:postalAddress" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.16" friendlyName="postalAddress" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="postalCode" sourceAttributeID="postalCode">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:postalCode" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.17" friendlyName="postalCode" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="postOfficeBox" sourceAttributeID="postOfficeBox">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:postOfficeBox" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.18" friendlyName="postOfficeBox" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="telephoneNumber" sourceAttributeID="telephoneNumber">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:telephoneNumber" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.20" friendlyName="telephoneNumber" encodeType="false" />
- </resolver:AttributeDefinition>
--->
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="givenName" sourceAttributeID="givenName">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:givenName" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" encodeType="false" />
- </resolver:AttributeDefinition>
-<!--
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="initials" sourceAttributeID="initials">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:initials" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.43" friendlyName="initials" encodeType="false" />
- </resolver:AttributeDefinition>
- -->
-
- <!-- Schema: inetOrgPerson attributes-->
- <!--
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="departmentNumber" sourceAttributeID="departmentNumber">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:departmentNumber" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.16.840.1.113730.3.1.2" friendlyName="departmentNumber" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="displayName" sourceAttributeID="displayName">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:displayName" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.16.840.1.113730.3.1.241" friendlyName="displayName" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="employeeNumber" sourceAttributeID="employeeNumber">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:employeeNumber" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.16.840.1.113730.3.1.3" friendlyName="employeeNumber" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="employeeType" sourceAttributeID="employeeType">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:employeeType" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.16.840.1.113730.3.1.4" friendlyName="employeeType" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="jpegPhoto" sourceAttributeID="jpegPhoto">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:jpegPhoto" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.60" friendlyName="jpegPhoto" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="preferredLanguage" sourceAttributeID="preferredLanguage">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:preferredLanguage" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.16.840.1.113730.3.1.39" friendlyName="preferredLanguage" encodeType="false" />
- </resolver:AttributeDefinition>
- -->
-
- <!-- Schema: eduPerson attributes -->
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="eduPersonAffiliation" sourceAttributeID="cn">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:eduPersonAffiliation" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" friendlyName="eduPersonAffiliation" encodeType="false" />
- </resolver:AttributeDefinition>
-<!--
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="eduPersonEntitlement" sourceAttributeID="eduPersonEntitlement">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="eduPersonNickname" sourceAttributeID="eduPersonNickname">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:eduPersonNickname" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" friendlyName="eduPersonNickname" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="eduPersonPrimaryAffiliation" sourceAttributeID="eduPersonPrimaryAffiliation">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" friendlyName="eduPersonPrimaryAffiliation" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Scoped" id="eduPersonUniqueId" scope="%{idp.scope}" sourceAttributeID="localUniqueId">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" friendlyName="eduPersonUniqueId" encodeType="false" />
- </resolver:AttributeDefinition>
--->
- <resolver:AttributeDefinition xsi:type="ad:Scoped" id="eduPersonPrincipalName" scope="%{idp.scope}" sourceAttributeID="eduPersonPrincipalName">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
- </resolver:AttributeDefinition>
-<!--
- <resolver:AttributeDefinition xsi:type="ad:Prescoped" id="eduPersonPrincipalNamePrior" sourceAttributeID="eduPersonPrincipalNamePrior">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" friendlyName="eduPersonPrincipalNamePrior" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Scoped" id="eduPersonScopedAffiliation" scope="%{idp.scope}" sourceAttributeID="eduPersonAffiliation">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" encodeType="false" />
- </resolver:AttributeDefinition>
-
- <resolver:AttributeDefinition xsi:type="ad:Simple" id="eduPersonAssurance" sourceAttributeID="eduPersonAssurance">
- <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:eduPersonAssurance" encodeType="false" />
- <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" friendlyName="eduPersonAssurance" encodeType="false" />
- </resolver:AttributeDefinition>
- -->
-
- <!-- ========================================== -->
- <!-- Data Connectors -->
- <!-- ========================================== -->
-
- <!-- Example Static Connector -->
- <!--
- <resolver:DataConnector id="staticAttributes" xsi:type="dc:Static">
- <dc:Attribute id="eduPersonAffiliation">
- <dc:Value>member</dc:Value>
- </dc:Attribute>
- </resolver:DataConnector>
- -->
-
- <!-- Example Relational Database Connector -->
- <!--
- <resolver:DataConnector id="mySIS" xsi:type="dc:RelationalDatabase">
- <dc:ApplicationManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
- jdbcURL="jdbc:oracle:thin:@db.example.org:1521:SomeDB"
- jdbcUserName="myid"
- jdbcPassword="mypassword" />
- <dc:QueryTemplate>
- <![CDATA[
- SELECT * FROM student WHERE gzbtpid = '$requestContext.principalName'
- ]]>
- </dc:QueryTemplate>
-
- <dc:Column columnName="gzbtpid" attributeID="uid" />
- <dc:Column columnName="fqlft" attributeID="gpa" />
- </resolver:DataConnector>
- -->
-
- <resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
- ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
- baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
- principal="%{idp.attribute.resolver.LDAP.bindDN}"
- principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
- useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}">
- <dc:FilterTemplate>
- <![CDATA[
- %{idp.attribute.resolver.LDAP.searchFilter}
- ]]>
- </dc:FilterTemplate>
- <!--
- <dc:StartTLSTrustCredential id="LDAPtoIdPCredential" xsi:type="sec:X509ResourceBacked">
- <sec:Certificate>%{idp.attribute.resolver.LDAP.trustCertificates}</sec:Certificate>
- </dc:StartTLSTrustCredential>
- -->
- </resolver:DataConnector>
-
-</resolver:AttributeResolver>
\ No newline at end of file
diff --git a/demo/complex/idp/shibboleth-idp/conf/idp.properties b/demo/complex/idp/shibboleth-idp/conf/idp.properties
deleted file mode 100644
index 4396f49..0000000
--- a/demo/complex/idp/shibboleth-idp/conf/idp.properties
+++ /dev/null
@@ -1,195 +0,0 @@
-# Load any additional property resources from a comma-delimited list
-idp.additionalProperties= /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties
-
-# Set the entityID of the IdP
-idp.entityID= https://idptestbed/idp/shibboleth
-
-# Set the scope used in the attribute resolver for scoped attributes
-idp.scope= example.org
-
-# General cookie properties (maxAge only applies to persistent cookies)
-#idp.cookie.secure = false
-#idp.cookie.httpOnly = true
-#idp.cookie.domain =
-#idp.cookie.path =
-#idp.cookie.maxAge = 31536000
-
-# Set the location of user-supplied web flow definitions
-#idp.webflows = %{idp.home}/flows
-
-# Set the location of Velocity view templates
-#idp.views = %{idp.home}/views
-
-# Settings for internal AES encryption key
-#idp.sealer.storeType = JCEKS
-#idp.sealer.updateInterval = PT15M
-#idp.sealer.aliasBase = secret
-idp.sealer.storeResource= %{idp.home}/credentials/sealer.jks
-idp.sealer.versionResource= %{idp.home}/credentials/sealer.kver
-idp.sealer.storePassword= password
-idp.sealer.keyPassword= password
-
-# Settings for public/private signing and encryption key(s)
-# During decryption key rollover, point the ".2" properties at a second
-# keypair, uncomment in credentials.xml, then publish it in your metadata.
-idp.signing.key= %{idp.home}/credentials/idp-signing.key
-idp.signing.cert= %{idp.home}/credentials/idp-signing.crt
-idp.encryption.key= %{idp.home}/credentials/idp-encryption.key
-idp.encryption.cert= %{idp.home}/credentials/idp-encryption.crt
-#idp.encryption.key.2 = %{idp.home}/credentials/idp-encryption-old.key
-#idp.encryption.cert.2 = %{idp.home}/credentials/idp-encryption-old.crt
-
-# Sets the bean ID to use as a default security configuration set
-#idp.security.config = shibboleth.DefaultSecurityConfiguration
-
-# To default to SHA-1, set to shibboleth.SigningConfiguration.SHA1
-#idp.signing.config = shibboleth.SigningConfiguration.SHA256
-
-# Configures trust evaluation of keys used by services at runtime
-# Defaults to supporting both explicit key and PKIX using SAML metadata.
-#idp.trust.signatures = shibboleth.ChainingSignatureTrustEngine
-# To pick only one set to one of:
-# shibboleth.ExplicitKeySignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine
-#idp.trust.certificates = shibboleth.ChainingX509TrustEngine
-# To pick only one set to one of:
-# shibboleth.ExplicitKeyX509TrustEngine, shibboleth.PKIXX509TrustEngine
-
-# If true, encryption will happen whenever a key to use can be located, but
-# failure to encrypt won't result in request failure.
-#idp.encryption.optional = false
-
-# Configuration of client- and server-side storage plugins
-#idp.storage.cleanupInterval = PT10M
-#idp.storage.htmlLocalStorage = false
-
-# Set to true to expose more detailed errors in responses to SPs
-#idp.errors.detailed = false
-# Set to false to skip signing of SAML response messages that signal errors
-#idp.errors.signed = true
-# Name of bean containing a list of Java exception classes to ignore
-#idp.errors.excludedExceptions = ExceptionClassListBean
-# Name of bean containing a property set mapping exception names to views
-#idp.errors.exceptionMappings = ExceptionToViewPropertyBean
-# Set if a different default view name for events and exceptions is needed
-#idp.errors.defaultView = error
-
-# Set to false to disable the IdP session layer
-#idp.session.enabled = true
-
-# Set to "shibboleth.StorageService" for server-side storage of user sessions
-#idp.session.StorageService = shibboleth.ClientSessionStorageService
-idp.session.StorageService = shibboleth.StorageService
-
-# Size of session IDs
-#idp.session.idSize = 32
-# Bind sessions to IP addresses
-#idp.session.consistentAddress = true
-# Inactivity timeout
-#idp.session.timeout = PT60M
-# Extra time to store sessions for logout
-#idp.session.slop = PT0S
-# Tolerate storage-related errors
-#idp.session.maskStorageFailure = false
-# Track information about SPs logged into
-#idp.session.trackSPSessions = false
-# Support lookup by SP for SAML logout
-#idp.session.secondaryServiceIndex = false
-# Length of time to track SP sessions
-#idp.session.defaultSPlifetime = PT2H
-
-# Regular expression matching login flows to enable, e.g. IPAddress|Password
-idp.authn.flows= Password
-
-# Regular expression of forced "initial" methods when no session exists,
-# usually in conjunction with the idp.authn.resolveAttribute property below.
-#idp.authn.flows.initial = Password
-
-# Set to an attribute ID to resolve prior to selecting authentication flows;
-# its values are used to filter the flows to allow.
-#idp.authn.resolveAttribute = eduPersonAssurance
-
-# Default lifetime and timeout of various authentication methods
-#idp.authn.defaultLifetime = PT60M
-#idp.authn.defaultTimeout = PT30M
-
-# Whether to prioritize "active" results when an SP requests more than
-# one possible matching login method (V2 behavior was to favor them)
-#idp.authn.favorSSO = true
-
-# Whether to fail requests when a user identity after authentication
-# doesn't match the identity in a pre-existing session.
-#idp.authn.identitySwitchIsError = false
-
-# Set to "shibboleth.StorageService" or custom bean for alternate storage of consent
-#idp.consent.StorageService = shibboleth.ClientPersistentStorageService
-
-# Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute
-# to key user consent storage records (and set the attribute name)
-#idp.consent.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey
-#idp.consent.userStorageKeyAttribute = uid
-
-# Flags controlling how built-in attribute consent feature operates
-#idp.consent.allowDoNotRemember = true
-#idp.consent.allowGlobal = true
-#idp.consent.allowPerAttribute = false
-
-# Whether attribute values and terms of use text are compared
-#idp.consent.compareValues = false
-# Maximum number of consent records for space-limited storage (e.g. cookies)
-#idp.consent.maxStoredRecords = 10
-# Maximum number of consent records for larger/server-side storage (0 = no limit)
-#idp.consent.expandedMaxStoredRecords = 0
-
-# Time in milliseconds to expire consent storage records.
-#idp.consent.storageRecordLifetime = P1Y
-
-# Whether to lookup metadata, etc. for every SP involved in a logout
-# for use by user interface logic; adds overhead so off by default.
-#idp.logout.elaboration = false
-
-# Whether to require logout requests be signed/authenticated.
-#idp.logout.authenticated = true
-
-# Message freshness and replay cache tuning
-#idp.policy.messageLifetime = PT3M
-#idp.policy.clockSkew = PT3M
-
-# Set to custom bean for alternate storage of replay cache
-#idp.replayCache.StorageService = shibboleth.StorageService
-
-# Toggles whether to allow outbound messages via SAML artifact
-#idp.artifact.enabled = true
-# Suppresses typical signing/encryption when artifact binding used
-#idp.artifact.secureChannel = true
-# May differ to direct SAML 2 artifact lookups to specific server nodes
-#idp.artifact.endpointIndex = 2
-# Set to custom bean for alternate storage of artifact map state
-#idp.artifact.StorageService = shibboleth.StorageService
-
-# Name of access control policy for various admin flows
-idp.status.accessPolicy= AccessByIPAddress
-idp.resolvertest.accessPolicy= AccessByIPAddress
-idp.reload.accessPolicy= AccessByIPAddress
-
-# Comma-delimited languages to use if not match can be found with the
-# browser-supported languages, defaults to an empty list.
-idp.ui.fallbackLanguages= en,fr,de
-
-# Storage service used by CAS protocol
-# Defaults to shibboleth.StorageService (in-memory)
-# MUST be server-side storage (e.g. in-memory, memcached, database)
-# NOTE that idp.session.StorageService requires server-side storage
-# when CAS protocol is enabled
-idp.cas.StorageService=shibboleth.StorageService
-
-# CAS service registry implementation class
-#idp.cas.serviceRegistryClass=net.shibboleth.idp.cas.service.PatternServiceRegistry
-
-# Profile flows in which the ProfileRequestContext should be exposed
-# in servlet request under the key "opensamlProfileRequestContext"
-#idp.profile.exposeProfileRequestContextInServletRequest = SAML2/POST/SSO,SAML2/Redirect/SSO
-
-# F-TICKS auditing - set salt to include hashed username
-#idp.fticks.federation=MyFederation
-#idp.fticks.algorithm=SHA-256
-#idp.fticks.salt=somethingsecret
diff --git a/demo/complex/idp/shibboleth-idp/conf/ldap.properties b/demo/complex/idp/shibboleth-idp/conf/ldap.properties
deleted file mode 100644
index 726f145..0000000
--- a/demo/complex/idp/shibboleth-idp/conf/ldap.properties
+++ /dev/null
@@ -1,58 +0,0 @@
-# LDAP authentication configuration, see authn/ldap-authn-config.xml
-
-## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator
-#idp.authn.LDAP.authenticator = anonSearchAuthenticator
-
-## Connection properties ##
-idp.authn.LDAP.ldapURL = ldap://directory:389
-idp.authn.LDAP.useStartTLS = false
-idp.authn.LDAP.useSSL = false
-#idp.authn.LDAP.connectTimeout = 3000
-
-## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust
-#idp.authn.LDAP.sslConfig = certificateTrust
-## If using certificateTrust above, set to the trusted certificate's path
-idp.authn.LDAP.trustCertificates = %{idp.home}/credentials/ldap-server.crt
-## If using keyStoreTrust above, set to the truststore path
-idp.authn.LDAP.trustStore = %{idp.home}/credentials/ldap-server.truststore
-
-## Return attributes during authentication
-## NOTE: this is not used during attribute resolution; configure that directly in the
-## attribute-resolver.xml configuration via a DataConnector's <dc:ReturnAttributes> element
-idp.authn.LDAP.returnAttributes = cn,businessCategory,mail
-
-## DN resolution properties ##
-
-# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator
-# for AD: CN=Users,DC=example,DC=org
-idp.authn.LDAP.baseDN = ou=people,dc=internet2,dc=edu
-#idp.authn.LDAP.subtreeSearch = false
-idp.authn.LDAP.userFilter = (uid={user})
-# bind search configuration
-# for AD: idp.authn.LDAP.bindDN=adminuser@domain.com
-idp.authn.LDAP.bindDN = cn=admin,dc=internet2,dc=edu
-idp.authn.LDAP.bindDNCredential = password
-
-# Format DN resolution, used by directAuthenticator, adAuthenticator
-# for AD use idp.authn.LDAP.dnFormat=%s@domain.com
-idp.authn.LDAP.dnFormat = uid=%s,ou=people,dc=internet2,dc=edu
-
-# LDAP attribute configuration, see attribute-resolver.xml
-idp.attribute.resolver.LDAP.ldapURL = %{idp.authn.LDAP.ldapURL}
-idp.attribute.resolver.LDAP.baseDN = %{idp.authn.LDAP.baseDN}
-idp.attribute.resolver.LDAP.bindDN = %{idp.authn.LDAP.bindDN}
-idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential}
-idp.attribute.resolver.LDAP.useStartTLS = %{idp.authn.LDAP.useStartTLS:true}
-idp.attribute.resolver.LDAP.trustCertificates = %{idp.authn.LDAP.trustCertificates}
-idp.attribute.resolver.LDAP.searchFilter = (uid=$requestContext.principalName)
-
-# LDAP pool configuration, used for both authn and DN resolution
-#idp.pool.LDAP.minSize = 3
-#idp.pool.LDAP.maxSize = 10
-#idp.pool.LDAP.validateOnCheckout = false
-#idp.pool.LDAP.validatePeriodically = true
-#idp.pool.LDAP.validatePeriod = 300
-#idp.pool.LDAP.prunePeriod = 300
-#idp.pool.LDAP.idleTime = 600
-#idp.pool.LDAP.blockWaitTime = 3000
-#idp.pool.LDAP.failFastInitialize = false
diff --git a/demo/complex/idp/shibboleth-idp/conf/metadata-providers.xml b/demo/complex/idp/shibboleth-idp/conf/metadata-providers.xml
deleted file mode 100644
index f70135e..0000000
--- a/demo/complex/idp/shibboleth-idp/conf/metadata-providers.xml
+++ /dev/null
@@ -1,81 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- This file is an EXAMPLE metadata configuration file. -->
-<MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider"
- xmlns="urn:mace:shibboleth:2.0:metadata"
- xmlns:resource="urn:mace:shibboleth:2.0:resource"
- xmlns:security="urn:mace:shibboleth:2.0:security"
- xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
- urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd
- urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
- urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd">
-
- <!-- ========================================================================================== -->
- <!-- Metadata Configuration -->
- <!-- -->
- <!-- Below you place the mechanisms which define how to load the metadata for the SP you will -->
- <!-- provide a service to. -->
- <!-- -->
- <!-- Two examples are provided. The Shibboleth Documentation at -->
- <!-- https://wiki.shibboleth.net/confluence/display/IDP30/MetadataConfiguration -->
- <!-- provides more details. -->
- <!-- -->
- <!-- NOTE. This file SHOULD NOT contain the metadata for this IdP. -->
- <!-- -->
- <!-- ========================================================================================== -->
-
- <MetadataProvider id="GrouperSP" xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/grouper-sp.xml"/>
- <MetadataProvider id="MidpointSP" xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/midpoint-sp.xml"/>
-
- <!-- Example HTTP metadata provider. Use this if you want to download
- the metadata from a remote service.
-
- You *MUST* provider the SignatureValidationFilter in order to function securely.
- Get the PubLic key, and validate it via some out of band mechanism, from the
- party publishing the metadata
-
- The EntityRoleWhiteList saves memory by only loading metadata from entity types
- that you will interoperate with.
-
- <MetadataProvider id="HTTPMetadata"
- xsi:type="FileBackedHTTPMetadataProvider"
- backingFile="%{idp.home}/metadata/localCopyFromXYZHTTP.xml"
- metadataURL="http://WHATEVER">
-
- <MetadataFilter xsi:type="SignatureValidation"
- requireSignedMetadata="false">
- <PublicKey>
- THIS IS AN EXAMPLE
-
- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxg0TyQAP/tIvOH89EtaX
- uRRn8SYzTj7W1TbNY4VvBmobjkRmSkki4hH9x4sQpi635wn6WtXTN/FNNmkTK3N/
- LspmBWxfZS+n+cc7I82E5yvCAPX67QsZgqgglp2W5dvK/FsMMCS6X6SVqzBLMP88
- NenXKxY+HMxMs0sT0UKYh1cAEqadrHRBO65aDBcm5a0sBVYt9K6pgaOHrp/zSIbh
- nR5tFFLjBbtFktDpHL3AdGBH3OYidNGKBO3tJ3Ms7LeKXsM0+0Y4P+9fHZINL2X3
- E2N6GVnKs5PZTg9sP0FtIpAbYm/+zCx7Yj1ET/Er8mDd6tNVGSQsn9s5xUBwGqn1
- 4wIDAQAB
- </PublicKey>
- </MetadataFilter>
- <MetadataFilter xsi:type="EntityRoleWhiteList">
- <RetainedRole>md:SPSSODescriptor</RetainedRole>
- </MetadataFilter>
-
- </MetadataProvider>
-
- -->
-
- <!-- Example file metadata provider. Use this if you want to load metadata
- from a local file. You might use this if you have some local SPs
- which are not "federated" but you wish to offer a service to.
-
- If you do not provide a SignatureValidation filter then you *have*
- to know that the file is valid.
-
-
- <MetadataProvider id="LocalMetadata" xsi:type="FilesystemMetadataProvider" metadataFile="PATH_TO_YOUR_METADATA"/>
-
- -->
-
-
-</MetadataProvider>
diff --git a/demo/complex/idp/shibboleth-idp/credentials/idp-backchannel.crt b/demo/complex/idp/shibboleth-idp/credentials/idp-backchannel.crt
deleted file mode 100644
index c1f8fab..0000000
--- a/demo/complex/idp/shibboleth-idp/credentials/idp-backchannel.crt
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
-MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
-YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
-SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
-03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
-5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
-XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
-DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
-ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
-NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
-j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
-IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
-t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
------END CERTIFICATE-----
diff --git a/demo/complex/idp/shibboleth-idp/credentials/idp-backchannel.p12 b/demo/complex/idp/shibboleth-idp/credentials/idp-backchannel.p12
deleted file mode 100644
index 112540a..0000000
Binary files a/demo/complex/idp/shibboleth-idp/credentials/idp-backchannel.p12 and /dev/null differ
diff --git a/demo/complex/idp/shibboleth-idp/credentials/idp-browser.p12 b/demo/complex/idp/shibboleth-idp/credentials/idp-browser.p12
deleted file mode 100644
index 032be0b..0000000
Binary files a/demo/complex/idp/shibboleth-idp/credentials/idp-browser.p12 and /dev/null differ
diff --git a/demo/complex/idp/shibboleth-idp/credentials/idp-encryption.crt b/demo/complex/idp/shibboleth-idp/credentials/idp-encryption.crt
deleted file mode 100644
index 15d764f..0000000
--- a/demo/complex/idp/shibboleth-idp/credentials/idp-encryption.crt
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
-MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
-cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
-l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
-ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
-9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
-VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
-DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
-QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
-jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
-xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
-+PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
-p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
------END CERTIFICATE-----
diff --git a/demo/complex/idp/shibboleth-idp/credentials/idp-encryption.key b/demo/complex/idp/shibboleth-idp/credentials/idp-encryption.key
deleted file mode 100644
index 8bb5cc6..0000000
--- a/demo/complex/idp/shibboleth-idp/credentials/idp-encryption.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAgV79KN35k/Ipbsi4yeJQQFQlvmUVchFz2ELkYu73w3DuGund
-ZMYiS7GitFvPFTcYxUEa/D4A5Fq9vL8KB9a4JOKS7LMyw+PAwcw/eNqXiZf0uhZ7
-CCY5mh3AYeKWzYVOMqMLut4ipL7ba3GQBG6RK6OmfAs4lhMfLMsKGmBEBonz5K/T
-kVegp97cavvYDAXjxuNRq7Wa1BiLvsa53S9EoYeD6tHqv/TALFZSCFxGvPVnx/Cd
-pBXEzn6FrSHO9G+0y2ULMeGJzXJ6xi0lBHLLRcjy1/l7b+UjWRfPTjiMV1TYzb4B
-OQ2yW/YTDOFABaiPtW6PUKrccE4Y3P7DryMczQIDAQABAoIBAF/IflMllcUtw/Nb
-9USzpIscQh2nJaugtE5nqER/fT1cfU273Mjh0T6NtFMorjec5WAWBe6/0VVAwb3f
-C4QmO4xDnFhXjLxwAaT6nfvSi+O5d93XCxxLgNZUNL3ET7a2feELyoF+OdQT4sy3
-9dLyMdVHgtnQTQMAAVLeuQoyP+s+Zax4Gca6ln8QxIIvDoD7NITnpl8887Hghhzl
-CvKtRiPRtoI2JTXWgWuLI6xXfVsDvFT+Up+ki9TMLWLACcmMU1d+lUBOKIqhhQHG
-+np9iKxVausJwYaLwwT3h8SItNon7ltbV6kcqyZxMAA+uN8CVgIb5UaUrlW7Nvze
-1iUNudkCgYEAxpnBg8YxdEHFSMTqjEOYapn18cs3n32EBPtvPaUcvw3mGC1+ZVx1
-9WqnVsgykBOWI0qSBVF7Kke8yOqgqWtYQUFqLiMgCC9e/QcXnrm/bzAmKDgLVcCR
-KzgqU2ECQDkNSS0qeODjLGX4SEabDbLhN59WykHKM0i/RcrbhuvT1BcCgYEApsMD
-TFQBaiaEmLVm252piZf8b5g3DrUHeqGktHkHXTW4Iyyn8zEknoiCosk/Tej73zga
-cTT3zQgEh63DMC9Ag8IbIJiDpYLMkt1QvZYtq95E/94GVEfRRok6/pyagGYB351R
-PXcykrDyy26FSofmtaXU37Wxaj3ow+WROaPgULsCgYEArFoFScG3a2gkuRlDX8TN
-wj2o5lTxCbWY2+YEzR+8icWbGQJqPbb3G6uaW8LTtpt44Vm2zWzAEZo+KLMOCNmC
-tub5Kd8Lzm6l5brA8dvLWcgUZTT2CU5b7YEJomB+3pNkh0vuHwczv3Ui+j5kE4hY
-0bezT0W3H7iTXhNFXprMs7MCgYEAlIZn75l6URLRUjluzPdVQoktei72CpFNgflp
-+ps45dmskRd61mzUkqY+w8G+MiPqANu1IVLtyZz0e+tVRxsuuKsvAg8UYVtn3P5k
-pRaWwtaKWeFjfbkhOVOMSa0tJmK0FHfHHZmGX4ReGrXq3YDBCNQUDtOCmn9dSuyy
-NcYxSXUCgYB+yo6dg8nyHDSqKDdrQQiAKv7jNsbecQ/rYrt8l0n9FBiwn5R7v6kp
-afsimCVou5i06L2Cr5Xs+XSf11KVkDh+qM70ZFubWEsHCDrS1KrxUzfFbrQczKof
-qX7ZsBuOT72RwVEa8fpT6IZ6IpOOEPmUid/f2VM2aAcXgaF//vMjxA==
------END RSA PRIVATE KEY-----
diff --git a/demo/complex/idp/shibboleth-idp/credentials/idp-signing.crt b/demo/complex/idp/shibboleth-idp/credentials/idp-signing.crt
deleted file mode 100644
index 6a032c1..0000000
--- a/demo/complex/idp/shibboleth-idp/credentials/idp-signing.crt
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
-CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
-MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
-u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
-Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
-Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
-MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
-uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
-HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
-ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
-CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
-sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
-RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
-Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
-DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
-s00xrv14zLifcc8oj5DYzOhYRifRXgHX
------END CERTIFICATE-----
diff --git a/demo/complex/idp/shibboleth-idp/credentials/idp-signing.key b/demo/complex/idp/shibboleth-idp/credentials/idp-signing.key
deleted file mode 100644
index 011c27c..0000000
--- a/demo/complex/idp/shibboleth-idp/credentials/idp-signing.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7gu6eo4dua
-eLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2Z6dzJsul
-JZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJCb/Q6dYz
-RWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+MNkv6aId
-cHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBsuYlY7lEr
-89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABAoIBAGpInLarQ0+X+ZXK
-+aoC+tNO9DUiHq/z2OD4ALGhXSTvr4mgBWNWTkc0F+qJD8MlM8zNkJxaoNGTyLjY
-Z95NQJPXAx2k15HwCENdulvV1oiX0dkTjgmscRmj6FwNAZ0EnWtien45mxZHxEyW
-FkbB9+OHc6JzNvzG9ps1Vk1FtFtO8w4exXuJVATJeArQmMvAUHMJYPb7Qs+/NX9R
-RlDvFfXDzQv5eAzudT1SyFSa5W+Bsw6BtEoeiqdp+xQh4yc733nwN7KG2Z/TpGse
-jVe6akbULuCXOe9uPa7kv8hnQEUH38QVlIw8pK1SsgNq7S0U44WU5uF8gbDBYle/
-OoPBvSECgYEAvCwVEa8ryLzee5FaX4PBxk10lEl/Yp9jC88wPUQ+ZpfniIIQIfwl
-csRE9D3/dJOVAxw/Ac32F72SLVDzLabAhlBRINYLB0ZkVuJi1CIoDHIf9nfh/pOx
-b96VMUe/mpAL4hZnZkmBKjesX5URPEKtBD0aSeCw9aFqhORjRrxCJg0CgYEAuNaD
-LOuTPKsC6nxRtiL9r0CA5gCCdpALxwJA7wHAeh03i5xmy61i4iOMaunxKZhG+nzz
-PhcI8Uhwwk+l3tbYAf1rrtmMKNcyjy+UqWXGt4ZkWFlIyIungyLiH9L32IMhXNF0
-fBgOZNtFTmQBU18a78uIir9xASUbtaakzOtJ2+cCgYAgfawVpZ11x8bSp0Jng6SN
-zQn4IMiyCrtbaqb1rTbpGAmOdIa8l4EP0/vkAGB/jIwKQXJPqXR4nO8EjBmxJD3R
-80RO2yaEVw80QVq3Lj6kB4ClWgXXo0DcBB7Wp4DZ+01R+HRaIQ8AbySATIjxUsH1
-HWfQoc9sWja+Q4Ew0YjKcQKBgGLoPsdBw8b6B5RsM9lPvgoSbScmbKl/CR5TwWVj
-vZhanAd0CLnCrSAvP4tSZf8JAio1xH+cGefrCJOhxTOKKYpfDklBFjQge2iNYHKJ
-CJ3aJ0XzePP/bwLIHtJCtOdBvA+L8VYaFVG418xLzT3MrYBVnFoKeTDQp5Q7eQJC
-gYJPAoGBAKHcuXWzvXoHKnOg8Ljg2xZ6/SfjwNDIIrpXVTAQifmK3q4+Ua2Q+Cjq
-97tPMxF2bVRcbnCSNKpTMOTrsWs8Z3GpMyCh6XgYMSlclXusDVUkRkPpWj8hVTR4
-opm/rxS83hCrTsIX3Il3T8Fpb97kdF+unCiWEaxrPEurjW8lB506
------END RSA PRIVATE KEY-----
diff --git a/demo/complex/idp/shibboleth-idp/credentials/sealer.jks b/demo/complex/idp/shibboleth-idp/credentials/sealer.jks
deleted file mode 100644
index 89957e0..0000000
Binary files a/demo/complex/idp/shibboleth-idp/credentials/sealer.jks and /dev/null differ
diff --git a/demo/complex/idp/shibboleth-idp/credentials/sealer.kver b/demo/complex/idp/shibboleth-idp/credentials/sealer.kver
deleted file mode 100644
index d64b0e4..0000000
--- a/demo/complex/idp/shibboleth-idp/credentials/sealer.kver
+++ /dev/null
@@ -1,2 +0,0 @@
-#Fri Dec 11 02:20:32 UTC 2015
-CurrentVersion=1
diff --git a/demo/complex/idp/shibboleth-idp/metadata/grouper-sp.xml b/demo/complex/idp/shibboleth-idp/metadata/grouper-sp.xml
deleted file mode 100644
index 5b42a7b..0000000
--- a/demo/complex/idp/shibboleth-idp/metadata/grouper-sp.xml
+++ /dev/null
@@ -1,78 +0,0 @@
-<!--
-This is example metadata only. Do *NOT* supply it as is without review,
-and do *NOT* provide it in real time to your partners.
- -->
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_57114916ca68943103854cb57a3a3b1c7c38bb81" entityID="https://grouperdemo/shibboleth">
-
- <md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport">
- <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
- <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
- <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
- <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
- <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
- </md:Extensions>
-
- <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- <md:Extensions>
- <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://localhost:4443/Shibboleth.sso/Login"/>
- <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://localhost:4443/Shibboleth.sso/Login" index="1"/>
- </md:Extensions>
- <md:KeyDescriptor>
- <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:KeyName>sp.example.org</ds:KeyName>
- <ds:X509Data>
- <ds:X509SubjectName>CN=sp.example.org,O=Internet2/TIER,L=Ann Arbor,ST=MI,C=US</ds:X509SubjectName>
- <ds:X509Certificate>MIIDPDCCAiQCCQDNZe8r0hVtuTANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
-ZXJuZXQyL1RJRVIxFzAVBgNVBAMMDnNwLmV4YW1wbGUub3JnMB4XDTE3MDkyMjE5
-NTAzNVoXDTI3MDkyMDE5NTAzNVowYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1J
-MRIwEAYDVQQHDAlBbm4gQXJib3IxFzAVBgNVBAoMDkludGVybmV0Mi9USUVSMRcw
-FQYDVQQDDA5zcC5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAMTNJmsNpTpR4NrDJwOgK/o3UYlNdi1c6xBflt+liLAsQc160QReV4dS
-SGK8LZvN58a/BTIsH8dLhQlUQ8qQUY2AfolVrNxb7Waumeh/POzYUTRylnoGpU3W
-bGMEPxE/AdgP5U/adYvyu4XI5epv7wjZJOTqcVag15SalY+aso+ZC/5l+UzRxmWB
-ZxKTsSL1y7PFehY4/Zl3Y3oGVsVl/zspt5lteoZQeeVxUX29S3Af11yHY4xpEp+7
-rvAzY/nlsTiHAsUoCFK/NFQ2evvSRx52B9Fk1cWP1MDVDm2QjQqD9xBGYSnX6bhQ
-ejVx7JUJHlblu2Q5p5XdW0BihgFluoECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
-n/qhYnIviPs4tglCdrw+M7gbqKNWadDC3F9HDYzlJMFeS/ae2turhEUgQPbYPDQQ
-eO3oOILtvCXNFUPM58jf8V5YFRrOqrTgx44kexQDaHO5YYNft5tF5TdvBYE2gOVr
-GdYrH2iSP8WX+Yy7JH5uqkfwWzEntWHJdey39rCWKAUCCB35+/2b4N53Qmlv2+ug
-CpNJYFtXInd4YMmM5HjXLyoWXtjnKiwDqYUCeYPSwAajnCqRqRXUX0gYTFDRiwRP
-HbmO9We0nqoc/71nikmGGoSRMO/zWVMFjwmAx1fGiWdU61sjGX8sHifzmVyJVEBI
-Z75p+JrWYZJYrx/vpWxL8g==
-</ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
- </md:KeyDescriptor>
- <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost:4443/Shibboleth.sso/Artifact/SOAP" index="1"/>
- <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost:4443/Shibboleth.sso/SLO/SOAP"/>
- <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:4443/Shibboleth.sso/SLO/Redirect"/>
- <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:4443/Shibboleth.sso/SLO/POST"/>
- <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://localhost:4443/Shibboleth.sso/SLO/Artifact"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:4443/Shibboleth.sso/SAML2/POST" index="1"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost:4443/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://localhost:4443/Shibboleth.sso/SAML2/Artifact" index="3"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://localhost:4443/Shibboleth.sso/SAML2/ECP" index="4"/>
- </md:SPSSODescriptor>
-
-</md:EntityDescriptor>
diff --git a/demo/complex/idp/shibboleth-idp/metadata/idp-metadata.xml b/demo/complex/idp/shibboleth-idp/metadata/idp-metadata.xml
deleted file mode 100644
index 84266d4..0000000
--- a/demo/complex/idp/shibboleth-idp/metadata/idp-metadata.xml
+++ /dev/null
@@ -1,206 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- This is example metadata only. Do *NOT* supply it as is without review,
- and do *NOT* provide it in real time to your partners.
-
- This metadata is not dynamic - it will not change as your configuration changes.
--->
-<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://idptestbed/idp/shibboleth">
-
- <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-
- <Extensions>
- <shibmd:Scope regexp="false">example.org</shibmd:Scope>
-<!--
- Fill in the details for your IdP here
-
- <mdui:UIInfo>
- <mdui:DisplayName xml:lang="en">A Name for the IdP at idptestbed</mdui:DisplayName>
- <mdui:Description xml:lang="en">Enter a description of your IdP at idptestbed</mdui:Description>
- <mdui:Logo height="80" width="80">https://localhost/Path/To/Logo.png</mdui:Logo>
- </mdui:UIInfo>
--->
- </Extensions>
-
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
-MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
-YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
-SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
-03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
-5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
-XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
-DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
-ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
-NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
-j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
-IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
-t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
-CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
-MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
-u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
-Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
-Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
-MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
-uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
-HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
-ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
-CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
-sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
-RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
-Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
-DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
-s00xrv14zLifcc8oj5DYzOhYRifRXgHX
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
- <KeyDescriptor use="encryption">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
-MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
-cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
-l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
-ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
-9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
-VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
-DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
-QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
-jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
-xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
-+PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
-p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
-
- <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
- <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
-
- <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://localhost/idp/profile/Shibboleth/SSO"/>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/idp/profile/SAML2/POST/SSO"/>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost/idp/profile/SAML2/POST-SimpleSign/SSO"/>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost/idp/profile/SAML2/Redirect/SSO"/>
-
- </IDPSSODescriptor>
-
-
- <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-
- <Extensions>
- <shibmd:Scope regexp="false">localhost</shibmd:Scope>
- </Extensions>
-
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
-MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
-YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
-SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
-03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
-5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
-XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
-DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
-ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
-NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
-j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
-IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
-t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
-CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
-MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
-u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
-Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
-Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
-MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
-uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
-HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
-ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
-CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
-sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
-RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
-Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
-DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
-s00xrv14zLifcc8oj5DYzOhYRifRXgHX
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
- <KeyDescriptor use="encryption">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
-MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
-cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
-l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
-ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
-9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
-VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
-DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
-QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
-jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
-xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
-+PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
-p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
-
- <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://localhost/idp/profile/SAML1/SOAP/AttributeQuery"/>
- <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost/idp/profile/SAML2/SOAP/AttributeQuery"/>
- <!-- If you uncomment the above you should add urn:oasis:names:tc:SAML:2.0:protocol to the protocolSupportEnumeration above -->
-
- </AttributeAuthorityDescriptor>
-
-</EntityDescriptor>
diff --git a/demo/complex/idp/shibboleth-idp/metadata/midpoint-sp-new.xml b/demo/complex/idp/shibboleth-idp/metadata/midpoint-sp-new.xml
deleted file mode 100644
index a819f4b..0000000
--- a/demo/complex/idp/shibboleth-idp/metadata/midpoint-sp-new.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<EntityDescriptor entityID="https://midpointdemo/idp/shibboleth" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- <Extensions>
- <shibmd:Scope regexp="false">midpointdemo</shibmd:Scope>
- </Extensions>
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIDHDCCAgSgAwIBAgIJAPEnL5jgbeVoMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV
-BAMMD2lkcC5leGFtcGxlLmVkdTAeFw0xODEwMTAyMDM1NDBaFw0yMzEwMDkyMDM1
-NDBaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLmVkdTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAKwTrvQhmFX3SUNgJAhQ/YV0UX56Rt53mwbiKuH+Ez83
-7z6XRynBVsfzHfbWe0IpNKx5mIr84dfbGhQKQBEKzQuek7ihW3J6PIVZN1A3icZZ
-B9i7gow902bT0ZfRG8QW49gl7pk3ASutPcO9Dq5Xc/AqWr3OSO/Pei0yBtTdzG3b
-rm0u0gbj3P2tjt7BN77wIB+yjJsND3ITtP0MFXIJxLTlty8thwqQOAOAYcF+rhC5
-znnBLsRNo0E57PtzZs8i/BpEX2uPTxpEyvlU1vtyxcKUiHtK5ZjOsDEkS2rEualr
-+FILYg/Oxw1gi0+mNO1a94Ft+UoLiREztq6MQt8OK98CAwEAAaNlMGMwQgYDVR0R
-BDswOYIPaWRwLmV4YW1wbGUuZWR1hiZodHRwczovL2lkcC5leGFtcGxlLmVkdS9p
-ZHAvc2hpYmJvbGV0aDAdBgNVHQ4EFgQU3ZJ8oHkmlgPtZuZAxnzONccPsb8wDQYJ
-KoZIhvcNAQELBQADggEBAIJ4oZKSMGpF8J3qdfjLZGkc3iVbu/eiE1MD77no0oCz
-nelY0CNUBuFJk1Xv+Bv0fW0cVugtMPz4xi7zv0zkpS2IVxpPZWBosuVabUD9k+V4
-iN5woJdO7e2KRGvhlWmbkmoZUvhygDe0u0vblNfLzDwFQvxHXiWG//P7SanoQrjP
-dE8U21tYz+EFm6s5TvHxVhr9id8c+UacAFCpAtzUB+J8K1abx05XlKsySflkOQV9
-JbM4zOy5gXSI5dY9dGUF77g0muyC+jAhIhLSt/7v3vJgvBurrxPoeBFXOU3D+siT
-VZlKtYzYjJhVqXx1vKrWEE1hkpqm+iYgZe4MvgcdswY=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </KeyDescriptor>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost/idp/profile/SAML2/Redirect/SSO"/>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/idp/profile/SAML2/POST/SSO"/>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost/idp/profile/SAML2/POST-SimpleSign/SSO"/>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost/idp/profile/SAML2/SOAP/ECP"/>
- </IDPSSODescriptor>
-</EntityDescriptor>
-
diff --git a/demo/complex/idp/shibboleth-idp/metadata/midpoint-sp.xml b/demo/complex/idp/shibboleth-idp/metadata/midpoint-sp.xml
deleted file mode 100644
index 54f0577..0000000
--- a/demo/complex/idp/shibboleth-idp/metadata/midpoint-sp.xml
+++ /dev/null
@@ -1,80 +0,0 @@
-<!--
-This is example metadata only. Do *NOT* supply it as is without review,
-and do *NOT* provide it in real time to your partners.
- -->
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_57114916ca68943103854cb57a3a3b1c7c38bb81" entityID="https://midpointdemo/shibboleth">
-
- <md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport">
- <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
- <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
- <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
- <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
- <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
- <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
- </md:Extensions>
-
- <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- <md:Extensions>
- <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://localhost:8443/Shibboleth.sso/Login"/>
- <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://localhost:8443/Shibboleth.sso/Login" index="1"/>
- </md:Extensions>
- <md:KeyDescriptor>
- <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:KeyName>midpoint.sp.example.org</ds:KeyName>
- <ds:X509Data>
- <ds:X509SubjectName>CN=midpoint.sp.example.org,O=Internet2/TIER,L=Ann Arbor,ST=MI,C=US</ds:X509SubjectName>
- <ds:X509Certificate>MIIDqDCCApCgAwIBAgIJAKUZrfriIt9cMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRcwFQYDVQQK
-DA5JbnRlcm5ldDIvVElFUjEgMB4GA1UEAwwXZXZvbHZldW0uc3AuZXhhbXBsZS5v
-cmcwHhcNMTgwOTE0MDU0NjU3WhcNMTkwOTE0MDU0NjU3WjBpMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
-ZXJuZXQyL1RJRVIxIDAeBgNVBAMMF2V2b2x2ZXVtLnNwLmV4YW1wbGUub3JnMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5v1zxlM94yaBssgNNbIUJwW
-XxbGxgSs2AWBeg2aEi/VQd2UE5ivZakNJlqWSJyHo2xE4kxeSyBBxinjSyhmpNao
-xIcqQsgW0gxo4SEHo3kUXWPo+of/pj6CslutsSJZWGTRV0dHITvaWX+NM8eXMfgu
-mJFwy3RMdLaWQhY1Dyi2jNoO+DZnfNgPyPeEZcmORaoeEID9QdZfHtcgTf2QfSHq
-+xsTwHB6Ro5t7YD2ma8Krb/XcDTfsq3qJemd7LhPj5lGmhYSMgDbgwEkZgZ1kBOP
-lfsP2BvX5nipv7Vd1C5YXmv+NDR8V3yAWBC7ZAenxGmrnkaSVXnpUplUsGGm1QID
-AQABo1MwUTAdBgNVHQ4EFgQUuxSZwW6V1P/b0tsTM32OU/v/n+UwHwYDVR0jBBgw
-FoAUuxSZwW6V1P/b0tsTM32OU/v/n+UwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
-9w0BAQsFAAOCAQEAJWLXEfZkPeUyiGvsIUjczzdF3ptqXoP9aETS2pOV9sTri19R
-TsQZW6XQRHGtuEOsqEGH8yiTdGR5hbGC+ynH/xTJnK+tBn/R3KrgxLKyMvoUzAPl
-mhVq1dh+ZEtbsRpQRRubP6nm9kXNma0cXrkJSzuWM0W+l/xSOOYiSRRk3XWJfVjn
-9jQlcJRh5SOkKN08oZHrCYKxToEuOfV8PtRj3T80DhsBTv2SHqhg4cBhzQPb0Kjm
-9m4IkYOz8c5ZtuHDGnqMHw60Nyt+jyik4mMFP2frcOVP0W0sgwcfHllYzHoA/Khq
-Yk3TBVs1BjPuNDJWHct8Eo68YP2/ZvzqfVM87Q==
-</ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
- <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
- </md:KeyDescriptor>
- <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost:8443/Shibboleth.sso/Artifact/SOAP" index="1"/>
- <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost:8443/Shibboleth.sso/SLO/SOAP"/>
- <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:8443/Shibboleth.sso/SLO/Redirect"/>
- <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:8443/Shibboleth.sso/SLO/POST"/>
- <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://localhost:8443/Shibboleth.sso/SLO/Artifact"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:8443/Shibboleth.sso/SAML2/POST" index="1"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost:8443/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://localhost:8443/Shibboleth.sso/SAML2/Artifact" index="3"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://localhost:8443/Shibboleth.sso/SAML2/ECP" index="4"/>
- </md:SPSSODescriptor>
-
-</md:EntityDescriptor>
diff --git a/demo/complex/midpoint-objects-manual/tasks/task-async-update-grouper.xml b/demo/complex/midpoint-objects-manual/tasks/task-async-update-grouper.xml
deleted file mode 100644
index 750ddc5..0000000
--- a/demo/complex/midpoint-objects-manual/tasks/task-async-update-grouper.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<!--
- ~ Copyright (c) 2010-2019 Evolveum
- ~
- ~ Licensed under the Apache License, Version 2.0 (the "License");
- ~ you may not use this file except in compliance with the License.
- ~ You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-
-<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
- xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
- oid="47fc57bd-8c34-4555-9b9f-7087ff179860">
- <name>Grouper async updates</name>
- <extension xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ExtensionType">
- <!-- ... -->
- </extension>
- <taskIdentifier>1552664339630-0-2</taskIdentifier>
- <ownerRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
- <!-- administrator -->
- </ownerRef>
- <executionStatus>runnable</executionStatus>
- <category>AsynchronousUpdate</category>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/async-update/handler-3</handlerUri>
- <objectRef oid="1eff65de-5bb6-483d-9edf-8cc2c2ee0233" relation="org:default" type="c:ResourceType">
- <!-- Grouper Resource -->
- </objectRef>
- <recurrence>single</recurrence>
- <binding>loose</binding>
- <threadStopAction>restart</threadStopAction>
-</task>
diff --git a/demo/complex/midpoint-objects-manual/tasks/task-import-sis-courses.xml b/demo/complex/midpoint-objects-manual/tasks/task-import-sis-courses.xml
deleted file mode 100644
index 99d395b..0000000
--- a/demo/complex/midpoint-objects-manual/tasks/task-import-sis-courses.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
- xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
- xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
- xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- oid="b73a2e66-8233-4c20-928f-acb30027b33e">
- <name>Import from SIS courses</name>
- <extension xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:type="c:ExtensionType">
- <mext:kind>account</mext:kind>
- <mext:objectclass>ri:AccountObjectClass</mext:objectclass>
- </extension>
- <taskIdentifier>1535408076153-0-1</taskIdentifier>
- <ownerRef oid="00000000-0000-0000-0000-000000000002"
- relation="org:default"
- type="c:UserType"><!-- administrator --></ownerRef>
- <executionStatus>runnable</executionStatus>
- <category>ImportingAccounts</category>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/import/handler-3</handlerUri>
- <objectRef oid="13660d60-071b-4596-9aa1-5efcd1256c04"
- relation="org:default"
- type="c:ResourceType"><!-- SQL SIS courses (sources) --></objectRef>
- <recurrence>single</recurrence>
- <binding>loose</binding>
-</task>
diff --git a/demo/complex/midpoint-objects-manual/tasks/task-import-sis-persons.xml b/demo/complex/midpoint-objects-manual/tasks/task-import-sis-persons.xml
deleted file mode 100644
index d345eee..0000000
--- a/demo/complex/midpoint-objects-manual/tasks/task-import-sis-persons.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
- xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
- xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
- xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- oid="22c2a3d0-0961-4255-9eec-c550a79aeaaa">
- <name>Import from SIS persons</name>
- <extension xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:type="c:ExtensionType">
- <mext:kind>account</mext:kind>
- <mext:objectclass>ri:AccountObjectClass</mext:objectclass>
- </extension>
- <taskIdentifier>1535407239440-0-1</taskIdentifier>
- <ownerRef oid="00000000-0000-0000-0000-000000000002"
- relation="org:default"
- type="c:UserType"><!-- administrator --></ownerRef>
- <executionStatus>runnable</executionStatus>
- <category>ImportingAccounts</category>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/import/handler-3</handlerUri>
- <objectRef oid="4d70a0da-02dd-41cf-b0a1-00e75d3eaa15"
- relation="org:default"
- type="c:ResourceType"><!-- SQL SIS persons (sources) --></objectRef>
- <recurrence>single</recurrence>
- <binding>loose</binding>
-</task>
diff --git a/demo/complex/midpoint-objects-manual/tasks/task-reconciliation-grouper-groups.xml b/demo/complex/midpoint-objects-manual/tasks/task-reconciliation-grouper-groups.xml
deleted file mode 100644
index 6dd7321..0000000
--- a/demo/complex/midpoint-objects-manual/tasks/task-reconciliation-grouper-groups.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<!--
- ~ Copyright (c) 2010-2019 Evolveum
- ~
- ~ Licensed under the Apache License, Version 2.0 (the "License");
- ~ you may not use this file except in compliance with the License.
- ~ You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-
-<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
- xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
- oid="605a0127-a313-442a-9d5e-151eac8b0745">
- <name>Grouper reconciliation (groups)</name>
- <extension xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ExtensionType">
- <mext:objectclass>ri:GroupObjectClass</mext:objectclass>
- </extension>
- <taskIdentifier>605a0127-a313-442a-9d5e-151eac8b0745</taskIdentifier>
- <ownerRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
- <!-- administrator -->
- </ownerRef>
- <executionStatus>runnable</executionStatus>
- <category>Reconciliation</category>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/reconciliation/handler-3</handlerUri>
- <objectRef oid="1eff65de-5bb6-483d-9edf-8cc2c2ee0233" relation="org:default" type="c:ResourceType">
- <!-- Grouper Resource -->
- </objectRef>
- <recurrence>single</recurrence>
- <binding>loose</binding>
- <threadStopAction>restart</threadStopAction>
-</task>
diff --git a/demo/complex/midpoint-objects-manual/tasks/task-reconciliation-grouper-users.xml b/demo/complex/midpoint-objects-manual/tasks/task-reconciliation-grouper-users.xml
deleted file mode 100644
index 48cb622..0000000
--- a/demo/complex/midpoint-objects-manual/tasks/task-reconciliation-grouper-users.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<!--
- ~ Copyright (c) 2010-2019 Evolveum
- ~
- ~ Licensed under the Apache License, Version 2.0 (the "License");
- ~ you may not use this file except in compliance with the License.
- ~ You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-
-<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
- xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
- oid="42aa9f43-64c5-41a6-814c-b58b9ea4e204">
- <name>Grouper reconciliation (users)</name>
- <extension xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ExtensionType">
- <mext:objectclass>ri:AccountObjectClass</mext:objectclass>
- </extension>
- <taskIdentifier>42aa9f43-64c5-41a6-814c-b58b9ea4e204</taskIdentifier>
- <ownerRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
- <!-- administrator -->
- </ownerRef>
- <executionStatus>runnable</executionStatus>
- <category>Reconciliation</category>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/reconciliation/handler-3</handlerUri>
- <objectRef oid="1eff65de-5bb6-483d-9edf-8cc2c2ee0233" relation="org:default" type="c:ResourceType">
- <!-- Grouper Resource -->
- </objectRef>
- <recurrence>single</recurrence>
- <binding>loose</binding>
- <threadStopAction>restart</threadStopAction>
-</task>
diff --git a/demo/complex/midpoint-objects/functionLibraries/function-library-grouper.xml b/demo/complex/midpoint-objects/functionLibraries/function-library-grouper.xml
deleted file mode 100644
index 8ac9b0e..0000000
--- a/demo/complex/midpoint-objects/functionLibraries/function-library-grouper.xml
+++ /dev/null
@@ -1,177 +0,0 @@
-<!--
- ~ Copyright (c) 2010-2019 Evolveum
- ~
- ~ Licensed under the Apache License, Version 2.0 (the "License");
- ~ you may not use this file except in compliance with the License.
- ~ You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-
-<functionLibrary oid="2eef4181-25fa-420f-909d-846a36ca90f3"
- xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
- xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
- xmlns:t='http://prism.evolveum.com/xml/ns/public/types-3'
- xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
- xmlns:xsd='http://www.w3.org/2001/XMLSchema'
- xmlns:piracy='http://midpoint.evolveum.com/xml/ns/samples/piracy'>
- <name>grouper</name>
- <description>Functions for Grouper AMQP connector</description>
- <function>
-
- <!-- Some examples:
- {
- encrypted=false,
- esbEvent=[
- {
- sourceId=ldap,
- membershipType=flattened,
- fieldName=members,
- groupId=00000000000000000000000000000001,
- changeOccurred=false,
- createdOnMicros=1551884863420000,
- subjectId=banderson,
- id=94320942304930294023940329403294,
- sequenceNumber=1000,
- eventType=MEMBERSHIP_ADD,
- groupName=etc:midpointGroups
- }
- ]}
-
-
- {
- "encrypted": false,
- "esbEvent": [
- {
- "displayName": "ref:alumni",
- "changeOccurred": false,
- "createdOnMicros": 1551884850499000,
- "parentStemId": "9a7ce40af6c546148b41eec81b8ca18d",
- "id": "00000000000000000000000000000002",
- "sequenceNumber": "110",
- "eventType": "GROUP_ADD",
- "name": "ref:alumni"
- }
- ]
- }
- -->
-
-
- <name>createUcfChange</name>
- <parameter>
- <name>message</name>
- <type>c:AsyncUpdateMessageType</type>
- </parameter>
- <parameter>
- <name>superGroup</name>
- <type>xsd:string</type>
- </parameter>
- <parameter>
- <name>groupIncludePattern</name>
- <type>xsd:anyType</type>
- </parameter>
- <parameter>
- <name>groupExcludePattern</name>
- <type>xsd:anyType</type>
- </parameter>
- <parameter>
- <name>relevantSourceId</name>
- <type>xsd:string</type>
- </parameter>
- <script>
- <code>
- import com.evolveum.midpoint.xml.ns._public.common.common_3.*
- import com.evolveum.prism.xml.ns._public.types_3.*
- import static com.evolveum.midpoint.schema.constants.SchemaConstants.*
- import com.evolveum.midpoint.schema.util.*
- import com.evolveum.midpoint.prism.path.*
-
- esbEvent = midpoint.getMessageBodyAsMap(message)['esbEvent'][0]
- log.info('esbEvent = {}', esbEvent)
- eventType = esbEvent['eventType']
- if (eventType == 'MEMBERSHIP_ADD' || eventType == 'MEMBERSHIP_DELETE') {
- groupName = esbEvent['groupName']
- if (groupName == null) {
- log.warn('No group name in membership change message, ignoring it: {}', esbEvent)
- return null
- }
- isExported = matches(groupName, groupIncludePattern, groupExcludePattern)
- isSuper = groupName == superGroup
- if (!isExported && !isSuper) {
- log.info('Irrelevant group membership change, ignoring it: {}', groupName)
- return null
- }
- sourceId = esbEvent['sourceId']
- if (sourceId != relevantSourceId) {
- log.info('Irrelevant subject source ID in membership change message, ignoring it: {}', sourceId)
- return null
- }
- subjectId = esbEvent['subjectId']
- log.info('### {} - {} - {}', subjectId, eventType, groupName)
- identifiers = new HashMap()
- identifiers.put(ICFS_NAME, subjectId)
- identifiers.put(ICFS_UID, subjectId)
- ObjectDeltaType delta
- if (isExported) {
- itemDelta = new ItemDeltaType()
- itemDelta.modificationType = eventType == 'MEMBERSHIP_ADD' ? ModificationTypeType.ADD : ModificationTypeType.DELETE
- itemDelta.path = new ItemPathType(ItemPath.create(ShadowType.F_ATTRIBUTES, 'group'))
- itemDelta.value.add(RawType.fromPropertyRealValue(groupName, null, prismContext))
- delta = new ObjectDeltaType()
- delta.changeType = ChangeTypeType.MODIFY
- delta.itemDelta.add(itemDelta)
- } else {
- delta = null
- }
- return UcfChangeUtil.create(RI_ACCOUNT_OBJECT_CLASS, identifiers, delta, prismContext)
- } else if (eventType == 'GROUP_ADD' || eventType == 'GROUP_DELETE') {
- groupName = esbEvent['name']
- groupId = esbEvent['id']
- isExported = matches(groupName, groupIncludePattern, groupExcludePattern)
- if (!isExported) {
- log.info('Irrelevant group add/delete event, ignoring it: {}', groupName)
- return null
- }
- identifiers = new HashMap()
- identifiers.put(ICFS_NAME, groupName)
- identifiers.put(ICFS_UID, groupId)
- ObjectDeltaType delta
- if (eventType == 'GROUP_DELETE') {
- delta = new ObjectDeltaType()
- delta.changeType = ChangeTypeType.DELETE
- } else {
- delta = null
- }
- return UcfChangeUtil.create(RI_GROUP_OBJECT_CLASS, identifiers, delta, prismContext)
- } else {
- log.warn('Unsupported event type: {} -> {}', eventType, esbEvent)
- return null
- }
-
- def matches(String name, Collection includes, Collection excludes) {
- matches(name, includes) && !matches(name, excludes)
- }
-
- def matches(String name, Collection patterns) {
- if (name == null || patterns == null) {
- false
- } else {
- for (pattern in patterns) {
- if (name ==~ pattern) {
- return true
- }
- }
- false
- }
- }
- </code>
- </script>
- <returnType>c:UcfChangeType</returnType>
- </function>
-</functionLibrary>
diff --git a/demo/complex/midpoint-objects/objectTemplates/template-org-course.xml b/demo/complex/midpoint-objects/objectTemplates/template-org-course.xml
deleted file mode 100644
index 4eafd08..0000000
--- a/demo/complex/midpoint-objects/objectTemplates/template-org-course.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0"?>
-<objectTemplate xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- oid="d35bdec6-643b-41d8-ad5d-8eeb701169d1">
- <name>template-org-course</name>
- <mapping>
- <strength>strong</strength>
- <expression>
- <assignmentTargetSearch>
- <targetType>RoleType</targetType>
- <oid>8aa99e7b-f7d3-4585-9800-14bab4d26a43</oid> <!-- metarole-course -->
- </assignmentTargetSearch>
- </expression>
- <target>
- <path>assignment</path>
- </target>
- </mapping>
-
-</objectTemplate>
\ No newline at end of file
diff --git a/demo/complex/midpoint-objects/objectTemplates/template-org-department.xml b/demo/complex/midpoint-objects/objectTemplates/template-org-department.xml
deleted file mode 100644
index df9b223..0000000
--- a/demo/complex/midpoint-objects/objectTemplates/template-org-department.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0"?>
-<objectTemplate xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- oid="0caf2f69-7c72-4946-b218-d84e78b2a057">
- <name>template-org-department</name>
- <mapping>
- <strength>strong</strength>
- <expression>
- <assignmentTargetSearch>
- <targetType>RoleType</targetType>
- <oid>ffa9eaec-9539-4d15-97aa-24cd5b92ca5b</oid> <!-- metarole-department -->
- </assignmentTargetSearch>
- </expression>
- <target>
- <path>assignment</path>
- </target>
- </mapping>
-
-</objectTemplate>
\ No newline at end of file
diff --git a/demo/complex/midpoint-objects/objectTemplates/template-org-group.xml b/demo/complex/midpoint-objects/objectTemplates/template-org-group.xml
deleted file mode 100644
index 0cd047f..0000000
--- a/demo/complex/midpoint-objects/objectTemplates/template-org-group.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0"?>
-<objectTemplate xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- oid="e2a6193a-8981-4143-9da1-9a7b32c0b819">
- <name>template-org-group</name>
- <mapping>
- <strength>strong</strength>
- <expression>
- <assignmentTargetSearch>
- <targetType>RoleType</targetType>
- <oid>48e231be-8474-4ed0-a85e-6acf4c5e8d52</oid> <!-- metarole-group -->
- </assignmentTargetSearch>
- </expression>
- <target>
- <path>assignment</path>
- </target>
- </mapping>
-
-</objectTemplate>
diff --git a/demo/complex/midpoint-objects/objectTemplates/template-role-affiliation.xml b/demo/complex/midpoint-objects/objectTemplates/template-role-affiliation.xml
deleted file mode 100644
index 3a9c726..0000000
--- a/demo/complex/midpoint-objects/objectTemplates/template-role-affiliation.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0"?>
-<objectTemplate xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- oid="d87aa04f-189c-4d6f-b6e1-216dad622142">
- <name>template-role-affiliation</name>
- <mapping>
- <strength>strong</strength>
- <expression>
- <assignmentTargetSearch>
- <targetType>RoleType</targetType>
- <oid>fecae27b-d1d3-40ae-95fa-8f7e44e2ee70</oid> <!-- metarole-affiliation -->
- </assignmentTargetSearch>
- </expression>
- <target>
- <path>assignment</path>
- </target>
- </mapping>
-</objectTemplate>
\ No newline at end of file
diff --git a/demo/complex/midpoint-objects/objectTemplates/template-role-generic-group.xml b/demo/complex/midpoint-objects/objectTemplates/template-role-generic-group.xml
deleted file mode 100644
index 1205f6d..0000000
--- a/demo/complex/midpoint-objects/objectTemplates/template-role-generic-group.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0"?>
-<objectTemplate xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- oid="804f8658-0828-4dab-a2ed-f13985e4f80b">
- <name>template-role-generic-group</name>
- <mapping>
- <strength>strong</strength>
- <expression>
- <assignmentTargetSearch>
- <targetType>RoleType</targetType>
- <oid>c691e15a-f30b-4e15-8445-532db07ceeeb</oid> <!-- metarole-generic-group -->
- </assignmentTargetSearch>
- </expression>
- <target>
- <path>assignment</path>
- </target>
- </mapping>
-</objectTemplate>
\ No newline at end of file
diff --git a/demo/complex/midpoint-objects/objectTemplates/template-user.xml b/demo/complex/midpoint-objects/objectTemplates/template-user.xml
deleted file mode 100644
index 455ccc0..0000000
--- a/demo/complex/midpoint-objects/objectTemplates/template-user.xml
+++ /dev/null
@@ -1,65 +0,0 @@
-<?xml version="1.0"?>
-<objectTemplate xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" oid="8098b124-c20c-4965-8adf-e528abedf7a4">
- <name>User Template</name>
- <mapping>
- <strength>strong</strength>
- <source>
- <path>extension/grouper_group</path>
- </source>
- <expression>
- <assignmentTargetSearch>
- <targetType>OrgType</targetType>
- <filter>
- <q:equal>
- <q:path>name</q:path>
- <expression>
- <script>
- <code>
- grouper_group
- </code>
- </script>
- </expression>
- </q:equal>
- </filter>
- <assignmentProperties>
- <subtype>group</subtype>
- </assignmentProperties>
- <createOnDemand>true</createOnDemand>
- <populateObject>
- <populateItem>
- <target>
- <path>name</path>
- </target>
- <expression>
- <script>
- <code>
- grouper_group
- </code>
- </script>
- </expression>
- </populateItem>
- <populateItem>
- <target>
- <path>subtype</path>
- </target>
- <expression>
- <value>group</value>
- </expression>
- </populateItem>
- </populateObject>
- </assignmentTargetSearch>
- </expression>
- <target>
- <path>assignment</path>
- <set>
- <condition>
- <script>
- <code>
- assignment?.subtype.contains('group')
- </code>
- </script>
- </condition>
- </set>
- </target>
- </mapping>
-</objectTemplate>
diff --git a/demo/complex/midpoint-objects/orgs/org-courses.xml b/demo/complex/midpoint-objects/orgs/org-courses.xml
deleted file mode 100644
index 71d1f7e..0000000
--- a/demo/complex/midpoint-objects/orgs/org-courses.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0"?>
-<org xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- oid="225e9360-0639-40ba-8a31-7f31bef067be">
- <name>courses</name>
- <displayName>Courses</displayName>
-</org>
\ No newline at end of file
diff --git a/demo/complex/midpoint-objects/orgs/org-departments.xml b/demo/complex/midpoint-objects/orgs/org-departments.xml
deleted file mode 100644
index 5320c1e..0000000
--- a/demo/complex/midpoint-objects/orgs/org-departments.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0"?>
-<org xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- oid="bee44c51-2469-411d-bac7-695728e9c241">
- <name>departments</name>
- <displayName>Departments</displayName>
-</org>
\ No newline at end of file
diff --git a/demo/complex/midpoint-objects/orgs/org-groups.xml b/demo/complex/midpoint-objects/orgs/org-groups.xml
deleted file mode 100644
index 4998a2f..0000000
--- a/demo/complex/midpoint-objects/orgs/org-groups.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0"?>
-<org xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- oid="1f339075-5b2f-4a18-9c98-451f3eb0d28d">
- <name>groups</name>
- <displayName>Groups</displayName>
-</org>
diff --git a/demo/complex/midpoint-objects/resources/ldap-main.xml b/demo/complex/midpoint-objects/resources/ldap-main.xml
deleted file mode 100644
index f826cc7..0000000
--- a/demo/complex/midpoint-objects/resources/ldap-main.xml
+++ /dev/null
@@ -1,453 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- ~ Copyright (c) 2010-2017 Evolveum ~ ~ Licensed under the Apache License,
- Version 2.0 (the "License"); ~ you may not use this file except in compliance
- with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0
- ~ ~ Unless required by applicable law or agreed to in writing, software ~
- distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the
- License for the specific language governing permissions and ~ limitations
- under the License. -->
-
-
-<resource oid="0a37121f-d515-4a23-9b6d-554c5ef61272"
- xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:t='http://prism.evolveum.com/xml/ns/public/types-3' xmlns:xsd="http://www.w3.org/2001/XMLSchema"
- xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
- xmlns:my="http://whatever.com/my" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3"
- xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
-
- <name>OpenLDAP (directory)</name>
-
- <connectorRef type="ConnectorType">
- <filter>
- <q:equal>
- <q:path>c:connectorType</q:path>
- <q:value>com.evolveum.polygon.connector.ldap.LdapConnector</q:value>
- </q:equal>
- </filter>
- </connectorRef>
-
- <connectorConfiguration
- xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
- xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
- <icfc:configurationProperties
- xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
- <icfcldap:port>389</icfcldap:port>
- <icfcldap:host>directory</icfcldap:host>
- <icfcldap:baseContext>dc=internet2,dc=edu</icfcldap:baseContext>
- <icfcldap:bindDn>cn=Directory Manager</icfcldap:bindDn>
- <icfcldap:bindPassword>
- <t:clearValue>password</t:clearValue>
- </icfcldap:bindPassword>
- <icfcldap:uidAttribute>nsUniqueId</icfcldap:uidAttribute>
- <icfcldap:pagingStrategy>auto</icfcldap:pagingStrategy> <!-- spr? -->
- <icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute>
- <icfcldap:operationalAttributes>memberOf</icfcldap:operationalAttributes>
- <icfcldap:operationalAttributes>createTimestamp</icfcldap:operationalAttributes>
- <icfcldap:operationalAttributes>nsAccountLock</icfcldap:operationalAttributes>
- <!-- >icfcldap:usePermissiveModify>always</icfcldap:usePermissiveModify>
- <icfcldap:passwordHashAlgorithm>SSHA</icfcldap:passwordHashAlgorithm -->
- <!-- >icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute> <icfcldap:vlvSortOrderingRule>2.5.13.3</icfcldap:vlvSortOrderingRule -->
- </icfc:configurationProperties>
- <icfc:resultsHandlerConfiguration>
- <icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler>
- <icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
- <icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
- </icfc:resultsHandlerConfiguration>
- </connectorConfiguration>
-
- <schema>
- <generationConstraints>
- <generateObjectClass>ri:inetOrgPerson</generateObjectClass>
- <generateObjectClass>ri:eduPerson</generateObjectClass>
- <generateObjectClass>ri:groupOfUniqueNames</generateObjectClass>
- <generateObjectClass>ri:groupOfNames</generateObjectClass>
- <generateObjectClass>ri:organizationalUnit</generateObjectClass>
- </generationConstraints>
- </schema>
-
- <schemaHandling>
- <objectType>
- <kind>account</kind>
- <displayName>Normal Account</displayName>
- <default>true</default>
- <objectClass>ri:inetOrgPerson</objectClass>
- <auxiliaryObjectClass>ri:eduPerson</auxiliaryObjectClass>
- <attribute>
- <ref>ri:dn</ref>
- <displayName>Distinguished Name</displayName>
- <limitations>
- <minOccurs>0</minOccurs>
- </limitations>
- <tolerant>false</tolerant>
- <matchingRule>mr:stringIgnoreCase</matchingRule>
- <outbound>
- <strength>strong</strength>
- <source>
- <path>name</path>
- </source>
- <expression>
- <script>
- <code>
- 'uid=' + name + ',ou=People,dc=internet2,dc=edu'
- </code>
- </script>
- </expression>
- </outbound>
- </attribute>
- <attribute>
- <ref>ri:cn</ref>
- <displayName>Common Name</displayName>
- <limitations>
- <minOccurs>0</minOccurs>
- </limitations>
- <tolerant>false</tolerant>
- <outbound>
- <strength>strong</strength>
- <source>
- <path>fullName</path>
- </source>
- </outbound>
- </attribute>
- <attribute>
- <ref>ri:sn</ref>
- <displayName>Surname</displayName>
- <limitations>
- <minOccurs>0</minOccurs>
- </limitations>
- <tolerant>false</tolerant>
- <outbound>
- <strength>strong</strength>
- <source>
- <path>familyName</path>
- </source>
- </outbound>
- </attribute>
- <attribute>
- <ref>ri:givenName</ref>
- <displayName>Given Name</displayName>
- <limitations>
- <minOccurs>0</minOccurs>
- </limitations>
- <tolerant>false</tolerant>
- <outbound>
- <strength>strong</strength>
- <source>
- <path>givenName</path>
- </source>
- </outbound>
- </attribute>
- <attribute>
- <ref>ri:uid</ref>
- <displayName>Login Name</displayName>
- <tolerant>false</tolerant>
- <matchingRule>mr:stringIgnoreCase</matchingRule>
- <outbound>
- <strength>strong</strength>
- <source>
- <path>name</path>
- </source>
- </outbound>
- </attribute>
- <attribute>
- <ref>ri:mail</ref>
- <displayName>Mail</displayName>
- <matchingRule>mr:stringIgnoreCase</matchingRule>
- <tolerant>false</tolerant>
- <outbound>
- <strength>strong</strength>
- <source>
- <path>emailAddress</path>
- </source>
- </outbound>
- </attribute>
- <attribute>
- <ref>ri:employeeNumber</ref>
- <tolerant>false</tolerant>
- <outbound>
- <strength>strong</strength>
- <source>
- <path>employeeNumber</path>
- </source>
- </outbound>
- </attribute>
- <attribute>
- <ref>ri:businessCategory</ref>
- <tolerant>false</tolerant>
- </attribute>
- <attribute>
- <ref>ri:eduPersonAffiliation</ref>
- <tolerant>false</tolerant>
- </attribute>
- <attribute>
- <ref>ri:eduPersonEntitlement</ref>
- <tolerant>false</tolerant>
- <outbound>
- <source>
- <path>extension/grouper_group</path>
- </source>
- </outbound>
- </attribute>
- <association>
- <tolerant>false</tolerant>
- <ref>ri:group</ref>
- <kind>entitlement</kind>
- <intent>course-group</intent>
- <intent>generic-group</intent>
- <direction>objectToSubject</direction>
- <associationAttribute>ri:uniqueMember</associationAttribute>
- <valueAttribute>ri:dn</valueAttribute>
- </association>
- <protected>
- <filter>
- <q:equal>
- <q:matching>http://prism.evolveum.com/xml/ns/public/matching-rule-3#stringIgnoreCase</q:matching>
- <q:path>attributes/ri:dn</q:path>
- <q:value>cn=root,dc=internet2,dc=edu</q:value>
- </q:equal>
- </filter>
- </protected>
- <credentials>
- <password>
- <outbound>
- <expression>
- <asIs />
- </expression>
- </outbound>
- </password>
- </credentials>
- </objectType>
-
- <objectType>
- <kind>entitlement</kind>
- <intent>course-group</intent>
- <displayName>LDAP Group for courses</displayName>
- <objectClass>ri:groupOfUniqueNames</objectClass>
- <attribute>
- <ref>ri:uniqueMember</ref>
- <matchingRule>mr:distinguishedName</matchingRule>
- <fetchStrategy>minimal</fetchStrategy>
- </attribute>
- <attribute>
- <ref>ri:dn</ref>
- <matchingRule>mr:stringIgnoreCase</matchingRule>
- <outbound>
- <strength>strong</strength>
- <source>
- <path>identifier</path>
- </source>
- <expression>
- <script>
- <code>
- basic.composeDnWithSuffix('cn', identifier, 'ou=Courses,ou=Groups,dc=internet2,dc=edu')
- </code>
- </script>
- </expression>
- </outbound>
- </attribute>
- <attribute>
- <ref>ri:cn</ref>
- <matchingRule>mr:stringIgnoreCase</matchingRule>
- <outbound>
- <strength>weak</strength>
- <source>
- <path>identifier</path>
- </source>
- </outbound>
- </attribute>
- </objectType>
- <objectType>
- <kind>entitlement</kind>
- <intent>generic-group</intent>
- <displayName>LDAP Group</displayName>
- <objectClass>ri:groupOfUniqueNames</objectClass>
- <attribute>
- <ref>ri:uniqueMember</ref>
- <matchingRule>mr:distinguishedName</matchingRule>
- <fetchStrategy>minimal</fetchStrategy>
- </attribute>
- <attribute>
- <ref>ri:dn</ref>
- <matchingRule>mr:stringIgnoreCase</matchingRule>
- <outbound>
- <strength>strong</strength>
- <trace>true</trace>
- <source>
- <path>identifier</path>
- </source>
- <expression>
- <script>
- <code>
- basic.composeDnWithSuffix('cn', identifier, 'ou=Groups,dc=internet2,dc=edu')
- </code>
- </script>
- </expression>
- </outbound>
- </attribute>
- <attribute>
- <ref>ri:cn</ref>
- <matchingRule>mr:stringIgnoreCase</matchingRule>
- <outbound>
- <strength>weak</strength>
- <source>
- <path>identifier</path>
- </source>
- </outbound>
- </attribute>
- </objectType>
- </schemaHandling>
-
- <synchronization>
- <objectSynchronization>
- <enabled>true</enabled>
- <correlation>
- <q:equal>
- <q:path>name</q:path>
- <expression>
- <path>
- declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
- $account/attributes/ri:uid
- </path>
- </expression>
- </q:equal>
- </correlation>
- <reaction>
- <situation>linked</situation>
- <synchronize>true</synchronize>
- </reaction>
- <reaction>
- <situation>deleted</situation>
- <synchronize>true</synchronize>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
- </action>
- </reaction>
- <reaction>
- <situation>unlinked</situation>
- <synchronize>true</synchronize>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
- </action>
- </reaction>
- <reaction>
- <situation>unmatched</situation>
- <synchronize>true</synchronize>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
- </action>
- </reaction>
- </objectSynchronization>
- <objectSynchronization>
- <name>course-group sync</name>
- <objectClass>ri:groupOfUniqueNames</objectClass>
- <kind>entitlement</kind>
- <intent>course-group</intent>
- <focusType>OrgType</focusType>
- <enabled>true</enabled>
- <condition>
- <script>
- <code>
- import javax.naming.ldap.*
- dn = new LdapName(basic.getAttributeValue(account, 'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3', 'dn'))
- log.info('course-group sync: considering {}; dn.size={}, dn.startsWith={}', dn, dn.size(), dn.startsWith(new LdapName('ou=Courses,ou=Groups,dc=internet2,dc=edu')))
- dn.size() == 5 && dn.startsWith(new LdapName('ou=Courses,ou=Groups,dc=internet2,dc=edu'))
- </code>
- </script>
- </condition>
- <correlation>
- <q:and>
- <q:equal>
- <q:path>identifier</q:path>
- <expression>
- <path>$shadow/attributes/ri:cn</path>
- </expression>
- </q:equal>
- <q:equal>
- <q:path>subtype</q:path>
- <q:value>course</q:value>
- </q:equal>
- </q:and>
- </correlation>
- <reaction>
- <situation>linked</situation>
- <synchronize>true</synchronize>
- </reaction>
- <reaction>
- <situation>deleted</situation>
- <synchronize>true</synchronize>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
- </action>
- </reaction>
- <reaction>
- <situation>unlinked</situation>
- <synchronize>true</synchronize>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
- </action>
- </reaction>
- <reaction>
- <situation>unmatched</situation>
- </reaction>
- </objectSynchronization>
- <objectSynchronization>
- <name>generic-group sync</name>
- <objectClass>ri:groupOfUniqueNames</objectClass>
- <kind>entitlement</kind>
- <intent>generic-group</intent>
- <focusType>RoleType</focusType>
- <enabled>true</enabled>
- <condition>
- <script>
- <code>
- import javax.naming.ldap.*
- dn = new LdapName(basic.getAttributeValue(account, 'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3', 'dn'))
- log.info('generic-group sync: considering {}; dn.size={}, dn.startsWith={}', dn, dn.size(), dn.startsWith(new LdapName('ou=Groups,dc=internet2,dc=edu')))
- dn.size() == 4 && dn.startsWith(new LdapName('ou=Groups,dc=internet2,dc=edu'))
- </code>
- </script>
- </condition>
- <correlation>
- <q:and>
- <q:equal>
- <q:path>identifier</q:path>
- <expression>
- <path>$shadow/attributes/ri:cn</path>
- </expression>
- </q:equal>
- <q:equal>
- <q:path>subtype</q:path>
- <q:value>generic-group</q:value>
- </q:equal>
- </q:and>
- </correlation>
- <reaction>
- <situation>linked</situation>
- <synchronize>true</synchronize>
- </reaction>
- <reaction>
- <situation>deleted</situation>
- <synchronize>true</synchronize>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
- </action>
- </reaction>
- <reaction>
- <situation>unlinked</situation>
- <synchronize>true</synchronize>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
- </action>
- </reaction>
- <reaction>
- <situation>unmatched</situation>
- </reaction>
- </objectSynchronization>
- </synchronization>
- <consistency>
- <avoidDuplicateValues>true</avoidDuplicateValues>
- </consistency>
-</resource>
diff --git a/demo/complex/midpoint-objects/resources/resource-grouper.xml b/demo/complex/midpoint-objects/resources/resource-grouper.xml
deleted file mode 100644
index ca43a21..0000000
--- a/demo/complex/midpoint-objects/resources/resource-grouper.xml
+++ /dev/null
@@ -1,226 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- ~ Copyright (c) 2010-2019 Evolveum
- ~
- ~ Licensed under the Apache License, Version 2.0 (the "License");
- ~ you may not use this file except in compliance with the License.
- ~ You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-
-<resource oid="1eff65de-5bb6-483d-9edf-8cc2c2ee0233"
- xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
- xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
- xmlns:rest="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-grouper-rest/com.evolveum.polygon.connector.grouper.rest.GrouperConnector"
- xmlns:conf="http://midpoint.evolveum.com/xml/ns/public/connector/builtin-1/bundle/com.evolveum.midpoint.provisioning.ucf.impl.builtin.async/AsyncUpdateConnector"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-
- <name>Grouper Resource</name>
- <connectorRef type="c:ConnectorType">
- <filter>
- <q:equal>
- <q:path>connectorType</q:path>
- <q:value>com.evolveum.polygon.connector.grouper.rest.GrouperConnector</q:value>
- </q:equal>
- </filter>
- </connectorRef>
- <connectorConfiguration>
- <icfc:configurationProperties>
- <rest:baseUrl>https://grouper-ws:443</rest:baseUrl>
- <rest:username>banderson</rest:username>
- <rest:password>password</rest:password>
- <rest:superGroup>etc:midpointGroups</rest:superGroup>
- <rest:groupIncludePattern>midpoint:.*</rest:groupIncludePattern>
- <rest:groupIncludePattern>ref:.*</rest:groupIncludePattern>
- <rest:groupExcludePattern>ref:.*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)</rest:groupExcludePattern>
- <rest:subjectSource>ldap</rest:subjectSource>
- <rest:groupSource>g:gsa</rest:groupSource>
- <rest:ignoreSslValidation>true</rest:ignoreSslValidation>
- </icfc:configurationProperties>
- </connectorConfiguration>
- <additionalConnector>
- <name>AMQP async update connector</name>
- <connectorRef type="c:ConnectorType">
- <filter>
- <q:equal>
- <q:path>connectorType</q:path>
- <q:value>AsyncUpdateConnector</q:value>
- </q:equal>
- </filter>
- </connectorRef>
- <connectorConfiguration>
- <conf:sources>
- <amqp091>
- <uri>amqp://mq:5672</uri>
- <username>guest</username>
- <password>guest</password>
- <queue>sampleQueue</queue>
- </amqp091>
- </conf:sources>
- <conf:transformExpression>
- <script>
- <code>
- // ------------------ START OF CONFIGURATION ------------------
-
- parameters = [
- superGroup: 'etc:midpointGroups',
- groupIncludePattern: [ 'midpoint:.*', 'ref:.*' ],
- groupExcludePattern: [ 'ref:.*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)' ],
- relevantSourceId: 'ldap'
- ]
-
- // ------------------ END OF CONFIGURATION ------------------
-
- parameters.put('message', message)
- grouper.execute('createUcfChange', parameters)
- </code>
- </script>
- </conf:transformExpression>
- </connectorConfiguration>
- </additionalConnector>
- <schemaHandling>
- <objectType>
- <kind>account</kind>
- <intent>subject</intent>
- <objectClass>ri:AccountObjectClass</objectClass>
- <default>true</default>
- <attribute>
- <ref>icfs:name</ref>
- <inbound>
- <target>
- <path>name</path>
- </target>
- </inbound>
- </attribute>
- <attribute>
- <ref>ri:group</ref>
- <displayName>Subject Groups</displayName>
- <inbound>
- <strength>strong</strength>
- <target>
- <path>extension/grouper_group</path>
- </target>
- </inbound>
- </attribute>
- </objectType>
- <objectType>
- <kind>entitlement</kind>
- <intent>group</intent>
- <objectClass>ri:GroupObjectClass</objectClass>
- <default>true</default>
- <attribute>
- <ref>icfs:name</ref>
- <inbound>
- <strength>strong</strength>
- <target>
- <path>name</path>
- </target>
- </inbound>
- <inbound>
- <strength>strong</strength>
- <expression>
- <value>group</value>
- </expression>
- <target>
- <path>subtype</path>
- </target>
- </inbound>
- </attribute>
- </objectType>
- </schemaHandling>
- <synchronization>
- <objectSynchronization>
- <enabled>true</enabled>
- <kind>account</kind>
- <intent>subject</intent>
- <objectClass>ri:AccountObjectClass</objectClass>
- <focusType>UserType</focusType>
- <correlation>
- <q:equal>
- <q:path>name</q:path>
- <expression>
- <path>
- $account/attributes/name
- </path>
- </expression>
- </q:equal>
- </correlation>
- <reaction>
- <situation>linked</situation>
- <synchronize>true</synchronize>
- </reaction>
- <reaction>
- <situation>deleted</situation>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
- </action>
- </reaction>
- <reaction>
- <situation>unlinked</situation>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
- </action>
- </reaction>
- <reaction>
- <situation>unmatched</situation>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
- </action>
- </reaction>
- </objectSynchronization>
- <objectSynchronization>
- <enabled>true</enabled>
- <kind>entitlement</kind>
- <intent>group</intent>
- <objectClass>ri:GroupObjectClass</objectClass>
- <focusType>OrgType</focusType>
- <correlation>
- <q:equal>
- <q:path>name</q:path>
- <expression>
- <path>
- $account/attributes/name
- </path>
- </expression>
- </q:equal>
- </correlation>
- <reaction>
- <situation>linked</situation>
- <synchronize>true</synchronize>
- </reaction>
- <reaction>
- <situation>deleted</situation>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#deleteFocus</handlerUri>
- </action>
- </reaction>
- <reaction>
- <situation>unlinked</situation>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
- </action>
- </reaction>
- <reaction>
- <situation>unmatched</situation>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
- </action>
- </reaction>
- </objectSynchronization>
- </synchronization>
- <caching>
- <cachingStategy>passive</cachingStategy>
- </caching>
-</resource>
diff --git a/demo/complex/midpoint-objects/resources/scriptedsql-sis-courses.xml b/demo/complex/midpoint-objects/resources/scriptedsql-sis-courses.xml
deleted file mode 100644
index 6b5f84b..0000000
--- a/demo/complex/midpoint-objects/resources/scriptedsql-sis-courses.xml
+++ /dev/null
@@ -1,212 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<c:resource oid="13660d60-071b-4596-9aa1-5efcd1256c04" xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3" xmlns:my="http://myself.me/schemas/whatever" xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
-
- <c:name>SQL SIS courses (sources)</c:name>
-
- <connectorRef type="ConnectorType">
- <filter>
- <q:equal>
- <q:path>connectorType</q:path>
- <q:value>net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector</q:value>
- </q:equal>
- </filter>
- </connectorRef>
-
- <c:connectorConfiguration>
-
- <icfc:configurationProperties
- xmlns:icscscriptedsql="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/net.tirasa.connid.bundles.db.scriptedsql/net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector">
- <icscscriptedsql:host>sources</icscscriptedsql:host>
- <icscscriptedsql:port>3306</icscscriptedsql:port>
- <icscscriptedsql:quoting></icscscriptedsql:quoting>
- <icscscriptedsql:user>root</icscscriptedsql:user>
- <icscscriptedsql:password>
- <clearValue>123321</clearValue>
- </icscscriptedsql:password>
- <icscscriptedsql:database>sis</icscscriptedsql:database>
- <!-- >icscscriptedsql:clearTextPasswordToScript>true</icscscriptedsql:clearTextPasswordToScript -->
- <icscscriptedsql:scriptingLanguage>GROOVY</icscscriptedsql:scriptingLanguage>
-
- <icscscriptedsql:searchScriptFileName>/opt/midpoint/var/res/sis/SearchScript.groovy</icscscriptedsql:searchScriptFileName>
- <icscscriptedsql:testScriptFileName>/opt/midpoint/var/res/sis/TestScript.groovy</icscscriptedsql:testScriptFileName>
- <icscscriptedsql:schemaScriptFileName>/opt/midpoint/var/res/sis/SchemaScript.groovy</icscscriptedsql:schemaScriptFileName>
-
- <icscscriptedsql:reloadScriptOnExecution>true</icscscriptedsql:reloadScriptOnExecution>
- <!-- >icscscriptedsql:syncScriptFileName>/opt/midpoint/var/res/SyncScript.groovy</icscscriptedsql:syncScriptFileName -->
-
- <icscscriptedsql:validConnectionQuery></icscscriptedsql:validConnectionQuery>
- <icscscriptedsql:jndiProperties></icscscriptedsql:jndiProperties>
-
- <icscscriptedsql:jdbcDriver>org.mariadb.jdbc.Driver</icscscriptedsql:jdbcDriver>
- <icscscriptedsql:jdbcUrlTemplate>jdbc:mysql://%h:%p/%d?useUnicode=true&characterEncoding=utf8&connectionCollation=utf8_bin</icscscriptedsql:jdbcUrlTemplate>
- <icscscriptedsql:enableEmptyString>true</icscscriptedsql:enableEmptyString>
- <icscscriptedsql:rethrowAllSQLExceptions>true</icscscriptedsql:rethrowAllSQLExceptions>
- <icscscriptedsql:nativeTimestamps>false</icscscriptedsql:nativeTimestamps>
- <icscscriptedsql:allNative>false</icscscriptedsql:allNative>
- <!--<icscscriptedsql:changeLogColumn>timestamp</icscscriptedsql:changeLogColumn> -->
- <icscscriptedsql:datasource></icscscriptedsql:datasource>
- </icfc:configurationProperties>
-
- <!-- Generic ICF configuration -->
-
- </c:connectorConfiguration>
-
- <schemaHandling>
- <objectType>
- <kind>account</kind>
- <displayName>Normal Account</displayName>
- <default>true</default>
- <objectClass>ri:AccountObjectClass</objectClass>
- <attribute>
- <ref>ri:uid</ref>
- <displayName>UID</displayName>
- </attribute>
- <attribute>
- <ref>ri:courseId</ref>
- <displayName>Course ID</displayName>
- <inbound>
- <strength>strong</strength>
- <expression>
- <assignmentTargetSearch>
- <targetType>OrgType</targetType>
- <filter>
- <q:equal>
- <q:path>name</q:path>
- <expression>
- <script>
- <code>
- 'course_' + input
- </code>
- </script>
- </expression>
- </q:equal>
- </filter>
- <createOnDemand>true</createOnDemand>
- <populateObject>
- <populateItem>
- <expression>
- <script>
- <code>
- 'course_' + input
- </code>
- </script>
- </expression>
- <target>
- <path>name</path>
- </target>
- </populateItem>
- <populateItem>
- <expression>
- <script>
- <code>
- input
- </code>
- </script>
- </expression>
- <target>
- <path>displayName</path>
- </target>
- </populateItem>
- <populateItem>
- <expression>
- <assignmentTargetSearch>
- <targetType>OrgType</targetType>
- <oid>225e9360-0639-40ba-8a31-7f31bef067be</oid>
- </assignmentTargetSearch>
- </expression>
- <target>
- <path>assignment</path>
- </target>
- </populateItem>
- <populateItem>
- <expression>
- <script>
- <code>
- input
- </code>
- </script>
- </expression>
- <target>
- <path>identifier</path>
- </target>
- </populateItem>
- <populateItem>
- <expression>
- <value>course</value>
- </expression>
- <target>
- <path>subtype</path>
- </target>
- </populateItem>
- </populateObject>
- <assignmentProperties>
- <subtype>course</subtype>
- </assignmentProperties>
- </assignmentTargetSearch>
- </expression>
- <target>
- <path>assignment</path>
- <set>
- <condition>
- <script>
- <code>
- assignment.subtype.contains('course')
- </code>
- </script>
- </condition>
- </set>
- </target>
- </inbound>
- </attribute>
- </objectType>
- </schemaHandling>
-
- <synchronization>
- <objectSynchronization>
- <enabled>true</enabled>
-
- <correlation>
- <q:equal>
- <q:path>name</q:path>
- <expression>
- <path>
- declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
- $account/attributes/ri:uid
- </path>
- </expression>
- </q:equal>
- </correlation>
-
- <reaction>
- <situation>linked</situation>
- <synchronize>true</synchronize>
- </reaction>
- <reaction>
- <situation>deleted</situation>
- <synchronize>true</synchronize>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
- </action>
- </reaction>
-
- <reaction>
- <situation>unlinked</situation>
- <synchronize>true</synchronize>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
- </action>
- </reaction>
- <reaction>
- <situation>unmatched</situation>
- <synchronize>true</synchronize>
- <!-- >action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
- </action -->
- </reaction>
- </objectSynchronization>
- </synchronization>
-
-</c:resource>
-
diff --git a/demo/complex/midpoint-objects/resources/scriptedsql-sis-persons.xml b/demo/complex/midpoint-objects/resources/scriptedsql-sis-persons.xml
deleted file mode 100644
index 568074d..0000000
--- a/demo/complex/midpoint-objects/resources/scriptedsql-sis-persons.xml
+++ /dev/null
@@ -1,379 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<c:resource oid="4d70a0da-02dd-41cf-b0a1-00e75d3eaa15"
- xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
- xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
- xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3"
- xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
-
- <c:name>SQL SIS persons (sources)</c:name>
-
- <connectorRef type="ConnectorType">
- <filter>
- <q:equal>
- <q:path>connectorType</q:path>
- <q:value>net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector</q:value>
- </q:equal>
- </filter>
- </connectorRef>
-
- <c:connectorConfiguration>
-
- <icfc:configurationProperties
- xmlns:icscscriptedsql="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/net.tirasa.connid.bundles.db.scriptedsql/net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector">
- <icscscriptedsql:host>sources</icscscriptedsql:host>
- <icscscriptedsql:port>3306</icscscriptedsql:port>
- <icscscriptedsql:quoting></icscscriptedsql:quoting>
- <icscscriptedsql:user>root</icscscriptedsql:user>
- <icscscriptedsql:password>
- <clearValue>123321</clearValue>
- </icscscriptedsql:password>
- <icscscriptedsql:database>sis</icscscriptedsql:database>
- <!-- >icscscriptedsql:clearTextPasswordToScript>true</icscscriptedsql:clearTextPasswordToScript -->
- <icscscriptedsql:scriptingLanguage>GROOVY</icscscriptedsql:scriptingLanguage>
-
- <icscscriptedsql:searchScriptFileName>/opt/midpoint/var/res/sis-persons/SearchScript.groovy</icscscriptedsql:searchScriptFileName>
- <icscscriptedsql:testScriptFileName>/opt/midpoint/var/res/sis-persons/TestScript.groovy</icscscriptedsql:testScriptFileName>
- <icscscriptedsql:schemaScriptFileName>/opt/midpoint/var/res/sis-persons/SchemaScript.groovy</icscscriptedsql:schemaScriptFileName>
-
- <icscscriptedsql:reloadScriptOnExecution>true</icscscriptedsql:reloadScriptOnExecution>
- <!-- >icscscriptedsql:syncScriptFileName>/opt/midpoint/var/res/SyncScript.groovy</icscscriptedsql:syncScriptFileName -->
-
- <icscscriptedsql:validConnectionQuery></icscscriptedsql:validConnectionQuery>
- <icscscriptedsql:jndiProperties></icscscriptedsql:jndiProperties>
-
- <icscscriptedsql:jdbcDriver>org.mariadb.jdbc.Driver</icscscriptedsql:jdbcDriver>
- <icscscriptedsql:jdbcUrlTemplate>jdbc:mysql://%h:%p/%d?useUnicode=true&characterEncoding=utf8&connectionCollation=utf8_bin</icscscriptedsql:jdbcUrlTemplate>
- <icscscriptedsql:enableEmptyString>true</icscscriptedsql:enableEmptyString>
- <icscscriptedsql:rethrowAllSQLExceptions>true</icscscriptedsql:rethrowAllSQLExceptions>
- <icscscriptedsql:nativeTimestamps>false</icscscriptedsql:nativeTimestamps>
- <icscscriptedsql:allNative>false</icscscriptedsql:allNative>
- <!--<icscscriptedsql:changeLogColumn>timestamp</icscscriptedsql:changeLogColumn> -->
- <icscscriptedsql:datasource></icscscriptedsql:datasource>
- </icfc:configurationProperties>
-
- <!-- Generic ICF configuration -->
-
- </c:connectorConfiguration>
-
- <schemaHandling>
- <objectType>
- <kind>account</kind>
- <displayName>Normal Account</displayName>
- <default>true</default>
- <objectClass>ri:AccountObjectClass</objectClass>
- <attribute>
- <ref>ri:uid</ref>
- <displayName>UID</displayName>
- <inbound>
- <target>
- <path>name</path>
- </target>
- </inbound>
- <inbound>
- <strength>strong</strength>
- <expression>
- <assignmentTargetSearch>
- <targetType>RoleType</targetType>
- <oid>c89f31dd-8d4f-4e0a-82cb-58ff9d8c1b2f</oid> <!-- role-ldap-basic -->
- <assignmentProperties>
- <subtype>grouper-basic</subtype>
- </assignmentProperties>
- </assignmentTargetSearch>
- </expression>
- <target>
- <path>assignment</path>
- <set>
- <condition>
- <script>
- <code>
- assignment.subtype.contains('grouper-basic')
- </code>
- </script>
- </condition>
- </set>
- </target>
- </inbound>
- </attribute>
- <attribute>
- <ref>ri:fullName</ref>
- <displayName>Full Name</displayName>
- <inbound>
- <target>
- <path>fullName</path>
- </target>
- </inbound>
- </attribute>
- <attribute>
- <ref>ri:surname</ref>
- <displayName>Surname</displayName>
- <inbound>
- <target>
- <path>familyName</path>
- </target>
- </inbound>
- </attribute>
- <attribute>
- <ref>ri:givenName</ref>
- <displayName>Given Name</displayName>
- <inbound>
- <target>
- <path>givenName</path>
- </target>
- </inbound>
- </attribute>
- <attribute>
- <ref>ri:mail</ref>
- <displayName>Mail</displayName>
- <matchingRule>mr:stringIgnoreCase</matchingRule>
- <inbound>
- <target>
- <path>emailAddress</path>
- </target>
- </inbound>
- </attribute>
- <!-- >attribute>
- <ref>ri:employeeNumber</ref>
- <inbound>
- <target>
- <path>employeeNumber</path>
- </target>
- </inbound>
- </attribute -->
- <attribute>
- <ref>ri:department</ref>
- <inbound>
- <strength>strong</strength>
- <expression>
- <assignmentTargetSearch>
- <targetType>OrgType</targetType>
- <filter>
- <q:equal>
- <q:path>name</q:path>
- <expression>
- <script>
- <code>
- 'department_' + input
- </code>
- </script>
- </expression>
- </q:equal>
- </filter>
- <createOnDemand>true</createOnDemand>
- <populateObject>
- <populateItem>
- <expression>
- <script>
- <code>
- 'department_' + input
- </code>
- </script>
- </expression>
- <target>
- <path>name</path>
- </target>
- </populateItem>
- <populateItem>
- <expression>
- <script>
- <code>
- input
- </code>
- </script>
- </expression>
- <target>
- <path>displayName</path>
- </target>
- </populateItem>
- <populateItem>
- <expression>
- <assignmentTargetSearch>
- <targetType>OrgType</targetType>
- <oid>bee44c51-2469-411d-bac7-695728e9c241</oid>
- </assignmentTargetSearch>
- </expression>
- <target>
- <path>assignment</path>
- </target>
- </populateItem>
- <populateItem>
- <expression>
- <script>
- <code>
- input
- </code>
- </script>
- </expression>
- <target>
- <path>identifier</path>
- </target>
- </populateItem>
- <populateItem>
- <expression>
- <value>department</value>
- </expression>
- <target>
- <path>subtype</path>
- </target>
- </populateItem>
- </populateObject>
- <assignmentProperties>
- <subtype>department</subtype>
- </assignmentProperties>
- </assignmentTargetSearch>
- </expression>
- <target>
- <path>assignment</path>
- <set>
- <condition>
- <script>
- <code>
- assignment.subtype.contains('department')
- </code>
- </script>
- </condition>
- </set>
- </target>
- </inbound>
- </attribute>
- <attribute>
- <ref>ri:affiliation</ref>
- <inbound>
- <strength>strong</strength>
- <expression>
- <assignmentTargetSearch>
- <targetType>RoleType</targetType>
- <filter>
- <q:equal>
- <q:path>name</q:path>
- <expression>
- <script>
- <code>
- 'affiliation_' + input
- </code>
- </script>
- </expression>
- </q:equal>
- </filter>
- <createOnDemand>true</createOnDemand>
- <populateObject>
- <populateItem>
- <expression>
- <script>
- <code>
- 'affiliation_' + input
- </code>
- </script>
- </expression>
- <target>
- <path>name</path>
- </target>
- </populateItem>
- <populateItem>
- <expression>
- <script>
- <code>
- 'Affiliation: ' + input
- </code>
- </script>
- </expression>
- <target>
- <path>displayName</path>
- </target>
- </populateItem>
- <populateItem>
- <expression>
- <script>
- <code>
- input
- </code>
- </script>
- </expression>
- <target>
- <path>identifier</path>
- </target>
- </populateItem>
- <populateItem>
- <expression>
- <value>affiliation</value>
- </expression>
- <target>
- <path>subtype</path>
- </target>
- </populateItem>
- </populateObject>
- <assignmentProperties>
- <subtype>affiliation</subtype>
- </assignmentProperties>
- </assignmentTargetSearch>
- </expression>
- <target>
- <path>assignment</path>
- <set>
- <condition>
- <script>
- <code>
- assignment.subtype.contains('affiliation')
- </code>
- </script>
- </condition>
- </set>
- </target>
- </inbound>
- </attribute>
- </objectType>
- </schemaHandling>
-
- <synchronization>
- <objectSynchronization>
- <enabled>true</enabled>
-
- <correlation>
- <q:equal>
- <q:path>name</q:path>
- <expression>
- <path>
- declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
- $account/attributes/ri:uid
- </path>
- </expression>
- </q:equal>
- </correlation>
-
- <reaction>
- <situation>linked</situation>
- <synchronize>true</synchronize>
- </reaction>
- <reaction>
- <situation>deleted</situation>
- <synchronize>true</synchronize>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
- </action>
- </reaction>
-
- <reaction>
- <situation>unlinked</situation>
- <synchronize>true</synchronize>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
- </action>
- </reaction>
- <reaction>
- <situation>unmatched</situation>
- <synchronize>true</synchronize>
- <action>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
- </action>
- </reaction>
- </objectSynchronization>
- </synchronization>
-
-</c:resource>
-
diff --git a/demo/complex/midpoint-objects/roles/metarole-affiliation.xml b/demo/complex/midpoint-objects/roles/metarole-affiliation.xml
deleted file mode 100644
index be64d72..0000000
--- a/demo/complex/midpoint-objects/roles/metarole-affiliation.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
- xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- oid="fecae27b-d1d3-40ae-95fa-8f7e44e2ee70">
- <name>metarole-affiliation</name>
- <inducement id="1">
- <construction>
- <resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" /> <!-- OpenLDAP for Grouper (i-data) -->
- <attribute>
- <ref>ri:eduPersonAffiliation</ref>
- <outbound>
- <strength>strong</strength>
- <expression>
- <script>
- <code>assignmentPath[0].target.identifier</code>
- </script>
- </expression>
- </outbound>
- </attribute>
- </construction>
- <order>2</order>
- </inducement>
-</role>
diff --git a/demo/complex/midpoint-objects/roles/metarole-course.xml b/demo/complex/midpoint-objects/roles/metarole-course.xml
deleted file mode 100644
index 3e26105..0000000
--- a/demo/complex/midpoint-objects/roles/metarole-course.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
- xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- oid="8aa99e7b-f7d3-4585-9800-14bab4d26a43">
- <name>metarole-course</name>
- <inducement id="1">
- <construction>
- <resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" /> <!-- OpenLDAP for Grouper (i-data) -->
- <kind>entitlement</kind>
- <intent>course-group</intent>
- </construction>
- </inducement>
- <inducement id="2">
- <construction>
- <resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" /> <!-- OpenLDAP for Grouper (i-data) -->
- <association>
- <c:ref>ri:group</c:ref>
- <outbound>
- <expression>
- <associationFromLink>
- <projectionDiscriminator>
- <kind>entitlement</kind>
- <intent>course-group</intent>
- </projectionDiscriminator>
- </associationFromLink>
- </expression>
- </outbound>
- </association>
- </construction>
- <order>2</order>
- </inducement>
-</role>
diff --git a/demo/complex/midpoint-objects/roles/metarole-department.xml b/demo/complex/midpoint-objects/roles/metarole-department.xml
deleted file mode 100644
index 96947e3..0000000
--- a/demo/complex/midpoint-objects/roles/metarole-department.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
- xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- oid="ffa9eaec-9539-4d15-97aa-24cd5b92ca5b">
- <name>metarole-department</name>
- <inducement id="1">
- <construction>
- <resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" /> <!-- OpenLDAP for Grouper (i-data) -->
- <attribute>
- <ref>ri:businessCategory</ref>
- <outbound>
- <strength>strong</strength>
- <expression>
- <script>
- <code>assignmentPath[0].target.identifier</code>
- </script>
- </expression>
- </outbound>
- </attribute>
- </construction>
- <order>2</order>
- </inducement>
-</role>
diff --git a/demo/complex/midpoint-objects/roles/metarole-generic-group.xml b/demo/complex/midpoint-objects/roles/metarole-generic-group.xml
deleted file mode 100644
index f0e93c5..0000000
--- a/demo/complex/midpoint-objects/roles/metarole-generic-group.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
- xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- oid="c691e15a-f30b-4e15-8445-532db07ceeeb">
- <name>metarole-generic-group</name>
- <inducement id="1">
- <construction>
- <resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" /> <!-- OpenLDAP for Grouper (i-data) -->
- <kind>entitlement</kind>
- <intent>generic-group</intent>
- </construction>
- </inducement>
- <inducement id="2">
- <construction>
- <resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" /> <!-- OpenLDAP for Grouper (i-data) -->
- <association>
- <c:ref>ri:group</c:ref>
- <outbound>
- <expression>
- <associationFromLink>
- <projectionDiscriminator>
- <kind>entitlement</kind>
- <intent>generic-group</intent>
- </projectionDiscriminator>
- </associationFromLink>
- </expression>
- </outbound>
- </association>
- </construction>
- <order>2</order>
- </inducement>
-</role>
diff --git a/demo/complex/midpoint-objects/roles/metarole-group.xml b/demo/complex/midpoint-objects/roles/metarole-group.xml
deleted file mode 100644
index bdf7113..0000000
--- a/demo/complex/midpoint-objects/roles/metarole-group.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
- xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- oid="48e231be-8474-4ed0-a85e-6acf4c5e8d52">
- <name>metarole-group</name>
- <inducement id="1">
- <targetRef oid="1f339075-5b2f-4a18-9c98-451f3eb0d28d" relation="org:default" type="c:OrgType" /> <!-- groups -->
- </inducement>
-
-</role>
diff --git a/demo/complex/midpoint-objects/roles/role-grouper-sysadmin.xml b/demo/complex/midpoint-objects/roles/role-grouper-sysadmin.xml
deleted file mode 100644
index 5b559f8..0000000
--- a/demo/complex/midpoint-objects/roles/role-grouper-sysadmin.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
- xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- oid="d48ec05b-fffd-4262-acd3-d9ff63365b62">
- <name>role-grouper-sysadmin</name>
- <assignment id="1">
- <targetRef oid="c691e15a-f30b-4e15-8445-532db07ceeeb" type="RoleType"/> <!-- metarole-generic-group -->
- </assignment>
- <subtype>generic-group</subtype>
- <identifier>sysadmingroup</identifier>
-</role>
diff --git a/demo/complex/midpoint-objects/roles/role-ldap-basic.xml b/demo/complex/midpoint-objects/roles/role-ldap-basic.xml
deleted file mode 100644
index 3efa968..0000000
--- a/demo/complex/midpoint-objects/roles/role-ldap-basic.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
- xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- oid="c89f31dd-8d4f-4e0a-82cb-58ff9d8c1b2f">
- <name>role-ldap-basic</name>
- <inducement id="1">
- <construction>
- <resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" /> <!-- OpenLDAP -->
- </construction>
- <order>1</order>
- </inducement>
-</role>
diff --git a/demo/complex/midpoint-objects/systemConfigurations/SystemConfiguration.xml b/demo/complex/midpoint-objects/systemConfigurations/SystemConfiguration.xml
deleted file mode 100644
index 3c162e1..0000000
--- a/demo/complex/midpoint-objects/systemConfigurations/SystemConfiguration.xml
+++ /dev/null
@@ -1,176 +0,0 @@
-<systemConfiguration xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="00000000-0000-0000-0000-000000000001" version="2">
- <name>SystemConfiguration</name>
- <metadata>
- <requestTimestamp>2018-08-15T13:30:55.282+02:00</requestTimestamp>
- <createTimestamp>2018-08-15T13:30:55.372+02:00</createTimestamp>
- <createChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#init</createChannel>
- </metadata>
- <operationExecution id="17">
- <timestamp>2018-08-15T13:30:55.562+02:00</timestamp>
- <operation>
- <objectDelta>
- <t:changeType>add</t:changeType>
- <t:objectType>c:SystemConfigurationType</t:objectType>
- </objectDelta>
- <executionResult>
- <operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
- <status>handled_error</status>
- <token>1000000000000000009</token>
- <message>Object of type 'SystemConfigurationType' with oid '00000000-0000-0000-0000-000000000001' was not found.</message>
- </executionResult>
- <objectName>SystemConfiguration</objectName>
- </operation>
- <status>handled_error</status>
- <channel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#init</channel>
- </operationExecution>
- <globalSecurityPolicyRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="00000000-0000-0000-0000-000000000120" relation="org:default" type="tns:SecurityPolicyType"/>
- <logging>
- <classLogger id="1">
- <level>ERROR</level>
- <package>ro.isdc.wro.extensions.processor.css.Less4jProcessor</package>
- </classLogger>
- <classLogger id="2">
- <level>OFF</level>
- <package>org.hibernate.engine.jdbc.spi.SqlExceptionHelper</package>
- </classLogger>
- <classLogger id="3">
- <level>OFF</level>
- <package>org.hibernate.engine.jdbc.batch.internal.BatchingBatch</package>
- </classLogger>
- <classLogger id="4">
- <level>WARN</level>
- <package>org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl</package>
- </classLogger>
- <classLogger id="5">
- <level>OFF</level>
- <package>org.hibernate.internal.ExceptionMapperStandardImpl</package>
- </classLogger>
- <classLogger id="6">
- <level>OFF</level>
- <package>net.sf.jasperreports.engine.fill.JRFillDataset</package>
- </classLogger>
- <classLogger id="7">
- <level>WARN</level>
- <package>org.apache.wicket.resource.PropertiesFactory</package>
- </classLogger>
- <classLogger id="8">
- <level>ERROR</level>
- <package>org.springframework.context.support.ResourceBundleMessageSource</package>
- </classLogger>
- <classLogger id="9">
- <level>INFO</level>
- <package>com.evolveum.midpoint.model.impl.lens.projector.Projector</package>
- </classLogger>
- <classLogger id="10">
- <level>INFO</level>
- <package>com.evolveum.midpoint.model.impl.lens.Clockwork</package>
- </classLogger>
- <appender id="11" xsi:type="c:FileAppenderConfigurationType">
- <pattern>%date [%X{subsystem}] [%thread] %level \(%logger\): %msg%n</pattern>
- <name>MIDPOINT_LOG</name>
- <fileName>${midpoint.home}/log/midpoint.log</fileName>
- <filePattern>${midpoint.home}/log/midpoint-%d{yyyy-MM-dd}.%i.log</filePattern>
- <maxHistory>10</maxHistory>
- <maxFileSize>100MB</maxFileSize>
- <append>true</append>
- </appender>
- <appender id="12" xsi:type="c:FileAppenderConfigurationType">
- <pattern>%date %level: %msg%n</pattern>
- <name>MIDPOINT_PROFILE_LOG</name>
- <fileName>${midpoint.home}/log/midpoint-profile.log</fileName>
- <filePattern>${midpoint.home}/log/midpoint-profile-%d{yyyy-MM-dd}.%i.log</filePattern>
- <maxHistory>10</maxHistory>
- <maxFileSize>100MB</maxFileSize>
- <append>true</append>
- </appender>
- <rootLoggerAppender>MIDPOINT_LOG</rootLoggerAppender>
- <rootLoggerLevel>INFO</rootLoggerLevel>
- <auditing>
- <enabled>false</enabled>
- <details>false</details>
- </auditing>
- </logging>
- <defaultObjectPolicyConfiguration id="18">
- <type>RoleType</type>
- <subtype>affiliation</subtype>
- <objectTemplateRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="d87aa04f-189c-4d6f-b6e1-216dad622142" relation="org:default" type="tns:ObjectTemplateType"/>
- </defaultObjectPolicyConfiguration>
- <defaultObjectPolicyConfiguration id="19">
- <type>OrgType</type>
- <subtype>department</subtype>
- <objectTemplateRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="0caf2f69-7c72-4946-b218-d84e78b2a057" relation="org:default" type="tns:ObjectTemplateType"/>
- </defaultObjectPolicyConfiguration>
- <defaultObjectPolicyConfiguration id="20">
- <type>OrgType</type>
- <subtype>course</subtype>
- <objectTemplateRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="d35bdec6-643b-41d8-ad5d-8eeb701169d1" relation="org:default" type="tns:ObjectTemplateType"/>
- </defaultObjectPolicyConfiguration>
- <defaultObjectPolicyConfiguration id="100">
- <type>OrgType</type>
- <subtype>group</subtype>
- <objectTemplateRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="e2a6193a-8981-4143-9da1-9a7b32c0b819" relation="org:default" type="tns:ObjectTemplateType"/>
- </defaultObjectPolicyConfiguration>
- <defaultObjectPolicyConfiguration id="21">
- <type>RoleType</type>
- <subtype>generic-group</subtype>
- <objectTemplateRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="804f8658-0828-4dab-a2ed-f13985e4f80b" relation="org:default" type="tns:ObjectTemplateType"/>
- </defaultObjectPolicyConfiguration>
- <defaultObjectPolicyConfiguration id="101">
- <type>UserType</type>
- <objectTemplateRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="8098b124-c20c-4965-8adf-e528abedf7a4" relation="org:default" type="tns:ObjectTemplateType"/>
- </defaultObjectPolicyConfiguration>
- <cleanupPolicy>
- <auditRecords>
- <maxAge>P3M</maxAge>
- </auditRecords>
- <closedTasks>
- <maxAge>P1M</maxAge>
- </closedTasks>
- </cleanupPolicy>
- <internals>
- <enableExperimentalCode>true</enableExperimentalCode>
- </internals>
- <adminGuiConfiguration>
- <userDashboardLink id="13">
- <targetUrl>/self/profile</targetUrl>
- <label>Profile</label>
- <description>View/edit your profile</description>
- <icon>
- <cssClass>fa fa-user</cssClass>
- </icon>
- <color>green</color>
- <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfProfile</authorization>
- <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll</authorization>
- </userDashboardLink>
- <userDashboardLink id="14">
- <targetUrl>/self/credentials</targetUrl>
- <label>Credentials</label>
- <description>View/edit your credentials</description>
- <icon>
- <cssClass>fa fa-shield</cssClass>
- </icon>
- <color>blue</color>
- <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentials</authorization>
- <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll</authorization>
- </userDashboardLink>
- <userDashboardLink id="15">
- <targetUrl>/admin/users</targetUrl>
- <label>List users</label>
- <icon>
- <cssClass>fa fa-users</cssClass>
- </icon>
- <color>red</color>
- <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users</authorization>
- </userDashboardLink>
- <userDashboardLink id="16">
- <targetUrl>/admin/resources</targetUrl>
- <label>List resources</label>
- <icon>
- <cssClass>fa fa-database</cssClass>
- </icon>
- <color>purple</color>
- <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resources</authorization>
- </userDashboardLink>
- <enableExperimentalFeatures>true</enableExperimentalFeatures>
- </adminGuiConfiguration>
- </systemConfiguration>
diff --git a/demo/complex/midpoint-objects/users/user-banderson.xml b/demo/complex/midpoint-objects/users/user-banderson.xml
deleted file mode 100644
index fa1316a..0000000
--- a/demo/complex/midpoint-objects/users/user-banderson.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<user xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
- oid="e897468f-20bd-419c-8fc5-1fe60e2600de">
- <name>banderson</name>
- <assignment id="1">
- <targetRef oid="d48ec05b-fffd-4262-acd3-d9ff63365b62" relation="org:default" type="c:RoleType">
- <!-- role-grouper-sysadmin -->
- </targetRef>
- </assignment>
- <fullName>Bob Anderson</fullName>
- <givenName>Bob</givenName>
- <familyName>Anderson</familyName>
- <credentials>
- <password>
- <value>password</value>
- </password>
- </credentials>
-</user>
-
diff --git a/demo/complex/midpoint_server/Dockerfile b/demo/complex/midpoint_server/Dockerfile
deleted file mode 100644
index 49e5fb4..0000000
--- a/demo/complex/midpoint_server/Dockerfile
+++ /dev/null
@@ -1,7 +0,0 @@
-FROM tier/midpoint
-
-MAINTAINER info@evolveum.com
-
-ENV MP_DIR /opt/midpoint
-
-COPY container_files/mp-home/ ${MP_DIR}/var/
diff --git a/demo/complex/midpoint_server/container_files/httpd/host-cert.pem b/demo/complex/midpoint_server/container_files/httpd/host-cert.pem
deleted file mode 100644
index 9b1021b..0000000
--- a/demo/complex/midpoint_server/container_files/httpd/host-cert.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDqDCCApCgAwIBAgIJAMOSkn4oS2aAMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRcwFQYDVQQK
-DA5JbnRlcm5ldDIvVElFUjEgMB4GA1UEAwwXbWlkcG9pbnQuc3AuZXhhbXBsZS5v
-cmcwHhcNMTgwOTE0MDU1OTQ1WhcNMTkwOTE0MDU1OTQ1WjBpMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
-ZXJuZXQyL1RJRVIxIDAeBgNVBAMMF21pZHBvaW50LnNwLmV4YW1wbGUub3JnMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj/b7MEUSfu3oXMfNgRwTse7
-a5UV7Jswf1M/ZN/ZZkAkIxNBevZgozjesvLPWrmsTgONi7XigJUJvCjdjmlW9eDM
-lri/rkD8HuOR1DQCVKL9nvoS2c3D7sq5Emda3V8Tlj82VqfEmePd3sajx7mcTfbH
-8jwAL9NhkC+WMib5IpjLGpG0FEAC0ha7Lxb+7jIiqHVJaqLXJGCyGN4mh6c1Q9S1
-f8RVTiW2a8x22G+9wnZYbkiA2Kxls177imHlhSz8EdvV4IpGw1amrEWhhuDEum7B
-vZ1xQDLatgRqh4qAKLIVYeRnJ8H1FelMa90qB4G08MIPifmTsQwqJyBYaEdgWQID
-AQABo1MwUTAdBgNVHQ4EFgQUqb9BteODF6wv5R57aEON/wGXMiowHwYDVR0jBBgw
-FoAUqb9BteODF6wv5R57aEON/wGXMiowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
-9w0BAQsFAAOCAQEAAcKhxI+tSItrXmqC0PSmgWyAYpqbkz6W/cefTutXqhIgY09f
-h0LSv7ogTahoGpyiZk9vy6u3OE9bYwxapEfa4KBjO6HxBMIVBBb3RegVjoPzjElN
-BDwAx0VGFcZTXwMxDWycWdG8ql7rCZBvS50w04uTaIgnGmqXAdWWmBgfJ9cRbxW+
-JwO/mOl1QM1lR/5142NpvuUVWlmZSKEGydE5A1qPz2wpDbBR1ym1BQNS4NEqw6Kp
-GSB8jKyCS1Ve0v2wVze2038Wukz02dq9uKPTIO3T+B+ibZmxn6Op/kFCc1/kK5NS
-Q6JdO1B6KquGAYdGmKAcQ19mv+jqGktqWEEf0g==
------END CERTIFICATE-----
diff --git a/demo/complex/midpoint_server/container_files/httpd/host-key.pem b/demo/complex/midpoint_server/container_files/httpd/host-key.pem
deleted file mode 100644
index 5746e59..0000000
--- a/demo/complex/midpoint_server/container_files/httpd/host-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmP9vswRRJ+7eh
-cx82BHBOx7trlRXsmzB/Uz9k39lmQCQjE0F69mCjON6y8s9auaxOA42LteKAlQm8
-KN2OaVb14MyWuL+uQPwe45HUNAJUov2e+hLZzcPuyrkSZ1rdXxOWPzZWp8SZ493e
-xqPHuZxN9sfyPAAv02GQL5YyJvkimMsakbQUQALSFrsvFv7uMiKodUlqotckYLIY
-3iaHpzVD1LV/xFVOJbZrzHbYb73CdlhuSIDYrGWzXvuKYeWFLPwR29XgikbDVqas
-RaGG4MS6bsG9nXFAMtq2BGqHioAoshVh5GcnwfUV6Uxr3SoHgbTwwg+J+ZOxDCon
-IFhoR2BZAgMBAAECggEAEIRBpjjceiku6jRUwnoYaks/nIWYQwR8AfpUTwJKR/VR
-Yca097Fokm7A+UhUP3A45RtHQb0VPq8P44iv0kk24YCu8r5yFK7SHYOAZnOwU5ZJ
-2jSAEPF3aM7tKh3okhuzB3dKP7u1NZDE5zAW723KUJiW7sL1RcsbY0bHBj6G+9/H
-NplmsjuGt684vRBB0qOBfKF7EiG7mT69tHuNj4gRza9SMY31UtKbZdt2fNY6mp5V
-HscMba7egZP+Ke0pVX4+go9j7K8GG8hYaQDLjrzlPqrxZ2c5X9cC+CRDI/CHuL/s
-V/2yGZJ6n6UabwZoH83RdFrbQ94rU8Hkli6EvxXvMQKBgQDRpheNW5jDG5TfeJKh
-yfKTDQqH2Tk3BsBYYBN7Hf3m7vbkzlxnAKJAoSLmtRMuoeXvI5MrhzaHGsNIUS76
-LDIZnvB7DLUxhFUZsCPkpAA1QHuTWY96oR3PHnPjpk8lSUvtbOPwDLdzVApeFJgZ
-VqMNArZ7AHsK3Kkyi+f4WVQjbQKBgQDLAWiGb5dx6fAM2W6B6HjNmzjBWOuVEXa2
-76to9jzupBZmETfZgxtWUaWUDuNS+f7dtVUTE+p6v/w8clrHEhEZYkqunIOLo/UA
-LFPiuoTfEsWb1rh+nsCjCgy4uimixj/bSkf7NC6NyKTvCygA1mGnVVJUEPegYlDy
-LXCkaKWxHQKBgQCmyHSKL2lrJkEcOwakEU2acNCE3Gno/cT9SYmV83kvQ8JEqmrW
-QqnRsp9aXIljGscapPmKsmnNt5vNp1AxFAHTYh88NRLczsMIyZj0ZwgHVUI6KhC7
-5Psa78YQQBlMt2/g9TSsnuE+rYgF6mpKFiNm0Vasqeg47uzn2mdzqlUGTQKBgE04
-JutkTUY+h1pL5vYxWKpVDfy19z7H2tFxT1FowPrBneeLSyRI88Ac5I/yLdRlVeY9
-0LOmEr5Igwj3MsKgg7KVKfVLgdo/LrW3Jt2Kt3onKNXDkoBPoNUjwH0QC0Boiue+
-VK0gR0kVdm+bXccbxR+im+NwZNE0NLg6Qqu3RredAoGBALuVoqbPPmTCZXYG328H
-bzOs2aiR7BzPSVByV+qG6jW7w03RAnFPJZp7HMU+ViI5VY0wabUscMSvz5163+gM
-4KwY3v9ZjZzZGukIfLuudkdqtaiVOx/KeAC0n+nG21YU+wpZww8gkfHh1/sa2CME
-CWYCgOnmiTHcj83UaTqEXtmv
------END PRIVATE KEY-----
diff --git a/demo/complex/midpoint_server/container_files/mp-home/icf-connectors/connector-grouper-rest-0.2.jar b/demo/complex/midpoint_server/container_files/mp-home/icf-connectors/connector-grouper-rest-0.2.jar
deleted file mode 100644
index fbc575b..0000000
Binary files a/demo/complex/midpoint_server/container_files/mp-home/icf-connectors/connector-grouper-rest-0.2.jar and /dev/null differ
diff --git a/demo/complex/midpoint_server/container_files/mp-home/icf-connectors/net.tirasa.connid.bundles.db.scriptedsql-2.2.6-SNAPSHOT.jar b/demo/complex/midpoint_server/container_files/mp-home/icf-connectors/net.tirasa.connid.bundles.db.scriptedsql-2.2.6-SNAPSHOT.jar
deleted file mode 100644
index 88fcb54..0000000
Binary files a/demo/complex/midpoint_server/container_files/mp-home/icf-connectors/net.tirasa.connid.bundles.db.scriptedsql-2.2.6-SNAPSHOT.jar and /dev/null differ
diff --git a/demo/complex/midpoint_server/container_files/mp-home/res/sis-persons/SchemaScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/sis-persons/SchemaScript.groovy
deleted file mode 100644
index fc922bf..0000000
--- a/demo/complex/midpoint_server/container_files/mp-home/res/sis-persons/SchemaScript.groovy
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * ====================
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright 2013 ForgeRock. All rights reserved.
- *
- * The contents of this file are subject to the terms of the Common Development
- * and Distribution License("CDDL") (the "License"). You may not use this file
- * except in compliance with the License.
- *
- * You can obtain a copy of the License at
- * http://opensource.org/licenses/cddl1.php
- * See the License for the specific language governing permissions and limitations
- * under the License.
- *
- * When distributing the Covered Code, include this CDDL Header Notice in each file
- * and include the License file at http://opensource.org/licenses/cddl1.php.
- * If applicable, add the following below this CDDL Header, with the fields
- * enclosed by brackets [] replaced by your own identifying information:
- * "Portions Copyrighted [year] [name of copyright owner]"
- * ====================
- * Portions Copyrighted 2013 ConnId.
- */
-import org.identityconnectors.framework.common.objects.AttributeInfo;
-import org.identityconnectors.framework.common.objects.AttributeInfo.Flags;
-import org.identityconnectors.framework.common.objects.AttributeInfoBuilder;
-import org.identityconnectors.framework.common.objects.ObjectClassInfo;
-import org.identityconnectors.framework.common.objects.ObjectClassInfoBuilder;
-
-// Parameters:
-// The connector sends the following:
-// action: a string describing the action ("SCHEMA" here)
-// log: a handler to the Log facility
-// builder: SchemaBuilder instance for the connector
-//
-// The connector will make the final call to builder.build()
-// so the scipt just need to declare the different object types.
-
-// This sample shows how to create 3 basic ObjectTypes: __ACCOUNT__, __GROUP__ and organization.
-// Each of them contains one required attribute and normal String attributes
-
-
-log.info("Entering "+action+" Script");
-
-uidAIB = new AttributeInfoBuilder("uid",String.class);
-uidAIB.setRequired(true);
-
-accAttrsInfo = new HashSet<AttributeInfo>();
-accAttrsInfo.add(uidAIB.build());
-accAttrsInfo.add(AttributeInfoBuilder.build("surname", String.class));
-accAttrsInfo.add(AttributeInfoBuilder.build("givenName", String.class));
-accAttrsInfo.add(AttributeInfoBuilder.build("fullName", String.class));
-accAttrsInfo.add(AttributeInfoBuilder.build("department", String.class));
-accAttrsInfo.add(AttributeInfoBuilder.build("mail", String.class));
-accAttrsInfo.add(AttributeInfoBuilder.build("affiliation", String.class, [Flags.MULTIVALUED] as Set));
-ociAccount = new ObjectClassInfoBuilder().setType("__ACCOUNT__").addAllAttributeInfo(accAttrsInfo).build();
-builder.defineObjectClass(ociAccount);
-
-log.info("Schema script done");
diff --git a/demo/complex/midpoint_server/container_files/mp-home/res/sis-persons/SearchScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/sis-persons/SearchScript.groovy
deleted file mode 100644
index 9eb9364..0000000
--- a/demo/complex/midpoint_server/container_files/mp-home/res/sis-persons/SearchScript.groovy
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * ====================
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright 2013 ForgeRock. All rights reserved.
- *
- * The contents of this file are subject to the terms of the Common Development
- * and Distribution License("CDDL") (the "License"). You may not use this file
- * except in compliance with the License.
- *
- * You can obtain a copy of the License at
- * http://opensource.org/licenses/cddl1.php
- * See the License for the specific language governing permissions and limitations
- * under the License.
- *
- * When distributing the Covered Code, include this CDDL Header Notice in each file
- * and include the License file at http://opensource.org/licenses/cddl1.php.
- * If applicable, add the following below this CDDL Header, with the fields
- * enclosed by brackets [] replaced by your own identifying information:
- * "Portions Copyrighted [year] [name of copyright owner]"
- * ====================
- * Portions Copyrighted 2013 ConnId.
- */
-import groovy.sql.Sql;
-import groovy.sql.DataSet;
-
-// Parameters:
-// The connector sends the following:
-// connection: handler to the SQL connection
-// objectClass: a String describing the Object class (__ACCOUNT__ / __GROUP__ / other)
-// action: a string describing the action ("SEARCH" here)
-// log: a handler to the Log facility
-// options: a handler to the OperationOptions Map
-// query: a handler to the Query Map
-//
-// The Query map describes the filter used.
-//
-// query = [ operation: "CONTAINS", left: attribute, right: "value", not: true/false ]
-// query = [ operation: "ENDSWITH", left: attribute, right: "value", not: true/false ]
-// query = [ operation: "STARTSWITH", left: attribute, right: "value", not: true/false ]
-// query = [ operation: "EQUALS", left: attribute, right: "value", not: true/false ]
-// query = [ operation: "GREATERTHAN", left: attribute, right: "value", not: true/false ]
-// query = [ operation: "GREATERTHANOREQUAL", left: attribute, right: "value", not: true/false ]
-// query = [ operation: "LESSTHAN", left: attribute, right: "value", not: true/false ]
-// query = [ operation: "LESSTHANOREQUAL", left: attribute, right: "value", not: true/false ]
-// query = null : then we assume we fetch everything
-//
-// AND and OR filter just embed a left/right couple of queries.
-// query = [ operation: "AND", left: query1, right: query2 ]
-// query = [ operation: "OR", left: query1, right: query2 ]
-//
-// Returns: A list of Maps. Each map describing one row.
-// !!!! Each Map must contain a '__UID__' and '__NAME__' attribute.
-// This is required to build a ConnectorObject.
-
-log.info("Entering "+action+" Script");
-
-def sql = new Sql(connection);
-def result = []
-def where = "";
-
-switch ( objectClass ) {
- case "__ACCOUNT__":
- sql.eachRow("select p.uid as uid, surname, givenName, fullName, department, mail, group_concat(affiliation) as affiliations from SIS_PERSONS p left join SIS_AFFILIATIONS a on p.uid = a.uid group by p.uid", {result.add([
- __UID__:it.uid,
- __NAME__:it.uid,
- uid:it.uid,
- surname:it.surname,
- givenName:it.givenName,
- fullName:it.fullName,
- department:it.department,
- mail:it.mail,
- affiliation:it.affiliations?.tokenize(',')])} );
- break
-
- default:
- result;
-}
-
-return result;
diff --git a/demo/complex/midpoint_server/container_files/mp-home/res/sis-persons/TestScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/sis-persons/TestScript.groovy
deleted file mode 100644
index c887660..0000000
--- a/demo/complex/midpoint_server/container_files/mp-home/res/sis-persons/TestScript.groovy
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * ====================
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright 2013 ForgeRock. All rights reserved.
- *
- * The contents of this file are subject to the terms of the Common Development
- * and Distribution License("CDDL") (the "License"). You may not use this file
- * except in compliance with the License.
- *
- * You can obtain a copy of the License at
- * http://opensource.org/licenses/cddl1.php
- * See the License for the specific language governing permissions and limitations
- * under the License.
- *
- * When distributing the Covered Code, include this CDDL Header Notice in each file
- * and include the License file at http://opensource.org/licenses/cddl1.php.
- * If applicable, add the following below this CDDL Header, with the fields
- * enclosed by brackets [] replaced by your own identifying information:
- * "Portions Copyrighted [year] [name of copyright owner]"
- * ====================
- * Portions Copyrighted 2013 ConnId.
- */
-import groovy.sql.Sql;
-import groovy.sql.DataSet;
-
-// Parameters:
-// The connector sends the following:
-// connection: handler to the SQL connection
-// action: a string describing the action ("TEST" here)
-// log: a handler to the Log facility
-
-log.info("Entering "+action+" Script");
-def sql = new Sql(connection);
-
-sql.eachRow("select * from SIS_PERSONS limit 10", { println it.uid } );
-
-
diff --git a/demo/complex/midpoint_server/container_files/mp-home/res/sis/SchemaScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/sis/SchemaScript.groovy
deleted file mode 100644
index 6cbee2d..0000000
--- a/demo/complex/midpoint_server/container_files/mp-home/res/sis/SchemaScript.groovy
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * ====================
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright 2013 ForgeRock. All rights reserved.
- *
- * The contents of this file are subject to the terms of the Common Development
- * and Distribution License("CDDL") (the "License"). You may not use this file
- * except in compliance with the License.
- *
- * You can obtain a copy of the License at
- * http://opensource.org/licenses/cddl1.php
- * See the License for the specific language governing permissions and limitations
- * under the License.
- *
- * When distributing the Covered Code, include this CDDL Header Notice in each file
- * and include the License file at http://opensource.org/licenses/cddl1.php.
- * If applicable, add the following below this CDDL Header, with the fields
- * enclosed by brackets [] replaced by your own identifying information:
- * "Portions Copyrighted [year] [name of copyright owner]"
- * ====================
- * Portions Copyrighted 2013 ConnId.
- */
-import org.identityconnectors.framework.common.objects.AttributeInfo;
-import org.identityconnectors.framework.common.objects.AttributeInfo.Flags;
-import org.identityconnectors.framework.common.objects.AttributeInfoBuilder;
-import org.identityconnectors.framework.common.objects.ObjectClassInfo;
-import org.identityconnectors.framework.common.objects.ObjectClassInfoBuilder;
-
-// Parameters:
-// The connector sends the following:
-// action: a string describing the action ("SCHEMA" here)
-// log: a handler to the Log facility
-// builder: SchemaBuilder instance for the connector
-//
-// The connector will make the final call to builder.build()
-// so the scipt just need to declare the different object types.
-
-// This sample shows how to create 3 basic ObjectTypes: __ACCOUNT__, __GROUP__ and organization.
-// Each of them contains one required attribute and normal String attributes
-
-
-log.info("Entering "+action+" Script");
-
-uidAIB = new AttributeInfoBuilder("uid",String.class);
-uidAIB.setRequired(true);
-
-accAttrsInfo = new HashSet<AttributeInfo>();
-accAttrsInfo.add(uidAIB.build());
-accAttrsInfo.add(AttributeInfoBuilder.build("courseId", String.class, [Flags.MULTIVALUED] as Set));
-ociAccount = new ObjectClassInfoBuilder().setType("__ACCOUNT__").addAllAttributeInfo(accAttrsInfo).build();
-builder.defineObjectClass(ociAccount);
-
-log.info("Schema script done");
diff --git a/demo/complex/midpoint_server/container_files/mp-home/res/sis/SearchScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/sis/SearchScript.groovy
deleted file mode 100644
index 026ef8d..0000000
--- a/demo/complex/midpoint_server/container_files/mp-home/res/sis/SearchScript.groovy
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * ====================
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright 2013 ForgeRock. All rights reserved.
- *
- * The contents of this file are subject to the terms of the Common Development
- * and Distribution License("CDDL") (the "License"). You may not use this file
- * except in compliance with the License.
- *
- * You can obtain a copy of the License at
- * http://opensource.org/licenses/cddl1.php
- * See the License for the specific language governing permissions and limitations
- * under the License.
- *
- * When distributing the Covered Code, include this CDDL Header Notice in each file
- * and include the License file at http://opensource.org/licenses/cddl1.php.
- * If applicable, add the following below this CDDL Header, with the fields
- * enclosed by brackets [] replaced by your own identifying information:
- * "Portions Copyrighted [year] [name of copyright owner]"
- * ====================
- * Portions Copyrighted 2013 ConnId.
- */
-import groovy.sql.Sql;
-import groovy.sql.DataSet;
-
-// Parameters:
-// The connector sends the following:
-// connection: handler to the SQL connection
-// objectClass: a String describing the Object class (__ACCOUNT__ / __GROUP__ / other)
-// action: a string describing the action ("SEARCH" here)
-// log: a handler to the Log facility
-// options: a handler to the OperationOptions Map
-// query: a handler to the Query Map
-//
-// The Query map describes the filter used.
-//
-// query = [ operation: "CONTAINS", left: attribute, right: "value", not: true/false ]
-// query = [ operation: "ENDSWITH", left: attribute, right: "value", not: true/false ]
-// query = [ operation: "STARTSWITH", left: attribute, right: "value", not: true/false ]
-// query = [ operation: "EQUALS", left: attribute, right: "value", not: true/false ]
-// query = [ operation: "GREATERTHAN", left: attribute, right: "value", not: true/false ]
-// query = [ operation: "GREATERTHANOREQUAL", left: attribute, right: "value", not: true/false ]
-// query = [ operation: "LESSTHAN", left: attribute, right: "value", not: true/false ]
-// query = [ operation: "LESSTHANOREQUAL", left: attribute, right: "value", not: true/false ]
-// query = null : then we assume we fetch everything
-//
-// AND and OR filter just embed a left/right couple of queries.
-// query = [ operation: "AND", left: query1, right: query2 ]
-// query = [ operation: "OR", left: query1, right: query2 ]
-//
-// Returns: A list of Maps. Each map describing one row.
-// !!!! Each Map must contain a '__UID__' and '__NAME__' attribute.
-// This is required to build a ConnectorObject.
-
-log.info("Entering "+action+" Script");
-
-def sql = new Sql(connection);
-def result = []
-def where = "";
-
-switch ( objectClass ) {
- case "__ACCOUNT__":
- sql.eachRow("select uid, concat(surname, ', ', givenName, ' (', uid, ')') as name, group_concat(courseId) as courses from SIS_COURSES group by uid", {result.add([__UID__:it.uid, __NAME__:it.name, uid:it.uid, courseId:it.courses?.tokenize(',')])} );
- break
-
- default:
- result;
-}
-
-return result;
diff --git a/demo/complex/midpoint_server/container_files/mp-home/res/sis/TestScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/sis/TestScript.groovy
deleted file mode 100644
index 95f87ad..0000000
--- a/demo/complex/midpoint_server/container_files/mp-home/res/sis/TestScript.groovy
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * ====================
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright 2013 ForgeRock. All rights reserved.
- *
- * The contents of this file are subject to the terms of the Common Development
- * and Distribution License("CDDL") (the "License"). You may not use this file
- * except in compliance with the License.
- *
- * You can obtain a copy of the License at
- * http://opensource.org/licenses/cddl1.php
- * See the License for the specific language governing permissions and limitations
- * under the License.
- *
- * When distributing the Covered Code, include this CDDL Header Notice in each file
- * and include the License file at http://opensource.org/licenses/cddl1.php.
- * If applicable, add the following below this CDDL Header, with the fields
- * enclosed by brackets [] replaced by your own identifying information:
- * "Portions Copyrighted [year] [name of copyright owner]"
- * ====================
- * Portions Copyrighted 2013 ConnId.
- */
-import groovy.sql.Sql;
-import groovy.sql.DataSet;
-
-// Parameters:
-// The connector sends the following:
-// connection: handler to the SQL connection
-// action: a string describing the action ("TEST" here)
-// log: a handler to the Log facility
-
-log.info("Entering "+action+" Script");
-def sql = new Sql(connection);
-
-sql.eachRow("select * from SIS_COURSES limit 10", { println it.uid } );
-
-
diff --git a/demo/complex/midpoint_server/container_files/mp-home/schema/user-schema.xsd b/demo/complex/midpoint_server/container_files/mp-home/schema/user-schema.xsd
deleted file mode 100644
index 329534a..0000000
--- a/demo/complex/midpoint_server/container_files/mp-home/schema/user-schema.xsd
+++ /dev/null
@@ -1,21 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-
-<xsd:schema elementFormDefault="qualified"
- targetNamespace="http://grouper-demo.tier.internet2.edu"
- xmlns:tns="http://grouper-demo.tier.internet2.edu"
- xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-
- <xsd:complexType name="UserExtensionType">
- <xsd:annotation>
- <xsd:appinfo>
- <a:extension ref="c:UserType"/>
- </xsd:appinfo>
- </xsd:annotation>
- <xsd:sequence>
- <xsd:element name="grouper_group" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
- </xsd:sequence>
- </xsd:complexType>
-</xsd:schema>
-
diff --git a/demo/complex/mq/Dockerfile b/demo/complex/mq/Dockerfile
deleted file mode 100644
index 1593b80..0000000
--- a/demo/complex/mq/Dockerfile
+++ /dev/null
@@ -1,13 +0,0 @@
-FROM tier/rabbitmq:latest
-
-COPY container_files/etc-rabbitmq/* /etc/rabbitmq/
-COPY container_files/usr-local-bin/* /usr/local/bin/
-
-ENV RABBITMQ_PID_FILE=/var/run/rabbitmq/pid
-
-# Must be on /var/lib/rabbitmq (this is the same place where queues are defined)
-ENV RABBITMQ_INIT_DONE_FILE=/var/lib/rabbitmq/initialization.done
-
-ENTRYPOINT ["/usr/local/bin/demo-entrypoint.sh"]
-
-CMD ["rabbitmq-server"]
diff --git a/demo/complex/mq/container_files/etc-rabbitmq/rabbitmq.conf b/demo/complex/mq/container_files/etc-rabbitmq/rabbitmq.conf
deleted file mode 100644
index 4c789ba..0000000
--- a/demo/complex/mq/container_files/etc-rabbitmq/rabbitmq.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-# Allow guest access from anywhere (change this in production!)
-loopback_users = none
diff --git a/demo/complex/mq/container_files/usr-local-bin/demo-entrypoint.sh b/demo/complex/mq/container_files/usr-local-bin/demo-entrypoint.sh
deleted file mode 100755
index 7355248..0000000
--- a/demo/complex/mq/container_files/usr-local-bin/demo-entrypoint.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-if [ ! -e $RABBITMQ_INIT_DONE_FILE ]; then
- /usr/local/bin/initialize-rabbitmq.sh &
-else
- echo "RabbitMQ was already initialized"
-fi
-/usr/local/bin/entrypoint.sh "$@"
diff --git a/demo/complex/mq/container_files/usr-local-bin/initialize-rabbitmq.sh b/demo/complex/mq/container_files/usr-local-bin/initialize-rabbitmq.sh
deleted file mode 100755
index 3660e80..0000000
--- a/demo/complex/mq/container_files/usr-local-bin/initialize-rabbitmq.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-set -e
-
-echo "Executing RabbitMQ initialization"
-echo "Waiting for the server to start up..."
-rabbitmqctl -t 30 wait $RABBITMQ_PID_FILE
-echo "OK, creating sampleQueue..."
-rabbitmqadmin declare queue name=sampleQueue
-echo "Done"
-touch $RABBITMQ_INIT_DONE_FILE
diff --git a/demo/complex/recompute.sh b/demo/complex/recompute.sh
deleted file mode 100755
index 920ca78..0000000
--- a/demo/complex/recompute.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-
-source $(dirname "$0")/../../library.bash
-
-recompute roles d48ec05b-fffd-4262-acd3-d9ff63365b62
-recompute users e897468f-20bd-419c-8fc5-1fe60e2600de
diff --git a/demo/complex/sources/Dockerfile b/demo/complex/sources/Dockerfile
deleted file mode 100644
index c76ff73..0000000
--- a/demo/complex/sources/Dockerfile
+++ /dev/null
@@ -1,10 +0,0 @@
-FROM tier/mariadb:mariadb10
-
-COPY container_files/seed-data/ /seed-data/
-
-ENV MYSQL_DATABASE sis
-ENV MYSQL_USER sis_user
-ENV MYSQL_PASSWORD 49321420423
-ENV MYSQL_DATADIR /var/lib/mysql
-ENV AFTER_FIRST_TIME_SQL /seed-data/persons-and-courses.sql
-
diff --git a/demo/complex/sources/container_files/seed-data/persons-and-courses.sql b/demo/complex/sources/container_files/seed-data/persons-and-courses.sql
deleted file mode 100644
index 65f8376..0000000
--- a/demo/complex/sources/container_files/seed-data/persons-and-courses.sql
+++ /dev/null
@@ -1,531 +0,0 @@
-USE sis;
-
-CREATE TABLE SIS_PERSONS (
- uid VARCHAR(255) NOT NULL,
- surname VARCHAR(255) DEFAULT NULL,
- givenName VARCHAR(255) DEFAULT NULL,
- fullName VARCHAR(255) DEFAULT NULL,
- department VARCHAR(255) DEFAULT NULL,
- mail VARCHAR(255) DEFAULT NULL,
- PRIMARY KEY (uid)
-);
-
-CREATE TABLE SIS_AFFILIATIONS (
- uid VARCHAR(255) NOT NULL,
- affiliation VARCHAR(255) NOT NULL,
- PRIMARY KEY (uid , affiliation)
-);
-
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('jsmith','Smith','Joe','John Smith',NULL,NULL);
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('banderson','Anderson','Bob','Bob Anderson',NULL,NULL);
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('kwhite','White','Karl','Karl White','Law','kwhite@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('kwhite','member');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('kwhite','student');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('whenderson','Henderson','William','William Henderson','Advising','whenderson@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('whenderson','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('ddavis','Davis','David','David Davis','Computer Science','ddavis@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('ddavis','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('cmorrison','Morrison','Colin','Colin Morrison','Financial Aid','cmorrison@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('cmorrison','member');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('cmorrison','faculty');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('danderson','Anderson','Donna','Donna Anderson','Account Payable','danderson@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('danderson','member');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('amorrison','Morrison','Ann','Ann Morrison','Law','amorrison@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('amorrison','student');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('amorrison','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('wprice','Price','William','William Price','Account Payable','wprice@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('wprice','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('mroberts','Roberts','Marie','Marie Roberts','Law','mroberts@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('mroberts','student');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('mroberts','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('kjohnson','Johnson','Kiersten','Kiersten Johnson','Physical Education','kjohnson@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('kjohnson','faculty');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('jbrown','Brown','James','James Brown','Information Technology','jbrown@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jbrown','alum');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jbrown','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('agasper','Gasper','Ann','Ann Gasper','Computer Science','agasper@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('agasper','student');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('agasper','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('jscott','Scott','Jennifer','Jennifer Scott','Business','jscott@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jscott','community');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jscott','student');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('bbutler','Butler','Betty','Betty Butler','Purchasing','bbutler@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('bbutler','community');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('bbutler','member');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('tmorrison','Morrison','Thomas','Thomas Morrison','Purchasing','tmorrison@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('tmorrison','student');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('tmorrison','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('jbrown14','Brown','Jennifer','Jennifer Brown','Accounting','jbrown14@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jbrown14','member');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jbrown14','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('gjohnson','Johnson','Greg','Greg Johnson','Physical Education','gjohnson@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('gjohnson','community');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('gjohnson','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('rmartinez','Martinez','Robert','Robert Martinez','Financial Aid','rmartinez@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('rmartinez','staff');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('rmartinez','faculty');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('jlewis','Lewis','Jo','Jo Lewis','Accounting','jlewis@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jlewis','community');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jlewis','student');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('mgasper','Gasper','Mary','Mary Gasper','Physical Education','mgasper@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('mgasper','faculty');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('kvales','Vales','Karoline','Karoline Vales','Information Technology','kvales@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('kvales','student');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('kvales','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('tgrady','Grady','Thomas','Thomas Grady','Law','tgrady@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('tgrady','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('kmorrison','Morrison','Kiersten','Kiersten Morrison','Information Technology','kmorrison@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('kmorrison','staff');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('kmorrison','faculty');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('dgrady','Grady','David','David Grady','Advising','dgrady@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('dgrady','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('mthompson','Thompson','Mary','Mary Thompson','Financial Aid','mthompson@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('mthompson','staff');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('mthompson','student');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('bgasper','Gasper','Bill','Bill Gasper','Business','bgasper@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('bgasper','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('dlopez','Lopez','David','David Lopez','Account Payable','dlopez@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('dlopez','staff');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('dlopez','faculty');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('hwhite','White','Heather','Heather White','Physical Education','hwhite@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('hwhite','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('ddavis27','Davis','Donna','Donna Davis','Accounting','ddavis27@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('ddavis27','staff');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('ddavis27','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('bgasper28','Gasper','Bill','Bill Gasper','Engineering','bgasper28@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('bgasper28','faculty');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('jjohnson','Johnson','Jennifer','Jennifer Johnson','Financial Aid','jjohnson@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jjohnson','student');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jjohnson','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('amorrison30','Morrison','Ann','Ann Morrison','Financial Aid','amorrison30@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('amorrison30','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('kmartinez','Martinez','Karl','Karl Martinez','Accounting','kmartinez@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('kmartinez','student');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('ahenderson','Henderson','Ann','Ann Henderson','Accounting','ahenderson@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('ahenderson','member');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('ahenderson','student');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('avales','Vales','Ann','Ann Vales','Purchasing','avales@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('avales','student');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('avales','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('ggonazles','Gonazles','Greg','Greg Gonazles','Language Arts','ggonazles@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('ggonazles','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('bdoe','Doe','Blake','Blake Doe','Business','bdoe@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('bdoe','student');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('plangenberg','Langenberg','Paul','Paul Langenberg','Information Technology','plangenberg@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('plangenberg','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('gvales','Vales','Greg','Greg Vales','Language Arts','gvales@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('gvales','community');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('gvales','member');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('nhenderson','Henderson','Nancy','Nancy Henderson','Physical Education','nhenderson@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('nhenderson','member');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('wthompson','Thompson','William','William Thompson','Law','wthompson@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('wthompson','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('kvales40','Vales','Karl','Karl Vales','Business','kvales40@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('kvales40','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('blee','Lee','Bill','Bill Lee','Engineering','blee@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('blee','member');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('blee','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('mlee','Lee','Marie','Marie Lee','Information Technology','mlee@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('mlee','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('kclark','Clark','Kiersten','Kiersten Clark','Financial Aid','kclark@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('kclark','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('wscott','Scott','William','William Scott','Language Arts','wscott@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('wscott','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('dbutler','Butler','Donna','Donna Butler','Financial Aid','dbutler@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('dbutler','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('awhite','White','Ann','Ann White','Purchasing','awhite@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('awhite','faculty');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('awhite','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('hdoe','Doe','Heather','Heather Doe','Financial Aid','hdoe@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('hdoe','community');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('hdoe','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('dlangenberg','Langenberg','David','David Langenberg','Language Arts','dlangenberg@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('dlangenberg','alum');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('dlangenberg','faculty');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('ethompson','Thompson','Eric','Eric Thompson','Law','ethompson@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('ethompson','member');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('jbrown50','Brown','Jennifer','Jennifer Brown','Account Payable','jbrown50@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jbrown50','alum');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jbrown50','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('mgonazles','Gonazles','Michael','Michael Gonazles','Computer Science','mgonazles@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('mgonazles','student');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('mgonazles','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('gbutler','Butler','Greg','Greg Butler','Information Technology','gbutler@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('gbutler','community');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('gbutler','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('mvales','Vales','Mark','Mark Vales','Engineering','mvales@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('mvales','student');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('mlewis','Lewis','Michael','Michael Lewis','Information Technology','mlewis@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('mlewis','student');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('hvales','Vales','Heather','Heather Vales','Information Technology','hvales@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('hvales','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('jscott56','Scott','Jo','Jo Scott','Purchasing','jscott56@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jscott56','faculty');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jscott56','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('sdoe','Doe','Sarah','Sarah Doe','Business','sdoe@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('sdoe','member');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('sdoe','student');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('svales','Vales','Sarah','Sarah Vales','Advising','svales@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('svales','student');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('hmorrison','Morrison','Heather','Heather Morrison','Engineering','hmorrison@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('hmorrison','faculty');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('hmorrison','student');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('jlopez','Lopez','Jennifer','Jennifer Lopez','Language Arts','jlopez@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jlopez','alum');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jlopez','faculty');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('dlangenberg61','Langenberg','Donna','Donna Langenberg','Law','dlangenberg61@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('dlangenberg61','student');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('dlangenberg61','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('bgrady','Grady','Betty','Betty Grady','Accounting','bgrady@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('bgrady','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('jmorrison','Morrison','Jennifer','Jennifer Morrison','Law','jmorrison@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jmorrison','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('wvales','Vales','William','William Vales','Law','wvales@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('wvales','member');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('mmartinez','Martinez','Mark','Mark Martinez','Physical Education','mmartinez@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('mmartinez','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('jmartinez','Martinez','Jennifer','Jennifer Martinez','Information Technology','jmartinez@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jmartinez','community');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jmartinez','member');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('mgasper67','Gasper','Mary','Mary Gasper','Computer Science','mgasper67@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('mgasper67','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('dpeterson','Peterson','David','David Peterson','Advising','dpeterson@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('dpeterson','student');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('dpeterson','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('eprice','Price','Erik','Erik Price','Business','eprice@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('eprice','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('jgasper','Gasper','James','James Gasper','Accounting','jgasper@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jgasper','staff');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jgasper','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('jclark','Clark','Jennifer','Jennifer Clark','Business','jclark@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jclark','faculty');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jclark','member');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('bpeterson','Peterson','Betty','Betty Peterson','Account Payable','bpeterson@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('bpeterson','alum');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('bpeterson','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('wsmith','Smith','William','William Smith','Information Technology','wsmith@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('wsmith','faculty');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('lwilliams','Williams','Lisa','Lisa Williams','Purchasing','lwilliams@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('lwilliams','faculty');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('dgrady76','Grady','David','David Grady','Physical Education','dgrady76@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('dgrady76','member');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('jmartinez77','Martinez','Jo','Jo Martinez','Law','jmartinez77@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jmartinez77','faculty');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jmartinez77','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('dlewis','Lewis','Donna','Donna Lewis','Financial Aid','dlewis@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('dlewis','community');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('dlewis','member');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('wscott79','Scott','William','William Scott','Account Payable','wscott79@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('wscott79','faculty');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('wscott79','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('ddoe','Doe','Donna','Donna Doe','Physical Education','ddoe@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('ddoe','student');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('ddoe','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('gmorrison','Morrison','Greg','Greg Morrison','Language Arts','gmorrison@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('gmorrison','staff');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('gmorrison','faculty');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('khenderson','Henderson','Kim','Kim Henderson','Account Payable','khenderson@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('khenderson','member');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('khenderson','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('kpeterson','Peterson','Karoline','Karoline Peterson','Accounting','kpeterson@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('kpeterson','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('eprice84','Price','Erik','Erik Price','Computer Science','eprice84@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('eprice84','faculty');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('hsmith','Smith','Heather','Heather Smith','Business','hsmith@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('hsmith','faculty');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('hsmith','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('dwilliams','Williams','Donna','Donna Williams','Financial Aid','dwilliams@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('dwilliams','alum');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('dwilliams','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('klopez','Lopez','Karl','Karl Lopez','Advising','klopez@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('klopez','staff');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('klopez','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('wjohnson','Johnson','William','William Johnson','Accounting','wjohnson@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('wjohnson','staff');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('wbrown','Brown','William','William Brown','Physical Education','wbrown@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('wbrown','member');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('hbrown','Brown','Heather','Heather Brown','Law','hbrown@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('hbrown','faculty');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('kroberts','Roberts','Kim','Kim Roberts','Account Payable','kroberts@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('kroberts','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('dwalters','Walters','Donna','Donna Walters','Advising','dwalters@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('dwalters','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('nlee','Lee','Nancy','Nancy Lee','Computer Science','nlee@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('nlee','faculty');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('nlee','member');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('sgonazles','Gonazles','Sarah','Sarah Gonazles','Computer Science','sgonazles@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('sgonazles','faculty');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('handerson','Anderson','Heather','Heather Anderson','Purchasing','handerson@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('handerson','member');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('danderson96','Anderson','David','David Anderson','Advising','danderson96@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('danderson96','alum');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('dgrady97','Grady','David','David Grady','Advising','dgrady97@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('dgrady97','community');
-INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('jgrady','Grady','James','James Grady','Purchasing','jgrady@example.edu');
-INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('jgrady','student');
-
-CREATE TABLE SIS_COURSES (
- uid VARCHAR(255) NOT NULL,
- surname VARCHAR(255) DEFAULT NULL,
- givenName VARCHAR(255) DEFAULT NULL,
- courseId VARCHAR(255) NOT NULL,
- PRIMARY KEY (uid , courseId)
-);
-
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('agasper','Gasper','Ann','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ahenderson','Henderson','Ann','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ahenderson','Henderson','Ann','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('amorrison','Morrison','Ann','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('amorrison','Morrison','Ann','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('amorrison','Morrison','Ann','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('amorrison30','Morrison','Ann','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('avales','Vales','Ann','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('awhite','White','Ann','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('awhite','White','Ann','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('bbutler','Butler','Betty','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('bbutler','Butler','Betty','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('bbutler','Butler','Betty','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('bbutler','Butler','Betty','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('bdoe','Doe','Blake','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('bdoe','Doe','Blake','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('bdoe','Doe','Blake','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('bdoe','Doe','Blake','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('bgasper','Gasper','Bill','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('bgasper','Gasper','Bill','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('bgasper28','Gasper','Bill','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('bgasper28','Gasper','Bill','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('bgrady','Grady','Betty','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('bgrady','Grady','Betty','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('bgrady','Grady','Betty','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('blee','Lee','Bill','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('blee','Lee','Bill','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('blee','Lee','Bill','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('bpeterson','Peterson','Betty','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('bpeterson','Peterson','Betty','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('cmorrison','Morrison','Colin','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('cmorrison','Morrison','Colin','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('cmorrison','Morrison','Colin','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('cmorrison','Morrison','Colin','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('danderson','Anderson','Donna','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('danderson','Anderson','Donna','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('danderson','Anderson','Donna','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('danderson96','Anderson','David','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('danderson96','Anderson','David','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('danderson96','Anderson','David','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('danderson96','Anderson','David','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dbutler','Butler','Donna','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dbutler','Butler','Donna','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dbutler','Butler','Donna','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ddavis','Davis','David','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ddavis','Davis','David','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ddavis27','Davis','Donna','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ddavis27','Davis','Donna','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ddavis27','Davis','Donna','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ddavis27','Davis','Donna','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ddoe','Doe','Donna','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ddoe','Doe','Donna','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ddoe','Doe','Donna','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ddoe','Doe','Donna','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dgrady','Grady','David','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dgrady','Grady','David','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dgrady76','Grady','David','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dgrady76','Grady','David','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dgrady76','Grady','David','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dgrady97','Grady','David','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dgrady97','Grady','David','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dlangenberg','Langenberg','David','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dlangenberg','Langenberg','David','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dlangenberg','Langenberg','David','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dlangenberg61','Langenberg','Donna','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dlangenberg61','Langenberg','Donna','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dlewis','Lewis','Donna','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dlewis','Lewis','Donna','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dlewis','Lewis','Donna','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dlewis','Lewis','Donna','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dlopez','Lopez','David','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dlopez','Lopez','David','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dlopez','Lopez','David','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dpeterson','Peterson','David','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dpeterson','Peterson','David','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dwalters','Walters','Donna','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dwilliams','Williams','Donna','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('dwilliams','Williams','Donna','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('eprice','Price','Erik','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('eprice','Price','Erik','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('eprice','Price','Erik','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('eprice84','Price','Erik','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ethompson','Thompson','Eric','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ethompson','Thompson','Eric','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ethompson','Thompson','Eric','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ethompson','Thompson','Eric','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('gbutler','Butler','Greg','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('gbutler','Butler','Greg','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('gbutler','Butler','Greg','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ggonazles','Gonazles','Greg','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ggonazles','Gonazles','Greg','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('gjohnson','Johnson','Greg','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('gjohnson','Johnson','Greg','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('gjohnson','Johnson','Greg','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('gmorrison','Morrison','Greg','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('gmorrison','Morrison','Greg','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('gmorrison','Morrison','Greg','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('gvales','Vales','Greg','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('gvales','Vales','Greg','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('gvales','Vales','Greg','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('handerson','Anderson','Heather','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hbrown','Brown','Heather','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hbrown','Brown','Heather','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hbrown','Brown','Heather','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hbrown','Brown','Heather','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hdoe','Doe','Heather','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hdoe','Doe','Heather','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hmorrison','Morrison','Heather','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hmorrison','Morrison','Heather','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hmorrison','Morrison','Heather','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hmorrison','Morrison','Heather','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hsmith','Smith','Heather','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hsmith','Smith','Heather','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hsmith','Smith','Heather','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hsmith','Smith','Heather','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hvales','Vales','Heather','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hvales','Vales','Heather','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hvales','Vales','Heather','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hwhite','White','Heather','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hwhite','White','Heather','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('hwhite','White','Heather','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jbrown','Brown','James','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jbrown14','Brown','Jennifer','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jbrown14','Brown','Jennifer','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jbrown50','Brown','Jennifer','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jbrown50','Brown','Jennifer','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jbrown50','Brown','Jennifer','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jclark','Clark','Jennifer','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jclark','Clark','Jennifer','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jgasper','Gasper','James','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jgasper','Gasper','James','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jgasper','Gasper','James','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jgrady','Grady','James','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jgrady','Grady','James','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jjohnson','Johnson','Jennifer','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jjohnson','Johnson','Jennifer','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jjohnson','Johnson','Jennifer','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jjohnson','Johnson','Jennifer','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jlewis','Lewis','Jo','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jlewis','Lewis','Jo','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jlewis','Lewis','Jo','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jlopez','Lopez','Jennifer','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jlopez','Lopez','Jennifer','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jlopez','Lopez','Jennifer','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jmartinez','Martinez','Jennifer','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jmartinez','Martinez','Jennifer','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jmartinez','Martinez','Jennifer','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jmartinez77','Martinez','Jo','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jmorrison','Morrison','Jennifer','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jmorrison','Morrison','Jennifer','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jmorrison','Morrison','Jennifer','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jmorrison','Morrison','Jennifer','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jscott','Scott','Jennifer','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jscott','Scott','Jennifer','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jscott','Scott','Jennifer','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jscott56','Scott','Jo','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('jscott56','Scott','Jo','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kclark','Clark','Kiersten','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kclark','Clark','Kiersten','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kclark','Clark','Kiersten','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('khenderson','Henderson','Kim','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kjohnson','Johnson','Kiersten','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kjohnson','Johnson','Kiersten','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('klopez','Lopez','Karl','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kmartinez','Martinez','Karl','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kmartinez','Martinez','Karl','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kmartinez','Martinez','Karl','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kmorrison','Morrison','Kiersten','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kpeterson','Peterson','Karoline','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kpeterson','Peterson','Karoline','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kpeterson','Peterson','Karoline','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kpeterson','Peterson','Karoline','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kroberts','Roberts','Kim','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kroberts','Roberts','Kim','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kroberts','Roberts','Kim','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kroberts','Roberts','Kim','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kvales','Vales','Karoline','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kvales','Vales','Karoline','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kvales40','Vales','Karl','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kvales40','Vales','Karl','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kvales40','Vales','Karl','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kvales40','Vales','Karl','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kwhite','White','Karl','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kwhite','White','Karl','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kwhite','White','Karl','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kwhite','White','Karl','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('lwilliams','Williams','Lisa','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('lwilliams','Williams','Lisa','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('lwilliams','Williams','Lisa','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mgasper','Gasper','Mary','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mgasper','Gasper','Mary','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mgasper','Gasper','Mary','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mgasper','Gasper','Mary','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mgasper67','Gasper','Mary','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mgasper67','Gasper','Mary','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mgasper67','Gasper','Mary','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mgasper67','Gasper','Mary','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mgonazles','Gonazles','Michael','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mlee','Lee','Marie','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mlee','Lee','Marie','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mlee','Lee','Marie','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mlewis','Lewis','Michael','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mlewis','Lewis','Michael','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mlewis','Lewis','Michael','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mlewis','Lewis','Michael','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mmartinez','Martinez','Mark','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mmartinez','Martinez','Mark','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mmartinez','Martinez','Mark','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mmartinez','Martinez','Mark','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mroberts','Roberts','Marie','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mroberts','Roberts','Marie','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mroberts','Roberts','Marie','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mroberts','Roberts','Marie','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mthompson','Thompson','Mary','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mthompson','Thompson','Mary','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mthompson','Thompson','Mary','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mthompson','Thompson','Mary','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mvales','Vales','Mark','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mvales','Vales','Mark','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mvales','Vales','Mark','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('nhenderson','Henderson','Nancy','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('nlee','Lee','Nancy','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('nlee','Lee','Nancy','CS251');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('nlee','Lee','Nancy','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('nlee','Lee','Nancy','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('plangenberg','Langenberg','Paul','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('rmartinez','Martinez','Robert','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('rmartinez','Martinez','Robert','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('sdoe','Doe','Sarah','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('sdoe','Doe','Sarah','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('sdoe','Doe','Sarah','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('sdoe','Doe','Sarah','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('sgonazles','Gonazles','Sarah','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('sgonazles','Gonazles','Sarah','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('svales','Vales','Sarah','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('svales','Vales','Sarah','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('tgrady','Grady','Thomas','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('tgrady','Grady','Thomas','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('tmorrison','Morrison','Thomas','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('tmorrison','Morrison','Thomas','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('tmorrison','Morrison','Thomas','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('wbrown','Brown','William','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('whenderson','Henderson','William','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('wjohnson','Johnson','William','CS252');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('wjohnson','Johnson','William','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('wprice','Price','William','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('wprice','Price','William','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('wscott','Scott','William','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('wscott79','Scott','William','ACCT201');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('wscott79','Scott','William','MATH101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('wsmith','Smith','William','ACCT101');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('wsmith','Smith','William','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('wthompson','Thompson','William','SCI123');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('wthompson','Thompson','William','SCI404');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('wvales','Vales','William','MATH100');
-INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('wvales','Vales','William','SCI123');
-
diff --git a/demo/complex/targets/Dockerfile b/demo/complex/targets/Dockerfile
deleted file mode 100644
index 6099cce..0000000
--- a/demo/complex/targets/Dockerfile
+++ /dev/null
@@ -1,7 +0,0 @@
-FROM tier/mariadb:mariadb10
-
-#TODO better name for the target database
-ENV MYSQL_DATABASE target
-ENV MYSQL_USER target_user
-ENV MYSQL_PASSWORD fdjskjrkwqjrw
-ENV MYSQL_DATADIR /var/lib/mysql
diff --git a/demo/complex/targets/container_files/seed-data/target.sql b/demo/complex/targets/container_files/seed-data/target.sql
deleted file mode 100644
index 8b13789..0000000
--- a/demo/complex/targets/container_files/seed-data/target.sql
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/demo/complex/test-resource-grouper.sh b/demo/complex/test-resource-grouper.sh
deleted file mode 100755
index c0d5a65..0000000
--- a/demo/complex/test-resource-grouper.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-source $(dirname "$0")/../../library.bash
-
-test_resource 1eff65de-5bb6-483d-9edf-8cc2c2ee0233
diff --git a/demo/complex/test-resources-1.sh b/demo/complex/test-resources-1.sh
deleted file mode 100755
index cfab1b3..0000000
--- a/demo/complex/test-resources-1.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-
-source $(dirname "$0")/../../library.bash
-
-test_resource 0a37121f-d515-4a23-9b6d-554c5ef61272
-test_resource 13660d60-071b-4596-9aa1-5efcd1256c04
-test_resource 4d70a0da-02dd-41cf-b0a1-00e75d3eaa15
diff --git a/demo/complex/tests/main.bats b/demo/complex/tests/main.bats
deleted file mode 100755
index ecfb6be..0000000
--- a/demo/complex/tests/main.bats
+++ /dev/null
@@ -1,355 +0,0 @@
-#!/usr/bin/env bats
-
-load ../../../common
-load ../../../library
-
-@test "000 Cleanup before running the tests" {
- (cd ../simple ; docker-compose down -v)
- (cd ../shibboleth ; docker-compose down -v)
- (cd ../postgresql ; docker-compose down -v)
- docker-compose down -v
-}
-
-@test "010 Initialize and start the composition" {
- # We want to fail cleanly if there's any interference
- docker ps
- ! (docker ps | grep -E "shibboleth_(idp|directory)_1|(complex|simple|shibboleth|postgresql)_(midpoint_server|midpoint_data)_1")
- docker-compose build --pull grouper_daemon grouper_ui grouper_data directory sources targets midpoint_data idp mq
- # Sometimes the tier/midpoint:xyz is not yet in the repository, causing issues with --pull
- docker-compose build midpoint_server
- docker-compose up -d
-}
-
-@test "020 Wait until components are started" {
- touch $BATS_TMPDIR/not-started
- wait_for_midpoint_start complex_midpoint_server_1 complex_midpoint_data_1
- wait_for_shibboleth_idp_start complex_idp_1
- wait_for_grouper_ui_start complex_grouper_ui_1
- rm $BATS_TMPDIR/not-started
-}
-
-@test "040 Check midPoint health" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
- check_health
-}
-
-@test "050 Check Shibboleth IDP health" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
- check_health_shibboleth_idp
-}
-
-@test "060 Check Grouper health" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
- skip TODO
-}
-
-@test "100 Get 'administrator'" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
- check_health
- get_and_check_object users 00000000-0000-0000-0000-000000000002 administrator
-}
-
-@test "110 And and get 'test110'" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
- check_health
- echo "<user><name>test110</name></user>" >/tmp/test110.xml
- add_object users /tmp/test110.xml
- rm /tmp/test110.xml
- search_and_check_object users test110
- delete_object_by_name users test110
-}
-
-@test "200 Upload objects" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- # reduce data in SIS database so imports will take reasonable time
- docker exec complex_sources_1 mysql sis -u root -p123321 -e "delete from SIS_COURSES where uid not in ('amorrison', 'banderson', 'cmorrison', 'danderson', 'ddavis', 'jsmith', 'kwhite', 'mroberts', 'whenderson', 'wprice')"
- docker exec complex_sources_1 mysql sis -u root -p123321 -e "delete from SIS_AFFILIATIONS where uid not in ('amorrison', 'banderson', 'cmorrison', 'danderson', 'ddavis', 'jsmith', 'kwhite', 'mroberts', 'whenderson', 'wprice')"
- docker exec complex_sources_1 mysql sis -u root -p123321 -e "delete from SIS_PERSONS where uid not in ('amorrison', 'banderson', 'cmorrison', 'danderson', 'ddavis', 'jsmith', 'kwhite', 'mroberts', 'whenderson', 'wprice')"
-
- check_health
- ./upload-objects.sh
-
- search_and_check_object objectTemplates template-org-course
- search_and_check_object objectTemplates template-org-department
- search_and_check_object objectTemplates template-role-affiliation
- search_and_check_object objectTemplates template-role-generic-group
-
- search_and_check_object orgs courses
- search_and_check_object orgs departments
-
- search_and_check_object resources "OpenLDAP (directory)"
- search_and_check_object resources "Grouper Resource"
- search_and_check_object resources "SQL SIS courses (sources)"
- search_and_check_object resources "SQL SIS persons (sources)"
-
- search_and_check_object roles metarole-affiliation
- search_and_check_object roles metarole-course
- search_and_check_object roles metarole-department
- search_and_check_object roles metarole-generic-group
- search_and_check_object roles role-grouper-sysadmin
- search_and_check_object roles role-ldap-basic
-}
-
-@test "210 Test LDAP and SQL resources" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
- test_resource 0a37121f-d515-4a23-9b6d-554c5ef61272
- test_resource 13660d60-071b-4596-9aa1-5efcd1256c04
- test_resource 4d70a0da-02dd-41cf-b0a1-00e75d3eaa15
-}
-
-@test "220 Import SIS_PERSONS" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- add_object tasks midpoint-objects-manual/tasks/task-import-sis-persons.xml
- search_and_check_object tasks "Import from SIS persons"
- wait_for_task_completion 22c2a3d0-0961-4255-9eec-c550a79aeaaa 6 10
- assert_task_success 22c2a3d0-0961-4255-9eec-c550a79aeaaa
-
- search_and_check_object users jsmith
- search_and_check_object users banderson
- search_and_check_object users kwhite
- search_and_check_object users whenderson
- search_and_check_object users ddavis
- search_and_check_object users cmorrison
- search_and_check_object users danderson
- search_and_check_object users amorrison
- search_and_check_object users wprice
- search_and_check_object users mroberts
-
- check_ldap_account_by_user_name jsmith complex_directory_1
- check_ldap_account_by_user_name banderson complex_directory_1
- check_ldap_account_by_user_name kwhite complex_directory_1
- check_ldap_account_by_user_name whenderson complex_directory_1
- check_ldap_account_by_user_name ddavis complex_directory_1
- check_ldap_account_by_user_name cmorrison complex_directory_1
- check_ldap_account_by_user_name danderson complex_directory_1
- check_ldap_account_by_user_name amorrison complex_directory_1
- check_ldap_account_by_user_name wprice complex_directory_1
- check_ldap_account_by_user_name mroberts complex_directory_1
-}
-
-@test "230 Import SIS_COURSES" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- add_object tasks midpoint-objects-manual/tasks/task-import-sis-courses.xml
- search_and_check_object tasks "Import from SIS courses"
- wait_for_task_completion b73a2e66-8233-4c20-928f-acb30027b33e 8 10
- assert_task_success b73a2e66-8233-4c20-928f-acb30027b33e
-
- search_and_check_object orgs course_ACCT101
- search_and_check_object orgs course_ACCT201
- search_and_check_object orgs course_CS251
- search_and_check_object orgs course_CS252
- search_and_check_object orgs course_MATH100
- search_and_check_object orgs course_MATH101
- search_and_check_object orgs course_SCI123
- search_and_check_object orgs course_SCI404
-
- check_ldap_courses_by_name course_ACCT101 complex_directory_1
- check_ldap_courses_by_name course_ACCT201 complex_directory_1
- check_ldap_courses_by_name course_CS251 complex_directory_1
- check_ldap_courses_by_name course_CS252 complex_directory_1
- check_ldap_courses_by_name course_MATH100 complex_directory_1
- check_ldap_courses_by_name course_MATH101 complex_directory_1
- check_ldap_courses_by_name course_SCI123 complex_directory_1
- check_ldap_courses_by_name course_SCI404 complex_directory_1
-
- check_of_ldap_membership amorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "ACCT101" complex_directory_1
- check_of_ldap_membership cmorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "ACCT101" complex_directory_1
- check_of_ldap_membership mroberts "ou=courses,ou=groups,dc=internet2,dc=edu" "ACCT101" complex_directory_1
- check_of_ldap_membership whenderson "ou=courses,ou=groups,dc=internet2,dc=edu" "ACCT101" complex_directory_1
-
- check_of_ldap_membership amorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "CS251" complex_directory_1
- check_of_ldap_membership cmorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "CS251" complex_directory_1
- check_of_ldap_membership ddavis "ou=courses,ou=groups,dc=internet2,dc=edu" "CS251" complex_directory_1
- check_of_ldap_membership mroberts "ou=courses,ou=groups,dc=internet2,dc=edu" "CS251" complex_directory_1
-
- check_of_ldap_membership kwhite "ou=courses,ou=groups,dc=internet2,dc=edu" "CS252" complex_directory_1
-
- check_of_ldap_membership danderson "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH100" complex_directory_1
- check_of_ldap_membership ddavis "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH100" complex_directory_1
- check_of_ldap_membership kwhite "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH100" complex_directory_1
- check_of_ldap_membership wprice "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH100" complex_directory_1
-
- check_of_ldap_membership amorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH101" complex_directory_1
- check_of_ldap_membership cmorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH101" complex_directory_1
- check_of_ldap_membership mroberts "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH101" complex_directory_1
-
- check_of_ldap_membership danderson "ou=courses,ou=groups,dc=internet2,dc=edu" "SCI123" complex_directory_1
- check_of_ldap_membership mroberts "ou=courses,ou=groups,dc=internet2,dc=edu" "SCI123" complex_directory_1
-
- check_of_ldap_membership kwhite "ou=courses,ou=groups,dc=internet2,dc=edu" "SCI404" complex_directory_1
- check_of_ldap_membership wprice "ou=courses,ou=groups,dc=internet2,dc=edu" "SCI404" complex_directory_1
-}
-
-@test "240 Check 'TestUser240' in Midpoint and LDAP" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
- check_health
- echo "<user><name>TestUser240</name><fullName>Test User240</fullName><givenName>Test</givenName><familyName>User240</familyName><credentials><password><value><clearValue>password</clearValue></value></password></credentials></user>" >/tmp/testuser240.xml
- add_object users /tmp/testuser240.xml
- rm /tmp/testuser240.xml
- search_and_check_object users TestUser240
-
- execute_bulk_action tests/resources/bulk-action/recompute-role-grouper-sysadmin.xml complex_midpoint_server_1
- execute_bulk_action tests/resources/bulk-action/assign-role-grouper-sysadmin-to-test-user.xml complex_midpoint_server_1
-
- check_ldap_account_by_user_name TestUser240 complex_directory_1
- check_of_ldap_membership TestUser240 "ou=groups,dc=internet2,dc=edu" "sysadmingroup" complex_directory_1
-
- delete_object_by_name users TestUser240
-}
-
-@test "250 Make 'banderson' Grouper administrator" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
- check_health
- recompute roles d48ec05b-fffd-4262-acd3-d9ff63365b62
- execute_bulk_action tests/resources/bulk-action/assign-role-grouper-sysadmin-to-banderson.xml complex_midpoint_server_1
- recompute users e897468f-20bd-419c-8fc5-1fe60e2600de # for some reason this looks necessary (TODO)
- check_of_ldap_membership banderson "ou=groups,dc=internet2,dc=edu" "sysadmingroup" complex_directory_1
-}
-
-#@test "255 Wait 120 seconds for changes to be propagated to Grouper" {
-# if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-#
-# sleep 120
-#}
-
-@test "260 Export ref groups" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- ./add-ref-groups.sh
-}
-
-@test "265 Wait 120 seconds for changes to be propagated to MQ" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- sleep 120
-}
-
-@test "300 Test Grouper resource" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
- test_resource 1eff65de-5bb6-483d-9edf-8cc2c2ee0233
-}
-
-@test "310 Import Grouper-to-midPoint async update task" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- check_health
- add_object tasks midpoint-objects-manual/tasks/task-async-update-grouper.xml
- search_and_check_object tasks "Grouper async updates"
-}
-
-@test "320 Wait for the queue to become empty" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- ATTEMPT=0
- MAX_ATTEMPTS=20
- DELAY=10
-
- get_messages sampleQueue
- echo "Messages: $MESSAGES"
-
- until [[ $ATTEMPT = $MAX_ATTEMPTS ]]; do
- ATTEMPT=$((ATTEMPT+1))
- get_messages sampleQueue
- echo "Messages: $MESSAGES"
- if [ "$MESSAGES" = "0" ]; then return 0; fi
- echo "Waiting $DELAY seconds for the queue to become empty (attempt $ATTEMPT) ..."
- sleep $DELAY
- done
- return 1
-}
-
-@test "330 Add wprice to 'midpoint:test' and 'ref:affiliation:alum_includes' groups" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- docker cp tests/resources/grouper/t330.gsh complex_grouper_daemon_1:/tmp/
- docker exec complex_grouper_daemon_1 bash -c "/opt/grouper/grouper.apiBinary/bin/gsh /tmp/t330.gsh"
-}
-
-@test "335 Wait 80 seconds for changes to be propagated to MQ" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- sleep 80
-}
-
-@test "340 Assert wprice membership in LDAP" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- assert_ldap_user_has_value wprice Entitlement "midpoint:test" complex_directory_1
- assert_ldap_user_has_value wprice Entitlement "ref:affiliation:alum" complex_directory_1
-}
-
-@test "350 Add kwhite to 'midpoint:test', remove wprice from 'ref:affiliation:alum_includes'" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- docker cp tests/resources/grouper/t350.gsh complex_grouper_daemon_1:/tmp/
- docker exec complex_grouper_daemon_1 bash -c "/opt/grouper/grouper.apiBinary/bin/gsh /tmp/t350.gsh"
-}
-
-@test "355 Wait 80 seconds for changes to be propagated to MQ" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- sleep 80
-}
-
-@test "360 Assert wprice and kwhite membership in LDAP" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- assert_ldap_user_has_value kwhite Entitlement "midpoint:test" complex_directory_1
- assert_ldap_user_has_value wprice Entitlement "midpoint:test" complex_directory_1
- assert_ldap_user_has_no_value wprice Entitlement "ref:affiliation:alum" complex_directory_1
-}
-
-@test "400 Suspend async update task" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- suspend_task 47fc57bd-8c34-4555-9b9f-7087ff179860 complex_midpoint_server_1
- wait_for_task_completion 47fc57bd-8c34-4555-9b9f-7087ff179860 5 10
-}
-
-@test "410 Remove kwhite and wprice from 'midpoint:test'" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- docker cp tests/resources/grouper/t410.gsh complex_grouper_daemon_1:/tmp/
- docker exec complex_grouper_daemon_1 bash -c "/opt/grouper/grouper.apiBinary/bin/gsh /tmp/t410.gsh"
-}
-
-@test "420 Reconcile Grouper" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- add_object tasks midpoint-objects-manual/tasks/task-reconciliation-grouper-users.xml
- search_and_check_object tasks "Grouper reconciliation (users)"
- wait_for_task_completion 42aa9f43-64c5-41a6-814c-b58b9ea4e204 6 10
- assert_task_success 42aa9f43-64c5-41a6-814c-b58b9ea4e204
-
- search_and_check_object users jsmith
- search_and_check_object users banderson
- search_and_check_object users kwhite
- search_and_check_object users whenderson
- search_and_check_object users ddavis
- search_and_check_object users cmorrison
- search_and_check_object users danderson
- search_and_check_object users amorrison
- search_and_check_object users wprice
- search_and_check_object users mroberts
-
- check_ldap_account_by_user_name jsmith complex_directory_1
- check_ldap_account_by_user_name banderson complex_directory_1
- check_ldap_account_by_user_name kwhite complex_directory_1
- check_ldap_account_by_user_name whenderson complex_directory_1
- check_ldap_account_by_user_name ddavis complex_directory_1
- check_ldap_account_by_user_name cmorrison complex_directory_1
- check_ldap_account_by_user_name danderson complex_directory_1
- check_ldap_account_by_user_name amorrison complex_directory_1
- check_ldap_account_by_user_name wprice complex_directory_1
- check_ldap_account_by_user_name mroberts complex_directory_1
-
- assert_ldap_user_has_no_value wprice Entitlement "midpoint:test" complex_directory_1
- assert_ldap_user_has_no_value kwhite Entitlement "midpoint:test" complex_directory_1
-}
-
-@test "999 Clean up" {
- docker-compose down -v
-}
diff --git a/demo/complex/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-banderson.xml b/demo/complex/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-banderson.xml
deleted file mode 100644
index 9ec69a2..0000000
--- a/demo/complex/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-banderson.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<scext:executeScript xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3">
- <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema">
- <s:type>c:UserType</s:type>
- <s:searchFilter>
- <q:equal>
- <q:path>c:name</q:path>
- <q:value>banderson</q:value>
- </q:equal>
- </s:searchFilter>
- <s:action>
- <s:type>assign</s:type>
- <s:parameter>
- <s:name>role</s:name>
- <c:value xsi:type="xsd:string">d48ec05b-fffd-4262-acd3-d9ff63365b62</c:value>
- </s:parameter>
- </s:action>
- </s:search>
- </scext:executeScript>
diff --git a/demo/complex/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-test-user.xml b/demo/complex/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-test-user.xml
deleted file mode 100644
index 0cb1a6b..0000000
--- a/demo/complex/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-test-user.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<scext:executeScript xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3">
- <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema">
- <s:type>c:UserType</s:type>
- <s:searchFilter>
- <q:equal>
- <q:path>c:name</q:path>
- <q:value>TestUser240</q:value>
- </q:equal>
- </s:searchFilter>
- <s:action>
- <s:type>assign</s:type>
- <s:parameter>
- <s:name>role</s:name>
- <c:value xsi:type="xsd:string">d48ec05b-fffd-4262-acd3-d9ff63365b62</c:value>
- </s:parameter>
- </s:action>
- </s:search>
- </scext:executeScript>
diff --git a/demo/complex/tests/resources/bulk-action/recompute-role-grouper-sysadmin.xml b/demo/complex/tests/resources/bulk-action/recompute-role-grouper-sysadmin.xml
deleted file mode 100644
index 1356484..0000000
--- a/demo/complex/tests/resources/bulk-action/recompute-role-grouper-sysadmin.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<scext:executeScript xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
- <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">
- <s:type>c:RoleType</s:type>
- <s:searchFilter>
- <q:equal>
- <q:path>name</q:path>
- <q:value>role-grouper-sysadmin</q:value>
- </q:equal>
- </s:searchFilter>
- <s:action>
- <s:type>recompute</s:type>
- </s:action>
- </s:search>
- </scext:executeScript>
diff --git a/demo/complex/tests/resources/grouper/t300.gsh b/demo/complex/tests/resources/grouper/t300.gsh
deleted file mode 100644
index d2b63e3..0000000
--- a/demo/complex/tests/resources/grouper/t300.gsh
+++ /dev/null
@@ -1,15 +0,0 @@
-System.out.println("************** t300.gsh starting **************");
-
-gs = GrouperSession.startRootSession()
-
-exportedGroups = GroupFinder.findByName(gs, 'etc:exportedGroups')
-alumSubject = SubjectFinder.findByIdentifier('ref:affiliation:alum', 'group', 'g:gsa')
-exportedGroups.addMember(alumSubject, false)
-
-alumIncludes = GroupFinder.findByName(gs, 'ref:affiliation:alum_includes')
-testGroup = GroupFinder.findByName(gs, 'etc:testGroup')
-wprice = SubjectFinder.findById('wprice', 'person', 'ldap')
-alumIncludes.addMember(wprice, false)
-testGroup.addMember(wprice, false)
-
-System.out.println("************** t300.gsh done **************");
diff --git a/demo/complex/tests/resources/grouper/t330.gsh b/demo/complex/tests/resources/grouper/t330.gsh
deleted file mode 100644
index cb8f158..0000000
--- a/demo/complex/tests/resources/grouper/t330.gsh
+++ /dev/null
@@ -1,11 +0,0 @@
-System.out.println("************** t330.gsh starting **************");
-
-gs = GrouperSession.startRootSession()
-
-testGroup = GroupFinder.findByName(gs, 'midpoint:test')
-alumIncludesGroup = GroupFinder.findByName(gs, 'ref:affiliation:alum_includes')
-wprice = SubjectFinder.findById('wprice', 'person', 'ldap')
-testGroup.addMember(wprice, false)
-alumIncludesGroup.addMember(wprice, false)
-
-System.out.println("************** t330.gsh done **************");
diff --git a/demo/complex/tests/resources/grouper/t350.gsh b/demo/complex/tests/resources/grouper/t350.gsh
deleted file mode 100644
index d0d2d3e..0000000
--- a/demo/complex/tests/resources/grouper/t350.gsh
+++ /dev/null
@@ -1,12 +0,0 @@
-System.out.println("************** t350.gsh starting **************");
-
-gs = GrouperSession.startRootSession()
-
-alumIncludes = GroupFinder.findByName(gs, 'ref:affiliation:alum_includes')
-testGroup = GroupFinder.findByName(gs, 'midpoint:test')
-kwhite = SubjectFinder.findById('kwhite', 'person', 'ldap')
-wprice = SubjectFinder.findById('wprice', 'person', 'ldap')
-testGroup.addMember(kwhite, false)
-alumIncludes.deleteMember(wprice, false)
-
-System.out.println("************** t350.gsh done **************");
diff --git a/demo/complex/tests/resources/grouper/t410.gsh b/demo/complex/tests/resources/grouper/t410.gsh
deleted file mode 100644
index 69e4b18..0000000
--- a/demo/complex/tests/resources/grouper/t410.gsh
+++ /dev/null
@@ -1,11 +0,0 @@
-System.out.println("************** t410.gsh starting **************");
-
-gs = GrouperSession.startRootSession()
-
-testGroup = GroupFinder.findByName(gs, 'midpoint:test')
-kwhite = SubjectFinder.findById('kwhite', 'person', 'ldap')
-wprice = SubjectFinder.findById('wprice', 'person', 'ldap')
-testGroup.deleteMember(kwhite, false)
-testGroup.deleteMember(wprice, false)
-
-System.out.println("************** t410.gsh done **************");
diff --git a/demo/complex/tests/resources/rabbitmq/check-samplequeue.sh b/demo/complex/tests/resources/rabbitmq/check-samplequeue.sh
deleted file mode 100755
index e336a63..0000000
--- a/demo/complex/tests/resources/rabbitmq/check-samplequeue.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-count=$(rabbitmqctl list_queues | grep sampleQueue | awk '{print $2}')
-if [[ -z $count || $count -eq 0 ]]; then
- echo "ERROR: sampleQueue does not exist or is empty"
- exit 1
-else
- echo "OK: sampleQueue has $count message(s)"
- exit 0
-fi
diff --git a/demo/complex/tests/resources/tasks/task-livesync-grouper-single.xml b/demo/complex/tests/resources/tasks/task-livesync-grouper-single.xml
deleted file mode 100644
index 365d007..0000000
--- a/demo/complex/tests/resources/tasks/task-livesync-grouper-single.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
- xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
- xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
- xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
- oid="87ffce52-717a-4205-ba01-0a698f0deaee">
- <name>LiveSync from Grouper</name>
- <extension xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
- xmlns:gen437="http://midpoint.evolveum.com/xml/ns/public/provisioning/liveSync-3"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:type="c:ExtensionType">
- <mext:kind>account</mext:kind>
- <mext:objectclass>ri:AccountObjectClass</mext:objectclass>
- </extension>
- <taskIdentifier>1535465478027-0-1</taskIdentifier>
- <ownerRef oid="00000000-0000-0000-0000-000000000002"
- relation="org:default"
- type="c:UserType"><!-- administrator --></ownerRef>
- <executionStatus>runnable</executionStatus>
- <category>LiveSynchronization</category>
- <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/live-sync/handler-3</handlerUri>
- <objectRef oid="6dcb84f5-bf82-4931-9072-fbdf87f96442"
- relation="org:default"
- type="c:ResourceType"><!-- Grouper SQL NEW --></objectRef>
- <recurrence>single</recurrence>
- <binding>loose</binding>
-</task>
diff --git a/demo/complex/tests/resources/users/user-grouper-admin.xml b/demo/complex/tests/resources/users/user-grouper-admin.xml
deleted file mode 100644
index d785e47..0000000
--- a/demo/complex/tests/resources/users/user-grouper-admin.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<user xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
- xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
- oid="a0c7c01e-c203-4777-9b21-27a4735da3ae">
- <name>grouper-admin</name>
- <assignment id="1">
- <targetRef oid="d48ec05b-fffd-4262-acd3-d9ff63365b62" relation="org:default" type="c:RoleType">
- <!-- role-grouper-sysadmin -->
- </targetRef>
- </assignment>
- <fullName>Grouper admin</fullName>
- <givenName>Grouper</givenName>
- <familyName>Admin</familyName>
- <credentials>
- <password>
- <value>password</value>
- </password>
- </credentials>
-</user>
-
diff --git a/demo/complex/upload-objects.sh b/demo/complex/upload-objects.sh
deleted file mode 100755
index 3f1c9b8..0000000
--- a/demo/complex/upload-objects.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-
-function upload () {
- local filename=$1
- local regex="midpoint-objects/(.*)/(.*)"
- if [[ $filename =~ $regex ]]
- then
- type="${BASH_REMATCH[1]}"
- oid=`cat $filename | sed -n 's:.*oid=\"\([A-Za-z0-9\-]*\)\".*:\1:p' | sed -n '1 p'`
- echo "Uploading $filename ($type, $oid)"
- curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X PUT "https://localhost:8443/midpoint/ws/rest/$type/$oid?options=overwrite&options=raw" --data-binary @$filename
- else
- echo "Skipping $filename"
- fi
-}
-
-find midpoint-objects -name "*.xml" | while read filename; do upload $filename; done
diff --git a/download-midpoint.sh b/download-midpoint.sh
index 6d7595e..9b95539 100755
--- a/download-midpoint.sh
+++ b/download-midpoint.sh
@@ -6,16 +6,16 @@ if [[ -n "$1" ]]; then
MP_VERSION=$1
else
if [[ $tag == "latest" ]]; then
- MP_VERSION="4.0-SNAPSHOT"
+ MP_VERSION="4.0.1"
else
MP_VERSION=$tag
fi
fi
-if [[ $MP_VERSION =~ ^[0-9]+\.[0-9]+$ ]]; then
- URL_BASE="https://download.evolveum.com/downloads/midpoint/$MP_VERSION/"
+if [[ $MP_VERSION =~ ^[0-9]+(\.[0-9]+)+$ ]]; then
+ URL_BASE="https://download.evolveum.com/midpoint/$MP_VERSION/"
else
- URL_BASE="https://download.evolveum.com/downloads/midpoint-tier/"
+ URL_BASE="https://download.evolveum.com/midpoint-tier/"
fi
echo "Downloading midPoint $MP_VERSION from $URL_BASE"
diff --git a/library.bash b/library.bash
index 533384b..d70e694 100644
--- a/library.bash
+++ b/library.bash
@@ -304,7 +304,7 @@ function search_objects_by_name () {
EOF
local HTTP_CODE=$(sed '$!d' <<<"$(cat $TMPFILE)")
sed -i '$ d' $TMPFILE
- cat $TMPFILE
+ # cat $TMPFILE
if [ "$HTTP_CODE" -eq 200 ]; then
SEARCH_RESULT_FILE=$TMPFILE
@@ -418,6 +418,14 @@ function wait_for_task_completion () {
return 1
}
+function get_task_execution_status () {
+ local NAME=$1
+
+ search_objects_by_name tasks "$NAME"
+ TASK_EXECUTION_STATUS=$(xmllint --xpath "/*/*/*[local-name()='executionStatus']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract task status from task $NAME" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; return 1)
+ echo "Task execution status: $TASK_EXECUTION_STATUS"
+ return 0
+}
function search_ldap_object_by_filter () {
local BASE_CONTEXT_FOR_SEARCH=$1
@@ -556,3 +564,25 @@ function get_messages () {
fi
return 0
}
+
+function upload_from_file () {
+ local FILENAME=$1
+ local OPTIONS_TO_ADD=$2
+ local REGEX="midpoint-objects.*/(.*)/(.*)"
+ if [[ $FILENAME =~ $REGEX ]]
+ then
+ TYPE="${BASH_REMATCH[1]}"
+ OID=`cat $FILENAME | sed -n 's:.*oid=\"\([A-Za-z0-9\-]*\)\".*:\1:p' | sed -n '1 p'`
+ echo "Uploading $FILENAME ($TYPE, $OID)"
+ curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X PUT "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID?options=overwrite$OPTIONS_TO_ADD" --data-binary @$FILENAME
+ else
+ echo "Skipping $FILENAME"
+ fi
+}
+
+function execute_gsh () {
+ local CONTAINER=$1
+ local FILE=$2
+ docker cp $FILE $CONTAINER:/tmp/
+ docker exec $CONTAINER bash -c "/opt/grouper/grouper.apiBinary/bin/gsh /tmp/$FILE"
+}