diff --git a/conf/access-control.xml b/conf/access-control.xml
index d8c1f04..a9184e6 100644
--- a/conf/access-control.xml
+++ b/conf/access-control.xml
@@ -30,7 +30,7 @@
+ p:allowedRanges="#{ {'127.0.0.1/32', '::1/128'} }" />
diff --git a/conf/attribute-filter.xml b/conf/attribute-filter.xml
index 8a52dbe..7787d0c 100644
--- a/conf/attribute-filter.xml
+++ b/conf/attribute-filter.xml
@@ -77,16 +77,13 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
diff --git a/conf/attribute-registry.xml b/conf/attribute-registry.xml
new file mode 100644
index 0000000..8890f4b
--- /dev/null
+++ b/conf/attribute-registry.xml
@@ -0,0 +1,26 @@
+
+
+
+
+
+
+
+
+
diff --git a/conf/attribute-resolver-full.xml b/conf/attribute-resolver-full.xml
index e44ffbc..ad75dbc 100644
--- a/conf/attribute-resolver-full.xml
+++ b/conf/attribute-resolver-full.xml
@@ -27,116 +27,78 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-->
@@ -144,88 +106,60 @@
@@ -233,8 +167,6 @@
@@ -242,12 +174,10 @@
@@ -257,13 +187,16 @@
-
+
+
diff --git a/conf/attribute-resolver-ldap.xml b/conf/attribute-resolver-ldap.xml
index 69154c0..76e6d55 100644
--- a/conf/attribute-resolver-ldap.xml
+++ b/conf/attribute-resolver-ldap.xml
@@ -31,8 +31,6 @@
-->
-
-
-
-
-
-
@@ -87,8 +81,7 @@
blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
- expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"
- failFastInitialize="%{idp.pool.LDAP.failFastInitialize:false}" />
+ expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"/>
diff --git a/conf/attribute-resolver.xml b/conf/attribute-resolver.xml
index a4b32d7..0ee236b 100644
--- a/conf/attribute-resolver.xml
+++ b/conf/attribute-resolver.xml
@@ -1,311 +1,76 @@
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/conf/attribute-resolver.xml.orig b/conf/attribute-resolver.xml.orig
deleted file mode 100644
index 471bf0b..0000000
--- a/conf/attribute-resolver.xml.orig
+++ /dev/null
@@ -1,86 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- uid
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- member
-
-
-
-
diff --git a/conf/attributes/custom/README.txt b/conf/attributes/custom/README.txt
new file mode 100644
index 0000000..98977b0
--- /dev/null
+++ b/conf/attributes/custom/README.txt
@@ -0,0 +1,9 @@
+# You can create custom attribute mapping rules using
+# simple property files stored in this directory tree.
+# Spring property replacement is NOT supported.
+
+# As an example, a default SAML 2 rule for eduPersonPrincipalName would be:
+
+#id=eduPersonPrincipalName
+#transcoder=SAML2ScopedStringTranscoder
+#saml2.name=urn:oid:1.3.6.1.4.1.5923.1.1.1.6
diff --git a/conf/attributes/default-rules.xml b/conf/attributes/default-rules.xml
new file mode 100644
index 0000000..b6289fe
--- /dev/null
+++ b/conf/attributes/default-rules.xml
@@ -0,0 +1,803 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+ uid
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:0.9.2342.19200300.100.1.1
+ urn:mace:dir:attribute-def:uid
+ User ID
+ Benutzer-ID
+ ID utilisateur
+ ID dell'utente
+ ユーザID
+ User ID
+ Användaridentitet
+ A unique identifier for a person, mainly used for user identification within the user's home organization.
+ Eine eindeutige Nummer für eine Person, welche hauptsächlich zur Identifikation innerhalb der Organisation benutzt wird.
+ Identifiant de connexion d'une personnes sur les systèmes informatiques.
+ Identificativo unico della persona, usato per l'identificazione dell'utente all'interno della organizzazione di appartenenza.
+ 所属機関内で一意の利用者識別子
+ Identificador do utilizador
+ Användaridentitet: Unik identifierar som används vid lokal inloggning i hemmaorganisationen.
+
+
+
+
+
+
+
+ mail
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:0.9.2342.19200300.100.1.3
+ urn:mace:dir:attribute-def:mail
+ E-mail
+ E-Mail
+ Email
+ E-mail
+ メールアドレス
+ E-mail
+ E-postadress
+ E-Mail: Preferred address for e-mail to be sent to this person
+ E-Mail-Adresse
+ E-Mail Adresse
+ Adresse de courrier électronique
+ E-Mail: l'indirizzo e-mail preferito dall'utente
+ メールアドレス
+ E-Mail: Endereço de correio electronico
+ E-postadress: E-postadress som används av personen.
+
+
+
+
+
+
+
+ homePhone
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:0.9.2342.19200300.100.1.20
+ urn:mace:dir:attribute-def:homePhone
+ Private phone number
+ Telefon Privat
+ Teléphone personnel
+ Numero di telefono privato
+ 自宅電話番号
+ Número de telefone privado
+ Telefonnummer (hem)
+ Private phone number
+ Private Telefonnummer
+ Numéro de téléphone de domicile de la personne
+ Numero di telefono privato
+ 自宅の電話番号
+ Número de telefone privado do utilizador
+ Telefonnummer (hem): Telefonnummer till bostaden.
+
+
+
+
+
+
+
+ homePostalAddress
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:0.9.2342.19200300.100.1.39
+ urn:mace:dir:attribute-def:homePostalAddress
+ Home postal address
+ Heimatadresse
+ Heimadresse
+ Adresse personnelle
+ Indirizzo personale
+ 自宅住所
+ Morada Pessoal
+ Postadress (hem)
+ Home postal address: Home address of the user
+ Heimatadresse
+ Heimadresse
+ Adresse postale de domicile de la personne
+ Indirizzo personale: indirizzo dove abita l'utente
+ 自宅の住所
+ Morada Pessoal: Morada do utilizador
+ Postadress (hem): Postadress till bostaden.
+
+
+
+
+
+
+
+ mobile
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:0.9.2342.19200300.100.1.41
+ urn:mace:dir:attribute-def:mobile
+ Mobile phone number
+ Telefon Mobil
+ Numéro de mobile
+ Numero di cellulare
+ 携帯電話番号
+ Número de telemóvel
+ Telefonnummer (mobil)
+ Mobile phone number
+ Mobile Telefonnummer
+ Numéro de teléphone mobile
+ Numero di cellulare
+ 携帯電話の電話番号
+ Número de telemóvel do utilizador
+ Telefonnummer (mobil): Telefonnummer till mobiltelefon.
+
+
+
+
+
+
+
+ pager
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:0.9.2342.19200300.100.1.42
+ urn:mace:dir:attribute-def:pager
+ Pager number
+ Pager number
+
+
+
+
+
+
+
+ surname
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:2.5.4.4
+ urn:mace:dir:attribute-def:sn
+ Surname
+ Nachname
+ Nom de famille
+ Cognome
+ 姓
+ Nome de Família
+ Efternamn
+ Surname or family name
+ Familienname
+ Nom de famille de l'utilisateur.
+ Cognome dell'utilizzatore
+ 氏名(姓)の英語表記
+ Nome de Família
+ Efternamn: Efternamn för personen.
+
+
+
+
+
+
+
+ locality
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:2.5.4.7
+ urn:mace:dir:attribute-def:l
+ Locality name
+ Ort
+ Locality name
+ 場所(L)
+ Locality name
+ Ort
+ Nom de la localité où réside l'objet
+ 場所の名前 日本の場合は市区町村名
+
+
+
+
+
+
+
+ stateProvince
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:2.5.4.8
+ urn:mace:dir:attribute-def:st
+ State or province name
+ 都道府県もしくは州や省(ST)
+ State or province name
+ 州名や省名 国によって異なり日本の場合は都道府県名
+
+
+
+
+
+
+
+ street
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:2.5.4.9
+ urn:mace:dir:attribute-def:street
+ Street
+ Straße
+ Strasse
+ Rue
+ 通り
+ Street address
+ Name der Straße
+ Strassenadresse
+ Nom de rue
+ 通りおよび番地
+
+
+
+
+
+
+
+ organizationName
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:2.5.4.10
+ urn:mace:dir:attribute-def:o
+ Organization name
+ Organisationsname
+ Nom de l'organisation
+ 所属機関名
+ Organization name
+ Name der Organisation
+ Nom de l'organisation
+ 所属機関名称の英語表記
+
+
+
+
+
+
+
+ organizationalUnit
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:2.5.4.11
+ urn:mace:dir:attribute-def:ou
+ Organizational unit
+ Organisationseinheit
+ Unité organisationnelle
+ 機関内所属名
+ Organizational unit
+ Name der Organisationseinheit
+ Nom de l'unité organisationnelle
+ 機関内所属名称の英語表記
+
+
+
+
+
+
+
+ title
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:2.5.4.12
+ urn:mace:dir:attribute-def:title
+ Title
+ Titel
+ Title
+ 肩書き
+ Title of a person
+ Titel der Person
+ Titre de la personne
+ 利用者の肩書き
+
+
+
+
+
+
+
+ postalAddress
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:2.5.4.16
+ urn:mace:dir:attribute-def:postalAddress
+ Business postal address
+ Geschäftsadresse
+ Adresse professionnelle
+ Indirizzo professionale
+ 所属機関住所
+ Morada
+ Postadress (arbete):
+ Business postal address: Campus or office address
+ Geschäftliche Adresse
+ Adresse am Arbeitsplatz
+ Adresse de l'institut, de l'université
+ Indirizzo professionale: indirizzo dell'istituto o dell'ufficio
+ 所属機関の住所
+ Morada da instituição
+ Postadress (arbete): Postadressen för arbetsplatsen
+
+
+
+
+
+
+
+ postalCode
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:2.5.4.17
+ urn:mace:dir:attribute-def:postalCode
+ Postal code
+ ZIP code
+ Postleitzahl
+ Code postal
+ 郵便番号
+ Postal code
+ ZIP code
+ Postleitzahl
+ Code postal
+ 郵便番号
+
+
+
+
+
+
+
+ postOfficeBox
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:mace:dir:attribute-def:postOfficeBox
+ urn:oid:2.5.4.18
+ Postal box
+ Postfach
+ Boite postale
+ Case postale
+ 私書箱
+ Postal box identifier
+ Postfach
+ Boite postale
+ Case postale
+ 私書箱
+
+
+
+
+
+
+
+ telephoneNumber
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:mace:dir:attribute-def:telephoneNumber
+ urn:oid:2.5.4.20
+ Business phone number
+ Telefon Geschäft
+ Teléphone professionnel
+ Numero di telefono dell'ufficio
+ 勤務先電話番号
+ Telefone
+ Telefonummer (arbete)
+ Business phone number: Office or campus phone number
+ Telefonnummer am Arbeitsplatz
+ Teléphone de l'institut, de l'université
+ Numero di telefono dell'ufficio
+ 所属機関での利用者の電話番号
+ Número de telefone
+ Telefonummer (arbete): Telefonnummer till arbetsplatsen
+
+
+
+
+
+
+
+ givenName
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:2.5.4.42
+ urn:mace:dir:attribute-def:givenName
+ Given name
+ Vorname
+ Prénom
+ Nome
+ 名
+ Nome
+ Förnamn
+ Given name of a person
+ Vorname
+ Prénom de l'utilisateur
+ Nome
+ 氏名(名)の英語表記
+ Nome
+ Förnamn: Förnamn för personen.
+
+
+
+
+
+
+
+ initials
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:2.5.4.43
+ urn:mace:dir:attribute-def:initials
+ Initials
+ Initialen
+ Initiales
+ イニシャル
+ Initials
+ Anfangsbuchstaben des Namens
+ Die Anfangsbuchstaben
+ L' initiales
+ イニシャル
+
+
+
+
+
+
+
+
+
+ departmentNumber
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:2.16.840.1.113730.3.1.2
+ urn:mace:dir:attribute-def:departmentNumber
+ Department number
+ Abteilungsnummer
+ Department number
+ Nummer der Abteilung
+
+
+
+
+
+
+
+ displayName
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:2.16.840.1.113730.3.1.241
+ urn:mace:dir:attribute-def:displayName
+ Display Name
+ Anzeigename
+ Nom
+ Nome
+ 表示名
+ The name that should appear in white-pages-like applications for this person.
+ Anzeigename
+ Nom complet d'affichage
+ Nome
+ アプリケーションでの表示に用いられる英字氏名
+
+
+
+
+
+
+
+ employeeNumber
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:2.16.840.1.113730.3.1.3
+ urn:mace:dir:attribute-def:employeeNumber
+ Employee number
+ Mitarbeiternummer
+ Numéro d'employé
+ Numero dell'utente
+ 従業員番号
+ Número de empregado
+ Anställningsnummer
+ Identifies an employee within an organization
+ Identifiziert einen Mitarbeiter innerhalb der Organisation
+ Identifie un employé au sein de l'organisation
+ Identifica l' utente presso l'organizzazione
+ 所属機関における利用者の従業員番号
+ Número de empregado
+ Anställningsnummer: Unik anställningsidentifierare i hemmaorganisationen.
+
+
+
+
+
+
+
+ employeeType
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:2.16.840.1.113730.3.1.4
+ urn:mace:dir:attribute-def:employeeType
+ Employee type
+ Employee type
+
+
+
+
+
+
+
+ jpegPhoto
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:0.9.2342.19200300.100.1.60
+ urn:mace:dir:attribute-def:jpegPhoto
+ JPEG Photo
+ Image of a person in JPEG format
+
+
+
+
+
+
+
+ preferredLanguage
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:2.16.840.1.113730.3.1.39
+ urn:mace:dir:attribute-def:preferredLanguage
+ Preferred Language
+ Bevorzugte Sprache
+ Langue préférée
+ Lingua preferita
+ 希望言語
+ Língua preferida
+ Språkönskemål
+ Preferred language: Users preferred language (see RFC1766)
+ Bevorzugte Sprache (siehe RFC1766)
+ Exemple: fr, de, it, en, ... (voir RFC1766)
+ Lingua preferita: la lingua preferita dall'utente (cfr. RFC1766)
+ 利用者が希望する言語(RFC1766 を参照)
+ Língua preferida: Língua preferida do utilizador (cfr. RFC1766)
+ Språkönskemål: Personens önskade språk (see RFC1766).
+
+
+
+
+
+
+
+
+
+ eduPersonAffiliation
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.1
+ urn:mace:dir:attribute-def:eduPersonAffiliation
+ Affiliation
+ Zugehörigkeit
+ Affiliation
+ Tipo di membro
+ 職位
+ Tipo de utilizador
+ Anknytning
+ Affiliation: Type of affiliation with Home Organization
+ Art der Zugehörigkeit zur Heimatorganisation
+ Art der Zugehörigkeit zur Heimorganisation
+ Type d'affiliation dans l'organisation
+ Tipo di membro: Tipo di lavoro svolto per l'organizzazione
+ 所属機関における職位(faculty,staff,student,memberなど)
+ Tipo de utilizador: tipo de utilizador na organização. Exemplo: Estudante, ...
+ Anknytning: Vilken anknytning personen har till organisationen.
+
+
+
+
+
+
+
+ eduPersonEntitlement
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.7
+ urn:mace:dir:attribute-def:eduPersonEntitlement
+ Entitlement
+ Berechtigung
+ Entitlement
+ Prerogativa
+ 資格情報
+ Título
+ Rättigheter
+ Member of: URI (either URL or URN) that indicates a set of rights to specific resources based on an agreement across the releavant community
+ Zeichenkette, die Rechte für spezifische Ressourcen beschreibt
+ Membre de: URI (soit une URL ou une URN) décrivant un droit spécific d'accès.
+ Membro delle seguenti URI (sia URL o URN) che rappresentano diritti specifici d'accesso validi in tutta la communità
+ 特定のアプリケーションもしくはコミュニティ内の複数リソースへのアクセス権限を持つことを示すURI(URLもしくはURN)
+ URI (retractado por um URN ou URL) que indica um conjunto de direitos para recursos específicos.
+ Rättigheter: URI (either URL or URN) som beskriver olika rättigheter till angivna tjänster.
+
+
+
+
+
+
+
+ eduPersonNickname
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.2
+ urn:mace:dir:attribute-def:eduPersonNickname
+ Nick name
+ Kurzname
+ Übername
+ Surnom
+ Diminutivo
+ ニックネーム
+ Person's nickname, or the informal name by which they are accustomed to be hailed.
+ Kurzname einer Person, oder üblicher Rufname zur Begrüßung.
+ Übername einer Person, oder üblicher Rufname zur Begrüssung.
+ Nom personnalisable pour un usage informel.
+ Diminutivo della persona, o soprannome.
+ 利用者のニックネームもしくは通称
+
+
+
+
+
+
+
+ eduPersonPrimaryAffiliation
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.5
+ urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation
+ Primary affiliation
+ Primäre Zugehörigkeit
+ Affiliation pricipale
+ Appartenenza principale
+ 主要職位
+ Specifies the person's primary relationship to the institution in broad categories such as student, faculty, staff, alum, etc.
+ Spezifiziert der Hauptbeziehung einer Person innerhalb ihrer Organisation in groben Kategorien wie Student, Mitarbeiter, Alumni, etc.
+ Spécifie la relation principale d'une personne avec l'institution selon des majeures catégories comme étudiant, collaborateur, alumni etc.
+ Specifica la relazione principale dell persona con l'istituzione secondo le maggiori categorie come studente, collaboratore, alumni, etc.
+ 所属機関における主要な職位(faculty,staff,student,memberなど)
+
+
+
+
+
+
+
+ eduPersonPrincipalName
+ SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.6
+ urn:mace:dir:attribute-def:eduPersonPrincipalName
+ Principal Name
+ Persönliche ID
+ Principal Name
+ Principal Name
+ プリンシパルID
+ A unique identifier for a person, mainly for inter-institutional user identification.
+ Eindeutige Benutzeridentifikation
+ Eindeutige Benützeridentifikation
+ L'identifiant unique de l'utilisateur
+ Un ID personale che identifica chiaramente l'utente in seno alla sua organizzazione
+ フェデレーション内で一意かつ永続的な利用者識別子
+
+
+
+
+
+
+
+ eduPersonPrincipalNamePrior
+ SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.12
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.12
+ Prior Principal Name
+ eduPersonPrincipalName value that was previously associated with the entry.
+
+
+
+
+
+
+
+ eduPersonScopedAffiliation
+ SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.9
+ urn:mace:dir:attribute-def:eduPersonScopedAffiliation
+ Scoped Affiliation
+ Zugehörigkeit
+ Affiliation
+ Tipo di membro
+ スコープ付き職位
+ Specifies the person's affiliation within a particular security domain
+ Art der Zugehörigkeit zur Heimatorganisation
+ Art der Zugehörigkeit zur Heimorganisation
+ Type d'affiliation dans l'organisation
+ Tipo di membro: Tipo di lavoro svolto per l'organizzazione
+ セキュリティドメインのスコープが付いた所属機関における職位
+
+
+
+
+
+
+
+ eduPersonAssurance
+ SAML2StringTranscoder SAML1StringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.11
+ urn:mace:dir:attribute-def:eduPersonAssurance
+ Assurance Level
+ Vertrauensgrad
+ Niveau de confiance
+ Livello di sicurezza
+ 保証レベル
+ Set of URIs that assert compliance with specific standards for identity assurance.
+ URIs die eine gewisse Zusicherung für spezifische Standards des Vertrauens beinhalten
+ Un ensemble d'URI qui attestent la conformité selon un standard pour les niveaux d'assurance d'identités
+ Un insieme di URI che asseriscono l'osservanza dei livelli di sicurezza richiesti
+ IDの保証レベルに関して特定の基準に準拠していることを示すURI
+
+
+
+
+
+
+
+
+
+ eduPersonUniqueId
+ SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.13
+ urn:oid:1.3.6.1.4.1.5923.1.1.1.13
+ Unique ID
+ Eindeutige ID
+ ID unique
+ ID unico
+ ユニークID
+ ID único
+ Unik identifierare
+ A unique identifier for a person, mainly for inter-institutional user identification.
+ Eindeutige Benutzeridentifikation
+ Eindeutige Benützeridentifikation
+ Identifiant unique de l'utilisateur
+ Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione
+ フェデレーション内で一意で永続的かつ難読化された利用者識別子(後継はサブジェクトID)
+ ID único: Identificador pessoal que identifica claramente o utilizador na sua organização
+ Unik identifierare: En unik identifierare för en person, används primärt för att identifiera personen inloggning vid annan organisation än hemmaorganisationen.
+
+
+
+
+
+
+
+
+
+ samlSubjectID
+ SAML2ScopedStringTranscoder
+ urn:oasis:names:tc:SAML:attribute:subject-id
+ Unique ID
+ Eindeutige ID
+ ID unique
+ ID unico
+ サブジェクトID
+ A unique identifier for a person, mainly for inter-institutional user identification.
+ Eindeutige Benutzeridentifikation
+ Eindeutige Benützeridentifikation
+ Identifiant unique de l'utilisateur
+ Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione
+ フェデレーション内で一意で永続的かつ難読化された利用者識別子(eduPersonUniqueIdの後継)
+
+
+
+
+
+
+
+ samlPairwiseID
+ SAML2ScopedStringTranscoder
+ urn:oasis:names:tc:SAML:attribute:pairwise-id
+ Pairwise ID
+ Pairwise ID
+ Pairwise ID
+ Pairwise ID
+ ペアワイズID
+ Pairwise ID: A unique identifier for a person, different for each service provider.
+ Pairwise ID: Eindeutige Benutzeridentifikation, unterschiedlich pro Service Provider.
+ Pairwise ID: Eindeutige Benützeridentifikation, unterschiedlich pro Service Provider.
+ Pairwise ID: Un identifiant unique de l'utilisateur, différent pour chaque fournisseur de service.
+ Pairwise ID: identificativo unico della persona, differente per ogni fornitore di servizio.
+ フェデレーション内で一意かつSP毎に送出される値が異なる利用者識別子(eduPersonTargetedIDの後継)
+
+
+
+
+
+
+
+
+
diff --git a/conf/audit.xml b/conf/audit.xml
index 43f029d..a690ae0 100644
--- a/conf/audit.xml
+++ b/conf/audit.xml
@@ -15,7 +15,7 @@
for compatibility with V2 audit logging.
-->
-
+
diff --git a/conf/authn/authn-comparison.xml b/conf/authn/authn-comparison.xml
index f167b7a..dcf0271 100644
--- a/conf/authn/authn-comparison.xml
+++ b/conf/authn/authn-comparison.xml
@@ -74,4 +74,73 @@
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/authn/discovery-config.xml b/conf/authn/discovery-config.xml
new file mode 100644
index 0000000..e21e3fd
--- /dev/null
+++ b/conf/authn/discovery-config.xml
@@ -0,0 +1,34 @@
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/authn/external-authn-config.xml b/conf/authn/external-authn-config.xml
index 8b3a159..9d6652a 100644
--- a/conf/authn/external-authn-config.xml
+++ b/conf/authn/external-authn-config.xml
@@ -14,7 +14,7 @@
+ c:_0="contextRelative:external.jsp" />
+
+
+
+
+
+
+
+
+
+
+
-
-
diff --git a/conf/authn/ldap-authn-config.xml b/conf/authn/ldap-authn-config.xml
index 56d1bc7..22824d0 100644
--- a/conf/authn/ldap-authn-config.xml
+++ b/conf/authn/ldap-authn-config.xml
@@ -5,131 +5,28 @@
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
default-init-method="initialize"
default-destroy-method="destroy"
default-lazy-init="true">
-
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
diff --git a/conf/authn/mfa-authn-config.xml b/conf/authn/mfa-authn-config.xml
index f1b3918..3bfbcbb 100644
--- a/conf/authn/mfa-authn-config.xml
+++ b/conf/authn/mfa-authn-config.xml
@@ -56,40 +56,17 @@
-
+
-
-
-
+
+
+
-
@@ -34,9 +33,17 @@
+
+
+
+
+
+
+
+
+
+
+
-
+
+
diff --git a/conf/saml-nameid.properties b/conf/saml-nameid.properties
index e489430..7169c5e 100644
--- a/conf/saml-nameid.properties
+++ b/conf/saml-nameid.properties
@@ -4,10 +4,6 @@
# identifiers. See saml-nameid.xml and c14n/subject-c14n.xml for advanced
# settings
-# Comment out to disable legacy NameID generation via Attribute Resolver
-#idp.nameid.saml2.legacyGenerator = shibboleth.LegacySAML2NameIDGenerator
-#idp.nameid.saml1.legacyGenerator = shibboleth.LegacySAML1NameIdentifierGenerator
-
# Default NameID Formats to use when nothing else is called for.
# Don't change these just to change the Format used for a single SP!
#idp.nameid.saml2.default = urn:oasis:names:tc:SAML:2.0:nameid-format:transient
@@ -18,12 +14,10 @@
# Persistent IDs can be computed on the fly with a hash, or managed in a database
-# For computed IDs, set a source attribute and a secret salt:
-idp.persistentId.sourceAttribute = uid
+# For computed IDs, set a source attribute, and a secret salt in secrets.properties
+#idp.persistentId.sourceAttribute = changethistosomethingreal
#idp.persistentId.useUnfilteredAttributes = true
-# Do *NOT* share the salt with other people, it's like divulging your private key.
#idp.persistentId.algorithm = SHA
-#idp.persistentId.salt = changethistosomethingrandom
# BASE64 will match V2 values, we recommend BASE32 encoding for new installs.
idp.persistentId.encoding = BASE32
diff --git a/conf/services.properties b/conf/services.properties
index 0aa9007..9dc3dff 100644
--- a/conf/services.properties
+++ b/conf/services.properties
@@ -12,14 +12,24 @@
#idp.service.logging.failFast = true
idp.service.logging.checkInterval = PT5M
-# Set to shibboleth.LegacyRelyingPartyResolverResources with legacy V2 relying-party.xml
#idp.service.relyingparty.resources = shibboleth.RelyingPartyResolverResources
#idp.service.relyingparty.failFast = false
idp.service.relyingparty.checkInterval = PT15M
+# Set true to limit metadata-driven settings lookup to decoded EntityAttributes
+idp.service.relyingparty.ignoreUnmappedEntityAttributes=true
#idp.service.metadata.resources = shibboleth.MetadataResolverResources
#idp.service.metadata.failFast = false
#idp.service.metadata.checkInterval = PT0S
+# Set to false if not using ByReference MetadataFilters for a small perf gain
+#idp.service.metadata.enableByReferenceFilters = true
+
+#idp.service.attribute.registry.resources = shibboleth.AttributeRegistryResources
+#idp.service.attribute.registry.namingRegistry = shibboleth.DefaultNamingRegistry
+#idp.service.attribute.registry.failFast = false
+idp.service.attribute.registry.checkInterval = PT15M
+# Default control of whether to encode XML attribute data with xsi:type
+idp.service.attribute.registry.encodeType = false
#idp.service.attribute.resolver.resources = shibboleth.AttributeResolverResources
#idp.service.attribute.resolver.failFast = false
@@ -45,6 +55,10 @@ idp.service.access.checkInterval = PT5M
#idp.service.cas.registry.failFast = false
idp.service.cas.registry.checkInterval = PT15M
+#idp.service.managedBean.resources = shibboleth.ManagedBeanResources
+#idp.service.managedBean.failFast = false
+idp.service.managedBean.checkInterval = PT15M
+
#idp.message.resources = shibboleth.MessageSourceResources
#idp.message.cacheSeconds = 300
diff --git a/conf/services.xml b/conf/services.xml
index e04ac8f..5a4cdea 100644
--- a/conf/services.xml
+++ b/conf/services.xml
@@ -54,12 +54,6 @@
%{idp.home}/system/conf/relying-party-system.xml
-
-
- %{idp.home}/conf/relying-party.xml
- %{idp.home}/system/conf/legacy-relying-party-defaults.xml
-
-
%{idp.home}/conf/metadata-providers.xml
%{idp.home}/system/conf/metadata-providers-system.xml
@@ -69,6 +63,13 @@
%{idp.home}/conf/attribute-resolver.xml
+
+ %{idp.home}/conf/attribute-registry.xml
+ %{idp.home}/system/conf/attribute-registry-system.xml
+ %{idp.home}/conf/attributes/default-rules.xml
+ %{idp.home}/conf/attribute-resolver.xml
+
+
%{idp.home}/conf/attribute-filter.xml
diff --git a/credentials/idp-backchannel.crt b/credentials/idp-backchannel.crt
index fd26a59..c8886ea 100644
--- a/credentials/idp-backchannel.crt
+++ b/credentials/idp-backchannel.crt
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEKDCCApCgAwIBAgIVAJ0iknQBSFLEkl3ybj6HYSWkOw+CMA0GCSqGSIb3DQEB
-CwUAMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzAeFw0xOTEwMDIxNDQ2NTZa
-Fw0zOTEwMDIxNDQ2NTZaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzCCAaIw
-DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJJI3OlyhXVII2YS2VGAZlCy/PE1
-RPLwTb9hIrBETcpA3JwVba2hBq8v0lWGpWkmvQfsjH+bKRJe611EyXwWQH04qGCU
-RDCFKBU8E9P87m6GTeh+DC6eVXxOB2h0pf3Zmktf48hlhV1X24NwIjba6v9X8oHF
-FTFFqopOPAaJWnODPQyul/d4DqkqkBfQer6p0RiDL/V79WpTVG87pJxmGH2FbchP
-PivVO9sMYfC5lqe37x/zu8huU0jDnB20eqEjnVNjvPjzbF36xPA06770FJuPxCYd
-5oebut50pO7DZY7MZGu4/UME0JfDrnCsyPz2L1gdxXX28mydAVL3YwIajZzuPVwJ
-HC+HJuF3YNgIZ7ZO6uN2Cyi1tKKAE5n3G19L8NLLW44MVxkS9ox9cFvw5e2Zm+ek
-Hh6iu6Y9/blyuFjlqVaffM6l6NVnAAXPiIpwnBdzWdJqMcJzgC5bTqOGEZdeR9hT
-ei0e1s+bmBj3/3cOB3hII74P5sCuGLfiYqSQzQIDAQABo2UwYzAdBgNVHQ4EFgQU
-hb0zxPkLe5m7vmD8AH0fjATSaIwwQgYDVR0RBDswOYIPaWRwLmV4YW1wbGUub3Jn
+MIIEKDCCApCgAwIBAgIVAIsUgQNNYuil54yiVLUFlzdr/qQUMA0GCSqGSIb3DQEB
+CwUAMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzAeFw0yMDAyMDYxNzE5NTRa
+Fw00MDAyMDYxNzE5NTRaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzCCAaIw
+DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOSJwBSKrIMjDCdjxHYxQ0YGz56h
+Vqb/DklBpsOeOgXnFMPoDf941IDu2kOvCpRKW12wWmDUskv9Vi+4RfiA9gUXUCdh
+jHTNBUj9GXYafCFFMReZ/fVbqvSRHCE/EBHHjo2qAHTfw/R0P8IBdAICs1LvkzCn
+W3prZJnJH3HD3+W/yubesNe5cG3/D9OnAeNMcwtNh7fyuGIFzUL1OA/pL0Gu+UXx
+W0sMjOPR4Tlt0yi1k2tsZGmB6AYMqX2Wjd/nhjTibqGEVC0OSRiDtr/C8nEx5MAD
+bl23mzHR8S/9vxQN8Y9N78FtObnMcB5PPtkkJsqBPpAlDiz2ONT27AnTM6EsaBjc
+VG3PH7Js7SSEvJPuibTfxIOWcLmVVSt6RozMSclXpvq2I9l35hoCq+OaoF+RXbSO
+8gaon5NYbCfWVSpbmKbw1o/wcOqsrM1F/4mtZp3T5VMYOZBARXlewwkh+xm0p5JB
+lmJO8x9WOIiQFjiPZKkK63GR5OgO5RwD5O3U4wIDAQABo2UwYzAdBgNVHQ4EFgQU
+3ztcEnBpdG+CgScY9MC0g81oOVcwQgYDVR0RBDswOYIPaWRwLmV4YW1wbGUub3Jn
hiZodHRwczovL2lkcC5leGFtcGxlLm9yZy9pZHAvc2hpYmJvbGV0aDANBgkqhkiG
-9w0BAQsFAAOCAYEADQ17KGVQJ6AZTqDUDxVAfrTlFXysuvQg1WntrMB1PUzlb6Pa
-AO6Nb24YiY0PonSk7iz+gOg4P/V2b9wX4NXPBcX5h86fxR8R3cwZYsYKhwBBQ6uo
-UZnqtNyYNY/3hM2Dj8sR1PMijwgNmo7KOzzBPKKhID2dtGL3bS3TrX8xjmc7NK+r
-5VE9LrK3kG3ht3qM0I7iPMNuQXBOuduRG8WGD8NsFwHcYfORJmK5Ac/AtjHMVLF0
-x+m4LyLxP53t9/5+5fiJ3bghXM7Uuzjjmes6fdZyUcxinrwFxvSIGz3gqXf35Omf
-EwFemewB5B9GkAVXJSq2J64+iWXTo556YEC/RUrX6ZA5db6zHIeHX4BSf7U5YUBm
-LRJ/RJZKKPKEBBJgvh8vUFLF64tDn0c9x3n1mw+ZLHnPcjdX5v/stLVgR020vRx7
-8CGsrydmj+80Gm3Ji1eGJfD2LdUslve3bNerEW2AUM3DFx6wDlR5K/0ix98Ah1w0
-AuAeyajXyLR9NkPm
+9w0BAQsFAAOCAYEAAsszcNm8lHWf31vwbNGY8m6Oz6XXrhYAmRcudvs86z2bWw3C
+oDLvKWFuyJAAeIP11UpbW4aSs+P2f4I9/ZfTVbqKxPfSYIG1LSdKl5ICFaGP18K6
+PBqtu6eu71Hrz083IvR8qddD7Kl12aGfwDhFUtqy2zhmYsI7LhfwRA8ayJX4204x
+tOmU6LxRtgJWsdlqjyzcZ9buafqfvoTCbjnzbO2gUoEPCDUxfTi+HRn+JppXVxzV
+vXbs9G5xWI6eeojYtZqKWn3xaLQcPcla2b0dJSYvZ0paoC44hpwr5eWX2mGQ5+cn
+AzK55H3uOq975QJDIdXpuuWIh99y+jC8/NcUFkFjb/86DSOs+LtwM2VhjiL5HL3I
+oVIuAVBS4YAxE8NDGgcuPrS7+m1UjnHiagOkEqbhMr0/j16/g++CivWpWPxjTYfL
+Rbw85j+b7/uzUTYXzQgVpSnvgB6cP92MH3WNWyIYf+d/mribIybrKpE65diSVUYC
+vwiLfazt2AHOsVki
-----END CERTIFICATE-----
diff --git a/credentials/idp-backchannel.p12 b/credentials/idp-backchannel.p12
index ef5ab52..f39cfa8 100644
Binary files a/credentials/idp-backchannel.p12 and b/credentials/idp-backchannel.p12 differ
diff --git a/credentials/idp-encryption.crt b/credentials/idp-encryption.crt
index 23bbeb8..f834a3c 100644
--- a/credentials/idp-encryption.crt
+++ b/credentials/idp-encryption.crt
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEJzCCAo+gAwIBAgIUe0fsxBFnYrItqaF1zUSc7oTFFhswDQYJKoZIhvcNAQEL
-BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTE5MTAwMjE0NDY1NloX
-DTM5MTAwMjE0NDY1NlowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
-BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAlBwK5LM+22M0RLLhaVoTlgGJlF75
-0hfDGl45GqSVh7gB4X93icnoh2mUoGq/wgqx+YwCJ04hEJF0BXGRzmP5qQdSPw/z
-VV2e90emvoFvRD0OWrRDo4kn9GO2a4t8nAdLNe8dclsEpxyKktvmppMbna0jNGau
-h8OMsSNlTKH8C6qzIUtxOGnN75Qw1JAQ0N6U0Jl9w7x1LoR2tiyiTDKMAyx8v7xu
-eurxduh/Y1g/2fxi3UGA0i0znwTjEM0eZ/3JQMtuCKW6mTNTF/klBWiEhP6Vm3Yk
-WgbYDMgahiaEo2dzxmKgFfFysoSxkfV93zSh31+zKovj5NpNEU9LrlFDD8iRYPlK
-ZKjdleWOsGFbtyfvSV8Xq1bJvn9LScH02gCDbjkYFOlGgs32nGIqe4tr7ekT8A60
-S9dtIV54834ZdntBRzPkaLRaHb6FWY74U5+o1U1spd2JhWvFMlrkHCghcIWKmG87
-pzmZBFcyxSBIK0E6dhjm3EGXMmWdn80Sr1lxAgMBAAGjZTBjMB0GA1UdDgQWBBQ8
-+tUYkLiwLXUxRdIcfwUUs3s+dTBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
-Jmh0dHBzOi8vaWRwLmV4YW1wbGUub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3
-DQEBCwUAA4IBgQBXnSl1RPlziZEpGUc3FGoQCpsu6FovK7jlieATyKWD3NY7lha6
-iOqiyxpNnrekh3Sf3XvmwvoxBHULQNS06GMMej8WtFBSaomNIkuztzMUAEmil2UF
-rP1xT0Gx+lT/Don9e60dGMMl2FWYIHobkQj4yhjSW6yN/emQRkwOhkj1DRGkZ1Zz
-wIRtH7/VT1YXH6n4P6lWNMgV+GInhT7ogitN5Vf6tCfMaZtowu3bb2I1gDlgYY/v
-0TrokTQteO7vcf+EpTODPRBiFV/Wwub5r8BDN4O3qGt52f2lhlEqdupFArooNVyF
-tU+zmj0gaclvvBBAaN2oh0Tj+j7HBh1YWB8p93vm62dKqY/9L9xSNAni6EI5o7dm
-58OUngvQopb7U7MDDuH2gM0XiH/R2BNp4c7/jqBP2Of5Bg68yKCZHB7D5XOJbQLf
-gjm4h9tRHtDijVkHcuIEICBwrie+JSEL225UnTfsesPiArDvo5BhQeNc3q1CPJgF
-2QOuaDoiGwFbc5s=
+MIIEKDCCApCgAwIBAgIVAJ9U0+AO1v0VbDiaql+oeEssbFCYMA0GCSqGSIb3DQEB
+CwUAMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzAeFw0yMDAyMDYxNzE5NTRa
+Fw00MDAyMDYxNzE5NTRaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzCCAaIw
+DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJyOGdr38pJc2pEZe+YcJSoo3ym2
+oP/5M2jW2mT2oJO13qrcTcBZi+x8/g+3wJmmJxX7BACnSquY2FZ0eDJl0rADInTO
+MihxesnjSVo9t8f63hTJ5SEpqM70NnanOcEbJuNQCr3ZRxXjD2Xnoiql1wY7EcDY
+S2B4LWNU41ruqZcZAitTHA9jIA2+jmIGjqKSh1mBmFqN4fVUQICW4NExfedIyo+L
+H4wijFi3W4wFdqYONYmXlxpG03fRokOplsFjwDoxLKR5h5lNnyd/vjQ6Prx+vedu
+FfdAt1TGAPJ6DXUtoPVpyajP6WZK96jXM7uaHlQ/uLMQQwJN7nzfvKobCLylHRre
+Y2aov0JOEAqMd5X9L7xPcB+DjKkhaUBowS+qb50SNK87eejpZQS8BEhQ9Xi/jHnJ
+T8tn9vL39NDwvCYu6vdpiY5kexKZ6WvVK3NltkUzaKMuvfULmHy2pg1ro30Wwb4+
+rOfwvLkE4UZdg07JyP94obkRVxh9uBliAqvDtQIDAQABo2UwYzAdBgNVHQ4EFgQU
+zOMLGuvLojqNEvGDS8IddKPwM/cwQgYDVR0RBDswOYIPaWRwLmV4YW1wbGUub3Jn
+hiZodHRwczovL2lkcC5leGFtcGxlLm9yZy9pZHAvc2hpYmJvbGV0aDANBgkqhkiG
+9w0BAQsFAAOCAYEAC+KIjwmRVTPwbzvwkYum1ZCjBL99Z4T+rvFtYM9HWWZQqKo/
+YmQIF/bYtf6IzU2ayQXd77Wrm4gfJYXvIdLqpj3oE1+kBeZ+XJ1/sn9Rp7qw4int
+pyPZ9W+j+/IAD2OVs6ykbU32QnIrKYAotgIygwKTpzpkg+peuzQ1l/duCCT4m7Re
+e9RHjKfrp+pRwBG8ppTE2EupCkJV+wIokZCn1kepDJ+E1CodofVAIUuXkX9yAwz5
+eqfLj2VNIpHLHNi8U/LSutwOYTuulBdPWvjYQ8wZZoE4JId4K5u6wvMwbhpDad0e
+kar1XJR8zFBi63smQ3CJ/7jUCbanESVAs3U9S5o12Bl9sfQsAxz4icLhhHgEGAV1
+UhpcGn83CI/hWp/swjEVstIxlrQOpr9nd3G3zLSrTS6TRiBMMfVV/wkwnhBFfUaM
+cWp5+Rt6wo05o8+njQ2QETsFt8kP5SImFg5YNatqiXPrtlY6PBULB8yOil8mX4Bi
+OK0/vM0ibCFaRAzB
-----END CERTIFICATE-----
diff --git a/credentials/idp-encryption.key b/credentials/idp-encryption.key
index 3e9f81c..9fec9ff 100644
--- a/credentials/idp-encryption.key
+++ b/credentials/idp-encryption.key
@@ -1,39 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIG4wIBAAKCAYEAlBwK5LM+22M0RLLhaVoTlgGJlF750hfDGl45GqSVh7gB4X93
-icnoh2mUoGq/wgqx+YwCJ04hEJF0BXGRzmP5qQdSPw/zVV2e90emvoFvRD0OWrRD
-o4kn9GO2a4t8nAdLNe8dclsEpxyKktvmppMbna0jNGauh8OMsSNlTKH8C6qzIUtx
-OGnN75Qw1JAQ0N6U0Jl9w7x1LoR2tiyiTDKMAyx8v7xueurxduh/Y1g/2fxi3UGA
-0i0znwTjEM0eZ/3JQMtuCKW6mTNTF/klBWiEhP6Vm3YkWgbYDMgahiaEo2dzxmKg
-FfFysoSxkfV93zSh31+zKovj5NpNEU9LrlFDD8iRYPlKZKjdleWOsGFbtyfvSV8X
-q1bJvn9LScH02gCDbjkYFOlGgs32nGIqe4tr7ekT8A60S9dtIV54834ZdntBRzPk
-aLRaHb6FWY74U5+o1U1spd2JhWvFMlrkHCghcIWKmG87pzmZBFcyxSBIK0E6dhjm
-3EGXMmWdn80Sr1lxAgMBAAECggGAOEnMDgzdR62VMMK3Dj3wkaL18ZCC60iimoPS
-ugBw38qb1GKIQLKej9AdbzYCuLEt4IRIUT3NLSnKaUM3QbQXLxkcNeFO/lN9VcdC
-ZMZ2Tf3SVcCKsD0xFR1MN+UkL3xKJi5BB7P1ubkMJTIzn3zrEuq5JXIcxHYaIzwr
-hItPafOu7mlolyMG5BVy1WYHLgpZjkm3VUtrUYmAQE4IRGM1eQNQSeJILqjZqfJE
-b7IbWjIkNKhvV/Fb3ASUc08xTh5R5daoC3JrdtcCUb77Og4Gn7UBht7miyBx78EW
-8kuy11kbZB7IO3h1DJkfsW7pwHkkrXFL7mmg8qS4sAMcIATom2oysgriYAGxaBZp
-Ub2lZlTj/pPoUuqG5bixedQozirV/m0bIPzFUP+2JDlqZJSkBV2f8VkTwKi4udk/
-fYiWM4POqaWD19DMcwZ3mMRYdmMXN1hYam3VRwFHt8xsToO31l1lI6/ndWNet1BG
-izrergy8vh3X9I2iL/MtfUXurKx9AoHBAPDDPf4U7mjU2SxlUtGXBjZQU/CIa7YE
-y1jXMuRKIpzCcOpIEqIIVD0Mbl7a7pGxuXIRjrvxgLVtTCN2c3jZlHkUxWfJ867g
-gaCYwqNz7PZBr5ChQl+UsEzrM2tE+Vd512HQW8Zu1XfoXdoEPkQTAQEy/21jERAu
-sVIzclkwUoAYVBn8Yi8V6TZvJiKobU2t+5N0ngiyOYa6FTsHG36yrzryEUdQjj5q
-QfPtZtCVe8k6gH8GzqL92h6HmKWbtGQgYwKBwQCde6oycL2fPEoJVG99aGwbenOp
-jAMYjZN1cvf7IYiRoJ1hY90TXs9I+Th0ASuuoaiqQWS5s0xVfU/ROWg8hz9AY0Fh
-EkR/iI7WdPXR1pfLc8Gc+IM8fx44cixL/wwIrmfz1TTUA58+36Topcgj3pO/7sBK
-dWX6O7f9e2iL2hFLKUYmkKLylFW1iy9TZHWYiW3A+P2eXoLqOXH067SFkmgVmRyI
-zo6aP/+ui0Ob+GqrJtE0qYCoIT9bx8M2aJ/qBRsCgcBv14K4wShu8lFgWkE6s5lj
-KbWUiwreJyP/RRiTDA1AHOMvMgPV2WCoa1nqHnGspI6s+pL/o5RSs08nOiMyBIEA
-LjH1oM7ecdRFsjDYlUWCr8jKut6GYB/121yrfAMIK8Vt3siDSYFIjlzqpgX2wY05
-7WLSga6vgcFFmjiITfZFIwgOejtx/A+2BbQFbZA5AZVYTlgLWh93AoJSRV70YDUe
-gMyeAEHTpLC2i5WzV32FYPPIDnV3Kc1lWUADzmziBlkCgcEAk3tfrbM1ce2lLE2d
-x6VGMQmhTfPoZlMX+JL9t3r1CeSP3sgGHwDYQO/ctY7vGLEeYquxJ9PJNfqQCFGp
-052ZV7RcYwsXiRQbKK4KFETSjV9Pv7BgPwSRCa2q3FTzMSIcChbuTWtC9D+/kXzI
-DQeB+OofvNtq8EiDC2lKREapkWkK4EztvR27krPRU1iuZHa3iVPlOC4sjivUE9m1
-iq3MugVU2q4OkFhFG3Iik+u2AajtnVLsQQg57LsMj2S19hRnAoHAdzabeYxnCZDX
-AHPwMTZyBltOApLU3yy1TqPSunDHHl+AN/56Ct5Ug2d1pLYgGvk5oIrz1j8txEki
-aGfjhIs26lfjOJ2y4HIbLdeNDvfWLHi7OreqNkN2Yq9UULvDSW5ASngom760o2Hn
-e/VPvoWQgvIFCrhw7jBC0GJFHVFwBpjs4kjUgmr8jbxkWgk3LC/SugclDZUnE4X2
-ecB5GgbcER+qYbt7WuDYf3690QTp3n+h7BXs9UTeJXIV9BzY1JqN
+MIIG5AIBAAKCAYEAnI4Z2vfyklzakRl75hwlKijfKbag//kzaNbaZPagk7XeqtxN
+wFmL7Hz+D7fAmaYnFfsEAKdKq5jYVnR4MmXSsAMidM4yKHF6yeNJWj23x/reFMnl
+ISmozvQ2dqc5wRsm41AKvdlHFeMPZeeiKqXXBjsRwNhLYHgtY1TjWu6plxkCK1Mc
+D2MgDb6OYgaOopKHWYGYWo3h9VRAgJbg0TF950jKj4sfjCKMWLdbjAV2pg41iZeX
+GkbTd9GiQ6mWwWPAOjEspHmHmU2fJ3++NDo+vH69524V90C3VMYA8noNdS2g9WnJ
+qM/pZkr3qNczu5oeVD+4sxBDAk3ufN+8qhsIvKUdGt5jZqi/Qk4QCox3lf0vvE9w
+H4OMqSFpQGjBL6pvnRI0rzt56OllBLwESFD1eL+MeclPy2f28vf00PC8Ji7q92mJ
+jmR7Epnpa9Urc2W2RTNooy699QuYfLamDWujfRbBvj6s5/C8uQThRl2DTsnI/3ih
+uRFXGH24GWICq8O1AgMBAAECggGAPFWDX2EZKhEA5tSkbD1CkWno/2Fz0NKQXoIW
+7rwhjGuV4dE/Ybbg9wYAv7v4TP68p3rywvG2FEW2cjM2s22McerzV4Kzz+RUBwRC
+G7YXYsmq1uYsGMi+VuvFJZsy5dn59ba+PQZEoAm+wG4xkDATm0IeiGyTOB14mIR5
+jmzWDPZFYL8J3GA+VS2wH9UZGUxRP0xzk8qEX5DVvvjmsZhaRk1GS2W5hb82yWX4
+sRDV9g8Z0OoMAMN08gNnfp4YDHXNX70NKxsmxaGkJOz/7VB3pF43iv+hp0Vmcc5t
+3MjbBHnnPY9g229g9fMEbbDzu4wvLA3XvG2ExF+cDEumX1KdtjoeFJXke7mi3tIp
+2xlSaDpDIc4dQDvIWnxpkkRXGh+QDWlaZJTPW7Ju6IATa9w9FYsDO90g1G1ezqMW
+emZkzzTi3UnBhZUmtNF14tIT+1PjGPjnTq+9EukDHTetNBcnX1ozv7huzeo76utq
+69oiorLK2YAAayC7k+/HX4iDNvvNAoHBANW0HaQ50Nr7Xq0kbVdV5p+zO9pxhIc9
+gBQGuzMGXU1jbT0j5rIglGfZMLWaqyMEw6ek9kF1azyY6ozjDb5a4+OHCd5JLeh3
+BmAufbosrYT0/yF5mDXb4zGuS2ZD2tlWBhed1MgK5KSTIF2tfMusA2n4DBNkVOsV
+J1Jf4Sd09fYNbEVB/MDYvVHgvXIaovmkQz9rlOWdy0XigxGlIiEledE1YaTSOUVU
+J9sshdt+JnULPG+qqWkEQTdcatlGTccN6wKBwQC7imX0Vgi78gEp+nMRaWW3ZdYv
+lA0dmQk5YTSV9XLcYVmaTic1uinFgwjbKPoxbAsi29qTClCAPhulY/2ixdw01o3F
+ei+rMiwaPBtrFyF43dQlNPJ0cbQBTyJI44pUcA+WKhdfN0X4KyTyzUFmAR8AiZq+
+gu80ToVu454nGQoH73GO4sAGnR8GxSpZ1jIatBNsUHmlwblRsoZhIzAaKlXWjnF2
+dVXiEk+BdsqdWSZKjS6hWeVEJnAm+OhOBp3W7N8CgcEAm+pgofwItGwnxD1KhSjI
+LYYwSgz+e0lUk8fhdrXTBu5euffijd2VSTs9/ZGOAOut8Dc778BCcCDFJ+tUkKhx
+kgRpH8PWeb+1aCEjW9zS8KlrJzo24jy+wvV+T2t8VYscwMhHgXfpH2W0fIRiA5tJ
+llwCO3e9ORLi8IfBlu8PsOhUMSeWyACaCA3nSkPC2k6NPc05Alog/6jmpc4MW5Cj
+Ew9WYVF7tWhT9+XA98ZPOp/rBTHHjjYrer+zuThA8NTnAoHATzEf4E88HPESIMHL
+OT0CYLE2Ap1H9Imc5YfwhqpAuGK7TXdXA077OJYedT0WeSwgf7XK1HB0kdKoJezV
+O5jFZeJ7tznjSy1Chkl/YndAASPa42M6RoWE91CNL641yXYQft6DRAe5GhRN4+Fc
+jlBG4Rk6KNxtWe8WVT70l5nxLGylzSpe3+wVH+y993WFbtU/pmtNEvt838y9BeOv
++jyKRrGbo+PkQjRtMkQRRuRQUQbQ+/1T3LVGgo50ug39NLaNAoHBAK5d0JIkk5/j
+QqJaFwIp2hnPHHIRb8BCtrIBzjzEU3jZ4AlVgMeRhdkObyZqSr0MQ5jiCKQR/mVr
+u7biW26CSbcF3+mj6aFYzeSXr2QIKQRnZtdBOcyTDnRLlWSe8Z4e4C888YuFF0gf
+Nnh0XrKdEUMuc6QeHtm//5X14nGj5noqm9lRYmQ/hk114Vxn5CEphCZOlxZwYVX4
+WcZ+73VyJ/E5W9zXEIqcNbtzvHfSOeOXKl1Rsgh6QHpsO0GrMbFD5A==
-----END RSA PRIVATE KEY-----
diff --git a/credentials/idp-signing.crt b/credentials/idp-signing.crt
index 0468315..034f9db 100644
--- a/credentials/idp-signing.crt
+++ b/credentials/idp-signing.crt
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEJzCCAo+gAwIBAgIUOCYqGG6JElEG1wHKL7CvULRTvEswDQYJKoZIhvcNAQEL
-BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTE5MTAwMjE0NDY1NVoX
-DTM5MTAwMjE0NDY1NVowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
-BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwkiDw0dpZmup6VpfVXkib8fiv7KF
-T1Z3z6tq7c/ki/CH2x8BYtLPNgIvQa8KhggHUKG+rRU9yBwWg4Yvdsi05h5pJwcE
-xE1hwE7oVWiY+DtMggv4zVbDm0TnbvJvXN9eYXNn/e9RL3hD3umPIzDSli3wwiNg
-GvMesn/4Npq6ERi80CPIkUENkL3N7XTDX+Fy/mhXCxc73Dv3Meo0qk0pii005nV1
-vHCP9jsUgPfDCBScUuikfQ8V9SPLgOSf1x3vc5RqSPWaHgLesqoXpFFTthlVjB8j
-cUzqjQllhOS6LKWJE7VIfV6MdpfkRZBWhsaeuT7I48kRmFuALLnIopkclqu3HtON
-0Fgd1oPPBHa04bLcPqbneqGL+2RzZOdnuarTtY+JOuCRnE1qCWUeRoH2yeMMdKPy
-amX6HZJ35Vsk3uJxJX/IyipduZ+nHPC5qi52Elu+oyBrJwTbVAhhlXwPehC6nU/c
-1LUnbo3M4SGOYWuPmI1ko5KF91MVUU7ttmkFAgMBAAGjZTBjMB0GA1UdDgQWBBQ1
-CuX1jKcG8rdC0xBBveSJAYoFfzBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
+MIIEJzCCAo+gAwIBAgIUFmFRSFCknM+R2MDTUOUxy4Ly2a0wDQYJKoZIhvcNAQEL
+BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTIwMDIwNjE3MTk1NFoX
+DTQwMDIwNjE3MTk1NFowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
+BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEApypXQpLV3wqhAtxqO99neORxrWkM
+pmTF3w6/R8dvbxNIUAmO73l5lssAKcBUumzsxJiyuXNfBqpUColP94EByCUSNxmt
+iYiqv2t57dIX+0xVnQCp+IV6FjNG7IqZtODIicSeJ515uBKC2iVURtIUPG8Bx1h7
+IucPXgAfO5+fde+82nCH4/QTNTHED6JnsuATQMhLicTmQRCMTXLBirIC1iGDqc6h
+fqBPMKUKyVJ9cpB1z4DMZ3dK+E7OUeO2ewvA0y43s2Bd2OV6paJ6ZHLcLWMIEYue
+gpxfh2pGGDZeryxyfG72BNbJ2mf3sMz1EtBgXFsHjCnGiSJ/BRLRJ0bs+Fr2Wsd+
+DmhMkJ0QyfFsbuyfMhPXA3j95l25NHHH+OqZB5UUssvqfUZ8X0hs1Mt01en1Gfp+
+uS+FSnytcO+/7jIL4DRFhrHOEXZHqnGpcRgwti6WmBcQgW9nWFCAPhEaSSARUxxr
+tinfyg7zD8I9Jg9iwRZU6W/y7oMH5aifaZ+rAgMBAAGjZTBjMB0GA1UdDgQWBBQN
+5NoPrBmezuYsRGNOlMrQiVMNvTBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
Jmh0dHBzOi8vaWRwLmV4YW1wbGUub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3
-DQEBCwUAA4IBgQA89rYZmayIfst0cGyt+zdeHpnvyo+zVfAk7OztXF5OXsakX9TV
-Iq8ur1lq4Q4KC/Ev+9p1za1gP7Ea9ugFJinuVa6ntpzGP0vh42pmphLNaRFvnPch
-pwgGCvcF2leYG6zZl/Qln0Kbv+pyByens7xPdKKA8U5ySVkouLuw7017XSIulPtW
-u5tPz51awJubHCK+FckcVH0yZZg44s4HmjzLpJCdslMIxmhtX7DW3vtqH1pL9Mir
-3qykySFUJGthV3ndHesG08y3Tni5HZaRqHHafGRBiezO8JCwVvWrdC29SdAwY2i0
-HhKB7zCDOpYrh3o8TTx3ZJd+6Uel/e0bCefs9uhMj7O5ErNySHyTtNRrFxTl2c98
-RDweMp6NLfm+P3+EqJycmpR9CKudcL6RUikN9hDvy6qqG2t5fW7pvU/+mzRm/3Cf
-gMxKHQM+OAry1E6pQSYh8qkPZYDezwiz4gINxn7SFAxFJQcTlaSVmFHLOQV7TetI
-g4sTktRrBmgU/vk=
+DQEBCwUAA4IBgQA9G+WW5ASr86DGtUZEwzp0ZQZ4EBj3/tAHG8VuORxbA8hMOFo0
+Iz/NfzFpurGJtd3S7o0DepEwQjMZoYja2bYSJkpHscm9sEcrIKyiu01kOsjCwncv
+xJ+cdILWS4JUZtk2vmnRjS/ufHLBPTcEYGrix0DoG3qPgqNXljRptrvrLfeDIvid
+AalmxNqWyKDNDgWua9iB9piEF3ZRe1Jc/Od5ByG1sjT8z+NbZuR7QHEwgziBl1ff
+4hpE84JvUhxDu8xhuwTJBkTh9Oh4+wKquRNwa95dhrQrYDF48oA90dboRaO4X4z8
+TxDy8v0QMbGFUIVqhDkVGPbzbir8Ni4vScjSRIzpkAX9FhfqoHaD8rl5f5DTpDPq
+dK6Kg9675akm5DKQ1SGq/3rl6ucDEtN1ma5UqBVZkXGKmo61PcnWMeTRioAprcnJ
+rYw6Kjf/0EqShDEbkSuiVR63dTr9bdFS9nt74uyuEpSBfT4ryRZxCOOlt/orIxUt
+Ae3vkDmc/eCooWg=
-----END CERTIFICATE-----
diff --git a/credentials/idp-signing.key b/credentials/idp-signing.key
index 9fe1261..191cf78 100644
--- a/credentials/idp-signing.key
+++ b/credentials/idp-signing.key
@@ -1,39 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIG4wIBAAKCAYEAwkiDw0dpZmup6VpfVXkib8fiv7KFT1Z3z6tq7c/ki/CH2x8B
-YtLPNgIvQa8KhggHUKG+rRU9yBwWg4Yvdsi05h5pJwcExE1hwE7oVWiY+DtMggv4
-zVbDm0TnbvJvXN9eYXNn/e9RL3hD3umPIzDSli3wwiNgGvMesn/4Npq6ERi80CPI
-kUENkL3N7XTDX+Fy/mhXCxc73Dv3Meo0qk0pii005nV1vHCP9jsUgPfDCBScUuik
-fQ8V9SPLgOSf1x3vc5RqSPWaHgLesqoXpFFTthlVjB8jcUzqjQllhOS6LKWJE7VI
-fV6MdpfkRZBWhsaeuT7I48kRmFuALLnIopkclqu3HtON0Fgd1oPPBHa04bLcPqbn
-eqGL+2RzZOdnuarTtY+JOuCRnE1qCWUeRoH2yeMMdKPyamX6HZJ35Vsk3uJxJX/I
-yipduZ+nHPC5qi52Elu+oyBrJwTbVAhhlXwPehC6nU/c1LUnbo3M4SGOYWuPmI1k
-o5KF91MVUU7ttmkFAgMBAAECggGBAKiX0reX9a/qR9T3FnmOl8KWm38shKCXcXrl
-zvG1kSeav9n3avV96FB+ztFZ+3DZ8LcY1OVP5IANV8AkpnWWr9xtkWRLo+hRGj2O
-e/D5xpzKoJbNmsddvnqz7X2Kpfba4wT/58MldLcTzxnWZd7s1CF8lktx9UkNpprR
-j+yaklKZu+eG1dqur/3lp5ii1ZQTiP2aP8ahD9IKu3U2PyN1uFFu71P5pAS1TUgo
-dp9/4V/Wutz7gxn/CFflCwi73LUJBKfeJM4XaBccXkZhwNBQDvFUrBKZXIo6M7LZ
-XlOGS8d8E6EZgFFl4NhJpWk3ckKNIi7AlK5zhra6i5+JgpWrVYrWNk9tzsuL9b+0
-mia4is3XYo3l8nqnyZLNcvE+OKmci9Z/BMxDZ82tiFWSSjqrAnoDZR/oI9L6niOU
-0vk6UtFW1BqK8vUN0DrD6pOYKmsALwPx9JmnGnGS8vBOZZRKX2YjkOY7pFXGi+YH
-CZ5MTc8lyHJngyN8EgJ1T50kc4HjQQKBwQD1VhTmnRg6EwrtIGhXLSwY+dRL5WK+
-qaovpXcyMj6F2r+Dl/QBq+QD7uP3U5vI+kEa2JdBd9OOaxBXdXZK1/9zk+jfEUtT
-SvWCcKoB/Xrla4WHfGEtUxC7qitkfTy57PB5j1X5qDr87epZ15mRAz7r7F64XjwT
-pbuZT5wHAZnrphVs4TjBh2QjTP8ATj01J508XI6DC7KMxdYioApD1Kv5VV73fiNi
-cpS9NLtkaR646peZ77tYa+7pgcVcxmcj8lUCgcEAyrpafyiI9IyrFsZWAacvb3r+
-jRJh+fNF/u/VixDMwAFVwjy8CMIC4EbDfyHalsPHN8yr0NogCSZ5iao9/benx6gm
-4i/3mxhOY68h/N28etJU55cPoOIWGXcs4KJNEQNC7N78yU95sC4IXJyFwzI76VWx
-pCzPx8QYzYo1Uy/rALuMXJ6FFhZ/fPqwQKtxpNxO/jVGSHXA0Ibn1ED3vMBzD9vp
-fP0si69AjYfLaqk/dsq/rljIXxBmfYX3oYJHfyvxAoHAe8/PiHqraVOG5hi+z4/6
-ezhJjWvcI4CYZKdKukhlCURV9mFPQTCwR9PdtEm7ivfQt22rF90TJQKfIqQi6K6N
-OpTgpwKhUw23TPbytUJpLTLQFooMuMT84tiEQZh6dxI+YfqWVwIxkse2x1RpKafL
-r2CAhOb5xqiTPlHQ2jBSr3wHwAUBkZl0TeRjpJHXjeXKElZbjYLvvt9wq9S8mXLQ
-v2n4HUrJLLvKmJnuIER0vrmVfJhhocQGtE1LfwCZuKhpAoHAULbjgw8zgBJlp/qt
-kZjr5PnWUXqJMcgvDTKWFflJXATsDRq7Ts1X8c2a1oo3CqHGNqwxmETQTnRYHXx/
-k/3EOlTzrkikz8Zcp4m6AYCTI1+M2Gwnl8mMPPVbE9Dq2CQxSDf783bGH2QkhiL3
-iuD8Q4mP4arJy2KC8YreclF4wmDpoJKosEOi3LK+6/CWnantdX7mjcD8VMnxkWuQ
-d0E0TpMjIlV2n+LV08PGNKBQGU7eBF9q35abB80H6/D/4F0xAoHAea5EbTEhTd91
-c82Kus2Mo5NY1oN5V5gxjrp9MHqB9AQfo/Ihks/VLV+2TFDIncFgdQvdzWm1QTNj
-PPLMRcxkVDjqjjlE7ymPGVLHZIDRRuDosATqOD9j+JHSib008xJVdL5awm8yG32T
-zQz+o+rjD+b64KhWamVuKUaf0DXE9i9hIjeROlzw5c+TD4yo8RLRRxNekX8tfxZ7
-nIapUVjyooDHQ8UfdOqpBfWXprrNrwSVQOROCeQFmongU9ZIaYAo
+MIIG4wIBAAKCAYEApypXQpLV3wqhAtxqO99neORxrWkMpmTF3w6/R8dvbxNIUAmO
+73l5lssAKcBUumzsxJiyuXNfBqpUColP94EByCUSNxmtiYiqv2t57dIX+0xVnQCp
++IV6FjNG7IqZtODIicSeJ515uBKC2iVURtIUPG8Bx1h7IucPXgAfO5+fde+82nCH
+4/QTNTHED6JnsuATQMhLicTmQRCMTXLBirIC1iGDqc6hfqBPMKUKyVJ9cpB1z4DM
+Z3dK+E7OUeO2ewvA0y43s2Bd2OV6paJ6ZHLcLWMIEYuegpxfh2pGGDZeryxyfG72
+BNbJ2mf3sMz1EtBgXFsHjCnGiSJ/BRLRJ0bs+Fr2Wsd+DmhMkJ0QyfFsbuyfMhPX
+A3j95l25NHHH+OqZB5UUssvqfUZ8X0hs1Mt01en1Gfp+uS+FSnytcO+/7jIL4DRF
+hrHOEXZHqnGpcRgwti6WmBcQgW9nWFCAPhEaSSARUxxrtinfyg7zD8I9Jg9iwRZU
+6W/y7oMH5aifaZ+rAgMBAAECggGAIw0/ytfbPK+P33e0VuWbXsAYDhKO8n0C+Kiw
+9y4ccaALc6ztac2A71uVpyuLGKQqaXbTUwucC1u/z43HVNCaPQt47FDYEJS1qPmy
+UWnSWYFCGm+/NDtYxDrwTj0pycGwiyLNPuVIVo6bHX7iUw9N6vYj21b0SvdEQ6Om
+6OupliM06GDcPbI6LNdIkzaso9dUcisNm8/LsCz2Hm9Hoft9mMTiRMLtHg4jTMHu
+pxRC9bjQ2zfYpIFhGPv9SzKCWv61k1FC9VyYgV89xVtzdpxg9/h6hL8GGfzjgOSN
+inmxqmchFWgTlSJRJb18W146UXxLTFYPkGvoS4oj6dKHKcCbKIl1t0GmpGJiO8v6
+V4eeK1WM/M4L4ipX/4rBeyLtXfyIlJZpkVavyRAaObCglrpXgH5zqoe2i20Uy+bS
+YRjNkSuFBLmM3NZTM8+qfSMgQjYKpJBrmbyh0NmYNITDyfeXzpGPPc5PsfwB3DZL
+BE01YSHCQaCfpONV0uc0BG8HoF+xAoHBAM9VvjKStNnbaPGTs3HV5lUe1ubf/b25
+Cx7Mo9ZPkf5zifM8AxmZs7bQqhqyCKo02+esKd/+hGPYK+M3KCilWK0G9XNakmw7
+nxNJ0VI0mycTghoSFj1/m97epDD8HsKofQWWL1xG0JnlreE6Vv15+BCJ8tCnXElk
+QBDMkm8CrWfIznEViMKvnh18bH0XIVkZJCCXOAZno3RUBp7k5enyps4hvxcMQqTX
+FBEBADyByp/gjEUNQZtCUNPUpN7D0ZAERwKBwQDOZugvZyDkqlT679/75LCc4ym6
+wXuRFLTDE8VfYw1xZ/TIqkSabYRF0cJWTvqSb9YdGfKHLnyKELJdUEv0wxg0JGIP
+RB/xcMYdHvjpALUO/18lSei1wz5zMgNuAo+/aC0zO3l7By9tkgAfvTFjBMTP/pN/
+/m1N2+IjTY2AxIXzcfRw5doeJp/8RLO0uCKT8rzz3yAVnJTtTLAU8fyjkIoX0wfq
+qaK1rJcvWI2yIAnvOrwK8N8KnHZu8JPEZ+n9r30CgcBlqc5sL+F73YkUw26+x7p8
+THXlmTlrOPvJ61/+qt+UXATtfqSqfeJQJvrxwhBbnTWi4Jlb2woBhzLl49rOK11S
+4lGicWvQpF947r4zx9W4EGm/7NR47UR5wMPTvRw8KK+8+IpafeK1Q5jCEoArJA5N
+1cZ5J0cqOXzsf9Lhmfd7J0yKyJtZkxE9tg/gOmJAtQIw9NUk1tagKL9iVCykTTYb
+ZxKy83EOMOQG/m2mPaIkSM+e4EQmJBtL8z2weWYdbusCgcAhyjUOtZpr9PqujiCk
+Ez9an9HQEibRjIs/OHhickvcGgG37DAI/A7gg0OGb62T1Z0+7GWI/fJDhBI/NosI
+yfunZaFsEGIOW8EDOXPUaVo611HTP/NJ9mm94B0xoFe6JSrpLT5pBrcb///nMkjo
+hfpWdr3dAWERkwLFdsfIoeOwBCLZbLe1oeslGHY3CsIWaHHIlumgwB6dbqWQ+EC8
+4kfJOLIeF6FcjqG9jYi89YPK11m7jM1m5lB5Pwdh6wUik90CgcEAmhPeuvRrwg8L
+WWGG5d89i+tlqJ6ooeUJ8Dn8jFUe8i0XfLFys4min4KsDb6urDs25ZcJqpaQ/TXa
+j0zYdaog+fPY5hmO18PoDq6jcv6XczJnq/XkgPzYR1i5PAe6gjXdMPWua9VMgqCm
+aVqJxSCTdmd/RKhw8lUSqchT7p57B/5d22FHoky4fpJH7ihh53EVDHRYG/MSEqBl
+SV0LK7SZSqZA80+tFnDf7r4TLDWVpmkLl9fn32xIE7EKjyeXUcuk
-----END RSA PRIVATE KEY-----
diff --git a/credentials/inc-md-cert-mdq.pem b/credentials/inc-md-cert-mdq.pem
deleted file mode 100644
index 4b62170..0000000
--- a/credentials/inc-md-cert-mdq.pem
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEvjCCAyagAwIBAgIJANpi9/mkU/zoMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRYwFAYDVQQK
-DA1JbnRlcm5ldDIuZWR1MREwDwYDVQQLDAhJbkNvbW1vbjEZMBcGA1UEAwwQbWRx
-LmluY29tbW9uLm9yZzAeFw0xODExMTMxNDI5NDNaFw0zODExMTAxNDI5NDNaMHQx
-CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRYw
-FAYDVQQKDA1JbnRlcm5ldDIuZWR1MREwDwYDVQQLDAhJbkNvbW1vbjEZMBcGA1UE
-AwwQbWRxLmluY29tbW9uLm9yZzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoC
-ggGBAJ0+fUTzYVSP6ZOutOEhNdp3WPCPOYqnB4sQFz7IeGbFL1o0lZjx5Izm4Yho
-4wNDd0h486iSkHxNf5dDhCqgz7ZRSmbusOl98SYn70PrUQj/Nzs3w47dPg9Tpb/x
-y44PvNLS/rE56hPgCz/fbHoTTiJt5eosysa1ZebQ3LEyW3jGm+LGtLbdIfkynKVQ
-vpp1FVeCamzdeB3ZRICAvqTYQKE1JQDGlWrEsSW0VVEGNjfbzMzr/g4l8JRdMabQ
-Jig8tj3UIXnu7A2CKSMJSy3WZ3HX+85oHEbL+EV4PtpQz765c69tUIdNTJax9jQ2
-1c3wL0K27HE8jSRlrXImD50R3dXQBKH+iiynBWxRPdyMBa1YfK+zZEWPbLHshSTc
-9hkylQv3awmPR/+Plz5AtTpe5yss/Ifyp01wz1jt42R+6jDE+WbUjp5XDBCAjGEE
-0FPaYtxjZLkmNl367bdTN12OIn/ixPNH+Z/S/4skdBB9Gc4lb2fEBywJQY0OYNOd
-WOxmPwIDAQABo1MwUTAdBgNVHQ4EFgQUMHZuwMaYSJM5mlu3Wc4Ts5xq4/swHwYD
-VR0jBBgwFoAUMHZuwMaYSJM5mlu3Wc4Ts5xq4/swDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQsFAAOCAYEAMr4wfLrSoPTzfpXtvL+2vrKBJNnRfuJpOYTbPKUc
-DOP2QfzRlczi7suYJvd5rLiRonq8rjyPUyM8gvTfbTps+JhJ6S9mS6dTBxOV1qPZ
-3Ab+XKmq8LUtguGRabKgJgmJH0+inR/wVoal7EVHcWXfij9AT8DZOXW88shc6grh
-jUaFZBu/2+q8c8ee0e4ip8B+CVEnCwDKI0d+nTcSmPvAE34CNa33F+QGpXawv5yv
-VvIpSaLAeFQhc/jKcnNHfy+Zi7JmSnKZiMvQCbWANQmDjHg7pGmBW9nyQcm6P2/B
-0AVcEj1YTpAR8Mbh1pUdIhoB+chaNnFEIZsXeRsdbbAFpxodInlJ7WekfuvSQ6sU
-EXpoyBGOeuuTmR1va8k3QeL8Wc4yNu/g5LwjmtvPrh2jBF8xujc4J6VzP8K2BjA4
-xk4LnXgjHOT93dBAJhVYJkykDHwyvHUvsBHoP6lfjrt5P8zunK2mdP/AZKik+Rdt
-1GGlErV2AyWShTOaDLW6NxdP
------END CERTIFICATE-----
-
diff --git a/credentials/inc-md-cert.pem b/credentials/inc-md-cert.pem
deleted file mode 100644
index 3ab31d6..0000000
--- a/credentials/inc-md-cert.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
-BAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9u
-IEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1
-WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21t
-b24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNp
-Z25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+
-dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSp
-g4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQK
-CNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq
-/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcA
-TPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0mo
-C1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/
-lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB
-/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2V
-WOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWq
-Dh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBcl
-AGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLE
-CQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8C
-GzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==
------END CERTIFICATE-----
-
diff --git a/credentials/sealer.jks b/credentials/sealer.jks
index 47de93f..0274ab6 100644
Binary files a/credentials/sealer.jks and b/credentials/sealer.jks differ
diff --git a/credentials/sealer.kver b/credentials/sealer.kver
index d03abf1..81a9ede 100644
--- a/credentials/sealer.kver
+++ b/credentials/sealer.kver
@@ -1,2 +1,2 @@
-#Wed Oct 02 14:46:56 UTC 2019
+#Thu Feb 06 17:19:55 UTC 2020
CurrentVersion=1
diff --git a/credentials/secrets.properties b/credentials/secrets.properties
new file mode 100644
index 0000000..afd43f4
--- /dev/null
+++ b/credentials/secrets.properties
@@ -0,0 +1,13 @@
+# This is a reserved spot for most properties containing passwords or other secrets.
+# Created by install at 2020-02-06T17:19:55.442Z
+
+# Access to internal AES encryption key
+idp.sealer.storePassword = changeit
+idp.sealer.keyPassword = changeit
+
+# Default access to LDAP authn and attribute stores.
+idp.authn.LDAP.bindDNCredential = myServicePassword
+idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential:undefined}
+
+# Salt used to generate persistent/pairwise IDs, must be kept secret
+#idp.persistentId.salt = changethistosomethingrandom
diff --git a/edit-webapp/WEB-INF/lib/jstl-1.2.jar b/edit-webapp/WEB-INF/lib/jstl-1.2.jar
deleted file mode 100644
index 0fd275e..0000000
Binary files a/edit-webapp/WEB-INF/lib/jstl-1.2.jar and /dev/null differ
diff --git a/edit-webapp/css/logout.css b/edit-webapp/css/logout.css
index 26f1893..dcd10d2 100644
--- a/edit-webapp/css/logout.css
+++ b/edit-webapp/css/logout.css
@@ -1,12 +1,17 @@
/* Success/Failure indicators for logout propagation. */
-
-.success {
- background: url(../images/success-32x32.png) no-repeat left center;
+li.logout {
line-height: 36px;
padding-left: 36px;
}
-.failure {
+li.logout.success {
+ background: url(../images/success-32x32.png) no-repeat left center;
+}
+li.logout.failure {
+ background: url(../images/failure-32x32.png) no-repeat left center;
+}
+li.logout.pending{
+
+}
+li.logout.na {
background: url(../images/failure-32x32.png) no-repeat left center;
- line-height: 36px;
- padding-left: 36px;
}
diff --git a/flows/authn/conditions/account-locked/account-locked-flow.xml b/flows/authn/conditions/account-locked/account-locked-flow.xml
new file mode 100644
index 0000000..5fe7523
--- /dev/null
+++ b/flows/authn/conditions/account-locked/account-locked-flow.xml
@@ -0,0 +1,16 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/flows/authn/conditions/conditions-flow.xml b/flows/authn/conditions/conditions-flow.xml
new file mode 100644
index 0000000..53c4994
--- /dev/null
+++ b/flows/authn/conditions/conditions-flow.xml
@@ -0,0 +1,35 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/flows/authn/conditions/expired-password/expired-password-flow.xml b/flows/authn/conditions/expired-password/expired-password-flow.xml
new file mode 100644
index 0000000..5fe7523
--- /dev/null
+++ b/flows/authn/conditions/expired-password/expired-password-flow.xml
@@ -0,0 +1,16 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/flows/authn/conditions/expiring-password/expiring-password-flow.xml b/flows/authn/conditions/expiring-password/expiring-password-flow.xml
new file mode 100644
index 0000000..10e041e
--- /dev/null
+++ b/flows/authn/conditions/expiring-password/expiring-password-flow.xml
@@ -0,0 +1,33 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/flows/user/prefs/prefs-flow.xml b/flows/user/prefs/prefs-flow.xml
new file mode 100644
index 0000000..c79093b
--- /dev/null
+++ b/flows/user/prefs/prefs-flow.xml
@@ -0,0 +1,25 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/metadata/idp-metadata.xml b/metadata/idp-metadata.xml
deleted file mode 100644
index a1f33a1..0000000
--- a/metadata/idp-metadata.xml
+++ /dev/null
@@ -1,251 +0,0 @@
-
-
-
-
-
-
-
- example.org
-
-
-
-
-
-
-
-
-MIIEKDCCApCgAwIBAgIVAJ0iknQBSFLEkl3ybj6HYSWkOw+CMA0GCSqGSIb3DQEB
-CwUAMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzAeFw0xOTEwMDIxNDQ2NTZa
-Fw0zOTEwMDIxNDQ2NTZaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzCCAaIw
-DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJJI3OlyhXVII2YS2VGAZlCy/PE1
-RPLwTb9hIrBETcpA3JwVba2hBq8v0lWGpWkmvQfsjH+bKRJe611EyXwWQH04qGCU
-RDCFKBU8E9P87m6GTeh+DC6eVXxOB2h0pf3Zmktf48hlhV1X24NwIjba6v9X8oHF
-FTFFqopOPAaJWnODPQyul/d4DqkqkBfQer6p0RiDL/V79WpTVG87pJxmGH2FbchP
-PivVO9sMYfC5lqe37x/zu8huU0jDnB20eqEjnVNjvPjzbF36xPA06770FJuPxCYd
-5oebut50pO7DZY7MZGu4/UME0JfDrnCsyPz2L1gdxXX28mydAVL3YwIajZzuPVwJ
-HC+HJuF3YNgIZ7ZO6uN2Cyi1tKKAE5n3G19L8NLLW44MVxkS9ox9cFvw5e2Zm+ek
-Hh6iu6Y9/blyuFjlqVaffM6l6NVnAAXPiIpwnBdzWdJqMcJzgC5bTqOGEZdeR9hT
-ei0e1s+bmBj3/3cOB3hII74P5sCuGLfiYqSQzQIDAQABo2UwYzAdBgNVHQ4EFgQU
-hb0zxPkLe5m7vmD8AH0fjATSaIwwQgYDVR0RBDswOYIPaWRwLmV4YW1wbGUub3Jn
-hiZodHRwczovL2lkcC5leGFtcGxlLm9yZy9pZHAvc2hpYmJvbGV0aDANBgkqhkiG
-9w0BAQsFAAOCAYEADQ17KGVQJ6AZTqDUDxVAfrTlFXysuvQg1WntrMB1PUzlb6Pa
-AO6Nb24YiY0PonSk7iz+gOg4P/V2b9wX4NXPBcX5h86fxR8R3cwZYsYKhwBBQ6uo
-UZnqtNyYNY/3hM2Dj8sR1PMijwgNmo7KOzzBPKKhID2dtGL3bS3TrX8xjmc7NK+r
-5VE9LrK3kG3ht3qM0I7iPMNuQXBOuduRG8WGD8NsFwHcYfORJmK5Ac/AtjHMVLF0
-x+m4LyLxP53t9/5+5fiJ3bghXM7Uuzjjmes6fdZyUcxinrwFxvSIGz3gqXf35Omf
-EwFemewB5B9GkAVXJSq2J64+iWXTo556YEC/RUrX6ZA5db6zHIeHX4BSf7U5YUBm
-LRJ/RJZKKPKEBBJgvh8vUFLF64tDn0c9x3n1mw+ZLHnPcjdX5v/stLVgR020vRx7
-8CGsrydmj+80Gm3Ji1eGJfD2LdUslve3bNerEW2AUM3DFx6wDlR5K/0ix98Ah1w0
-AuAeyajXyLR9NkPm
-
-
-
-
-
-
-
-
-
-MIIEJzCCAo+gAwIBAgIUOCYqGG6JElEG1wHKL7CvULRTvEswDQYJKoZIhvcNAQEL
-BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTE5MTAwMjE0NDY1NVoX
-DTM5MTAwMjE0NDY1NVowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
-BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwkiDw0dpZmup6VpfVXkib8fiv7KF
-T1Z3z6tq7c/ki/CH2x8BYtLPNgIvQa8KhggHUKG+rRU9yBwWg4Yvdsi05h5pJwcE
-xE1hwE7oVWiY+DtMggv4zVbDm0TnbvJvXN9eYXNn/e9RL3hD3umPIzDSli3wwiNg
-GvMesn/4Npq6ERi80CPIkUENkL3N7XTDX+Fy/mhXCxc73Dv3Meo0qk0pii005nV1
-vHCP9jsUgPfDCBScUuikfQ8V9SPLgOSf1x3vc5RqSPWaHgLesqoXpFFTthlVjB8j
-cUzqjQllhOS6LKWJE7VIfV6MdpfkRZBWhsaeuT7I48kRmFuALLnIopkclqu3HtON
-0Fgd1oPPBHa04bLcPqbneqGL+2RzZOdnuarTtY+JOuCRnE1qCWUeRoH2yeMMdKPy
-amX6HZJ35Vsk3uJxJX/IyipduZ+nHPC5qi52Elu+oyBrJwTbVAhhlXwPehC6nU/c
-1LUnbo3M4SGOYWuPmI1ko5KF91MVUU7ttmkFAgMBAAGjZTBjMB0GA1UdDgQWBBQ1
-CuX1jKcG8rdC0xBBveSJAYoFfzBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
-Jmh0dHBzOi8vaWRwLmV4YW1wbGUub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3
-DQEBCwUAA4IBgQA89rYZmayIfst0cGyt+zdeHpnvyo+zVfAk7OztXF5OXsakX9TV
-Iq8ur1lq4Q4KC/Ev+9p1za1gP7Ea9ugFJinuVa6ntpzGP0vh42pmphLNaRFvnPch
-pwgGCvcF2leYG6zZl/Qln0Kbv+pyByens7xPdKKA8U5ySVkouLuw7017XSIulPtW
-u5tPz51awJubHCK+FckcVH0yZZg44s4HmjzLpJCdslMIxmhtX7DW3vtqH1pL9Mir
-3qykySFUJGthV3ndHesG08y3Tni5HZaRqHHafGRBiezO8JCwVvWrdC29SdAwY2i0
-HhKB7zCDOpYrh3o8TTx3ZJd+6Uel/e0bCefs9uhMj7O5ErNySHyTtNRrFxTl2c98
-RDweMp6NLfm+P3+EqJycmpR9CKudcL6RUikN9hDvy6qqG2t5fW7pvU/+mzRm/3Cf
-gMxKHQM+OAry1E6pQSYh8qkPZYDezwiz4gINxn7SFAxFJQcTlaSVmFHLOQV7TetI
-g4sTktRrBmgU/vk=
-
-
-
-
-
-
-
-
-
-MIIEJzCCAo+gAwIBAgIUe0fsxBFnYrItqaF1zUSc7oTFFhswDQYJKoZIhvcNAQEL
-BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTE5MTAwMjE0NDY1NloX
-DTM5MTAwMjE0NDY1NlowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
-BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAlBwK5LM+22M0RLLhaVoTlgGJlF75
-0hfDGl45GqSVh7gB4X93icnoh2mUoGq/wgqx+YwCJ04hEJF0BXGRzmP5qQdSPw/z
-VV2e90emvoFvRD0OWrRDo4kn9GO2a4t8nAdLNe8dclsEpxyKktvmppMbna0jNGau
-h8OMsSNlTKH8C6qzIUtxOGnN75Qw1JAQ0N6U0Jl9w7x1LoR2tiyiTDKMAyx8v7xu
-eurxduh/Y1g/2fxi3UGA0i0znwTjEM0eZ/3JQMtuCKW6mTNTF/klBWiEhP6Vm3Yk
-WgbYDMgahiaEo2dzxmKgFfFysoSxkfV93zSh31+zKovj5NpNEU9LrlFDD8iRYPlK
-ZKjdleWOsGFbtyfvSV8Xq1bJvn9LScH02gCDbjkYFOlGgs32nGIqe4tr7ekT8A60
-S9dtIV54834ZdntBRzPkaLRaHb6FWY74U5+o1U1spd2JhWvFMlrkHCghcIWKmG87
-pzmZBFcyxSBIK0E6dhjm3EGXMmWdn80Sr1lxAgMBAAGjZTBjMB0GA1UdDgQWBBQ8
-+tUYkLiwLXUxRdIcfwUUs3s+dTBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
-Jmh0dHBzOi8vaWRwLmV4YW1wbGUub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3
-DQEBCwUAA4IBgQBXnSl1RPlziZEpGUc3FGoQCpsu6FovK7jlieATyKWD3NY7lha6
-iOqiyxpNnrekh3Sf3XvmwvoxBHULQNS06GMMej8WtFBSaomNIkuztzMUAEmil2UF
-rP1xT0Gx+lT/Don9e60dGMMl2FWYIHobkQj4yhjSW6yN/emQRkwOhkj1DRGkZ1Zz
-wIRtH7/VT1YXH6n4P6lWNMgV+GInhT7ogitN5Vf6tCfMaZtowu3bb2I1gDlgYY/v
-0TrokTQteO7vcf+EpTODPRBiFV/Wwub5r8BDN4O3qGt52f2lhlEqdupFArooNVyF
-tU+zmj0gaclvvBBAaN2oh0Tj+j7HBh1YWB8p93vm62dKqY/9L9xSNAni6EI5o7dm
-58OUngvQopb7U7MDDuH2gM0XiH/R2BNp4c7/jqBP2Of5Bg68yKCZHB7D5XOJbQLf
-gjm4h9tRHtDijVkHcuIEICBwrie+JSEL225UnTfsesPiArDvo5BhQeNc3q1CPJgF
-2QOuaDoiGwFbc5s=
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- example.org
-
-
-
-
-
-
-
-MIIEKDCCApCgAwIBAgIVAJ0iknQBSFLEkl3ybj6HYSWkOw+CMA0GCSqGSIb3DQEB
-CwUAMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzAeFw0xOTEwMDIxNDQ2NTZa
-Fw0zOTEwMDIxNDQ2NTZaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzCCAaIw
-DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJJI3OlyhXVII2YS2VGAZlCy/PE1
-RPLwTb9hIrBETcpA3JwVba2hBq8v0lWGpWkmvQfsjH+bKRJe611EyXwWQH04qGCU
-RDCFKBU8E9P87m6GTeh+DC6eVXxOB2h0pf3Zmktf48hlhV1X24NwIjba6v9X8oHF
-FTFFqopOPAaJWnODPQyul/d4DqkqkBfQer6p0RiDL/V79WpTVG87pJxmGH2FbchP
-PivVO9sMYfC5lqe37x/zu8huU0jDnB20eqEjnVNjvPjzbF36xPA06770FJuPxCYd
-5oebut50pO7DZY7MZGu4/UME0JfDrnCsyPz2L1gdxXX28mydAVL3YwIajZzuPVwJ
-HC+HJuF3YNgIZ7ZO6uN2Cyi1tKKAE5n3G19L8NLLW44MVxkS9ox9cFvw5e2Zm+ek
-Hh6iu6Y9/blyuFjlqVaffM6l6NVnAAXPiIpwnBdzWdJqMcJzgC5bTqOGEZdeR9hT
-ei0e1s+bmBj3/3cOB3hII74P5sCuGLfiYqSQzQIDAQABo2UwYzAdBgNVHQ4EFgQU
-hb0zxPkLe5m7vmD8AH0fjATSaIwwQgYDVR0RBDswOYIPaWRwLmV4YW1wbGUub3Jn
-hiZodHRwczovL2lkcC5leGFtcGxlLm9yZy9pZHAvc2hpYmJvbGV0aDANBgkqhkiG
-9w0BAQsFAAOCAYEADQ17KGVQJ6AZTqDUDxVAfrTlFXysuvQg1WntrMB1PUzlb6Pa
-AO6Nb24YiY0PonSk7iz+gOg4P/V2b9wX4NXPBcX5h86fxR8R3cwZYsYKhwBBQ6uo
-UZnqtNyYNY/3hM2Dj8sR1PMijwgNmo7KOzzBPKKhID2dtGL3bS3TrX8xjmc7NK+r
-5VE9LrK3kG3ht3qM0I7iPMNuQXBOuduRG8WGD8NsFwHcYfORJmK5Ac/AtjHMVLF0
-x+m4LyLxP53t9/5+5fiJ3bghXM7Uuzjjmes6fdZyUcxinrwFxvSIGz3gqXf35Omf
-EwFemewB5B9GkAVXJSq2J64+iWXTo556YEC/RUrX6ZA5db6zHIeHX4BSf7U5YUBm
-LRJ/RJZKKPKEBBJgvh8vUFLF64tDn0c9x3n1mw+ZLHnPcjdX5v/stLVgR020vRx7
-8CGsrydmj+80Gm3Ji1eGJfD2LdUslve3bNerEW2AUM3DFx6wDlR5K/0ix98Ah1w0
-AuAeyajXyLR9NkPm
-
-
-
-
-
-
-
-
-
-MIIEJzCCAo+gAwIBAgIUOCYqGG6JElEG1wHKL7CvULRTvEswDQYJKoZIhvcNAQEL
-BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTE5MTAwMjE0NDY1NVoX
-DTM5MTAwMjE0NDY1NVowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
-BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwkiDw0dpZmup6VpfVXkib8fiv7KF
-T1Z3z6tq7c/ki/CH2x8BYtLPNgIvQa8KhggHUKG+rRU9yBwWg4Yvdsi05h5pJwcE
-xE1hwE7oVWiY+DtMggv4zVbDm0TnbvJvXN9eYXNn/e9RL3hD3umPIzDSli3wwiNg
-GvMesn/4Npq6ERi80CPIkUENkL3N7XTDX+Fy/mhXCxc73Dv3Meo0qk0pii005nV1
-vHCP9jsUgPfDCBScUuikfQ8V9SPLgOSf1x3vc5RqSPWaHgLesqoXpFFTthlVjB8j
-cUzqjQllhOS6LKWJE7VIfV6MdpfkRZBWhsaeuT7I48kRmFuALLnIopkclqu3HtON
-0Fgd1oPPBHa04bLcPqbneqGL+2RzZOdnuarTtY+JOuCRnE1qCWUeRoH2yeMMdKPy
-amX6HZJ35Vsk3uJxJX/IyipduZ+nHPC5qi52Elu+oyBrJwTbVAhhlXwPehC6nU/c
-1LUnbo3M4SGOYWuPmI1ko5KF91MVUU7ttmkFAgMBAAGjZTBjMB0GA1UdDgQWBBQ1
-CuX1jKcG8rdC0xBBveSJAYoFfzBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
-Jmh0dHBzOi8vaWRwLmV4YW1wbGUub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3
-DQEBCwUAA4IBgQA89rYZmayIfst0cGyt+zdeHpnvyo+zVfAk7OztXF5OXsakX9TV
-Iq8ur1lq4Q4KC/Ev+9p1za1gP7Ea9ugFJinuVa6ntpzGP0vh42pmphLNaRFvnPch
-pwgGCvcF2leYG6zZl/Qln0Kbv+pyByens7xPdKKA8U5ySVkouLuw7017XSIulPtW
-u5tPz51awJubHCK+FckcVH0yZZg44s4HmjzLpJCdslMIxmhtX7DW3vtqH1pL9Mir
-3qykySFUJGthV3ndHesG08y3Tni5HZaRqHHafGRBiezO8JCwVvWrdC29SdAwY2i0
-HhKB7zCDOpYrh3o8TTx3ZJd+6Uel/e0bCefs9uhMj7O5ErNySHyTtNRrFxTl2c98
-RDweMp6NLfm+P3+EqJycmpR9CKudcL6RUikN9hDvy6qqG2t5fW7pvU/+mzRm/3Cf
-gMxKHQM+OAry1E6pQSYh8qkPZYDezwiz4gINxn7SFAxFJQcTlaSVmFHLOQV7TetI
-g4sTktRrBmgU/vk=
-
-
-
-
-
-
-
-
-
-MIIEJzCCAo+gAwIBAgIUe0fsxBFnYrItqaF1zUSc7oTFFhswDQYJKoZIhvcNAQEL
-BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTE5MTAwMjE0NDY1NloX
-DTM5MTAwMjE0NDY1NlowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
-BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAlBwK5LM+22M0RLLhaVoTlgGJlF75
-0hfDGl45GqSVh7gB4X93icnoh2mUoGq/wgqx+YwCJ04hEJF0BXGRzmP5qQdSPw/z
-VV2e90emvoFvRD0OWrRDo4kn9GO2a4t8nAdLNe8dclsEpxyKktvmppMbna0jNGau
-h8OMsSNlTKH8C6qzIUtxOGnN75Qw1JAQ0N6U0Jl9w7x1LoR2tiyiTDKMAyx8v7xu
-eurxduh/Y1g/2fxi3UGA0i0znwTjEM0eZ/3JQMtuCKW6mTNTF/klBWiEhP6Vm3Yk
-WgbYDMgahiaEo2dzxmKgFfFysoSxkfV93zSh31+zKovj5NpNEU9LrlFDD8iRYPlK
-ZKjdleWOsGFbtyfvSV8Xq1bJvn9LScH02gCDbjkYFOlGgs32nGIqe4tr7ekT8A60
-S9dtIV54834ZdntBRzPkaLRaHb6FWY74U5+o1U1spd2JhWvFMlrkHCghcIWKmG87
-pzmZBFcyxSBIK0E6dhjm3EGXMmWdn80Sr1lxAgMBAAGjZTBjMB0GA1UdDgQWBBQ8
-+tUYkLiwLXUxRdIcfwUUs3s+dTBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
-Jmh0dHBzOi8vaWRwLmV4YW1wbGUub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3
-DQEBCwUAA4IBgQBXnSl1RPlziZEpGUc3FGoQCpsu6FovK7jlieATyKWD3NY7lha6
-iOqiyxpNnrekh3Sf3XvmwvoxBHULQNS06GMMej8WtFBSaomNIkuztzMUAEmil2UF
-rP1xT0Gx+lT/Don9e60dGMMl2FWYIHobkQj4yhjSW6yN/emQRkwOhkj1DRGkZ1Zz
-wIRtH7/VT1YXH6n4P6lWNMgV+GInhT7ogitN5Vf6tCfMaZtowu3bb2I1gDlgYY/v
-0TrokTQteO7vcf+EpTODPRBiFV/Wwub5r8BDN4O3qGt52f2lhlEqdupFArooNVyF
-tU+zmj0gaclvvBBAaN2oh0Tj+j7HBh1YWB8p93vm62dKqY/9L9xSNAni6EI5o7dm
-58OUngvQopb7U7MDDuH2gM0XiH/R2BNp4c7/jqBP2Of5Bg68yKCZHB7D5XOJbQLf
-gjm4h9tRHtDijVkHcuIEICBwrie+JSEL225UnTfsesPiArDvo5BhQeNc3q1CPJgF
-2QOuaDoiGwFbc5s=
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/views/admin/unlock-keys.vm b/views/admin/unlock-keys.vm
index 3b15f3e..a8228ae 100644
--- a/views/admin/unlock-keys.vm
+++ b/views/admin/unlock-keys.vm
@@ -43,7 +43,8 @@
#end
+