diff --git a/conf/#metadata-providers.xml~ b/conf/#metadata-providers.xml~ deleted file mode 100644 index 906556f..0000000 --- a/conf/#metadata-providers.xml~ +++ /dev/null @@ -1,33 +0,0 @@ - - - - - - - - - - - - md:SPSSODescriptor - - - - - - - diff --git a/conf/access-control.xml b/conf/access-control.xml deleted file mode 100644 index 9b23ad7..0000000 --- a/conf/access-control.xml +++ /dev/null @@ -1,32 +0,0 @@ - - - - - - - - - - - - - - - - diff --git a/conf/attribute-filter.xml b/conf/attribute-filter.xml deleted file mode 100644 index 92af950..0000000 --- a/conf/attribute-filter.xml +++ /dev/null @@ -1,36 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf/attribute-resolver-full.xml b/conf/attribute-resolver-full.xml deleted file mode 100644 index d09a1ea..0000000 --- a/conf/attribute-resolver-full.xml +++ /dev/null @@ -1,295 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf/attribute-resolver-ldap.xml b/conf/attribute-resolver-ldap.xml deleted file mode 100644 index 9ac44d3..0000000 --- a/conf/attribute-resolver-ldap.xml +++ /dev/null @@ -1,97 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - %{idp.attribute.resolver.LDAP.returnAttributes} - - %{idp.attribute.resolver.LDAP.trustCertificates} - - - - diff --git a/conf/attribute-resolver.xml b/conf/attribute-resolver.xml deleted file mode 100644 index a10d1c8..0000000 --- a/conf/attribute-resolver.xml +++ /dev/null @@ -1,67 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - member - - - - - - - - givenName sn displayName mail uid - - - diff --git a/conf/audit.xml b/conf/audit.xml deleted file mode 100644 index 9940cec..0000000 --- a/conf/audit.xml +++ /dev/null @@ -1,103 +0,0 @@ - - - - - - - - - - - http://shibboleth.net/ns/profiles/status - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf/authn/authn-comparison.xml b/conf/authn/authn-comparison.xml deleted file mode 100644 index f167b7a..0000000 --- a/conf/authn/authn-comparison.xml +++ /dev/null @@ -1,77 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified - - - diff --git a/conf/authn/authn-events-flow.xml b/conf/authn/authn-events-flow.xml deleted file mode 100644 index 244e1db..0000000 --- a/conf/authn/authn-events-flow.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - - - - diff --git a/conf/authn/external-authn-config.xml b/conf/authn/external-authn-config.xml deleted file mode 100644 index 4ce8f26..0000000 --- a/conf/authn/external-authn-config.xml +++ /dev/null @@ -1,62 +0,0 @@ - - - - - - - - - - - - - - - - - UnknownUsername - - - - - InvalidPassword - - - - - ExpiredPassword - - - - - ExpiringPassword - - - - - diff --git a/conf/authn/general-authn.xml b/conf/authn/general-authn.xml deleted file mode 100644 index f127a13..0000000 --- a/conf/authn/general-authn.xml +++ /dev/null @@ -1,114 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 - - - - diff --git a/conf/authn/ipaddress-authn-config.xml b/conf/authn/ipaddress-authn-config.xml deleted file mode 100644 index a3ee096..0000000 --- a/conf/authn/ipaddress-authn-config.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - - - - - - - - diff --git a/conf/authn/jaas-authn-config.xml b/conf/authn/jaas-authn-config.xml deleted file mode 100644 index daef4d2..0000000 --- a/conf/authn/jaas-authn-config.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - - - - - - - - - ShibUserPassAuth - - - - - diff --git a/conf/authn/jaas.config b/conf/authn/jaas.config deleted file mode 100644 index 232e93d..0000000 --- a/conf/authn/jaas.config +++ /dev/null @@ -1,11 +0,0 @@ -ShibUserPassAuth { - /* - com.sun.security.auth.module.Krb5LoginModule required; - */ - - org.ldaptive.jaas.LdapLoginModule required - ldapUrl="ldap://localhost:10389" - baseDn="ou=people,dc=example,dc=org" - userFilter="uid={user}"; - -}; \ No newline at end of file diff --git a/conf/authn/krb5-authn-config.xml b/conf/authn/krb5-authn-config.xml deleted file mode 100644 index f34bc58..0000000 --- a/conf/authn/krb5-authn-config.xml +++ /dev/null @@ -1,24 +0,0 @@ - - - - - - - - - - - - - diff --git a/conf/authn/krb5-authn-config.xml.dist b/conf/authn/krb5-authn-config.xml.dist deleted file mode 100644 index d3590a2..0000000 --- a/conf/authn/krb5-authn-config.xml.dist +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - - - - - - - diff --git a/conf/authn/ldap-authn-config.xml b/conf/authn/ldap-authn-config.xml deleted file mode 100644 index 5626629..0000000 --- a/conf/authn/ldap-authn-config.xml +++ /dev/null @@ -1,130 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf/authn/password-authn-config.xml b/conf/authn/password-authn-config.xml deleted file mode 100644 index 5c02196..0000000 --- a/conf/authn/password-authn-config.xml +++ /dev/null @@ -1,109 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NoCredentials - CLIENT_NOT_FOUND - Client not found - DN_RESOLUTION_FAILURE - - - - - InvalidCredentials - PREAUTH_FAILED - INVALID_CREDENTIALS - - - - - Clients credentials have been revoked - - - - - PASSWORD_EXPIRED - - - - - ACCOUNT_WARNING - - - - - - - - diff --git a/conf/authn/password-authn-config.xml.dist b/conf/authn/password-authn-config.xml.dist deleted file mode 100644 index be8b06f..0000000 --- a/conf/authn/password-authn-config.xml.dist +++ /dev/null @@ -1,109 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NoCredentials - CLIENT_NOT_FOUND - Client not found - DN_RESOLUTION_FAILURE - - - - - InvalidCredentials - PREAUTH_FAILED - INVALID_CREDENTIALS - - - - - Clients credentials have been revoked - - - - - PASSWORD_EXPIRED - - - - - ACCOUNT_WARNING - - - - - - - - diff --git a/conf/authn/remoteuser-authn-config.xml b/conf/authn/remoteuser-authn-config.xml deleted file mode 100644 index b5a923f..0000000 --- a/conf/authn/remoteuser-authn-config.xml +++ /dev/null @@ -1,67 +0,0 @@ - - - - - - - - - - - - - - - - - NoCredentials - - - - - UnknownUsername - - - - - InvalidPassword - - - - - ExpiredPassword - - - - - ExpiringPassword - - - - - diff --git a/conf/authn/remoteuser-internal-authn-config.xml b/conf/authn/remoteuser-internal-authn-config.xml deleted file mode 100644 index 9e68c85..0000000 --- a/conf/authn/remoteuser-internal-authn-config.xml +++ /dev/null @@ -1,63 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf/authn/spnego-authn-config.xml b/conf/authn/spnego-authn-config.xml deleted file mode 100644 index 404d7e9..0000000 --- a/conf/authn/spnego-authn-config.xml +++ /dev/null @@ -1,69 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - SPNEGONotAvailable - - - - - NTLMUnsupported - - - - - diff --git a/conf/authn/x509-authn-config.xml b/conf/authn/x509-authn-config.xml deleted file mode 100644 index 0e54f45..0000000 --- a/conf/authn/x509-authn-config.xml +++ /dev/null @@ -1,41 +0,0 @@ - - - - - - - - - - - - - - NoCredentials - InvalidCredentials - - - - - diff --git a/conf/authn/x509-internal-authn-config.xml b/conf/authn/x509-internal-authn-config.xml deleted file mode 100644 index bad3029..0000000 --- a/conf/authn/x509-internal-authn-config.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - diff --git a/conf/c14n/attribute-sourced-subject-c14n-config.xml b/conf/c14n/attribute-sourced-subject-c14n-config.xml deleted file mode 100644 index 938b30f..0000000 --- a/conf/c14n/attribute-sourced-subject-c14n-config.xml +++ /dev/null @@ -1,44 +0,0 @@ - - - - - - altuid - - - - - altuid - - - - - - - - - - - - - diff --git a/conf/c14n/simple-subject-c14n-config.xml b/conf/c14n/simple-subject-c14n-config.xml deleted file mode 100644 index 3cddfa6..0000000 --- a/conf/c14n/simple-subject-c14n-config.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - - - - - - - - - - - - diff --git a/conf/c14n/subject-c14n-events-flow.xml b/conf/c14n/subject-c14n-events-flow.xml deleted file mode 100644 index d7458cd..0000000 --- a/conf/c14n/subject-c14n-events-flow.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - - - - diff --git a/conf/c14n/subject-c14n.xml b/conf/c14n/subject-c14n.xml deleted file mode 100644 index 16fc6f1..0000000 --- a/conf/c14n/subject-c14n.xml +++ /dev/null @@ -1,109 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos - - - - - - - - - - - - - - - - - diff --git a/conf/c14n/x500-subject-c14n-config.xml b/conf/c14n/x500-subject-c14n-config.xml deleted file mode 100644 index 1ae25e4..0000000 --- a/conf/c14n/x500-subject-c14n-config.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - - - - 2.5.4.3 - - - - - - - - - - - - - diff --git a/conf/cas-protocol.xml b/conf/cas-protocol.xml deleted file mode 100644 index 09a05ef..0000000 --- a/conf/cas-protocol.xml +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/conf/credentials.xml b/conf/credentials.xml deleted file mode 100644 index 7462879..0000000 --- a/conf/credentials.xml +++ /dev/null @@ -1,65 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf/errors.xml b/conf/errors.xml deleted file mode 100644 index 5de522f..0000000 --- a/conf/errors.xml +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf/global.xml b/conf/global.xml deleted file mode 100644 index 60562e3..0000000 --- a/conf/global.xml +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - diff --git a/conf/idp.properties b/conf/idp.properties deleted file mode 100644 index 5e2df04..0000000 --- a/conf/idp.properties +++ /dev/null @@ -1,194 +0,0 @@ -# Load any additional property resources from a comma-delimited list -idp.additionalProperties= /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties - -# Set the entityID of the IdP -idp.entityID= https://idp.testbed.tier.internet2.edu/idp/shibboleth - -# Set the scope used in the attribute resolver for scoped attributes -idp.scope= testbed.tier.internet2.edu - -# General cookie properties (maxAge only applies to persistent cookies) -#idp.cookie.secure = false -#idp.cookie.httpOnly = true -#idp.cookie.domain = -#idp.cookie.path = -#idp.cookie.maxAge = 31536000 - -# Set the location of user-supplied web flow definitions -#idp.webflows = %{idp.home}/flows - -# Set the location of Velocity view templates -#idp.views = %{idp.home}/views - -# Settings for internal AES encryption key -#idp.sealer.storeType = JCEKS -#idp.sealer.updateInterval = PT15M -#idp.sealer.aliasBase = secret -idp.sealer.storeResource= %{idp.home}/credentials/sealer.jks -idp.sealer.versionResource= %{idp.home}/credentials/sealer.kver -idp.sealer.storePassword= changeit -idp.sealer.keyPassword= changeit - -# Settings for public/private signing and encryption key(s) -# During decryption key rollover, point the ".2" properties at a second -# keypair, uncomment in credentials.xml, then publish it in your metadata. -idp.signing.key= %{idp.home}/credentials/idp-signing.key -idp.signing.cert= %{idp.home}/credentials/idp-signing.crt -idp.encryption.key= %{idp.home}/credentials/idp-encryption.key -idp.encryption.cert= %{idp.home}/credentials/idp-encryption.crt -#idp.encryption.key.2 = %{idp.home}/credentials/idp-encryption-old.key -#idp.encryption.cert.2 = %{idp.home}/credentials/idp-encryption-old.crt - -# Sets the bean ID to use as a default security configuration set -#idp.security.config = shibboleth.DefaultSecurityConfiguration - -# To default to SHA-1, set to shibboleth.SigningConfiguration.SHA1 -#idp.signing.config = shibboleth.SigningConfiguration.SHA256 - -# Configures trust evaluation of keys used by services at runtime -# Defaults to supporting both explicit key and PKIX using SAML metadata. -#idp.trust.signatures = shibboleth.ChainingSignatureTrustEngine -# To pick only one set to one of: -# shibboleth.ExplicitKeySignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine -#idp.trust.certificates = shibboleth.ChainingX509TrustEngine -# To pick only one set to one of: -# shibboleth.ExplicitKeyX509TrustEngine, shibboleth.PKIXX509TrustEngine - -# If true, encryption will happen whenever a key to use can be located, but -# failure to encrypt won't result in request failure. -#idp.encryption.optional = false - -# Configuration of client- and server-side storage plugins -#idp.storage.cleanupInterval = PT10M -#idp.storage.htmlLocalStorage = false - -# Set to true to expose more detailed errors in responses to SPs -#idp.errors.detailed = false -# Set to false to skip signing of SAML response messages that signal errors -#idp.errors.signed = true -# Name of bean containing a list of Java exception classes to ignore -#idp.errors.excludedExceptions = ExceptionClassListBean -# Name of bean containing a property set mapping exception names to views -#idp.errors.exceptionMappings = ExceptionToViewPropertyBean -# Set if a different default view name for events and exceptions is needed -#idp.errors.defaultView = error - -# Set to false to disable the IdP session layer -#idp.session.enabled = true - -# Set to "shibboleth.StorageService" for server-side storage of user sessions -#idp.session.StorageService = shibboleth.ClientSessionStorageService - -# Size of session IDs -#idp.session.idSize = 32 -# Bind sessions to IP addresses -#idp.session.consistentAddress = true -# Inactivity timeout -#idp.session.timeout = PT60M -# Extra time to store sessions for logout -#idp.session.slop = PT0S -# Tolerate storage-related errors -#idp.session.maskStorageFailure = false -# Track information about SPs logged into -#idp.session.trackSPSessions = false -# Support lookup by SP for SAML logout -#idp.session.secondaryServiceIndex = false -# Length of time to track SP sessions -#idp.session.defaultSPlifetime = PT2H - -# Regular expression matching login flows to enable, e.g. IPAddress|Password -idp.authn.flows= Password - -# Regular expression of forced "initial" methods when no session exists, -# usually in conjunction with the idp.authn.resolveAttribute property below. -#idp.authn.flows.initial = Password - -# Set to an attribute ID to resolve prior to selecting authentication flows; -# its values are used to filter the flows to allow. -#idp.authn.resolveAttribute = eduPersonAssurance - -# Default lifetime and timeout of various authentication methods -#idp.authn.defaultLifetime = PT60M -#idp.authn.defaultTimeout = PT30M - -# Whether to prioritize "active" results when an SP requests more than -# one possible matching login method (V2 behavior was to favor them) -#idp.authn.favorSSO = true - -# Whether to fail requests when a user identity after authentication -# doesn't match the identity in a pre-existing session. -#idp.authn.identitySwitchIsError = false - -# Set to "shibboleth.StorageService" or custom bean for alternate storage of consent -#idp.consent.StorageService = shibboleth.ClientPersistentStorageService - -# Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute -# to key user consent storage records (and set the attribute name) -#idp.consent.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey -#idp.consent.userStorageKeyAttribute = uid - -# Flags controlling how built-in attribute consent feature operates -#idp.consent.allowDoNotRemember = true -#idp.consent.allowGlobal = true -#idp.consent.allowPerAttribute = false - -# Whether attribute values and terms of use text are compared -#idp.consent.compareValues = false -# Maximum number of consent records for space-limited storage (e.g. cookies) -#idp.consent.maxStoredRecords = 10 -# Maximum number of consent records for larger/server-side storage (0 = no limit) -#idp.consent.expandedMaxStoredRecords = 0 - -# Time in milliseconds to expire consent storage records. -#idp.consent.storageRecordLifetime = P1Y - -# Whether to lookup metadata, etc. for every SP involved in a logout -# for use by user interface logic; adds overhead so off by default. -#idp.logout.elaboration = false - -# Whether to require logout requests be signed/authenticated. -#idp.logout.authenticated = true - -# Message freshness and replay cache tuning -#idp.policy.messageLifetime = PT3M -#idp.policy.clockSkew = PT3M - -# Set to custom bean for alternate storage of replay cache -#idp.replayCache.StorageService = shibboleth.StorageService - -# Toggles whether to allow outbound messages via SAML artifact -#idp.artifact.enabled = true -# Suppresses typical signing/encryption when artifact binding used -#idp.artifact.secureChannel = true -# May differ to direct SAML 2 artifact lookups to specific server nodes -#idp.artifact.endpointIndex = 2 -# Set to custom bean for alternate storage of artifact map state -#idp.artifact.StorageService = shibboleth.StorageService - -# Name of access control policy for various admin flows -idp.status.accessPolicy= AccessByIPAddress -idp.resolvertest.accessPolicy= AccessByIPAddress -idp.reload.accessPolicy= AccessByIPAddress - -# Comma-delimited languages to use if not match can be found with the -# browser-supported languages, defaults to an empty list. -idp.ui.fallbackLanguages= en,fr,de - -# Storage service used by CAS protocol -# Defaults to shibboleth.StorageService (in-memory) -# MUST be server-side storage (e.g. in-memory, memcached, database) -# NOTE that idp.session.StorageService requires server-side storage -# when CAS protocol is enabled -#idp.cas.StorageService=shibboleth.StorageService - -# CAS service registry implementation class -#idp.cas.serviceRegistryClass=net.shibboleth.idp.cas.service.PatternServiceRegistry - -# Profile flows in which the ProfileRequestContext should be exposed -# in servlet request under the key "opensamlProfileRequestContext" -#idp.profile.exposeProfileRequestContextInServletRequest = SAML2/POST/SSO,SAML2/Redirect/SSO - -# F-TICKS auditing - set salt to include hashed username -#idp.fticks.federation=MyFederation -#idp.fticks.algorithm=SHA-256 -#idp.fticks.salt=somethingsecret diff --git a/conf/intercept/consent-intercept-config.xml b/conf/intercept/consent-intercept-config.xml deleted file mode 100644 index ca183a7..0000000 --- a/conf/intercept/consent-intercept-config.xml +++ /dev/null @@ -1,136 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - transientId - persistentId - eduPersonTargetedID - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/conf/intercept/context-check-intercept-config.xml b/conf/intercept/context-check-intercept-config.xml deleted file mode 100644 index 809f1d4..0000000 --- a/conf/intercept/context-check-intercept-config.xml +++ /dev/null @@ -1,42 +0,0 @@ - - - - - - - - - - - - - - * - - - - - - - - - - \ No newline at end of file diff --git a/conf/intercept/intercept-events-flow.xml b/conf/intercept/intercept-events-flow.xml deleted file mode 100644 index 5cb30d5..0000000 --- a/conf/intercept/intercept-events-flow.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - - - - diff --git a/conf/intercept/profile-intercept.xml b/conf/intercept/profile-intercept.xml deleted file mode 100644 index fedc2b2..0000000 --- a/conf/intercept/profile-intercept.xml +++ /dev/null @@ -1,36 +0,0 @@ - - - - - - - - - - - - - - - - - - diff --git a/conf/ldap.properties b/conf/ldap.properties deleted file mode 100644 index 07cf10b..0000000 --- a/conf/ldap.properties +++ /dev/null @@ -1,60 +0,0 @@ -# LDAP authentication configuration, see authn/ldap-authn-config.xml -# Note, this doesn't apply to the use of JAAS - -## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator -#idp.authn.LDAP.authenticator = anonSearchAuthenticator - -## Connection properties ## -idp.authn.LDAP.ldapURL = ldap://ldap.testbed.tier.internet2.edu -idp.authn.LDAP.useStartTLS = false -idp.authn.LDAP.useSSL = false -#idp.authn.LDAP.connectTimeout = 3000 - -## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust -#idp.authn.LDAP.sslConfig = certificateTrust -## If using certificateTrust above, set to the trusted certificate's path -idp.authn.LDAP.trustCertificates = %{idp.home}/credentials/ldap-server.crt -## If using keyStoreTrust above, set to the truststore path -idp.authn.LDAP.trustStore = %{idp.home}/credentials/ldap-server.truststore - -## Return attributes during authentication -## NOTE: there is a separate property used for attribute resolution -idp.authn.LDAP.returnAttributes = passwordExpirationTime,loginGraceRemaining - -## DN resolution properties ## - -# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator -# for AD: CN=Users,DC=example,DC=org -idp.authn.LDAP.baseDN = ou=People,dc=testbed,dc=tier,dc=internet2,dc=edu -#idp.authn.LDAP.subtreeSearch = false -idp.authn.LDAP.userFilter = (uid={user}) -# bind search configuration -# for AD: idp.authn.LDAP.bindDN=adminuser@domain.com -idp.authn.LDAP.bindDN = -idp.authn.LDAP.bindDNCredential = - -# Format DN resolution, used by directAuthenticator, adAuthenticator -# for AD use idp.authn.LDAP.dnFormat=%s@domain.com -idp.authn.LDAP.dnFormat = uid=%s,ou=people,dc=example,dc=org - -# LDAP attribute configuration, see attribute-resolver.xml -# Note, this likely won't apply to the use of legacy V2 resolver configurations -idp.attribute.resolver.LDAP.ldapURL = %{idp.authn.LDAP.ldapURL} -idp.attribute.resolver.LDAP.baseDN = %{idp.authn.LDAP.baseDN:undefined} -idp.attribute.resolver.LDAP.bindDN = %{idp.authn.LDAP.bindDN:undefined} -idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential:undefined} -idp.attribute.resolver.LDAP.useStartTLS = %{idp.authn.LDAP.useStartTLS:true} -idp.attribute.resolver.LDAP.trustCertificates = %{idp.authn.LDAP.trustCertificates:undefined} -idp.attribute.resolver.LDAP.searchFilter = (uid=$resolutionContext.principal) -idp.attribute.resolver.LDAP.returnAttributes = cn,homephone,mail - -# LDAP pool configuration, used for both authn and DN resolution -#idp.pool.LDAP.minSize = 3 -#idp.pool.LDAP.maxSize = 10 -#idp.pool.LDAP.validateOnCheckout = false -#idp.pool.LDAP.validatePeriodically = true -#idp.pool.LDAP.validatePeriod = 300 -#idp.pool.LDAP.prunePeriod = 300 -#idp.pool.LDAP.idleTime = 600 -#idp.pool.LDAP.blockWaitTime = 3000 -#idp.pool.LDAP.failFastInitialize = false diff --git a/conf/logback.xml b/conf/logback.xml deleted file mode 100644 index 2582d1c..0000000 --- a/conf/logback.xml +++ /dev/null @@ -1,166 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ${idp.logfiles}/idp-process.log - - - ${idp.logfiles}/idp-process-%d{yyyy-MM-dd}.log.gz - ${idp.loghistory:-180} - - - - UTF-8 - %date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short} - - - - - - 0 - - - - - - WARN - - - ${idp.logfiles}/idp-warn.log - - - ${idp.logfiles}/idp-warn-%d{yyyy-MM-dd}.log.gz - ${idp.loghistory:-180} - - - - UTF-8 - %date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short} - - - - - - ${idp.logfiles}/idp-audit.log - - - ${idp.logfiles}/idp-audit-%d{yyyy-MM-dd}.log.gz - ${idp.loghistory:-180} - - - - UTF-8 - %msg%n - - - - - - ${idp.logfiles}/idp-consent-audit.log - - - ${idp.logfiles}/idp-consent-audit-%d{yyyy-MM-dd}.log.gz - ${idp.loghistory:-180} - - - - UTF-8 - %msg%n - - - - - - ${idp.fticks.loghost:-localhost} - ${idp.fticks.logport:-514} - AUTH - [%thread] %logger %msg - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/conf/metadata-providers.xml b/conf/metadata-providers.xml deleted file mode 100644 index e10c8b8..0000000 --- a/conf/metadata-providers.xml +++ /dev/null @@ -1,34 +0,0 @@ - - - - - - - - - - - - md:SPSSODescriptor - - - - - - - - diff --git a/conf/mvc-beans.xml b/conf/mvc-beans.xml deleted file mode 100644 index 98d9bcd..0000000 --- a/conf/mvc-beans.xml +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - diff --git a/conf/relying-party.xml b/conf/relying-party.xml deleted file mode 100644 index 28c9193..0000000 --- a/conf/relying-party.xml +++ /dev/null @@ -1,70 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf/saml-nameid.properties b/conf/saml-nameid.properties deleted file mode 100644 index 8530c4f..0000000 --- a/conf/saml-nameid.properties +++ /dev/null @@ -1,35 +0,0 @@ -# Properties involving SAML NameIdentifier/NameID generation/consumption - -# For the most part these settings only deal with "transient" and "persistent" -# identifiers. See saml-nameid.xml and c14n/subject-c14n.xml for advanced -# settings - -# Comment out to disable legacy NameID generation via Attribute Resolver -#idp.nameid.saml2.legacyGenerator = shibboleth.LegacySAML2NameIDGenerator -#idp.nameid.saml1.legacyGenerator = shibboleth.LegacySAML1NameIdentifierGenerator - -# Default NameID Formats to use when nothing else is called for. -# Don't change these just to change the Format used for a single SP! -#idp.nameid.saml2.default = urn:oasis:names:tc:SAML:2.0:nameid-format:transient -#idp.nameid.saml1.default = urn:mace:shibboleth:1.0:nameIdentifier - -# Set to shibboleth.StoredTransientIdGenerator for server-side transient ID storage -#idp.transientId.generator = shibboleth.CryptoTransientIdGenerator - -# Persistent IDs can be computed on the fly with a hash, or managed in a database - -# For computed IDs, set a source attribute and a secret salt: -#idp.persistentId.sourceAttribute = changethistosomethingreal -#idp.persistentId.useUnfilteredAttributes = true -# Do *NOT* share the salt with other people, it's like divulging your private key. -#idp.persistentId.algorithm = SHA -#idp.persistentId.salt = changethistosomethingrandom - -# To use a database, use shibboleth.StoredPersistentIdGenerator -#idp.persistentId.generator = shibboleth.ComputedPersistentIdGenerator -# For basic use, set this to a JDBC DataSource bean name: -#idp.persistentId.dataSource = PersistentIdDataSource -# For advanced use, set to a bean inherited from shibboleth.JDBCPersistentIdStore -#idp.persistentId.store = MyPersistentIdStore -# Set to an empty property to skip hash-based generation of first stored ID -#idp.persistentId.computed = shibboleth.ComputedPersistentIdGenerator diff --git a/conf/saml-nameid.xml b/conf/saml-nameid.xml deleted file mode 100644 index ea97448..0000000 --- a/conf/saml-nameid.xml +++ /dev/null @@ -1,62 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf/services.properties b/conf/services.properties deleted file mode 100644 index 116625a..0000000 --- a/conf/services.properties +++ /dev/null @@ -1,61 +0,0 @@ -# Configure the resources to load for various services, -# and the settings for failure handling and auto-reload. - -# failFast=true prevents IdP startup if a configuration is bad -# checkInterval = PT0S means never reload (this is the default) - -# Global default for fail-fast behavior of most subsystems -# with individual override possible below. -#idp.service.failFast = false - -#idp.service.logging.resource = %{idp.home}/conf/logback.xml -#idp.service.logging.failFast = true -idp.service.logging.checkInterval = PT5M - -# Set to shibboleth.LegacyRelyingPartyResolverResources with legacy V2 relying-party.xml -#idp.service.relyingparty.resources = shibboleth.RelyingPartyResolverResources -#idp.service.relyingparty.failFast = false -idp.service.relyingparty.checkInterval = PT15M - -#idp.service.metadata.resources = shibboleth.MetadataResolverResources -#idp.service.metadata.failFast = false -#idp.service.metadata.checkInterval = PT0S - -#idp.service.attribute.resolver.resources = shibboleth.AttributeResolverResources -#idp.service.attribute.resolver.failFast = false -idp.service.attribute.resolver.checkInterval = PT15M -#idp.service.attribute.resolver.maskFailures = true - -#idp.service.attribute.filter.resources = shibboleth.AttributeFilterResources -# NOTE: Failing the filter fast leaves no filters enabled. -#idp.service.attribute.filter.failFast = false -idp.service.attribute.filter.checkInterval = PT15M -#idp.service.attribute.filter.maskFailures = true - -#idp.service.nameidGeneration.resources = shibboleth.NameIdentifierGenerationResources -#idp.service.nameidGeneration.failFast = false -idp.service.nameidGeneration.checkInterval = PT15M - -#idp.service.access.resources = shibboleth.AccessControlResources -#idp.service.access.failFast = true -idp.service.access.checkInterval = PT5M - -#idp.service.cas.registry.resources = shibboleth.CASServiceRegistryResources -#idp.service.cas.registry.failFast = false -idp.service.cas.registry.checkInterval = PT15M - -#idp.message.resources = shibboleth.MessageSourceResources -#idp.message.cacheSeconds = 300 - -# Parameters for pre-defined HttpClient instances which perform in-memory and filesystem caching. -# These are used with components such as remote configuration resources that are explicitly wired -# with these client instances, *not* by default with HTTP metadata resolvers. -#idp.httpclient.useTrustEngineTLSSocketFactory = false -#idp.httpclient.useSecurityEnhancedTLSSocketFactory = false -#idp.httpclient.connectionDisregardTLSCertificate = false -#idp.httpclient.connectionTimeout = -1 -#idp.httpclient.memorycaching.maxCacheEntries = 50 -#idp.httpclient.memorycaching.maxCacheEntrySize = 1048576 -#idp.httpclient.filecaching.maxCacheEntries = 100 -#idp.httpclient.filecaching.maxCacheEntrySize = 10485760 -idp.httpclient.filecaching.cacheDirectory = %{idp.home}/tmp/httpClientCache \ No newline at end of file diff --git a/conf/services.xml b/conf/services.xml deleted file mode 100644 index d22fff9..0000000 --- a/conf/services.xml +++ /dev/null @@ -1,145 +0,0 @@ - - - - - - - - - - - %{idp.home}/conf/relying-party.xml - %{idp.home}/conf/credentials.xml - %{idp.home}/system/conf/relying-party-system.xml - - - - - %{idp.home}/conf/relying-party.xml - %{idp.home}/system/conf/legacy-relying-party-defaults.xml - - - - %{idp.home}/conf/metadata-providers.xml - %{idp.home}/system/conf/metadata-providers-system.xml - - - - %{idp.home}/conf/attribute-resolver.xml - - - - %{idp.home}/conf/attribute-filter.xml - - - - %{idp.home}/conf/saml-nameid.xml - %{idp.home}/system/conf/saml-nameid-system.xml - - - - %{idp.home}/conf/access-control.xml - %{idp.home}/system/conf/access-control-system.xml - - - - %{idp.home}/conf/cas-protocol.xml - - - - - %{idp.home}/messages/authn-messages - %{idp.home}/messages/consent-messages - %{idp.home}/messages/error-messages - - - diff --git a/conf/session-manager.xml b/conf/session-manager.xml deleted file mode 100644 index f195014..0000000 --- a/conf/session-manager.xml +++ /dev/null @@ -1,45 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -