Merge remote-tracking branch 'upstream/master'

internet2 · May 20, 2014 · 24f02f6 · 24f02f6
2 parents 6e39481 + a282b36
commit 24f02f6
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 32 deletions.
diff --git a/mdx/common-beans.xml b/mdx/common-beans.xml
@@ -404,6 +404,11 @@
     -->
     <import resource="classpath:validation-beans.xml"/>
 
+    <!--
+        Federation registrationAuthority URIs.
+    -->
+    <bean id="hr_eduhr_registrar" parent="String" c:_0="http://www.srce.hr"/>
+
     <!--
         identificationStrategy
         
@@ -429,7 +434,7 @@
                 <entry key="http://cafe.rnp.br"               value="BR"/>
                 <entry key="http://www.canarie.ca"            value="CA"/>
                 <entry key="http://cofre.reuna.cl"            value="CL"/>
-                <entry key="http://www.srce.hr"               value="HR"/>
+                <entry key-ref="hr_eduhr_registrar"           value="HR"/>
                 <entry key="http://www.eduid.cz/"             value="CZ"/>
                 <entry key="https://www.wayf.dk"              value="DK"/>
                 <entry key="http://www.csc.fi/haka"           value="FI"/>

diff --git a/mdx/hr_eduhr/beans.xml b/mdx/hr_eduhr/beans.xml
@@ -51,15 +51,6 @@
         <property name="verificationCertificate" ref="hr_eduhr_signingCertificate"/>
     </bean>
 
-    <!--
-        hr_eduhr_registrar
-        
-        Unique ID for the registrar associated with this channel.
-    -->
-    <bean id="hr_eduhr_registrar" class="java.lang.String">
-        <constructor-arg value="http://www.aaiedu.hr"/>
-    </bean>
-
     <!--
         hr_eduhr_check_regauth
         

diff --git a/mdx/int_edugain/beans.xml b/mdx/int_edugain/beans.xml
@@ -12,6 +12,11 @@
         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
         http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
 
+    <!--
+        Import additional channel-local beans.
+    -->
+    <import resource="classpath:int_edugain/entity-blacklist.xml"/>
+
     <!--
         Import eduGAIN participant beans for namespace stripping stages.
     -->
@@ -74,7 +79,15 @@
         p:id="int_edugain_checkSignature">
         <property name="verificationCertificate" ref="int_edugain_signingCertificate"/>
     </bean>
-
+
+    <!--
+        Remove blacklisted entities.
+    -->
+    <bean id="int_edugain_removeBlacklistedEntities" parent="EntityFilterStage"
+        p:id="int_edugain_removeBlacklistedEntities"
+        p:whitelistingEntities="false"
+        p:designatedEntities-ref="int_edugain_entity_blacklist"/>
+
     <!--
         Fetch the production entities as a collection.
     -->
@@ -95,6 +108,8 @@
 
                 <ref bean="disassemble"/>
 
+                <ref bean="int_edugain_removeBlacklistedEntities"/>
+
                 <!--
                     Strip participant-specific namespaces.
                 -->
@@ -130,6 +145,8 @@
 
                 <ref bean="disassemble"/>
 
+                <ref bean="int_edugain_removeBlacklistedEntities"/>
+
                 <!--
                     Strip participant-specific namespaces.
                 -->

diff --git a/mdx/uk/blacklist.xml b/mdx/uk/blacklist.xml
@@ -25,26 +25,6 @@
     -->
     <util:set id="importEntityBlacklist">
 
-        <!--
-            Problems in int_edugain metadata updated 2013-09-10.
-        -->
-        <!--
-            Duplicate IdP display names.
-            
-            If we left this to normal processing, both entities would be rejected.
-            By blacklisting one, we allow the other to be processed normally.
-        -->
-        <value>https://lu-idp.lu.lv</value>
-
-        <!--
-            Temporary mitigation of Heartbleed vulnerability 2014-04-16 (Bugzilla 1098).
-            
-            Remove eduGAIN entities that are still known to be vulnerable.
-        -->
-        <value>https://butare.ifrn.edu.br/idp/shibboleth</value>
-        <value>https://dourado.ufs.br/idp/shibboleth</value>
-        <value>https://shibboleth-idp.dti.ufv.br/idp/shibboleth</value>
-
     </util:set>
 
 </beans>
diff --git a/mdx/uk/ns_norm_fragment.xsl b/mdx/uk/ns_norm_fragment.xsl
@@ -27,7 +27,7 @@
 	xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label"
 	xmlns:wayf="http://sdss.ac.uk/2006/06/WAYF"
 
-	exclude-result-prefixes="md mdattr saml"
+	exclude-result-prefixes="md"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
 	xmlns="urn:oasis:names:tc:SAML:2.0:metadata">