From 0158b4bc6f7320717ab724633885ecb45a4d9411 Mon Sep 17 00:00:00 2001 From: Alex Stuart Date: Fri, 23 May 2014 07:22:17 +0000 Subject: [PATCH 01/33] Remove stripMdattrNamespace stage from the uk_testPipeline, therefore allowing entity attributes to be published in the test aggregate. --- mdx/uk/generate.xml | 1 - 1 file changed, 1 deletion(-) diff --git a/mdx/uk/generate.xml b/mdx/uk/generate.xml index 3e8dff23..562c5461 100644 --- a/mdx/uk/generate.xml +++ b/mdx/uk/generate.xml @@ -607,7 +607,6 @@ - From 0e79583d1e34ea53634626bcd8b8f74e3976b856 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Fri, 23 May 2014 10:13:56 +0000 Subject: [PATCH 02/33] Add a list of SP entities lacking declared support for SAML 2.0. --- mdx/uk/statistics.xsl | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/mdx/uk/statistics.xsl b/mdx/uk/statistics.xsl index e44b02e4..6976b805 100644 --- a/mdx/uk/statistics.xsl +++ b/mdx/uk/statistics.xsl @@ -139,6 +139,7 @@

  • Shibboleth 1.3 Remnants

  • Entities with mdui:UIInfo support

  • Entities in Export Aggregate

    • +

  • Entities Without SAML 2.0 Support

    • @@ -1203,6 +1204,46 @@ + +

    Entities Without SAML 2.0 Support

    +

    Service Providers Without SAML 2.0 Support

    +

    + This list shows the entity ID, entity owner and display name for all service provider + entities which do not declare support for the SAML 2.0 protocol. It is sorted by + entity owner. The display name is shown in parentheses if it is taken from the + OrganizationDisplayName element, and without parentheses if it is taken from + MDUI metadata. +

    +
      + + +
    • + + : + + : + + + + + + ( + + ) + + +
      • +       +
    + + From 49713c0dfe14369a0bbec81a6cfef25dcfe49384 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Fri, 23 May 2014 10:21:26 +0000 Subject: [PATCH 03/33] Only note when an exported entity does NOT have SAML 2.0 support, as currently all do. --- mdx/uk/statistics.xsl | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/mdx/uk/statistics.xsl b/mdx/uk/statistics.xsl index 6976b805..ece66cd4 100644 --- a/mdx/uk/statistics.xsl +++ b/mdx/uk/statistics.xsl @@ -1186,19 +1186,14 @@ ) -
      -
    • - - - Supports SAML 2.0 - - - No SAML 2.0 support - - -
      • -
    + +
      +
    • + No SAML 2.0 support +
      • +
    +     From d71adb7f23917e0c8a7665b25e624a718d7eef62 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Fri, 23 May 2014 14:19:25 +0000 Subject: [PATCH 04/33] Add short indication of software used to SAML 1 only entity list. --- mdx/uk/statistics.xsl | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/mdx/uk/statistics.xsl b/mdx/uk/statistics.xsl index ece66cd4..e2137efa 100644 --- a/mdx/uk/statistics.xsl +++ b/mdx/uk/statistics.xsl @@ -1215,6 +1215,10 @@ OrganizationDisplayName element, and without parentheses if it is taken from MDUI metadata.

    +

    + The software used by the entity, if known, is included at the end of the listing within + brackets [like this]. +

      @@ -1234,6 +1238,7 @@ ) +
    From 400a1d894a1775199ca50f1efeddfdf7c9637068 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Mon, 26 May 2014 11:26:33 +0000 Subject: [PATCH 05/33] New int_reep channel for the REFEDS REEP service. --- mdx/int_reep/readme.md | 5 +++++ mdx/int_reep/reep.pem | 29 +++++++++++++++++++++++++++++ mdx/int_reep/reep.pem.asc | 17 +++++++++++++++++ 3 files changed, 51 insertions(+) create mode 100644 mdx/int_reep/readme.md create mode 100644 mdx/int_reep/reep.pem create mode 100644 mdx/int_reep/reep.pem.asc diff --git a/mdx/int_reep/readme.md b/mdx/int_reep/readme.md new file mode 100644 index 00000000..9059b91d --- /dev/null +++ b/mdx/int_reep/readme.md @@ -0,0 +1,5 @@ +# `int_reep` Channel + +REEP (RE:EP) is at . + +Ian Young's blog post authenticating the key is at . diff --git a/mdx/int_reep/reep.pem b/mdx/int_reep/reep.pem new file mode 100644 index 00000000..6627d0ab --- /dev/null +++ b/mdx/int_reep/reep.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5DCCAswCCQCX5/wCyztEuTANBgkqhkiG9w0BAQsFADA0MRQwEgYDVQQDEwtS +RUVQIFNpZ25lcjEPMA0GA1UEChMGVGVyZW5hMQswCQYDVQQGEwJOTDAeFw0xNDA1 +MTgxNjU0NTVaFw0zNDA1MTMxNjU0NTVaMDQxFDASBgNVBAMTC1JFRVAgU2lnbmVy +MQ8wDQYDVQQKEwZUZXJlbmExCzAJBgNVBAYTAk5MMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEAraN3xmgiLsThsSSopG8j4dc3HHGSlhN8o0dZrmbkXUlt +Amp/xjUesSRAguNgxETM42Cpr9A/YBqOJy7IVODsDolsXMvxY1Nyo7ddplEdskaw +Tj2llNmGbeeznlUem5WCDO+1KQqHHtm4SLumquXVswmWIbQNK6rIJ4NJsHAK7N4P +gTanVz/YPRbFt6z/zRH4Ck+Bc1aF2/koryQLMygVDkHAokIl0S9FZ6oI0gWePrtt +7LzvSCoB/yP3JIjCWoheyI7O9iCfkpcPv2c5H0aWVigWF3uPsEFAhnbCn/PI00L5 +lc8/00REu7MNjGarNoYdy2/E4nE4R4vgw4g04fWlDpbKVoeOOyOZSZMfSsIe/UkN +R7B9zFbWE80laL6dy4WPMS1amovWWVOrZ0fY8EXJ5mEzbtLk6/LBd3dnhrx5BH6g +0xTUWQl2sodm/e0xn7M5pRESLhGNPXG88fT4yzgIj5vlE0OCLGUFs7EhNCz+UJ1o +1va8EdpnN8HG3RwNOTd0S1a9N9Q30VLUBjKK3bP/Mi0PcIKphgpfykIgStziIa59 +aqyVFSztSJiICiSvfWGDDOW4NneS+2iuNhq89lBxXdIE1mvdBZBcMUe7DQm/EGRw +AFlvqrXdnxtMHzgRW9Fp/vQEeuWbiFnvmpzcMja2Pn4jPg/RhgzLXyXIPYMm69EC +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEASmjLZdqxm1OA4xCV/iDJp5h3rFG71VfO +3HIBH8pywUuygd90+MogvmMwUTWGeFqltHmSNM8qMtqzd6lLA9fu+BRnNt7ZLTSt +r9auetvNtZ/637njRXVKeJnf2HWjI7B0uO1FjStjS2/CQ5DnAhaxlkbomGEQL4Jq +sEijx6MB+fibNfkYibbDNjaFVMPtGQChbmudhQ7e3GjAoRVR5SLZncJQcXREwxhU +D9BOhtLEBnnhBX+h12PUyJ16PvkRiysxldltYZ5Ai+lAIlq+I6xwsuyALpZSKKVl +QfwcQh0j1PZKNF6cw315Zj/5h5HeV7ORCdSsgec9Pp8a1sguvNl6SnjqZzrli5ni +vyrkStaYMuCS09QIfi3OtafZUw5T0i8OjS3oCETAIyYuGQHRP9M5zG9ViuOvuUPD +I7Q0KHbFzHb+9NBTSZsuusE9FYojcb43XR/r2/vBQF7RcSqlbjqtVZW9+pZtRBxf +p8b7s3/eSqhEgqdVR0szXkEMrbx2UxbwFD19CnLn2wbmtRqlPwzX9zfdD4GUeko3 +WiG1NLAsc9vgApu0+n3km+CrizXOI/4qWMGA1dY7cOExaBkuFFavs/iI+rjSFg/I +MlRaKTd4WBSuPjMoHrH+1KGsu/2TWK0iQ3VuoJchMnuEMocVPqRU4E8xw/8K+BYW +j2BnINSs6EE= +-----END CERTIFICATE----- diff --git a/mdx/int_reep/reep.pem.asc b/mdx/int_reep/reep.pem.asc new file mode 100644 index 00000000..e4c478e7 --- /dev/null +++ b/mdx/int_reep/reep.pem.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iQIcBAABCAAGBQJTfgP4AAoJEJqATpfXB5x31X8QAJavS8CTMQu34J+6ihQGbnjj +VheO8XUK8iMVe0aI4dT8T94ot3jnR7w6StfeGy3G0ASP9OrAPzlN5rqbkqE75wnu +/s0oiFrGbY+TWhY2ptNkozWuE27jMTJmjJGbgmHejrQDiyIR7mTuZf5K+U8a2hZV +DlqYfSjzlLeuVh/H+ygnMHSn/UZZRQ7rqz7DPwF1SAXHBiW+Q1PsuOgKTTrZQa2X +PMQG3vSfZPWdoEB3pRApAXZsUqhxe3wLvJWkgCQ0mMhXvO1J5CvaISnDjuUm2klt +qCeOhGaAlWumL1Xr8Y6Gi/p5ATn/SRjlg3uDa4f3uVpYRGmqZwoQEvq6JkGqhDyE +mEoVGD4Ud4MfUtZkgLXOJ22RODjckkJbBySFYJjosuQ9w5rviJwPMBBjTZw4lNBS +58VGy6puzEkCcJzlVynzjQi9bn83EDVNKD00Q8cOSJxRjqwQ0YYIM22EypDNmgiV +ZS7xxmClwp9QS+r7x+0+xkNnG4IQHRZXvJglIMh0PyrjkDloGw6AUUOYNyHQOnqw +URwjR5cpYZ2rZ3fRUFtCgaZ+tvdfbVxTBG8ZuqGw6zzPho3AEXwqW/PtJTej1aQr +Mxm7xBc21URhXYkSr98qxsQyIJikNRHS2DkEWybDnNBc4SBbl4SjmThRNnxjUiC8 +UBnJ48ZYrmFMumowGqoO +=wDWv +-----END PGP SIGNATURE----- From d4bc8f7ca586a0d6579c4d424e830f047b9be9b3 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Mon, 26 May 2014 13:29:45 +0000 Subject: [PATCH 06/33] Fix a reference to a bean whose name changed some time ago. --- mdx/se_swamid/verbs.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdx/se_swamid/verbs.xml b/mdx/se_swamid/verbs.xml index 6a2f634a..e8b8fd78 100644 --- a/mdx/se_swamid/verbs.xml +++ b/mdx/se_swamid/verbs.xml @@ -87,7 +87,7 @@ - From 6e8742394ba3a001fbfd9e67e40f8bff22f3157d Mon Sep 17 00:00:00 2001 From: Ian Young Date: Mon, 26 May 2014 13:30:47 +0000 Subject: [PATCH 07/33] Add pl_pionier channel. --- build.xml | 5 ++ mdx/pl_pionier/beans.xml | 180 +++++++++++++++++++++++++++++++++++++ mdx/pl_pionier/edugain.crt | 16 ++++ mdx/pl_pionier/pionier.crt | 16 ++++ mdx/pl_pionier/verbs.xml | 103 +++++++++++++++++++++ 5 files changed, 320 insertions(+) create mode 100644 mdx/pl_pionier/beans.xml create mode 100644 mdx/pl_pionier/edugain.crt create mode 100644 mdx/pl_pionier/pionier.crt create mode 100644 mdx/pl_pionier/verbs.xml diff --git a/build.xml b/build.xml index dbada01f..bdf3baac 100644 --- a/build.xml +++ b/build.xml @@ -950,6 +950,7 @@ --> + @@ -980,6 +981,7 @@ + @@ -1008,6 +1010,7 @@ + @@ -1043,6 +1046,7 @@ + @@ -1094,6 +1098,7 @@ + diff --git a/mdx/pl_pionier/beans.xml b/mdx/pl_pionier/beans.xml new file mode 100644 index 00000000..efd06e73 --- /dev/null +++ b/mdx/pl_pionier/beans.xml @@ -0,0 +1,180 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/pl_pionier/edugain.crt b/mdx/pl_pionier/edugain.crt new file mode 100644 index 00000000..ea6df67d --- /dev/null +++ b/mdx/pl_pionier/edugain.crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIC/jCCAeYCCQD8G53mJJdiFjANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJQTDEQMA4GA1UE +ChMHUElPTklFUjEgMB4GA1UEAxMXZWR1R0FJTiBNZXRhZGF0YSBTaWduZXIwHhcNMTQwMjE3MTA0 +MzM0WhcNMjIwNTA2MTA0MzM0WjBBMQswCQYDVQQGEwJQTDEQMA4GA1UEChMHUElPTklFUjEgMB4G +A1UEAxMXZWR1R0FJTiBNZXRhZGF0YSBTaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC9L5KsrFnu8iV1Leb4BiR4tNvwgnkM6aCdxWw6mZ477cAMrD27rfNfJAcOso4a0Yq89Sf3 +fpU5Vjz6fzzsxyXQdupKzgMBoPionx8f1JPchx1jEcalrRLVpoElY9uj7j3hOA8uEJ434YhkIds8 +R7CvGwHhWIrKeQHPV3hnoGWtYz1LzYJ/5JxK876NTHsYYHSAW8rz0s8CMEmJm89Dve6fVk42Lzlg +mk18dD3q6DH27ToMxWW4LgekjIOQn9Khxc6aNXSUy6SVGkwyX1sRYBy0qSSFWH6b8JfdOVIuya8Y +U5eRmJWrdT4BHuvtxadzOO+8CVqwvMTMEOItLup+jnRjAgMBAAEwDQYJKoZIhvcNAQEFBQADggEB +ACww9OBdXk/VBNOBNlNCrb9WgoaS0wbUgv0rvuPzIZl9N8ptTdTKnvOLln+rrEbGeJ7VemBjYGLA +xa5KV+cFmxrLVWZLpVSvkxHAa0mOU0dSUsCyWSUPuGm93TH3sUlF1Gru+vdCBNKrkLrmYuEO8KlL +Fr6zInoQtf0pk/luxLC3bolT1K2hGVqqTdl/hjFSYehb+FOa3Z9uy3MDV3IGiU80fX+ctekF5EXx +/V21xtLPuxtcfyg2og+KhwXoZMmZK/vfKZnfqhsrd8JB8lwZ8SF1DhUBOILvOyDPvbIT7ZQjLdUf +NSZIhhUb/n3HthPFjIAAh0ByxPezA/pZQBcUEK8= +-----END CERTIFICATE----- diff --git a/mdx/pl_pionier/pionier.crt b/mdx/pl_pionier/pionier.crt new file mode 100644 index 00000000..1dc965d5 --- /dev/null +++ b/mdx/pl_pionier/pionier.crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIC7jCCAdYCCQDi8dyBIDBeLTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJQTDEQMA4GA1UE +ChMHUElPTklFUjEYMBYGA1UEAxMPTWV0YWRhdGEgU2lnbmVyMB4XDTEyMDkxMzA2MzQzN1oXDTE4 +MDMwNjA2MzQzN1owOTELMAkGA1UEBhMCUEwxEDAOBgNVBAoTB1BJT05JRVIxGDAWBgNVBAMTD01l +dGFkYXRhIFNpZ25lcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKPalOtbmIuINk1g +R0d7r9A5R3eT1dnYlqm0QXMXAarzn2kTvhj3y7dYXV78VjRDvfFG5Gy55dg+JVF/zUog2Wuj6Nif +jvee3mpIi5bZupHcnbkXfJE/eQsWSpHRhzjrrdI/8OYOuoxfcRtRUHhUlqFkZbH9Xr78I5SLpN6L +s+UcnGAARLQrwKzjW2cS5Nnag2nhok3sVa8Q/bhCxQWuCNpQQrQJ+AOt5q7lFbBuFat7UvGKcFZq +NGs/d0NPHiYt8BSrclUfuDnSERekwPrNJ6EnyVl240ZmNRHpaEDjO+KIGUQ9hR8EA+0k5sQcSkng +wFBuKr9d3giE3XCT6euPTG8CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAQ7QUT1v/WsqdYoO9W3eN +tlmm9JoZuZWdW3AmtbkGiuVY+VmFjx9+7J58w/3RnJZiqS30yp7XIX0FDYHD5hqP3SJRegO7cG2G +ihDb6TpWr7r2l2aywvPLlnoDJOTZ7ARjYxDno5i7kt7KP/VrmGX58gXUMnVlYJeXTy1LaPb20r8V +wr8HemVP3yICni6h82NA7OaHqjFghUaeyWihBvVR7f0B+1DvAvpOAAHDAJvxSj2jglJVIoF3PIFt +YX2+t+bZNEQkGc6pxcRwLvNfqLUSnHOEMzUwujYmXkZx1BinJHkB+g6pVjss12/QvU2XorIhcq8I +p0Hc6QwXrYGsb8eI5Q== +-----END CERTIFICATE----- diff --git a/mdx/pl_pionier/verbs.xml b/mdx/pl_pionier/verbs.xml new file mode 100644 index 00000000..acfc7ffe --- /dev/null +++ b/mdx/pl_pionier/verbs.xml @@ -0,0 +1,103 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 54876104e4f1d11c852514da2e136dfa5977dcec Mon Sep 17 00:00:00 2001 From: Ian Young Date: Mon, 26 May 2014 13:33:28 +0000 Subject: [PATCH 08/33] Ignore (svn and git) import.xml in pl_pionier channel. --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 5908f0d0..364d8b18 100644 --- a/.gitignore +++ b/.gitignore @@ -100,6 +100,9 @@ # /mdx/nz_tuakiri/ /mdx/nz_tuakiri/imported.xml +# /mdx/pl_pionier/ +/mdx/pl_pionier/imported.xml + # /mdx/se_swamid/ /mdx/se_swamid/imported.xml From 58f5feab81f17cc851ef7fee4f62b44d54aea382 Mon Sep 17 00:00:00 2001 From: Alex Stuart Date: Mon, 26 May 2014 15:08:42 +0000 Subject: [PATCH 09/33] Remove stripMdattrNamespace stage from the uk_exportPipeline, therefore allowing entity attributes to be published in the export aggregate. --- mdx/uk/generate.xml | 1 - 1 file changed, 1 deletion(-) diff --git a/mdx/uk/generate.xml b/mdx/uk/generate.xml index 562c5461..b7e69542 100644 --- a/mdx/uk/generate.xml +++ b/mdx/uk/generate.xml @@ -676,7 +676,6 @@ - From 1bce25066a18c519ed80f3d7fa0f34639a732c81 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Mon, 26 May 2014 16:55:03 +0000 Subject: [PATCH 10/33] Record new Surfconext signing certificate for later use. --- mdx/nl_surfconext/engine.surfconext.nl.pem | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 mdx/nl_surfconext/engine.surfconext.nl.pem diff --git a/mdx/nl_surfconext/engine.surfconext.nl.pem b/mdx/nl_surfconext/engine.surfconext.nl.pem new file mode 100644 index 00000000..b405d2b7 --- /dev/null +++ b/mdx/nl_surfconext/engine.surfconext.nl.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID3zCCAsegAwIBAgIJAMVC9xn1ZfsuMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYD +VQQGEwJOTDEQMA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEVMBMG +A1UECgwMU1VSRm5ldCBCLlYuMRMwEQYDVQQLDApTVVJGY29uZXh0MSYwJAYDVQQD +DB1lbmdpbmUuc3VyZmNvbmV4dC5ubCAyMDE0MDUwNTAeFw0xNDA1MDUxNDIyMzVa +Fw0xOTA1MDUxNDIyMzVaMIGFMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHVXRyZWNo +dDEQMA4GA1UEBwwHVXRyZWNodDEVMBMGA1UECgwMU1VSRm5ldCBCLlYuMRMwEQYD +VQQLDApTVVJGY29uZXh0MSYwJAYDVQQDDB1lbmdpbmUuc3VyZmNvbmV4dC5ubCAy +MDE0MDUwNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKthMDbB0jKH +efPzmRu9t2h7iLP4wAXr42bHpjzTEk6gttHFb4l/hFiz1YBI88TjiH6hVjnozo/Y +HA2c51us+Y7g0XoS7653lbUN/EHzvDMuyis4Xi2Ijf1A/OUQfH1iFUWttIgtWK9+ +fatXoGUS6tirQvrzVh6ZstEp1xbpo1SF6UoVl+fh7tM81qz+Crr/Kroan0UjpZOF +TwxPoK6fdLgMAieKSCRmBGpbJHbQ2xxbdykBBrBbdfzIX4CDepfjE9h/40ldw5jR +n3e392jrS6htk23N9BWWrpBT5QCk0kH3h/6F1Dm6TkyG9CDtt73/anuRkvXbeygI +4wml9bL3rE8CAwEAAaNQME4wHQYDVR0OBBYEFD+Ac7akFxaMhBQAjVfvgGfY8hNK +MB8GA1UdIwQYMBaAFD+Ac7akFxaMhBQAjVfvgGfY8hNKMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQELBQADggEBAC8L9D67CxIhGo5aGVu63WqRHBNOdo/FAGI7LURD +FeRmG5nRw/VXzJLGJksh4FSkx7aPrxNWF1uFiDZ80EuYQuIv7bDLblK31ZEbdg1R +9LgiZCdYSr464I7yXQY9o6FiNtSKZkQO8EsscJPPy/Zp4uHAnADWACkOUHiCbcKi +UUFu66dX0Wr/v53Gekz487GgVRs8HEeT9MU1reBKRgdENR8PNg4rbQfLc3YQKLWK +7yWnn/RenjDpuCiePj8N8/80tGgrNgK/6fzM3zI18sSywnXLswxqDb/J+jgVxnQ6 +MrsTf1urM8MnfcxG/82oHIwfMh/sXPCZpo+DTLkhQxctJ3M= +-----END CERTIFICATE----- \ No newline at end of file From fe5b1125b944f5445a1257f9304b648ebb514fed Mon Sep 17 00:00:00 2001 From: Ian Young Date: Mon, 26 May 2014 16:59:24 +0000 Subject: [PATCH 11/33] Add some information about the SURFconext key change. --- mdx/nl_surfconext/readme.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 mdx/nl_surfconext/readme.md diff --git a/mdx/nl_surfconext/readme.md b/mdx/nl_surfconext/readme.md new file mode 100644 index 00000000..238600c1 --- /dev/null +++ b/mdx/nl_surfconext/readme.md @@ -0,0 +1,8 @@ +# `nl_surfconext` Channel + +The certificate in `engine.surfconext.nl.pem` is new as of 2014-05-05 and applies to metadata retrieved from a new endpoint: + +* +* +* + From 9709c3ecc1860e83d944431e4c9d6f5ce943051c Mon Sep 17 00:00:00 2001 From: Ian Young Date: Fri, 30 May 2014 08:21:22 +0000 Subject: [PATCH 12/33] Export metadata is no longer "experimental", so change comment. --- mdx/uk/generate.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdx/uk/generate.xml b/mdx/uk/generate.xml index b7e69542..450d1630 100644 --- a/mdx/uk/generate.xml +++ b/mdx/uk/generate.xml @@ -633,7 +633,7 @@ p:id="uk_finaliseExport"> - + From 50514ac9bb77a974716d151599280739afa9696d Mon Sep 17 00:00:00 2001 From: Ian Young Date: Fri, 30 May 2014 14:51:39 +0000 Subject: [PATCH 13/33] Migrate schemas to validate against into the classpath. --- mdx/common-beans.xml | 96 +- mdx/conventions.md | 8 +- mdx/schema/MetadataExchange.xsd | 112 ++ mdx/schema/incommon-metadata.xsd | 28 + ...oasis-200401-wss-wssecurity-secext-1.0.xsd | 195 +++ ...asis-200401-wss-wssecurity-utility-1.0.xsd | 108 ++ mdx/schema/saml-metadata-rpi-v1.0.xsd | 79 ++ mdx/schema/saml-schema-assertion-2.0.xsd | 283 ++++ mdx/schema/saml-schema-metadata-2.0.xsd | 337 +++++ mdx/schema/shibboleth-metadata-1.0.xsd | 42 + mdx/schema/sstc-metadata-attr.xsd | 25 + mdx/schema/sstc-request-initiation.xsd | 23 + .../sstc-saml-holder-of-key-browser-sso.xsd | 28 + mdx/schema/sstc-saml-idp-discovery.xsd | 22 + .../sstc-saml-metadata-algsupport-v1.0.xsd | 54 + mdx/schema/sstc-saml-metadata-ui-v1.0.xsd | 96 ++ mdx/schema/uk-fed-label.xsd | 127 ++ mdx/schema/ws-addr.xsd | 137 ++ mdx/schema/ws-authorization.xsd | 145 ++ mdx/schema/ws-federation.xsd | 471 +++++++ mdx/schema/ws-securitypolicy-1.2.xsd | 1205 +++++++++++++++++ mdx/schema/xenc-schema-11.xsd | 107 ++ mdx/schema/xenc-schema.xsd | 171 +++ mdx/schema/xml.xsd | 80 ++ mdx/schema/xmldsig-core-schema.xsd | 308 +++++ mdx/schema/xmldsig11-schema.xsd | 144 ++ 26 files changed, 4382 insertions(+), 49 deletions(-) create mode 100644 mdx/schema/MetadataExchange.xsd create mode 100644 mdx/schema/incommon-metadata.xsd create mode 100644 mdx/schema/oasis-200401-wss-wssecurity-secext-1.0.xsd create mode 100644 mdx/schema/oasis-200401-wss-wssecurity-utility-1.0.xsd create mode 100644 mdx/schema/saml-metadata-rpi-v1.0.xsd create mode 100644 mdx/schema/saml-schema-assertion-2.0.xsd create mode 100644 mdx/schema/saml-schema-metadata-2.0.xsd create mode 100644 mdx/schema/shibboleth-metadata-1.0.xsd create mode 100644 mdx/schema/sstc-metadata-attr.xsd create mode 100644 mdx/schema/sstc-request-initiation.xsd create mode 100644 mdx/schema/sstc-saml-holder-of-key-browser-sso.xsd create mode 100644 mdx/schema/sstc-saml-idp-discovery.xsd create mode 100644 mdx/schema/sstc-saml-metadata-algsupport-v1.0.xsd create mode 100644 mdx/schema/sstc-saml-metadata-ui-v1.0.xsd create mode 100644 mdx/schema/uk-fed-label.xsd create mode 100644 mdx/schema/ws-addr.xsd create mode 100644 mdx/schema/ws-authorization.xsd create mode 100644 mdx/schema/ws-federation.xsd create mode 100644 mdx/schema/ws-securitypolicy-1.2.xsd create mode 100644 mdx/schema/xenc-schema-11.xsd create mode 100644 mdx/schema/xenc-schema.xsd create mode 100644 mdx/schema/xml.xsd create mode 100644 mdx/schema/xmldsig-core-schema.xsd create mode 100644 mdx/schema/xmldsig11-schema.xsd diff --git a/mdx/common-beans.xml b/mdx/common-beans.xml index bfbbf897..169ea99c 100644 --- a/mdx/common-beans.xml +++ b/mdx/common-beans.xml @@ -785,104 +785,104 @@ so that the parser is not required to explicitly resolve any imports. --> - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - - + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/mdx/conventions.md b/mdx/conventions.md index b5483772..4eb41a15 100644 --- a/mdx/conventions.md +++ b/mdx/conventions.md @@ -8,6 +8,8 @@ Because these conventions have been developed over time, and are still being dev An underscore ('`_`') at the start of a directory name indicates that the directory is functional rather than containing a channel. +Note that the `schema` directory is functional but does not follow this convention, instead following the convention established for classpath schema resources used by the Shibboleth project. + ### OpenSSL Blacklists Directory The `_openssl_blacklists` directory holds a copy of the Debian weak key blacklists, extracted from Debian 7.2 "Wheezy". These blacklists are in OpenSSL format. @@ -16,10 +18,14 @@ The `_openssl_blacklists` directory holds a copy of the Debian weak key blacklis The `_rules` subdirectory of `/mdx/` holds checking rulesets. +### Schema Directory + +The `schema` subdirectory of `/mdx/` contains the XML schema files used to validate metadata. This directory name does not use the `'_'` convention but instead matches up with the conventional location for schemas used by the Shibboleth project. + ## Channels Each directory under `/mdx/` whose name does not start with an underscore -represents a source of metadata, referred to as a +(and is not `schema`) represents a source of metadata, referred to as a channel. In most cases, a channel corresponds to a access management federation. Most channels are named in the form "*country*`_`*source*". For example, diff --git a/mdx/schema/MetadataExchange.xsd b/mdx/schema/MetadataExchange.xsd new file mode 100644 index 00000000..53094fb7 --- /dev/null +++ b/mdx/schema/MetadataExchange.xsd @@ -0,0 +1,112 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/incommon-metadata.xsd b/mdx/schema/incommon-metadata.xsd new file mode 100644 index 00000000..f33a8398 --- /dev/null +++ b/mdx/schema/incommon-metadata.xsd @@ -0,0 +1,28 @@ + + + + + + + Document title: Schema for InCommon Federation metadata extensions + Document identifier: Metadata Extension Schema + Location: https://spaces.internet2.edu/x/iIuVAQ + Revision history: + V1.2 (3 May 2013): + Make schema itself schema-valid. + V1.1 (2 May 2013): + Initial version. Added documentation. + V1.0 (2 December 2011): + Initial version. Added contactType attribute. + + + + + + diff --git a/mdx/schema/oasis-200401-wss-wssecurity-secext-1.0.xsd b/mdx/schema/oasis-200401-wss-wssecurity-secext-1.0.xsd new file mode 100644 index 00000000..6829a00f --- /dev/null +++ b/mdx/schema/oasis-200401-wss-wssecurity-secext-1.0.xsd @@ -0,0 +1,195 @@ + + + + + + + + + This type represents an element with arbitrary attributes. + + + + + + + + + + + This type is used for password elements per Section 4.1. + + + + + + + + + + This type is used for elements containing stringified binary data. + + + + + + + + + + This type represents a username token per Section 4.1 + + + + + + + + + + + A security token that is encoded in binary + + + + + + + + + + A security token key identifier + + + + + + + + + + Typedef to allow a list of usages (as URIs). + + + + + + This global attribute is used to indicate the usage of a referenced or indicated token within the containing context + + + + + This type represents a reference to an external security token. + + + + + + + + This type represents a reference to an embedded security token. + + + + + + + + + + This type is used reference a security token. + + + + + + + + + + + This complexType defines header block to use for security-relevant data directed at a specific SOAP actor. + + + + + The use of "any" is to allow extensibility and different forms of security data. + + + + + + + + This complexType defines a container for elements to be specified from any namespace as properties/parameters of a DSIG transformation. + + + + + The use of "any" is to allow extensibility from any namespace. + + + + + + + + This element defines the wsse:UsernameToken element per Section 4.1. + + + + + This element defines the wsse:BinarySecurityToken element per Section 4.2. + + + + + This element defines a security token reference + + + + + This element defines a security token embedded reference + + + + + This element defines a key identifier reference + + + + + This element defines the wsse:SecurityTokenReference per Section 4.3. + + + + + This element defines the wsse:Security SOAP header element per Section 4. + + + + + This element contains properties for transformations from any namespace, including DSIG. + + + + + + + + + + + + + + + + diff --git a/mdx/schema/oasis-200401-wss-wssecurity-utility-1.0.xsd b/mdx/schema/oasis-200401-wss-wssecurity-utility-1.0.xsd new file mode 100644 index 00000000..f8d74e9c --- /dev/null +++ b/mdx/schema/oasis-200401-wss-wssecurity-utility-1.0.xsd @@ -0,0 +1,108 @@ + + + + + + + +This type defines the fault code value for Timestamp message expiration. + + + + + + + + + + +This global attribute supports annotating arbitrary elements with an ID. + + + + + + +Convenience attribute group used to simplify this schema. + + + + + + + + + +This type is for elements whose [children] is a psuedo-dateTime and can have arbitrary attributes. + + + + + + + + + + + +This type is for elements whose [children] is an anyURI and can have arbitrary attributes. + + + + + + + + + + + + +This complex type ties together the timestamp related elements into a composite type. + + + + + + + + + + + + + + +This element allows Timestamps to be applied anywhere element wildcards are present, +including as a SOAP header. + + + + + + + +This element allows an expiration time to be applied anywhere element wildcards are present. + + + + + + +This element allows a creation time to be applied anywhere element wildcards are present. + + + + diff --git a/mdx/schema/saml-metadata-rpi-v1.0.xsd b/mdx/schema/saml-metadata-rpi-v1.0.xsd new file mode 100644 index 00000000..135efa33 --- /dev/null +++ b/mdx/schema/saml-metadata-rpi-v1.0.xsd @@ -0,0 +1,79 @@ + + + + + + + + + Document title: SAML V2.0 Metadata Extensions for Registration and Publication Information Version 1.0 + Document identifier: sstc-saml-metadata-rpi-v1.0.xsd + Location: http://docs.oasis-open.org/security/saml/Post2.0/ + Revision history: + 21 March 2011 + Correct minOccurs on elements that were meant to be optional + 17 December 2010 + Change of document title and namespace + 24 November 2010 + Initial Submission + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/mdx/schema/saml-schema-assertion-2.0.xsd b/mdx/schema/saml-schema-assertion-2.0.xsd new file mode 100644 index 00000000..2b2f7b80 --- /dev/null +++ b/mdx/schema/saml-schema-assertion-2.0.xsd @@ -0,0 +1,283 @@ + + + + + + + Document identifier: saml-schema-assertion-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V1.0 (November, 2002): + Initial Standard Schema. + V1.1 (September, 2003): + Updates within the same V1.0 namespace. + V2.0 (March, 2005): + New assertion schema for SAML V2.0 namespace. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/saml-schema-metadata-2.0.xsd b/mdx/schema/saml-schema-metadata-2.0.xsd new file mode 100644 index 00000000..b656d4f4 --- /dev/null +++ b/mdx/schema/saml-schema-metadata-2.0.xsd @@ -0,0 +1,337 @@ + + + + + + + + + Document identifier: saml-schema-metadata-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + Schema for SAML metadata, first published in SAML 2.0. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/shibboleth-metadata-1.0.xsd b/mdx/schema/shibboleth-metadata-1.0.xsd new file mode 100644 index 00000000..be1441dd --- /dev/null +++ b/mdx/schema/shibboleth-metadata-1.0.xsd @@ -0,0 +1,42 @@ + + + + + + + + + SAML metadata extension used to regulate allowable attribute scopes. + + + + + + + + + + + + + + + Binds keying authorities to the system entity/entities to which the enclosing + metadata element applies. + + + + + + + + + + + + diff --git a/mdx/schema/sstc-metadata-attr.xsd b/mdx/schema/sstc-metadata-attr.xsd new file mode 100644 index 00000000..5a445e21 --- /dev/null +++ b/mdx/schema/sstc-metadata-attr.xsd @@ -0,0 +1,25 @@ + + + + + + Document title: SAML V2.0 Metadata Extention for Entity Attributes Schema + Document identifier: sstc-metadata-attr.xsd + Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security + Revision history: + V1.0 (November 2008): + Initial version. + + + + + + + + + + + + + + \ No newline at end of file diff --git a/mdx/schema/sstc-request-initiation.xsd b/mdx/schema/sstc-request-initiation.xsd new file mode 100644 index 00000000..10318f15 --- /dev/null +++ b/mdx/schema/sstc-request-initiation.xsd @@ -0,0 +1,23 @@ + + + + Document identifier: sstc-request-initiation + Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security + Revision history: + V1.0 (March 2010): + Initial version. + + + + + + diff --git a/mdx/schema/sstc-saml-holder-of-key-browser-sso.xsd b/mdx/schema/sstc-saml-holder-of-key-browser-sso.xsd new file mode 100644 index 00000000..7860d029 --- /dev/null +++ b/mdx/schema/sstc-saml-holder-of-key-browser-sso.xsd @@ -0,0 +1,28 @@ + + + + + + + Document title: Schema for SAML V2.0 Holder-of-Key Web Browser SSO Profile + Document identifier: sstc-saml-holder-of-key-browser-sso.xsd + Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security + Revision history: + V1.2 (2 November 2008): + Renamed attribute from protocol to ProtocolBinding; targetNamespace changed in accordance with new conventions + V1.1 (6 August 2008): + string type changed to anyURI to match original SAML2Meta schema + V1.0 (4 August 2008): + Initial version. + + + + + + diff --git a/mdx/schema/sstc-saml-idp-discovery.xsd b/mdx/schema/sstc-saml-idp-discovery.xsd new file mode 100644 index 00000000..a2c03820 --- /dev/null +++ b/mdx/schema/sstc-saml-idp-discovery.xsd @@ -0,0 +1,22 @@ + + + + Document identifier: sstc-saml-idp-discovery + Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security + Revision history: + V1.0 (January 2007): + Initial version. + + + + + diff --git a/mdx/schema/sstc-saml-metadata-algsupport-v1.0.xsd b/mdx/schema/sstc-saml-metadata-algsupport-v1.0.xsd new file mode 100644 index 00000000..c4e0f58b --- /dev/null +++ b/mdx/schema/sstc-saml-metadata-algsupport-v1.0.xsd @@ -0,0 +1,54 @@ + + + + + + + + + Document title: Metadata Extension Schema for SAML V2.0 Metadata Profile for Algorithm Support Version 1.0 + Document identifier: sstc-saml-metadata-algsupport.xsd + Location: http://docs.oasis-open.org/security/saml/Post2.0/ + Revision history: + V1.0 (June 2010): + Initial version. + (October 2010): + Add processContents="lax" to wildcards. + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/sstc-saml-metadata-ui-v1.0.xsd b/mdx/schema/sstc-saml-metadata-ui-v1.0.xsd new file mode 100644 index 00000000..66a4a8ba --- /dev/null +++ b/mdx/schema/sstc-saml-metadata-ui-v1.0.xsd @@ -0,0 +1,96 @@ + + + + + + + + + Document title: Metadata Extension Schema for SAML V2.0 Metadata Extensions for Login and Discovery User Interface Version 1.0 + Document identifier: sstc-saml-metadata-ui-v1.0.xsd + Location: http://docs.oasis-open.org/security/saml/Post2.0/ + Revision history: + 01 November 2010 + Changed filename. + September 2010: + Initial version. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/uk-fed-label.xsd b/mdx/schema/uk-fed-label.xsd new file mode 100644 index 00000000..e35fd06d --- /dev/null +++ b/mdx/schema/uk-fed-label.xsd @@ -0,0 +1,127 @@ + + + + + + This schema describes the UK federation label namespace. + + For additional information, see the Federation Technical Specification. + + This version of the schema follows FTS edition 1.1 of 1-June-2007. + + + + + + + Most elements defined in the UK federation label namespace + are basic labels: empty elements whose presence or absence + is all that is important. + + + + + + + + + A datedLabel is like a basicLabel, but with a single + additional mandatory date attribute. + + + + + + + + + + + + + Indicates an entity whose owner is a member in good standing + of the UK federation. + + + + + + + + Indicates an identity provider entity whose owner has + asserted to the UK federation that the entity provides + user accountability in terms of the definition given + in section 6 of the federation's Rules of Membership. + + + + + + + + Indicates the software used to implement the entity, and + optionally both general and specific indications of the + version of software used. This information is added to + an entity only if it has been received from the deployer + of the entity on the indicated date. + + This information is used in entity fragment files only, + and is not included in the metadata published by the + UK federation. Its principal use is in classifying + entities for statistical purposes. + + + + + + + + + The name of the software used to implement the entity. + Although not described as such in this schema, the name + should be picked from the controlled vocabulary understood + by the federation statistics scripts. + + + + + + + + The general version of the software in use. This should + only be specific enough to identify the broad functionality + of the entity, for example "1.3" vs. "2.0" would be sufficient + for Shibboleth entities. + + + + + + + + The specific version of the software in use, if known. + + + + + + + + + + + + Indicates that the entity has been opted-in to inclusion in + the UK federation export aggregate. + + + + + \ No newline at end of file diff --git a/mdx/schema/ws-addr.xsd b/mdx/schema/ws-addr.xsd new file mode 100644 index 00000000..47362edb --- /dev/null +++ b/mdx/schema/ws-addr.xsd @@ -0,0 +1,137 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/ws-authorization.xsd b/mdx/schema/ws-authorization.xsd new file mode 100644 index 00000000..5b8ae986 --- /dev/null +++ b/mdx/schema/ws-authorization.xsd @@ -0,0 +1,145 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/mdx/schema/ws-federation.xsd b/mdx/schema/ws-federation.xsd new file mode 100644 index 00000000..f87059db --- /dev/null +++ b/mdx/schema/ws-federation.xsd @@ -0,0 +1,471 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/ws-securitypolicy-1.2.xsd b/mdx/schema/ws-securitypolicy-1.2.xsd new file mode 100644 index 00000000..0e562726 --- /dev/null +++ b/mdx/schema/ws-securitypolicy-1.2.xsd @@ -0,0 +1,1205 @@ + + + + + + + + + + + 4.1.1 SignedParts Assertion + + + + + + + 4.2.1 EncryptedParts Assertion + + + + + + + + + + + + + + + + + + + + + + + 4.1.2 SignedElements Assertion + + + + + + + 4.2.2 EncryptedElements Assertion + + + + + + + 4.3.1 RequiredElements Assertion + + + + + + + + + + + + + + + + + 5.1 Token Inclusion + + + + + + + + + + + + + + + + + + + + 5.4.1 UsernameToken Assertion + + + + + + + + + + + + + + + + + + + + 5.4.1 UsernameToken Assertion + + + + + + + 5.4.1 UsernameToken Assertion + + + + + + + 5.4.1 UsernameToken Assertion + + + + + + + 5.4.1 UsernameToken Assertion + + + + + + + + + + + + + + + 5.4.2 IssuedToken Assertion + + + + + + + + + + + + + + + + + + + + + + + + + + + + 5.4.2 IssuedToken Assertion + + + + + + + 5.4.2 IssuedToken Assertion + + + + + + + 5.4.2 IssuedToken Assertion + + + + + + + 5.4.2 IssuedToken Assertion + + + + + + + 5.4.2 IssuedToken Assertion + + + + + + + + 5.4.3 X509Token Assertion + + + + + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + + 5.4.4 KerberosToken Assertion + + + + + + + + + + + + 5.4.4 KerberosToken Assertion + + + + + + + 5.4.4 KerberosToken Assertion + + + + + + + + 5.4.5 SpnegoContextToken Assertion + + + + + + + + + + + + + + + + + + + + + + 5.4.5 SpnegoContextToken Assertion + + + + + + + 5.4.5 SpnegoContextToken Assertion + + + + + + + 5.4.5 SpnegoContextToken Assertion + + + + + + + + 5.4.6 SecurityContextToken Assertion + + + + + + + + + + + 5.4.6 SecurityContextToken Assertion + + + + + + + 5.4.6 SecurityContextToken Assertion + + + + + + + + 5.4.7 SecureConversationToken Assertion + + + + + + + + + + + + + + + + + + + + + + + + + + + + 5.4.7 SecureConversationToken Assertion + + + + + + + + 5.4.8 SamlToken Assertion + + + + + + + + + + + + 5.4.8 SamlToken Assertion + + + + + + + 5.4.8 SamlToken Assertion + + + + + + + 5.4.8 SamlToken Assertion + + + + + + + + 5.4.9 RelToken Assertion + + + + + + + + + + + + 5.4.9 RelToken Assertion + + + + + + + 5.4.9 RelToken Assertion + + + + + + + 5.4.9 RelToken Assertion + + + + + + + 5.4.9 RelToken Assertion + + + + + + + + 5.4.10 HttpsToken Assertion + + + + + + + 5.4.10 HttpsToken Assertion + + + + + + + 5.4.10 HttpsToken Assertion + + + + + + + 5.4.10 HttpsToken Assertion + + + + + + + + 5.4.11 KeyValueToken Assertion + + + + + + + + + + + + + + + 5.4.11 KeyValueToken Assertion + + + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + + 7.2 Layout Assertion + + + + + + + + 7.2 Layout Assertion + + + + + + + 7.2 Layout Assertion + + + + + + + 7.2 Layout Assertion + + + + + + + 7.2 Layout Assertion + + + + + + + + 7.3 TransportBinding Assertion + + + + + + + + 7.3 TransportBinding Assertion + + + + + + + + + + 7.3 TransportBinding Assertion + + + + + + + + 7.4 SymmetricBinding Assertion + + + + + + + 7.4 SymmetricBinding Assertion + + + + + + + 8=7.4 SymmetricBinding Assertion + + + + + + + 7.4 SymmetricBinding Assertion + + + + + + + + + + + 7.4 SymmetricBinding Assertion + + + + + + + 7.4 SymmetricBinding Assertion + + + + + + + 7.4 SymmetricBinding Assertion + + + + + + + 7.4 SymmetricBinding Assertion + + + + + + + + 7.5 AsymmetricBinding Assertion + + + + + + + + 7.5 AsymmetricBinding Assertion + + + + + + + + 7.5 AsymmetricBinding Assertion + + + + + + + + 7.5 AsymmetricBinding Assertion + + + + + + + + 7.5 AsymmetricBinding Assertion + + + + + + + + 7.5 AsymmetricBinding Assertion + + + + + + + + 7.5 AsymmetricBinding Assertion + + + + + + + + + + + + + + + + 8.1 SupportingTokens Assertion + + + + + + + + + + + + + 8.2 SignedSupportingTokens Assertion + + + + + + + + + + + + + 8.3 EndorsingSupportingTokens Assertion + + + + + + + + + + + + + 8.4 SignedEndorsingSupportingTokens Assertion + + + + + + + + + + + + + 8.5 SignedEncryptedSupportingTokens Assertion + + + + + + + + + + + + + 8.6 EncryptedSupportingTokens Assertion + + + + + + + + + + + + + 8.7 EndorsingEncryptedSupportingTokens Assertion + + + + + + + + + + + + + 8.8 SignedEndorsingEncryptedSupportingTokens Assertion + + + + + + + + + + + + + + 9.1 Wss10 Assertion + + + + + + + + 9.1 Wss10 Assertion + + + + + + + 9.1 Wss10 Assertion + + + + + + + 9.1 Wss10 Assertion + + + + + + + 9.1 Wss10 Assertion + + + + + + + + 9.2 Wss11 Assertion + + + + + + + + + + + + 9.2 Wss11 Assertion + + + + + + + 9.2 Wss11 Assertion + + + + + + + 9.2 Wss11 Assertion + + + + + + + + + 10.1 Trust13 Assertion + + + + + + + + 10.1 Trust13 Assertion + + + + + + + 10.1 Trust13 Assertion + + + + + + + 10.1 Trust13 Assertion + + + + + + + 10.1 Trust13 Assertion + + + + + + + 10.1 Trust13 Assertion + + + + + + + 10.1 Trust13 Assertion + + + + + + + 10.1 Trust13 Assertion + + + + + \ No newline at end of file diff --git a/mdx/schema/xenc-schema-11.xsd b/mdx/schema/xenc-schema-11.xsd new file mode 100644 index 00000000..1abb6437 --- /dev/null +++ b/mdx/schema/xenc-schema-11.xsd @@ -0,0 +1,107 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/xenc-schema.xsd b/mdx/schema/xenc-schema.xsd new file mode 100644 index 00000000..cdfc8333 --- /dev/null +++ b/mdx/schema/xenc-schema.xsd @@ -0,0 +1,171 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/xml.xsd b/mdx/schema/xml.xsd new file mode 100644 index 00000000..38bba34d --- /dev/null +++ b/mdx/schema/xml.xsd @@ -0,0 +1,80 @@ + + + + + + See http://www.w3.org/XML/1998/namespace.html and + http://www.w3.org/TR/REC-xml for information about this namespace. + + + + + This schema defines attributes and an attribute group + suitable for use by + schemas wishing to allow xml:base, xml:lang or xml:space attributes + on elements they define. + + To enable this, such a schema must import this schema + for the XML namespace, e.g. as follows: + <schema . . .> + . . . + <import namespace="http://www.w3.org/XML/1998/namespace" + schemaLocation="http://www.w3.org/2001/03/xml.xsd"/> + + Subsequently, qualified reference to any of the attributes + or the group defined below will have the desired effect, e.g. + + <type . . .> + . . . + <attributeGroup ref="xml:specialAttrs"/> + + will define a type which will schema-validate an instance + element with any of those attributes + + + + In keeping with the XML Schema WG's standard versioning + policy, this schema document will persist at + http://www.w3.org/2001/03/xml.xsd. + At the date of issue it can also be found at + http://www.w3.org/2001/xml.xsd. + The schema document at that URI may however change in the future, + in order to remain compatible with the latest version of XML Schema + itself. In other words, if the XML Schema namespace changes, the version + of this document at + http://www.w3.org/2001/xml.xsd will change + accordingly; the version at + http://www.w3.org/2001/03/xml.xsd will not change. + + + + + + In due course, we should install the relevant ISO 2- and 3-letter + codes as the enumerated possible values . . . + + + + + + + + + + + + + + + See http://www.w3.org/TR/xmlbase/ for + information about this attribute. + + + + + + + + + + diff --git a/mdx/schema/xmldsig-core-schema.xsd b/mdx/schema/xmldsig-core-schema.xsd new file mode 100644 index 00000000..07aad278 --- /dev/null +++ b/mdx/schema/xmldsig-core-schema.xsd @@ -0,0 +1,308 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/xmldsig11-schema.xsd b/mdx/schema/xmldsig11-schema.xsd new file mode 100644 index 00000000..f03643a3 --- /dev/null +++ b/mdx/schema/xmldsig11-schema.xsd @@ -0,0 +1,144 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 0162fca53905429fcfe5acd2a2ab7a35f2800988 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Fri, 30 May 2014 15:09:30 +0000 Subject: [PATCH 14/33] Use parent beans to simplify declaring Shibboleth spring-extensions factory beans. --- mdx/at_aconet/beans.xml | 2 +- mdx/au_aaf/beans.xml | 2 +- mdx/be_belnet/beans.xml | 2 +- mdx/br_cafe/beans.xml | 2 +- mdx/ca_caf/beans.xml | 4 ++-- mdx/ch_switchaai/beans.xml | 4 ++-- mdx/cl_cofre/beans.xml | 2 +- mdx/common-beans.xml | 14 ++++++++++++++ mdx/cz_eduid/beans.xml | 2 +- mdx/de_dfnaai/beans.xml | 2 +- mdx/dk_wayf/beans.xml | 2 +- mdx/es_sir/beans.xml | 2 +- mdx/fi_haka/beans.xml | 4 ++-- mdx/fr_renater/beans.xml | 4 ++-- mdx/gr_grnet/beans.xml | 2 +- mdx/hr_eduhr/beans.xml | 2 +- mdx/hu_eduid/beans.xml | 2 +- mdx/ie_edugate/beans.xml | 2 +- mdx/int_cobweb/beans.xml | 2 +- mdx/int_edugain/beans.xml | 2 +- mdx/it_idem/beans.xml | 2 +- mdx/jp_gakunin/beans.xml | 2 +- mdx/lv_laife/beans.xml | 2 +- mdx/nl_surfconext/beans.xml | 2 +- mdx/nl_surfnet/beans.xml | 2 +- mdx/no_feide/beans.xml | 2 +- mdx/nz_tuakiri/beans.xml | 2 +- mdx/pl_pionier/beans.xml | 4 ++-- mdx/se_swamid/beans.xml | 2 +- mdx/si_arnes/beans.xml | 2 +- mdx/uk/beans.xml | 2 +- mdx/uk_eduserv/beans.xml | 2 +- mdx/us_incommon/beans.xml | 2 +- 33 files changed, 51 insertions(+), 37 deletions(-) diff --git a/mdx/at_aconet/beans.xml b/mdx/at_aconet/beans.xml index e0bf7b64..5f8c9f5c 100644 --- a/mdx/at_aconet/beans.xml +++ b/mdx/at_aconet/beans.xml @@ -53,7 +53,7 @@ - + diff --git a/mdx/au_aaf/beans.xml b/mdx/au_aaf/beans.xml index 9b8c9027..d4f96cbc 100644 --- a/mdx/au_aaf/beans.xml +++ b/mdx/au_aaf/beans.xml @@ -28,7 +28,7 @@ - + diff --git a/mdx/be_belnet/beans.xml b/mdx/be_belnet/beans.xml index 0770259e..d1a01ddc 100644 --- a/mdx/be_belnet/beans.xml +++ b/mdx/be_belnet/beans.xml @@ -51,7 +51,7 @@ - + diff --git a/mdx/br_cafe/beans.xml b/mdx/br_cafe/beans.xml index 0d00e8da..ff752e9b 100644 --- a/mdx/br_cafe/beans.xml +++ b/mdx/br_cafe/beans.xml @@ -51,7 +51,7 @@ - + diff --git a/mdx/ca_caf/beans.xml b/mdx/ca_caf/beans.xml index e9b6a659..762b6185 100644 --- a/mdx/ca_caf/beans.xml +++ b/mdx/ca_caf/beans.xml @@ -53,7 +53,7 @@ This one is used to sign the eduGAIN aggregate. --> - + @@ -74,7 +74,7 @@ This one is used to sign the production aggregate. --> - + diff --git a/mdx/ch_switchaai/beans.xml b/mdx/ch_switchaai/beans.xml index c1a3099a..1018fbb6 100644 --- a/mdx/ch_switchaai/beans.xml +++ b/mdx/ch_switchaai/beans.xml @@ -51,7 +51,7 @@ - + @@ -62,7 +62,7 @@ - + diff --git a/mdx/cl_cofre/beans.xml b/mdx/cl_cofre/beans.xml index dbac3d67..6d2d9bf1 100644 --- a/mdx/cl_cofre/beans.xml +++ b/mdx/cl_cofre/beans.xml @@ -36,7 +36,7 @@ - + diff --git a/mdx/common-beans.xml b/mdx/common-beans.xml index 169ea99c..3a46e2b9 100644 --- a/mdx/common-beans.xml +++ b/mdx/common-beans.xml @@ -218,6 +218,20 @@ + + + + + + + + + + - + diff --git a/mdx/de_dfnaai/beans.xml b/mdx/de_dfnaai/beans.xml index 3a2aa126..b41be534 100644 --- a/mdx/de_dfnaai/beans.xml +++ b/mdx/de_dfnaai/beans.xml @@ -51,7 +51,7 @@ - + diff --git a/mdx/dk_wayf/beans.xml b/mdx/dk_wayf/beans.xml index f48d060f..bbc9b5b9 100644 --- a/mdx/dk_wayf/beans.xml +++ b/mdx/dk_wayf/beans.xml @@ -111,7 +111,7 @@ This one is used to sign the eduGAIN aggregate. --> - + diff --git a/mdx/es_sir/beans.xml b/mdx/es_sir/beans.xml index 7e81b926..d9224f60 100644 --- a/mdx/es_sir/beans.xml +++ b/mdx/es_sir/beans.xml @@ -51,7 +51,7 @@ - + diff --git a/mdx/fi_haka/beans.xml b/mdx/fi_haka/beans.xml index 897ca7f2..65f304c5 100644 --- a/mdx/fi_haka/beans.xml +++ b/mdx/fi_haka/beans.xml @@ -51,7 +51,7 @@ - + @@ -71,7 +71,7 @@ - + diff --git a/mdx/fr_renater/beans.xml b/mdx/fr_renater/beans.xml index e7c4fa06..c44d5609 100644 --- a/mdx/fr_renater/beans.xml +++ b/mdx/fr_renater/beans.xml @@ -67,7 +67,7 @@ - + @@ -87,7 +87,7 @@ - + diff --git a/mdx/gr_grnet/beans.xml b/mdx/gr_grnet/beans.xml index a207f23f..ffafabdc 100644 --- a/mdx/gr_grnet/beans.xml +++ b/mdx/gr_grnet/beans.xml @@ -51,7 +51,7 @@ - + diff --git a/mdx/hr_eduhr/beans.xml b/mdx/hr_eduhr/beans.xml index ef923582..1e7475c6 100644 --- a/mdx/hr_eduhr/beans.xml +++ b/mdx/hr_eduhr/beans.xml @@ -35,7 +35,7 @@ - + diff --git a/mdx/hu_eduid/beans.xml b/mdx/hu_eduid/beans.xml index b94fcb34..c41a043f 100644 --- a/mdx/hu_eduid/beans.xml +++ b/mdx/hu_eduid/beans.xml @@ -51,7 +51,7 @@ - + diff --git a/mdx/ie_edugate/beans.xml b/mdx/ie_edugate/beans.xml index c548b94c..035a8b76 100644 --- a/mdx/ie_edugate/beans.xml +++ b/mdx/ie_edugate/beans.xml @@ -41,7 +41,7 @@ - + diff --git a/mdx/int_cobweb/beans.xml b/mdx/int_cobweb/beans.xml index 063fb9a7..b8172aab 100644 --- a/mdx/int_cobweb/beans.xml +++ b/mdx/int_cobweb/beans.xml @@ -35,7 +35,7 @@ - + diff --git a/mdx/int_edugain/beans.xml b/mdx/int_edugain/beans.xml index 044ecb99..40d74f99 100644 --- a/mdx/int_edugain/beans.xml +++ b/mdx/int_edugain/beans.xml @@ -64,7 +64,7 @@ - + diff --git a/mdx/it_idem/beans.xml b/mdx/it_idem/beans.xml index 5ba7a3b5..8c525b66 100644 --- a/mdx/it_idem/beans.xml +++ b/mdx/it_idem/beans.xml @@ -51,7 +51,7 @@ - + diff --git a/mdx/jp_gakunin/beans.xml b/mdx/jp_gakunin/beans.xml index 4baf5226..40bad0a2 100644 --- a/mdx/jp_gakunin/beans.xml +++ b/mdx/jp_gakunin/beans.xml @@ -28,7 +28,7 @@ - + diff --git a/mdx/lv_laife/beans.xml b/mdx/lv_laife/beans.xml index 68764bd7..3226c03d 100644 --- a/mdx/lv_laife/beans.xml +++ b/mdx/lv_laife/beans.xml @@ -54,7 +54,7 @@ This certificate is used to sign the eduGAIN aggregate, but the production aggregate is not signed. --> - + diff --git a/mdx/nl_surfconext/beans.xml b/mdx/nl_surfconext/beans.xml index 58a823f0..24ad1cb5 100644 --- a/mdx/nl_surfconext/beans.xml +++ b/mdx/nl_surfconext/beans.xml @@ -23,7 +23,7 @@ - + diff --git a/mdx/nl_surfnet/beans.xml b/mdx/nl_surfnet/beans.xml index 624fc764..eb884ac4 100644 --- a/mdx/nl_surfnet/beans.xml +++ b/mdx/nl_surfnet/beans.xml @@ -35,7 +35,7 @@ - + diff --git a/mdx/no_feide/beans.xml b/mdx/no_feide/beans.xml index 9e83f6aa..82ba1d71 100644 --- a/mdx/no_feide/beans.xml +++ b/mdx/no_feide/beans.xml @@ -65,7 +65,7 @@ - + diff --git a/mdx/nz_tuakiri/beans.xml b/mdx/nz_tuakiri/beans.xml index 3895e862..c00547cc 100644 --- a/mdx/nz_tuakiri/beans.xml +++ b/mdx/nz_tuakiri/beans.xml @@ -28,7 +28,7 @@ - + diff --git a/mdx/pl_pionier/beans.xml b/mdx/pl_pionier/beans.xml index efd06e73..288555bf 100644 --- a/mdx/pl_pionier/beans.xml +++ b/mdx/pl_pionier/beans.xml @@ -53,7 +53,7 @@ - + @@ -64,7 +64,7 @@ - + diff --git a/mdx/se_swamid/beans.xml b/mdx/se_swamid/beans.xml index d8dc8e1c..4a021eca 100644 --- a/mdx/se_swamid/beans.xml +++ b/mdx/se_swamid/beans.xml @@ -57,7 +57,7 @@ - + diff --git a/mdx/si_arnes/beans.xml b/mdx/si_arnes/beans.xml index e2e3f454..4c1ab547 100644 --- a/mdx/si_arnes/beans.xml +++ b/mdx/si_arnes/beans.xml @@ -28,7 +28,7 @@ - + diff --git a/mdx/uk/beans.xml b/mdx/uk/beans.xml index 32c7c0f5..09b2308f 100644 --- a/mdx/uk/beans.xml +++ b/mdx/uk/beans.xml @@ -71,7 +71,7 @@ - + diff --git a/mdx/uk_eduserv/beans.xml b/mdx/uk_eduserv/beans.xml index 6820ba16..7d8e7699 100644 --- a/mdx/uk_eduserv/beans.xml +++ b/mdx/uk_eduserv/beans.xml @@ -28,7 +28,7 @@ - + diff --git a/mdx/us_incommon/beans.xml b/mdx/us_incommon/beans.xml index 367b50cf..f81f4ee2 100644 --- a/mdx/us_incommon/beans.xml +++ b/mdx/us_incommon/beans.xml @@ -44,7 +44,7 @@ - + From dbf5ad055c8321ed3d25f84a7a4bc81feda4d6f2 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Sat, 31 May 2014 09:19:38 +0000 Subject: [PATCH 15/33] Component beans should be destroyed when we're finished with them. --- mdx/common-beans.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mdx/common-beans.xml b/mdx/common-beans.xml index 3a46e2b9..bde6b908 100644 --- a/mdx/common-beans.xml +++ b/mdx/common-beans.xml @@ -53,7 +53,8 @@ Parent for anything based on the Shibboleth component system. These all require initialization before use. --> - + @@ -293,11 +297,6 @@ Verifying @{i}... - - - + + + + Verifying @{i}... + + + + + + + + + + + + + + Verifying metadata held at ${remote.url} - - - + + + - + Verification completed. @@ -762,9 +792,12 @@ - + Verifying signed UK metadata. - + Verifying signed UK WAYF metadata. - + Verifying signed UK CDS full metadata. - + Verifying signed UK test metadata. - + Verifying signed UK export metadata. - + Verifying signed UK fallback metadata. - + Verification completed. From d4055be62d28fbff1143f31a7b3f0a8e1f592c45 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Tue, 3 Jun 2014 09:42:52 +0000 Subject: [PATCH 17/33] Hoist saml, mdattr and alg namespace prefixes in export aggregate. --- mdx/uk/ns_norm_export.xsl | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/mdx/uk/ns_norm_export.xsl b/mdx/uk/ns_norm_export.xsl index 64b3f559..1a17a160 100644 --- a/mdx/uk/ns_norm_export.xsl +++ b/mdx/uk/ns_norm_export.xsl @@ -38,7 +38,7 @@ xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label" xmlns:wayf="http://sdss.ac.uk/2006/06/WAYF" - exclude-result-prefixes="alg md mdattr saml ukfedlabel wayf" + exclude-result-prefixes="md ukfedlabel wayf" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> @@ -92,25 +92,4 @@ - - - - - - - - - - - From dee0b84fe1c3ffdf58cefd6915dae8dd10ba9111 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Tue, 3 Jun 2014 10:59:16 +0000 Subject: [PATCH 18/33] Add an echoproperties target to help in debugging the Windows version. --- build.xml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/build.xml b/build.xml index 616b5d6e..a9da11c3 100644 --- a/build.xml +++ b/build.xml @@ -1377,4 +1377,13 @@ Check complete. + + + + + \ No newline at end of file From 40de9d5153dd8dc1f13702e8fc57848f5bc59949 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Tue, 3 Jun 2014 14:33:04 +0000 Subject: [PATCH 19/33] Set explicit encoding in fixcrlf so that we're not dependent on the system default encoding. The system default encoding is variable, particularly on Windows, and using it for fixcrlf can cause corruption of UTF-8 multi-byte character encodings. --- build.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build.xml b/build.xml index a9da11c3..d4b272fb 100644 --- a/build.xml +++ b/build.xml @@ -428,7 +428,7 @@ - + Generated UK unsigned metadata. @@ -658,7 +658,7 @@ - + @@ -851,7 +851,7 @@ Imported metadata to ${entities.dir}/imported.xml - + - + + + + + + + + + + + From 6487773c74389461c7ebfad0b62952643dd6c13b Mon Sep 17 00:00:00 2001 From: Ian Young Date: Thu, 5 Jun 2014 10:16:23 +0000 Subject: [PATCH 21/33] Cope with future name change to Dom(DOM)DocumentFactoryBean. --- mdx/common-beans.xml | 4 ++++ mdx/uk/beans.xml | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/mdx/common-beans.xml b/mdx/common-beans.xml index bde6b908..074aa665 100644 --- a/mdx/common-beans.xml +++ b/mdx/common-beans.xml @@ -221,6 +221,10 @@ + + + diff --git a/mdx/uk/beans.xml b/mdx/uk/beans.xml index 09b2308f..e159b7e6 100644 --- a/mdx/uk/beans.xml +++ b/mdx/uk/beans.xml @@ -179,7 +179,7 @@ This bean contains the contents of the members.xml file as a DOM Document. --> - + @@ -322,7 +322,7 @@ This bean contains the contents of the trust roots file as a DOM Document. --> - + From 4d2a00ca0450940b3c849a850d4766e5c8292e56 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Thu, 12 Jun 2014 10:15:00 +0000 Subject: [PATCH 22/33] Use /usr/bin/env to find perl so that we always get the default one. --- charting/fetch.pl | 2 +- charting/saml2.pl | 2 +- charting/scopes.pl | 2 +- charting/sizes.pl | 2 +- charting/trust.pl | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charting/fetch.pl b/charting/fetch.pl index f43803ef..eb50eb40 100755 --- a/charting/fetch.pl +++ b/charting/fetch.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl -w # # fetch.pl diff --git a/charting/saml2.pl b/charting/saml2.pl index c5ba8b28..a0ccde17 100755 --- a/charting/saml2.pl +++ b/charting/saml2.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl -w # # saml2.pl diff --git a/charting/scopes.pl b/charting/scopes.pl index 3e1a151d..87de05aa 100755 --- a/charting/scopes.pl +++ b/charting/scopes.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl -w # # scopes.pl diff --git a/charting/sizes.pl b/charting/sizes.pl index 0efab7f2..0191da03 100755 --- a/charting/sizes.pl +++ b/charting/sizes.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl -w # # sizes.pl diff --git a/charting/trust.pl b/charting/trust.pl index 5f5a74eb..b5a70f1e 100755 --- a/charting/trust.pl +++ b/charting/trust.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl -w # # trust.pl From 48e602a19af5f92f2fef9498a48c725ea24632cd Mon Sep 17 00:00:00 2001 From: Ian Young Date: Mon, 23 Jun 2014 10:19:44 +0000 Subject: [PATCH 23/33] Add registrationAuthority value for IL federation. --- mdx/common-beans.xml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/mdx/common-beans.xml b/mdx/common-beans.xml index 074aa665..d427bd11 100644 --- a/mdx/common-beans.xml +++ b/mdx/common-beans.xml @@ -427,6 +427,7 @@ Federation registrationAuthority URIs. --> + - - - + + + From 74b44c65726a085008304689694f2891e207a178 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Mon, 23 Jun 2014 10:45:07 +0000 Subject: [PATCH 24/33] Correct name of IL federation. --- mdx/common-beans.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mdx/common-beans.xml b/mdx/common-beans.xml index d427bd11..31b300e1 100644 --- a/mdx/common-beans.xml +++ b/mdx/common-beans.xml @@ -427,7 +427,7 @@ Federation registrationAuthority URIs. --> - + - + From eb2d516a8c5ceb368864a1bae9a793e4a52ef89d Mon Sep 17 00:00:00 2001 From: Ian Young Date: Wed, 25 Jun 2014 15:21:16 +0000 Subject: [PATCH 25/33] Remove trust fabric statistics and markers, now that everything is direct key only. --- mdx/uk/statistics.xsl | 119 ++---------------------------------------- 1 file changed, 3 insertions(+), 116 deletions(-) diff --git a/mdx/uk/statistics.xsl b/mdx/uk/statistics.xsl index e2137efa..195941e2 100644 --- a/mdx/uk/statistics.xsl +++ b/mdx/uk/statistics.xsl @@ -485,26 +485,6 @@

    - - - -
  • -

    - - () - - - has - - - have - - - legacy "example" OrganizationURL elements. -

    -
    • -     - @@ -571,9 +551,6 @@ - - - @@ -739,9 +716,6 @@ - - - @@ -962,9 +936,6 @@ - - - @@ -986,7 +957,7 @@

    This section is intended to be largely self-explanatory. Any items in [...] brackets give additional information about the entity: - its type, the trust engine, etc. + its type, the software used, etc.

      @@ -1368,15 +1339,6 @@ [IdP] [H] [SP] - - - [DK - +PKIX - ] - - - [PKIX] - @@ -1627,48 +1589,6 @@ - - - - - - - - - - - - - -

      Trust models:

      -
        -
      • -

        - Hybrid (PKIX and direct key): - - () -

        -
        • -
      • -

        - Direct key only: - - () -

        -
        • -
      - -       @@ -2028,41 +1948,8 @@

      KeyDescriptor elements: - ( per entity), - of which:

      -
        -
      • - With embedded keys: - - - - -
        • -
      • - With only embedded keys: - - - - -
        • -
      • - With KeyName: - - - - -
        • -
      - - - - - - - - ( - - ) + ( per entity). +

      \ No newline at end of file From 93231ca77052a6297ad684d16789c060816d6a29 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Wed, 25 Jun 2014 15:46:01 +0000 Subject: [PATCH 26/33] Correct a typo in a comment. --- mdx/uk/fixup_keyuse.xsl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdx/uk/fixup_keyuse.xsl b/mdx/uk/fixup_keyuse.xsl index 04afcc7c..126069b6 100644 --- a/mdx/uk/fixup_keyuse.xsl +++ b/mdx/uk/fixup_keyuse.xsl @@ -16,7 +16,7 @@ From 09862da6ddc1e821d761fec82977b3943d5d3051 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Wed, 25 Jun 2014 16:55:37 +0000 Subject: [PATCH 28/33] Promote no-KeyName in SP rule and make it apply to all entities. This now appears in the latest draft of FTS 1.5. --- mdx/_rules/check_future_0.xsl | 6 ------ mdx/_rules/check_uk_trust.xsl | 11 +++++++++++ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/mdx/_rules/check_future_0.xsl b/mdx/_rules/check_future_0.xsl index aef9a141..fe932075 100644 --- a/mdx/_rules/check_future_0.xsl +++ b/mdx/_rules/check_future_0.xsl @@ -30,10 +30,4 @@ --> - - - service provider with KeyName element - - - diff --git a/mdx/_rules/check_uk_trust.xsl b/mdx/_rules/check_uk_trust.xsl index 378c3a30..6db92755 100644 --- a/mdx/_rules/check_uk_trust.xsl +++ b/mdx/_rules/check_uk_trust.xsl @@ -104,4 +104,15 @@ + + + + entity has legacy KeyName element + + + From 752837d38731c48688c823d7e161f7c6976d30cd Mon Sep 17 00:00:00 2001 From: Ian Young Date: Wed, 25 Jun 2014 17:07:42 +0000 Subject: [PATCH 29/33] Remove now-redundant check for no KeyName in exported entities. --- mdx/uk/beans.xml | 14 ------------ mdx/uk/check_uk_expkeyname.xsl | 41 ---------------------------------- 2 files changed, 55 deletions(-) delete mode 100644 mdx/uk/check_uk_expkeyname.xsl diff --git a/mdx/uk/beans.xml b/mdx/uk/beans.xml index e159b7e6..bd9cfab4 100644 --- a/mdx/uk/beans.xml +++ b/mdx/uk/beans.xml @@ -252,19 +252,6 @@ - - - - - - - - - - @@ -439,7 +426,6 @@ - diff --git a/mdx/uk/check_uk_expkeyname.xsl b/mdx/uk/check_uk_expkeyname.xsl deleted file mode 100644 index ad9258d1..00000000 --- a/mdx/uk/check_uk_expkeyname.xsl +++ /dev/null @@ -1,41 +0,0 @@ - - - - - - - - - - - - - exported entity must not have a KeyName - - - - - From b41f74beb39d79de6f6af3434c48c68037845c34 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Wed, 25 Jun 2014 17:16:12 +0000 Subject: [PATCH 30/33] Remove trust roots from test aggregate. --- mdx/uk/generate.xml | 1 - 1 file changed, 1 deletion(-) diff --git a/mdx/uk/generate.xml b/mdx/uk/generate.xml index 450d1630..a06008ad 100644 --- a/mdx/uk/generate.xml +++ b/mdx/uk/generate.xml @@ -608,7 +608,6 @@ - From 474d60e31445cb449f1cb7c3b81866f0d453d064 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Mon, 30 Jun 2014 14:24:22 +0000 Subject: [PATCH 31/33] Move to static eduGAIN endpoint signed with SHA-256. --- mdx/int_edugain/beans.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mdx/int_edugain/beans.xml b/mdx/int_edugain/beans.xml index 40d74f99..59a2cbd7 100644 --- a/mdx/int_edugain/beans.xml +++ b/mdx/int_edugain/beans.xml @@ -28,7 +28,7 @@ --> - + @@ -75,7 +75,7 @@ - From 46a857b7d2f98585cec537e4667874256508f5d5 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Tue, 1 Jul 2014 12:29:15 +0000 Subject: [PATCH 32/33] Don't need this script any more, but we might want to make use of parts of it one day. --- {charting => attic}/keynames.pl | 0 {charting => attic}/keynames_inner.pl | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename {charting => attic}/keynames.pl (100%) rename {charting => attic}/keynames_inner.pl (100%) diff --git a/charting/keynames.pl b/attic/keynames.pl similarity index 100% rename from charting/keynames.pl rename to attic/keynames.pl diff --git a/charting/keynames_inner.pl b/attic/keynames_inner.pl similarity index 100% rename from charting/keynames_inner.pl rename to attic/keynames_inner.pl From 64dbe88ee962a4504837fcdc8c23e3d575e24638 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Thu, 3 Jul 2014 10:32:15 +0000 Subject: [PATCH 33/33] Clarify a couple of error messages. --- mdx/_rules/check_reqattr.xsl | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/mdx/_rules/check_reqattr.xsl b/mdx/_rules/check_reqattr.xsl index 19c3bb27..6840a020 100644 --- a/mdx/_rules/check_reqattr.xsl +++ b/mdx/_rules/check_reqattr.xsl @@ -233,14 +233,15 @@ "> - RequestedAttribute uses OID name - - with SAML 1.x NameFormat: should use urn:mace name or SAML 2.0 NameFormat + RequestedAttribute ( ) + uses OID name + + with SAML 1.x NameFormat: should use urn:mace name or SAML 2.0 NameFormat @@ -289,14 +290,15 @@ "> - RequestedAttribute uses OID name - - with SAML 1.x NameFormat: should use urn:mace name or SAML 2.0 NameFormat + RequestedAttribute ( ) + uses OID name + + with SAML 1.x NameFormat: should use urn:mace name or SAML 2.0 NameFormat