-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Example organization AAI services: Terms of Use (ToU)
\ - A. Data Protection Sample Clause \ -\ - "The End User notes that personal data about the End User is compiled from generally \ - available sources and from communications received from the End User and other \ - Universities as well as from off-site sources. The policy relating to the use and procession \ - of such data is posted on the University website at [...]. Such data will be used, inter alia, \ - to authenticate and authorize the access to and use of various resources within \ - the University and on other sites ("Approved Uses"). The End User hereby consents to \ - the collection, processing, use and release of such data to the extent reasonably necessary \ - for the Approved Uses. Such consent includes, but is not limited to, the release \ - of personal data to other institutions by employing cookies and electronically exchanging, \ - caching and storing personal authorization attributes." \ -
\ - B. Limitation of Liability \ -\ - "To the extent permitted by the applicable law, the End User hereby waives all and any \ - claims for cost and damages, whether direct or indirect, incidental, or consequential(including, \ - inter alia, loss of use and lost profits), both in contract and in tort, arising from \ - the use or in any way related to the inter-organizational authentication and authorization \ - services which allow the End User to access certain resources of other organizations. \ - This waiver of claims shall be valid and effective in relation to all participants of \ - the inter-organizational authentication and authorization services including the AAI \ - Service Provider and its affiliates, officers, employees and agents." \ -
- -# Messages related to attribute release consent. - -idp.attribute-release.revoke = Clear prior granting of permission for release of your information to this service. - -idp.attribute-release.title = Information Release - -idp.attribute-release.attributesHeader = Information to be Provided to Service - -idp.attribute-release.serviceNameLabel = You are about to access the service: -idp.attribute-release.of = of -idp.attribute-release.serviceDescriptionLabel = Description as provided by this service: - -idp.attribute-release.informationURLLabel = Additional information about the service -idp.attribute-release.privacyStatementURLLabel = Data privacy information of the service - -idp.attribute-release.showDetails = show details - -idp.attribute-release.accept = Accept -idp.attribute-release.reject = Reject - -idp.attribute-release.confirmationQuestion = The information above would be shared with the service if you proceed. \ - Do you agree to release this information to the service every time you access it? - -idp.attribute-release.consentMethod = Select an information release consent duration: -idp.attribute-release.consentMethodRevoke = This setting can be revoked at any time with the checkbox on the login page. - -idp.attribute-release.doNotRememberConsent = Ask me again at next login -idp.attribute-release.doNotRememberConsentItem = I agree to send my information this time. - -idp.attribute-release.rememberConsent = Ask me again if information to be provided to this service changes -idp.attribute-release.rememberConsentItem = I agree that the same information will be sent automatically to this service in the future. - -idp.attribute-release.globalConsent = Do not ask me again -idp.attribute-release.globalConsentItem = I agree that all of my information will be released to any service. - - -# Title / Message mappings for error view - -# General strings -idp.title = Web Login Service -idp.title.suffix = Error -idp.logo = /images/dummylogo.png -idp.logo.alt-text = Replace or remove this logo -idp.message = An unidentified error occurred. -idp.footer = Insert your footer text here. - -idp.client-storage-read.title = Loading Session State... -idp.client-storage-write.title = Saving Session State... -idp.client-storage.no-js = Since your browser does not support JavaScript, \ - you must press the Continue button once to proceed. - -# Event to error key mappings - -AccessDenied = access -ContextCheckDenied = context-check-denied -EndpointResolutionFailed = endpoint -InvalidProfileConfiguration = relying-party -InvalidSecurityConfiguration = security-cfg -MessageAuthenticationError = security-msg -MessageReplay = stale -MessageExpired = stale -UnableToDecode = stale -AccountError = authn -AuthenticationException = authn -InvalidCredentials = authn -NoCredentials = authn -NoPotentialFlow = authn -RequestUnsupported = authn -SubjectCanonicalizationError = authn -InvalidAttributeContext = unexpected -InvalidAuthenticationContext = unexpected -InvalidSubjectContext = unexpected -InvalidSubjectCanonicalizationContext = unexpected -InvalidMessageContext = unexpected -InvalidMessageVersion = unexpected -InvalidProfileContext = unexpected -InvalidRelyingPartyContext = unexpected -InvalidRelyingPartyConfiguration = unexpected -MessageProcessingError = unexpected -UnableToEncode = unexpected -UnableToSign = unexpected -UnableToEncrypt = unexpected -AttributeReleaseRejected = no-release -TermsRejected = no-terms -RuntimeException = runtime-error - -# Exception to error key mappings - -FlowExecutionRestorationFailureException = stale - -# Error key to title and message mappings - -access.title = Access Denied -access.message = You do not have access to the requested resource. - -context-check-denied.title = Access Denied -context-check-denied.message = You are not eligible for the service requested. - -no-release.title = Release of Information Prevented -no-release.message = At your request, the release of your information has been blocked. If you wish to \ - change your decision, you may access the service again and approve the release in the \ - future. - -no-terms.title = Terms of Use Refused -no-terms.message = Having refused the mandatory Terms of Use, access to the service is not permitted. \ - If you wish to change your decision, you may access the service again and approve \ - the terms in the future. - -authn.title = Login Failed -authn.message = User login was not successful or could not meet the requirements of the requesting application. - -endpoint.title = Unable to Respond -endpoint.message = The login service was unable to identify a compatible way to respond to the requested \ - application. This is generally to due to a misconfiguration on the part of the application \ - and should be reported to the application's support team or owner. -relying-party.title = Unsupported Request -relying-party.message = The application you have accessed is not registered for use with this service. -security-cfg.title = Security Configuration Error -security-cfg.message = The login service and the requested application do not share a compatible \ - security configuration, and the request cannot be fulfilled. -security-msg.title = Message Security Error -security-msg.message = The request cannot be fulfilled because the message received does not meet the \ - security requirements of the login service. -stale.title = Stale Request -stale.message =You may be seeing this page because you used the Back button while browsing a \ - secure web site or application. Alternatively, you may have mistakenly bookmarked \ - the web login form instead of the actual web site you wanted to bookmark or used a \ - link created by somebody else who made the same mistake.
\ -\ -
Left unchecked, this can cause errors on some browsers or result in you returning to \ - the web site you tried to leave, so this page is presented instead.
-unexpected.title = Unexpected Error -unexpected.message = An unexpected error was encountered, usually reflecting a configuration or software error. -runtime-error.title = Uncaught Exception -runtime-error.message =A software error was encountered that prevents normal operation:
\ -
#if($exception)$encoder.encodeForHTML($exception.toString())#else$encoder.encodeForHTML($flowExecutionException.getCause().toString())#end
\ -
Please report this problem to your Help Desk or administrative staff. It has \ - also been logged for an administrator to review.
-error.title = Error -error.message = An error occurred: $eventId -root.title = Shibboleth IdP -root.message = No services are available at this location. -root.footer = Insert your footer text here. - diff --git a/tests/containers/idp/container_files/config/shib-idp/metadata/idp-metadata.xml b/tests/containers/idp/container_files/config/shib-idp/metadata/idp-metadata.xml deleted file mode 100644 index af11f89..0000000 --- a/tests/containers/idp/container_files/config/shib-idp/metadata/idp-metadata.xml +++ /dev/null @@ -1,36 +0,0 @@ -
-
-
-
diff --git a/tests/containers/idp/container_files/config/shib-idp/views/client-storage/client-storage-write.vm b/tests/containers/idp/container_files/config/shib-idp/views/client-storage/client-storage-write.vm
deleted file mode 100644
index 4b92d6b..0000000
--- a/tests/containers/idp/container_files/config/shib-idp/views/client-storage/client-storage-write.vm
+++ /dev/null
@@ -1,53 +0,0 @@
-##
-## Velocity template to write to local storage.
-##
-## Velocity context will contain the following properties
-## flowExecutionUrl - the form action location
-## flowRequestContext - the Spring Web Flow RequestContext
-## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
-## profileRequestContext - root of context tree
-## saveContext - context with details about the storage data to save
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service"))
-#set ($titleSuffix = $springMacroRequestContext.getMessage("idp.client-storage-write.suffix", "Saving Session Information..."))
-##
-
-
-
-
-
-
-
-
-
-
- $title - $titleSuffix
-
- $springMacroRequestContext.getMessage("idp.client-storage-read.text", "Loading login session information from the browser...")
-
-
- #parse( "client-storage/read.vm" )
-
-
-
-
\ No newline at end of file
diff --git a/tests/containers/idp/container_files/config/shib-idp/views/duo.vm b/tests/containers/idp/container_files/config/shib-idp/views/duo.vm
deleted file mode 100644
index cf4f96a..0000000
--- a/tests/containers/idp/container_files/config/shib-idp/views/duo.vm
+++ /dev/null
@@ -1,83 +0,0 @@
-##
-## Velocity Template for Duo login view-state
-##
-## Velocity context will contain the following properties
-## flowExecutionUrl - the form action location
-## flowRequestContext - the Spring Web Flow RequestContext
-## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
-## profileRequestContext - root of context tree
-## authenticationContext - context with authentication request information
-## rpUIContext - the context with SP UI information from the metadata
-## canonicalUsername - name of user passed to Duo
-## duoHost - API hostname for Duo frame
-## duoRequest - signed Duo request message
-## duoScriptPath - path to Duo JavaScript source
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-
-
-
-
-
-
-
-
-
-
-
- $title - $titleSuffix
-
- $springMacroRequestContext.getMessage("idp.client-storage-write.text", "Saving login session information to the browser...")
-
-
- #parse( "client-storage/write.vm" )
-
-
-
-
diff --git a/tests/containers/idp/container_files/config/shib-idp/views/error.vm b/tests/containers/idp/container_files/config/shib-idp/views/error.vm
deleted file mode 100644
index c595175..0000000
--- a/tests/containers/idp/container_files/config/shib-idp/views/error.vm
+++ /dev/null
@@ -1,72 +0,0 @@
-##
-## Velocity Template for error end-state
-##
-## Velocity context will contain the following properties
-## flowRequestContext - the Spring Web Flow RequestContext
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service"))
-#set ($defaultTitleSuffix = $springMacroRequestContext.getMessage("idp.title.suffix", "Error"))
-##
-#if ($flowRequestContext)
- ## This handles flow events, the most common case.
- #set ($eventId = $flowRequestContext.getCurrentEvent().getId())
- #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "error"))
- #set ($titleSuffix = $springMacroRequestContext.getMessage("${eventKey}.title", "$defaultTitleSuffix"))
- #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "$defaultTitleSuffix: $eventId"))
- #if ($eventId == "AccessDenied" or $eventId == "ContextCheckDenied")
- $response.setStatus(403)
- #elseif ($eventId == "AttributeReleaseRejected" || $eventId == "TermsRejected")
- $response.setStatus(200)
- #elseif ($eventKey == "unexpected" || $eventKey == "runtime-error" || $eventKey == "error")
- $response.setStatus(500)
- #else
- $response.setStatus(400)
- #end
-#elseif ($exception)
- ## This handles exceptions that reach the Spring-MVC exception handler.
- #set ($eventId = $exception.getClass().getSimpleName())
- #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "error"))
- #set ($titleSuffix = $springMacroRequestContext.getMessage("${eventKey}.title", "$defaultTitleSuffix"))
- #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "$defaultTitleSuffix: $eventId"))
-#else
- ## This is a catch-all that theoretically shouldn't happen?
- #set ($titleSuffix = $defaultTitleSuffix)
- #set ($message = $springMacroRequestContext.getMessage("idp.message", "An unidentified error occurred."))
-#end
-##
-
-
-
-
-
-
-
- #springMessage()
-
-
-
-
-
-
-
-
-
-
-
- #springMessageText("idp.login.duoRequired", "Authentication with Duo is required for the requested service.")
- - - - - - -- #springMessageText("idp.login.duoCancel", "Cancel this Request") -
-
-
-
-
\ No newline at end of file
diff --git a/tests/containers/idp/container_files/config/shib-idp/views/intercept/attribute-release.vm b/tests/containers/idp/container_files/config/shib-idp/views/intercept/attribute-release.vm
deleted file mode 100644
index 0b74551..0000000
--- a/tests/containers/idp/container_files/config/shib-idp/views/intercept/attribute-release.vm
+++ /dev/null
@@ -1,158 +0,0 @@
-##
-## Velocity Template for DisplayAttributeReleasePage view-state
-##
-## Velocity context will contain the following properties :
-##
-## attributeReleaseContext - context holding consentable attributes
-## attributeReleaseFlowDescriptor - attribute consent flow descriptor
-## attributeDisplayNameFunction - function to display attribute name
-## consentContext - context representing the state of a consent flow
-## encoder - HTMLEncoder class
-## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl)
-## flowExecutionUrl - form action location
-## flowRequestContext - Spring Web Flow RequestContext
-## profileRequestContext - OpenSAML profile request context
-## request - HttpServletRequest
-## response - HttpServletResponse
-## rpUIContext - context with SP UI information from the metadata
-## environment - Spring Environment object for property resolution
-#set ($serviceName = $rpUIContext.serviceName)
-#set ($serviceDescription = $rpUIContext.serviceDescription)
-#set ($informationURL = $rpUIContext.informationURL)
-#set ($privacyStatementURL = $rpUIContext.privacyStatementURL)
-#set ($rpOrganizationLogo = $rpUIContext.getLogo())
-#set ($rpOrganizationName = $rpUIContext.organizationName)
-#set ($replaceDollarWithNewline = true)
-##
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- $title - $titleSuffix
-
- #evaluate($message)
-
-
-
-
-
\ No newline at end of file
diff --git a/tests/containers/idp/container_files/config/shib-idp/views/intercept/terms-of-use.vm b/tests/containers/idp/container_files/config/shib-idp/views/intercept/terms-of-use.vm
deleted file mode 100644
index 1bf12c7..0000000
--- a/tests/containers/idp/container_files/config/shib-idp/views/intercept/terms-of-use.vm
+++ /dev/null
@@ -1,67 +0,0 @@
-##
-## Velocity Template for DisplayTermsOfUsePage view-state
-##
-## Velocity context will contain the following properties :
-##
-## encoder - HTMLEncoder class
-## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl)
-## flowExecutionUrl - form action location
-## flowRequestContext - Spring Web Flow RequestContext
-## request - HttpServletRequest
-## response - HttpServletResponse
-## rpUIContext - context with SP UI information from the metadata
-## termsOfUseId - terms of use ID to lookup message strings
-## environment - Spring Environment object for property resolution
-#set ($serviceName = $rpUIContext.serviceName)
-#set ($rpOrganizationLogo = $rpUIContext.getLogo())
-##
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- #springMessageText("idp.login.expiringSoon", "Your password will be expiring soon!")
-
-
- #springMessageText("idp.login.changePassword", "To create a new password now, go to") - #.
-#springMessageText("idp.login.proceedBegin", "Your login will proceed in 20 seconds or you may click") - #springMessageText("idp.login.proceedHere", "here") - #springMessageText("idp.login.proceedEnd", "to continue").
-
-
-
- #if ($rpOrganizationLogo)
- )
- #end
-
- #if ($rpOrganizationLogo)
-
-
-
diff --git a/tests/containers/idp/container_files/config/shib-idp/views/login-error.vm b/tests/containers/idp/container_files/config/shib-idp/views/login-error.vm
deleted file mode 100644
index 44676b3..0000000
--- a/tests/containers/idp/container_files/config/shib-idp/views/login-error.vm
+++ /dev/null
@@ -1,24 +0,0 @@
-## Velocity Template for login error message production, included by login.vm
-##
-## authenticationErrorContext - context containing error data, if available
-##
-#if ($authenticationErrorContext && $authenticationErrorContext.getClassifiedErrors().size() > 0 && $authenticationErrorContext.getClassifiedErrors().iterator().next() != "ReselectFlow")
- ## This handles errors that are classified by the message maps in the authentication config.
- #set ($eventId = $authenticationErrorContext.getClassifiedErrors().iterator().next())
- #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "login"))
- #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "Login Failure: $eventId"))
-#elseif ($authenticationErrorContext && $authenticationErrorContext.getExceptions().size() > 0)
- ## This handles login exceptions that are left unclassified.
- #set ($loginException = $authenticationErrorContext.getExceptions().get(0))
- #if ($loginException.getMessage())
- #set ($message = "Login Failure: $loginException.getMessage()")
- #else
- #set ($message = $loginException.toString())
- #end
-#end
-
-#if ($message)
-
-
- #end
- #springMessageText("${termsOfUseId}.title", "Terms of Use")
-
- #springMessageText("${termsOfUseId}.text", "Terms of Use Text...")
-
-
-
-
-
-
-
-
-
-
-
- $encoder.encodeForHTML($message)
-
-
-
-
-
\ No newline at end of file
diff --git a/tests/containers/idp/container_files/config/shib-idp/views/logout-complete.vm b/tests/containers/idp/container_files/config/shib-idp/views/logout-complete.vm
deleted file mode 100644
index d780252..0000000
--- a/tests/containers/idp/container_files/config/shib-idp/views/logout-complete.vm
+++ /dev/null
@@ -1,59 +0,0 @@
-##
-## Velocity Template for logout flow's concluding view-state (no propagation)
-##
-## Velocity context will contain the following properties
-## flowExecutionUrl - the form action location
-## flowRequestContext - the Spring Web Flow RequestContext
-## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
-## profileRequestContext - root of context tree
-## logoutContext - context with SPSession details for logout operation
-## multiRPContext - context with RelyingPartyContexts and possibly SP UI information from the metadata
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- #parse("login-error.vm")
-
-
-
- #*
- //
- // SP Description & Logo (optional)
- // These idpui lines will display added information (if available
- // in the metadata) about the Service Provider (SP) that requested
- // authentication. These idpui lines are "active" in this example
- // (not commented out) - this extra SP info will be displayed.
- // Remove or comment out these lines to stop the display of the
- // added SP information.
- //
- *#
- #set ($logo = $rpUIContext.getLogo())
- #if ($logo)
- )
- #end
- #set ($desc = $rpUIContext.getServiceDescription())
- #if ($desc)
- $encoder.encodeForHTML($desc)
- #end
-
-
-
-
- -
- #if ($passwordEnabled)
-
- › #springMessageText("idp.login.forgotPassword", "Forgot your password?") - #end -
- › #springMessageText("idp.login.needHelp", "Need Help?") -
-
-
-
-
\ No newline at end of file
diff --git a/tests/containers/idp/container_files/config/shib-idp/views/logout-propagate.vm b/tests/containers/idp/container_files/config/shib-idp/views/logout-propagate.vm
deleted file mode 100644
index 86b3fa1..0000000
--- a/tests/containers/idp/container_files/config/shib-idp/views/logout-propagate.vm
+++ /dev/null
@@ -1,58 +0,0 @@
-##
-## Velocity Template for logout flow's concluding view-state (with propagation)
-##
-## Velocity context will contain the following properties
-## flowExecutionUrl - the form action location
-## flowRequestContext - the Spring Web Flow RequestContext
-## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
-## profileRequestContext - root of context tree
-## logoutContext - context with SPSession details for logout operation
-## multiRPContext - context with RelyingPartyContexts and possibly SP UI information from the metadata
-## htmlEncoder - HTMLEncoder class
-## urlEncoder - urlEncoder class
-## codecUtil - CodecUtil class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-
-
-
-
-
-
-
-
-
-
-
-
-
- #if ( $profileRequestContext.getProfileId().contains("saml2/logout") )
-
- #end
-
-
-
-
-
-
-
- #springMessageText("idp.logout.local", "You elected not to log out of all the applications accessed during your session.")
-
-
-
-
-
\ No newline at end of file
diff --git a/tests/containers/idp/container_files/config/shib-idp/views/logout.vm b/tests/containers/idp/container_files/config/shib-idp/views/logout.vm
deleted file mode 100644
index 2342855..0000000
--- a/tests/containers/idp/container_files/config/shib-idp/views/logout.vm
+++ /dev/null
@@ -1,91 +0,0 @@
-##
-## Velocity Template for logout flow's starting view-state
-##
-## Velocity context will contain the following properties
-## flowExecutionUrl - the form action location
-## flowRequestContext - the Spring Web Flow RequestContext
-## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
-## profileRequestContext - root of context tree
-## logoutContext - context with SPSession details for logout operation
-## multiRPContext - context with RelyingPartyContexts and possibly SP UI information from the metadata
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-
-
-
-
-
- #if ( $logoutContext and !$logoutContext.getSessionMap().isEmpty() )
-
- #end
-
-
-
-
-
-
-
-
-
-
-
-
-
- #springMessageText("idp.logout.attempt", "Attempting to log out of the following services:")
- #parse("logout/propagate.vm") -
-
-
-
-
\ No newline at end of file
diff --git a/tests/containers/idp/container_files/config/shib-idp/views/spnego-unavailable.vm b/tests/containers/idp/container_files/config/shib-idp/views/spnego-unavailable.vm
deleted file mode 100644
index 3673f02..0000000
--- a/tests/containers/idp/container_files/config/shib-idp/views/spnego-unavailable.vm
+++ /dev/null
@@ -1,49 +0,0 @@
-##
-## Velocity Template for SPNEGO unauthorized page
-##
-## This is not a Spring Webflow view, but a special view internal to the
-## SPNEGO login flow, so it doesn't contain all of the usual SWF variables.
-##
-## Velocity context will contain the following properties
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## profileRequestContext - root of context tree
-## errorUrl - URL to call to indicate error and return back to the login flow
-##
-#set ($eventKey = $springMacroRequestContext.getMessage("SPNEGOUnavailable", "spnego-unavailable"))
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - #if ( $logoutContext and !$logoutContext.getSessionMap().isEmpty() ) -
- - - -
-
-
- This page is displayed when a logout operation at the Identity Provider completes. This page is an example - and should be customized. It is not fully internationalized because the presentation will be a highly localized - decision, and we don't have a good suggestion for a default.
-- - #if ( $logoutContext and !$logoutContext.getSessionMap().isEmpty() ) -
#springMessageText("idp.logout.ask", "Would you like to attempt to log out of all services accessed during your session? Please select Yes or No to ensure the logout operation completes, or wait a few seconds for Yes.")
-- - - -
-
#springMessageText("idp.logout.contactServices", "If you proceed, the system will attempt to contact the following services:")
--
- #foreach ($sp in $logoutContext.getSessionMap().keySet())
- #set ($rpCtx = $multiRPContext.getRelyingPartyContextById($sp))
- #if ($rpCtx)
- #set ($rpUIContext = $rpCtx.getSubcontext("net.shibboleth.idp.ui.context.RelyingPartyUIContext"))
- #end
- #if ($rpUIContext and $rpUIContext.getServiceName())
-
- $encoder.encodeForHTML($rpUIContext.getServiceName()) - #else -
- $encoder.encodeForHTML($sp) - #end - #end -
#springMessageText("idp.logout.complete", "The logout operation is complete, and no other services appear to have been accessed during this session.")
- - - #end - -
-
-
-
diff --git a/tests/containers/idp/container_files/config/shib-idp/views/user-prefs.js b/tests/containers/idp/container_files/config/shib-idp/views/user-prefs.js
deleted file mode 100644
index ab994f9..0000000
--- a/tests/containers/idp/container_files/config/shib-idp/views/user-prefs.js
+++ /dev/null
@@ -1,45 +0,0 @@
-"use strict";
-
-function createCookie(name, value, seconds) {
- var date = new Date();
- date.setTime(date.getTime() + (seconds * 1000));
- var expires = "; expires=" + date.toGMTString();
-
- var path = '$environment.getProperty("idp.cookie.path", $request.getContextPath())';
- if (path.length > 0)
- path = "; path=" + path;
- document.cookie = name + "=" + value + expires + path;
-}
-
-function eraseCookie(name) {
- createCookie(name, "", -31536000);
-}
-
-function readCookie(name) {
- var nameEQ = name + "=";
- var ca = document.cookie.split(';');
- for (var i = 0; i < ca.length; i++) {
- var c = ca[i];
- while (c.charAt(0) == ' ')
- c = c.substring(1, c.length);
- if (c.indexOf(nameEQ) == 0)
- return c.substring(nameEQ.length, c.length);
- }
- return null;
-}
-
-function load(id) {
- var checkbox = document.getElementById(id);
- if (checkbox != null) {
- var spnego = readCookie(checkbox.name);
- checkbox.checked = (spnego == "1");
- }
-}
-
-function check(checkbox) {
- if (checkbox.checked) {
- createCookie(checkbox.name, checkbox.value, $environment.getProperty("idp.cookie.maxAge","31536000"));
- } else {
- eraseCookie(checkbox.name);
- }
-}
diff --git a/tests/containers/idp/container_files/config/shib-idp/views/user-prefs.vm b/tests/containers/idp/container_files/config/shib-idp/views/user-prefs.vm
deleted file mode 100644
index 8de0503..0000000
--- a/tests/containers/idp/container_files/config/shib-idp/views/user-prefs.vm
+++ /dev/null
@@ -1,60 +0,0 @@
-##
-## Velocity Template for user preferences view
-##
-## Velocity context will contain the following properties
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-
-
-
-
-
-
-
-
-
-
-
-
-
- #springMessageText("idp.title", "Web Login Sevice") - #springMessage("idp.title.suffix", "Error")
-
- #springMessageText("${eventKey}.message", "Your web browser doesn't support authentication with your desktop login credentials.")
-
-
-
-
-
-
-
diff --git a/tests/containers/idp/container_files/config/tomcat/catalina.policy b/tests/containers/idp/container_files/config/tomcat/catalina.policy
deleted file mode 100644
index 10a33ca..0000000
--- a/tests/containers/idp/container_files/config/tomcat/catalina.policy
+++ /dev/null
@@ -1,260 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one or more
-// contributor license agreements. See the NOTICE file distributed with
-// this work for additional information regarding copyright ownership.
-// The ASF licenses this file to You under the Apache License, Version 2.0
-// (the "License"); you may not use this file except in compliance with
-// the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// ============================================================================
-// catalina.policy - Security Policy Permissions for Tomcat
-//
-// This file contains a default set of security policies to be enforced (by the
-// JVM) when Catalina is executed with the "-security" option. In addition
-// to the permissions granted here, the following additional permissions are
-// granted to each web application:
-//
-// * Read access to the web application's document root directory
-// * Read, write and delete access to the web application's working directory
-// ============================================================================
-
-
-// ========== SYSTEM CODE PERMISSIONS =========================================
-
-
-// These permissions apply to javac
-grant codeBase "file:${java.home}/lib/-" {
- permission java.security.AllPermission;
-};
-
-// These permissions apply to all shared system extensions
-grant codeBase "file:${java.home}/jre/lib/ext/-" {
- permission java.security.AllPermission;
-};
-
-// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
-grant codeBase "file:${java.home}/../lib/-" {
- permission java.security.AllPermission;
-};
-
-// These permissions apply to all shared system extensions when
-// ${java.home} points at $JAVA_HOME/jre
-grant codeBase "file:${java.home}/lib/ext/-" {
- permission java.security.AllPermission;
-};
-
-
-// ========== CATALINA CODE PERMISSIONS =======================================
-
-
-// These permissions apply to the daemon code
-grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
- permission java.security.AllPermission;
-};
-
-// These permissions apply to the logging API
-// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},
-// update this section accordingly.
-// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}
-grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
- permission java.io.FilePermission
- "${java.home}${file.separator}lib${file.separator}logging.properties", "read";
-
- permission java.io.FilePermission
- "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
- permission java.io.FilePermission
- "${catalina.base}${file.separator}logs", "read, write";
- permission java.io.FilePermission
- "${catalina.base}${file.separator}logs${file.separator}*", "read, write";
-
- permission java.lang.RuntimePermission "shutdownHooks";
- permission java.lang.RuntimePermission "getClassLoader";
- permission java.lang.RuntimePermission "setContextClassLoader";
-
- permission java.lang.management.ManagementPermission "monitor";
-
- permission java.util.logging.LoggingPermission "control";
-
- permission java.util.PropertyPermission "java.util.logging.config.class", "read";
- permission java.util.PropertyPermission "java.util.logging.config.file", "read";
- permission java.util.PropertyPermission "org.apache.juli.AsyncLoggerPollInterval", "read";
- permission java.util.PropertyPermission "org.apache.juli.AsyncMaxRecordCount", "read";
- permission java.util.PropertyPermission "org.apache.juli.AsyncOverflowDropType", "read";
- permission java.util.PropertyPermission "org.apache.juli.ClassLoaderLogManager.debug", "read";
- permission java.util.PropertyPermission "catalina.base", "read";
-
- // Note: To enable per context logging configuration, permit read access to
- // the appropriate file. Be sure that the logging configuration is
- // secure before enabling such access.
- // E.g. for the examples web application (uncomment and unwrap
- // the following to be on a single line):
- // permission java.io.FilePermission "${catalina.base}${file.separator}
- // webapps${file.separator}examples${file.separator}WEB-INF
- // ${file.separator}classes${file.separator}logging.properties", "read";
-};
-
-// These permissions apply to the server startup code
-grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
- permission java.security.AllPermission;
-};
-
-// These permissions apply to the servlet API classes
-// and those that are shared across all class loaders
-// located in the "lib" directory
-grant codeBase "file:${catalina.home}/lib/-" {
- permission java.security.AllPermission;
-};
-
-
-// If using a per instance lib directory, i.e. ${catalina.base}/lib,
-// then the following permission will need to be uncommented
-// grant codeBase "file:${catalina.base}/lib/-" {
-// permission java.security.AllPermission;
-// };
-
-
-// ========== WEB APPLICATION PERMISSIONS =====================================
-
-
-// These permissions are granted by default to all web applications
-// In addition, a web application will be given a read FilePermission
-// for all files and directories in its document root.
-grant {
- // Required for JNDI lookup of named JDBC DataSource's and
- // javamail named MimePart DataSource used to send mail
- permission java.util.PropertyPermission "java.home", "read";
- permission java.util.PropertyPermission "java.naming.*", "read";
- permission java.util.PropertyPermission "javax.sql.*", "read";
-
- // OS Specific properties to allow read access
- permission java.util.PropertyPermission "os.name", "read";
- permission java.util.PropertyPermission "os.version", "read";
- permission java.util.PropertyPermission "os.arch", "read";
- permission java.util.PropertyPermission "file.separator", "read";
- permission java.util.PropertyPermission "path.separator", "read";
- permission java.util.PropertyPermission "line.separator", "read";
-
- // JVM properties to allow read access
- permission java.util.PropertyPermission "java.version", "read";
- permission java.util.PropertyPermission "java.vendor", "read";
- permission java.util.PropertyPermission "java.vendor.url", "read";
- permission java.util.PropertyPermission "java.class.version", "read";
- permission java.util.PropertyPermission "java.specification.version", "read";
- permission java.util.PropertyPermission "java.specification.vendor", "read";
- permission java.util.PropertyPermission "java.specification.name", "read";
-
- permission java.util.PropertyPermission "java.vm.specification.version", "read";
- permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
- permission java.util.PropertyPermission "java.vm.specification.name", "read";
- permission java.util.PropertyPermission "java.vm.version", "read";
- permission java.util.PropertyPermission "java.vm.vendor", "read";
- permission java.util.PropertyPermission "java.vm.name", "read";
-
- // Required for OpenJMX
- permission java.lang.RuntimePermission "getAttribute";
-
- // Allow read of JAXP compliant XML parser debug
- permission java.util.PropertyPermission "jaxp.debug", "read";
-
- // All JSPs need to be able to read this package
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat";
-
- // Precompiled JSPs need access to these packages.
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
- permission java.lang.RuntimePermission
- "accessClassInPackage.org.apache.jasper.runtime.*";
-
- // Precompiled JSPs need access to these system properties.
- permission java.util.PropertyPermission
- "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";
- permission java.util.PropertyPermission
- "org.apache.el.parser.COERCE_TO_ZERO", "read";
-
- // The cookie code needs these.
- permission java.util.PropertyPermission
- "org.apache.catalina.STRICT_SERVLET_COMPLIANCE", "read";
- permission java.util.PropertyPermission
- "org.apache.tomcat.util.http.ServerCookie.STRICT_NAMING", "read";
- permission java.util.PropertyPermission
- "org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR", "read";
-
- // Applications using Comet need to be able to access this package
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.comet";
-
- // Applications using WebSocket need to be able to access these packages
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket";
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket.server";
-};
-
-
-// The Manager application needs access to the following packages to support the
-// session display functionality. These settings support the following
-// configurations:
-// - default CATALINA_HOME == CATALINA_BASE
-// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE
-// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME
-grant codeBase "file:${catalina.base}/webapps/manager/-" {
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
-};
-grant codeBase "file:${catalina.home}/webapps/manager/-" {
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
- permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
-};
-
-// You can assign additional permissions to particular web applications by
-// adding additional "grant" entries here, based on the code base for that
-// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
-//
-// Different permissions can be granted to JSP pages, classes loaded from
-// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
-// directory, or even to individual jar files in the /WEB-INF/lib/ directory.
-//
-// For instance, assume that the standard "examples" application
-// included a JDBC driver that needed to establish a network connection to the
-// corresponding database and used the scrape taglib to get the weather from
-// the NOAA web server. You might create a "grant" entries like this:
-//
-// The permissions granted to the context root directory apply to JSP pages.
-// grant codeBase "file:${catalina.base}/webapps/examples/-" {
-// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
-// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
-// };
-//
-// The permissions granted to the context WEB-INF/classes directory
-// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" {
-// };
-//
-// The permission granted to your JDBC driver
-// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
-// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
-// };
-// The permission granted to the scrape taglib
-// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
-// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
-// };
-
-// To grant permissions for web applications using packed WAR files, use the
-// Tomcat specific WAR url scheme.
-//
-// The permissions granted to the entire web application
-// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/-" {
-// };
-//
-// The permissions granted to a specific JAR
-// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" {
-// };
\ No newline at end of file
diff --git a/tests/containers/idp/container_files/config/tomcat/catalina.properties b/tests/containers/idp/container_files/config/tomcat/catalina.properties
deleted file mode 100644
index a22f1dd..0000000
--- a/tests/containers/idp/container_files/config/tomcat/catalina.properties
+++ /dev/null
@@ -1,150 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageAccess unless the
-# corresponding RuntimePermission ("accessClassInPackage."+package) has
-# been granted.
-package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,org.apache.tomcat.
-#
-# List of comma-separated packages that start with or equal this string
-# will cause a security exception to be thrown when
-# passed to checkPackageDefinition unless the
-# corresponding RuntimePermission ("defineClassInPackage."+package) has
-# been granted.
-#
-# by default, no packages are restricted for definition, and none of
-# the class loaders supplied with the JDK call checkPackageDefinition.
-#
-package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,\
-org.apache.jasper.,org.apache.naming.,org.apache.tomcat.
-
-#
-#
-# List of comma-separated paths defining the contents of the "common"
-# classloader. Prefixes should be used to define what is the repository type.
-# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
-# If left as blank,the JVM system loader will be used as Catalina's "common"
-# loader.
-# Examples:
-# "foo": Add this folder as a class repository
-# "foo/*.jar": Add all the JARs of the specified folder as class
-# repositories
-# "foo/bar.jar": Add bar.jar as a class repository
-#
-# Note: Values are enclosed in double quotes ("...") in case either the
-# ${catalina.base} path or the ${catalina.home} path contains a comma.
-# Because double quotes are used for quoting, the double quote character
-# may not appear in a path.
-common.loader="${catalina.base}/lib","${catalina.base}/lib/*.jar","${catalina.home}/lib","${catalina.home}/lib/*.jar"
-
-#
-# List of comma-separated paths defining the contents of the "server"
-# classloader. Prefixes should be used to define what is the repository type.
-# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
-# If left as blank, the "common" loader will be used as Catalina's "server"
-# loader.
-# Examples:
-# "foo": Add this folder as a class repository
-# "foo/*.jar": Add all the JARs of the specified folder as class
-# repositories
-# "foo/bar.jar": Add bar.jar as a class repository
-#
-# Note: Values may be enclosed in double quotes ("...") in case either the
-# ${catalina.base} path or the ${catalina.home} path contains a comma.
-# Because double quotes are used for quoting, the double quote character
-# may not appear in a path.
-server.loader=
-
-#
-# List of comma-separated paths defining the contents of the "shared"
-# classloader. Prefixes should be used to define what is the repository type.
-# Path may be relative to the CATALINA_BASE path or absolute. If left as blank,
-# the "common" loader will be used as Catalina's "shared" loader.
-# Examples:
-# "foo": Add this folder as a class repository
-# "foo/*.jar": Add all the JARs of the specified folder as class
-# repositories
-# "foo/bar.jar": Add bar.jar as a class repository
-# Please note that for single jars, e.g. bar.jar, you need the URL form
-# starting with file:.
-#
-# Note: Values may be enclosed in double quotes ("...") in case either the
-# ${catalina.base} path or the ${catalina.home} path contains a comma.
-# Because double quotes are used for quoting, the double quote character
-# may not appear in a path.
-shared.loader=
-
-# Default list of JAR files that should not be scanned using the JarScanner
-# functionality. This is typically used to scan JARs for configuration
-# information. JARs that do not contain such information may be excluded from
-# the scan to speed up the scanning process. This is the default list. JARs on
-# this list are excluded from all scans. The list must be a comma separated list
-# of JAR file names.
-# The list of JARs to skip may be over-ridden at a Context level for individual
-# scan types by configuring a JarScanner with a nested JarScanFilter.
-# The JARs listed below include:
-# - Tomcat Bootstrap JARs
-# - Tomcat API JARs
-# - Catalina JARs
-# - Jasper JARs
-# - Tomcat JARs
-# - Common non-Tomcat JARs
-# - Test JARs (JUnit, Cobertura and dependencies)
-tomcat.util.scan.StandardJarScanFilter.jarsToSkip=\
-bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\
-annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,\
-catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-storeconfig.jar,\
-catalina-tribes.jar,\
-jasper.jar,jasper-el.jar,ecj-*.jar,\
-tomcat-api.jar,tomcat-util.jar,tomcat-util-scan.jar,tomcat-coyote.jar,\
-tomcat-dbcp.jar,tomcat-jni.jar,tomcat-websocket.jar,\
-tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\
-tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\
-tomcat-jdbc.jar,\
-tools.jar,\
-commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\
-commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\
-commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\
-commons-math*.jar,commons-pool*.jar,\
-jstl.jar,taglibs-standard-spec-*.jar,\
-geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\
-ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\
-jmx-tools.jar,jta*.jar,log4j*.jar,mail*.jar,slf4j*.jar,\
-xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\
-junit.jar,junit-*.jar,ant-launcher.jar,\
-cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,\
-jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,\
-xom-*.jar
-
-# Default list of JAR files that should be scanned that overrides the default
-# jarsToSkip list above. This is typically used to include a specific JAR that
-# has been excluded by a broad file name pattern in the jarsToSkip list.
-# The list of JARs to scan may be over-ridden at a Context level for individual
-# scan types by configuring a JarScanner with a nested JarScanFilter.
-tomcat.util.scan.StandardJarScanFilter.jarsToScan=\
-log4j-web*.jar,log4j-taglib*.jar,log4javascript*.jar,slf4j-taglib*.jar
-
-# String cache configuration.
-tomcat.util.buf.StringCache.byte.enabled=true
-#tomcat.util.buf.StringCache.char.enabled=true
-#tomcat.util.buf.StringCache.trainThreshold=500000
-#tomcat.util.buf.StringCache.cacheSize=5000
-
-# Allow for changes to HTTP request validation
-# WARNING: Using this option will expose the server to CVE-2016-6816
-#tomcat.util.http.parser.HttpParser.requestTargetAllow=|
diff --git a/tests/containers/idp/container_files/config/tomcat/context.xml b/tests/containers/idp/container_files/config/tomcat/context.xml
deleted file mode 100644
index 98727cb..0000000
--- a/tests/containers/idp/container_files/config/tomcat/context.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- #springMessageText("idp.title", "Web Login Service") - #springMessageText("idp.userprefs.title.suffix", "Login Preferences")
-- #springMessage("idp.userprefs.info") -
-