Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: docker/shib-idp-conftree
base: 3.4-default
Choose a base ref
...
head repository: docker/shib-idp-conftree
compare: 4.0-InCommon
Choose a head ref
Can’t automatically merge. Don’t worry, you can still create the pull request.
  • 11 commits
  • 67 files changed
  • 1 contributor

Commits on Oct 5, 2019

  1. InCommon customizations

    @pcaskey
    pcaskey committed Oct 5, 2019
    Copy the full SHA
    8bf9894 View commit details

Commits on Oct 22, 2019

  1. Update saml-nameid.properties

    @pcaskey
    pcaskey committed Oct 22, 2019
    Copy the full SHA
    2c76402 View commit details

Commits on Feb 6, 2020

  1. initial 4.0 default

    @pcaskey
    pcaskey committed Feb 6, 2020
    Copy the full SHA
    1f3d90b View commit details

Commits on Feb 7, 2020

  1. initial InCommon ref config for 4.0

    @pcaskey
    pcaskey committed Feb 7, 2020
    Copy the full SHA
    620c9cf View commit details

Commits on Feb 8, 2020

  1. add InC MDQ cert

    @pcaskey
    pcaskey committed Feb 8, 2020
    Copy the full SHA
    44eafac View commit details

Commits on Feb 11, 2020

  1. remove secrets from idp.properties

    @pcaskey
    pcaskey committed Feb 11, 2020
    Copy the full SHA
    0aa8b27 View commit details

Commits on Feb 12, 2020

  1. adjust ldap in resolver

    @pcaskey
    pcaskey committed Feb 12, 2020
    Copy the full SHA
    a58f15e View commit details

  2. update ldap config

    @pcaskey
    pcaskey committed Feb 12, 2020
    Copy the full SHA
    1c46402 View commit details

  3. Update ldap.properties

    @pcaskey
    pcaskey committed Feb 12, 2020
    Copy the full SHA
    e176e7c View commit details

Commits on Mar 10, 2020

  1. update to beta2

    @pcaskey
    pcaskey committed Mar 10, 2020
    Copy the full SHA
    58f1282 View commit details

Commits on Mar 11, 2020

  1. update to 4.0.0 (release)

    @pcaskey
    pcaskey committed Mar 11, 2020
    Copy the full SHA
    4fcaca0 View commit details
Showing with 1,770 additions and 1,569 deletions.
  1. +4 −0 conf/admin/metrics.xml
  2. +62 −2 conf/attribute-filter.xml
  3. +29 −0 conf/attribute-registry.xml
  4. +0 −319 conf/attribute-resolver-full.xml
  5. +53 −53 conf/attribute-resolver-ldap.xml
  6. +249 −66 conf/attribute-resolver.xml
  7. +76 −0 conf/attribute-resolver.xml.orig
  8. +9 −0 conf/attributes/custom/README
  9. +28 −0 conf/attributes/default-rules.xml
  10. +50 −0 conf/attributes/eduCourse.xml
  11. +266 −0 conf/attributes/eduPerson.xml
  12. +28 −0 conf/attributes/inetOrgPerson.xml
  13. +67 −0 conf/attributes/samlSubject.xml
  14. +21 −3 conf/audit.xml
  15. +69 −0 conf/authn/authn-comparison.xml
  16. +34 −0 conf/authn/discovery-config.xml
  17. +1 −1 conf/authn/external-authn-config.xml
  18. +23 −8 conf/authn/general-authn.xml
  19. +0 −2 conf/authn/jaas-authn-config.xml
  20. +0 −2 conf/authn/krb5-authn-config.xml
  21. +15 −118 conf/authn/ldap-authn-config.xml
  22. +3 −26 conf/authn/mfa-authn-config.xml
  23. +21 −4 conf/authn/password-authn-config.xml
  24. +35 −0 conf/authn/saml-authn-config.xml
  25. +54 −13 conf/c14n/subject-c14n.xml
  26. +2 −4 conf/cas-protocol.xml
  27. +3 −0 conf/errors.xml
  28. +35 −21 conf/idp.properties
  29. +2 −5 conf/intercept/consent-intercept-config.xml
  30. +25 −0 conf/intercept/external-intercept-config.xml
  31. +2 −0 conf/intercept/profile-intercept.xml
  32. +2 −4 conf/ldap.properties
  33. +5 −6 conf/logback.xml
  34. +0 −192 conf/logback.xml.dist
  35. +0 −192 conf/logback.xml.tmp3
  36. +45 −22 conf/metadata-providers.xml
  37. +5 −0 conf/relying-party.xml
  38. +1 −7 conf/saml-nameid.properties
  39. +22 −4 conf/services.properties
  40. +12 −43 conf/services.xml
  41. +22 −22 credentials/idp-backchannel.crt
  42. BIN credentials/idp-backchannel.p12
  43. +23 −23 credentials/idp-encryption.crt
  44. +37 −37 credentials/idp-encryption.key
  45. +22 −22 credentials/idp-signing.crt
  46. +37 −37 credentials/idp-signing.key
  47. +28 −0 credentials/inc-md-cert-mdq.pem
  48. BIN credentials/sealer.jks
  49. +1 −1 credentials/sealer.kver
  50. +13 −0 credentials/secrets.properties
  51. +11 −6 edit-webapp/css/logout.css
  52. +16 −0 flows/authn/conditions/account-locked/account-locked-flow.xml
  53. +35 −0 flows/authn/conditions/conditions-flow.xml
  54. +16 −0 flows/authn/conditions/expired-password/expired-password-flow.xml
  55. +33 −0 flows/authn/conditions/expiring-password/expiring-password-flow.xml
  56. +25 −0 flows/user/prefs/prefs-flow.xml
  57. +0 −251 metadata/idp-metadata.xml
  58. +5 −4 views/admin/unlock-keys.vm
  59. +2 −2 views/duo.vm
  60. +3 −2 views/intercept/attribute-release.vm
  61. +2 −2 views/intercept/impersonate.vm
  62. +2 −0 views/intercept/terms-of-use.vm
  63. +5 −3 views/login-error.vm
  64. +8 −8 views/login.vm
  65. +10 −2 views/logout-complete.vm
  66. +2 −2 views/logout-propagate.vm
  67. +54 −28 views/logout.vm
4 changes: 4 additions & 0 deletions conf/admin/metrics.xml
View file
@@ -28,6 +28,8 @@
<ref bean="shibboleth.metrics.RelyingPartyGaugeSet" />
<ref bean="shibboleth.metrics.AttributeResolverGaugeSet" />
<ref bean="shibboleth.metrics.AttributeFilterGaugeSet" />
<ref bean="shibboleth.metrics.CASServiceRegistryGaugeSet" />
<ref bean="shibboleth.metrics.ManagedBeanGaugeSet" />

<!--
<bean class="com.codahale.metrics.jvm.CachedThreadStatesGaugeSet"
@@ -59,6 +61,8 @@
<entry key="relyingparty" value-ref="shibboleth.metrics.RelyingPartyGaugeSet" />
<entry key="resolver" value-ref="shibboleth.metrics.AttributeResolverGaugeSet" />
<entry key="filter" value-ref="shibboleth.metrics.AttributeFilterGaugeSet" />
<entry key="cas" value-ref="shibboleth.metrics.CASServiceRegistryGaugeSet" />
<entry key="bean" value-ref="shibboleth.metrics.ManagedBeanGaugeSet" />
</util:map>

<!-- If you don't specify an alternate access policy, this named policy will be enforced. -->
64 changes: 62 additions & 2 deletions conf/attribute-filter.xml
View file
@@ -18,6 +18,7 @@
Example rule relying on a locally applied tag in metadata to trigger attribute
release of some specific attributes. Add additional attributes as desired.
-->
<!--
<AttributeFilterPolicy id="Per-Attribute-singleValued">
<PolicyRequirementRule xsi:type="ANY" />
@@ -35,10 +36,12 @@
attributeValue="mail" />
</AttributeRule>
</AttributeFilterPolicy>
-->

<!--
Same as above but more efficient form for an attribute with multiple values.
-->
<!--
<AttributeFilterPolicy id="Per-Attribute-Affiliation">
<PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
@@ -47,11 +50,13 @@
<AttributeRule attributeID="eduPersonScopedAffiliation" permitAny="true" />
</AttributeFilterPolicy>
-->

<!--
Example rule for honoring Subject ID requirement tag in metadata.
The example supplies pairwise-id if subject-id isn't explicitly required.
-->
<!--
<AttributeFilterPolicy id="subject-identifiers">
<PolicyRequirementRule xsi:type="ANY" />
@@ -75,22 +80,77 @@
attributeValue="subject-id" />
</AttributeRule>
</AttributeFilterPolicy>
-->

<!-- Release an additional attribute to an SP. -->
<!--
<AttributeFilterPolicy id="example1">
<PolicyRequirementRule xsi:type="Requester" value="https://sp.example.org" />
<AttributeRule attributeID="uid" permitAny="true" />
</AttributeFilterPolicy>
-->

<!-- Release eduPersonScopedAffiliation to two specific SPs. -->
<!--
<AttributeFilterPolicy id="example2">
<PolicyRequirementRule xsi:type="OR">
<Rule xsi:type="Requester" value="https://sp.example.org" />
<Rule xsi:type="Requester" value="https://another.example.org/shibboleth" />
</PolicyRequirementRule>

<AttributeRule attributeID="eduPersonScopedAffiliation" permitAny="true" />
</AttributeFilterPolicy>

-->

<!-- Attribute release for all SPs (global) tagged as 'Research and Scholarship' -->
<AttributeFilterPolicy id="releaseRandSAttributeBundle">
<PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue="http://refeds.org/category/research-and-scholarship"/>
<AttributeRule attributeID="eduPersonPrincipalName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonScopedAffiliation">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="givenName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="surname">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="displayName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="mail">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicy>

<!-- Attribute release for all InCommon SPs -->
<AttributeFilterPolicy id="releaseToInCommon">
<PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue="http://id.incommon.org/category/registered-by-incommon"/>
<AttributeRule attributeID="eduPersonPrincipalName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonScopedAffiliation">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="givenName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="surname">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="displayName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="mail">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicy>


</AttributeFilterPolicyGroup>
29 changes: 29 additions & 0 deletions conf/attribute-registry.xml
View file
@@ -0,0 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"

default-init-method="initialize"
default-destroy-method="destroy">

<!--
The system comes preconfigured to load rules directly from resource files
configured in services.xml so they're monitored for changes.
You can add mappings here, add more XML resource files, or drop property
files into the directory noted below, but they won't be monitored for changes
themselves.
-->

<!-- Default directory for custom mappings. -->
<bean parent="shibboleth.TranscodingRuleLoader"
c:dir="%{idp.home}/conf/attributes/custom"
c:extensions="#{{'.txt', '.props', '.properties', '.rule'}}" />

</beans>