Repository: syncope Updated Branches: refs/heads/2_0_X df0626e16 -> 944ac3d13
[SYNCOPE-1041] Integration tests Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/622806cb Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/622806cb Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/622806cb Branch: refs/heads/2_0_X Commit: 622806cbccf4c73358761008e9d8f6a4a90f5d92 Parents: d2acecb Author: Francesco Chicchiriccò <[email protected]> Authored: Mon Mar 27 17:10:07 2017 +0200 Committer: Francesco Chicchiriccò <[email protected]> Committed: Fri Mar 31 15:25:11 2017 +0200 ---------------------------------------------------------------------- .../apache/syncope/core/logic/SAML2SPLogic.java | 3 + .../org/apache/syncope/fit/AbstractITCase.java | 8 + .../org/apache/syncope/fit/SAML2SPDetector.java | 52 +++ .../apache/syncope/fit/core/SAML2ITCase.java | 157 +++++++++ .../src/test/resources/ssocircle.xml | 106 ++++++ .../src/test/resources/testshib-providers.xml | 321 +++++++++++++++++++ 6 files changed, 647 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/622806cb/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java ---------------------------------------------------------------------- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java index a61590f..fbd0bc5 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java @@ -560,6 +560,9 @@ public class SAML2SPLogic extends AbstractSAML2Logic<AbstractBaseBean> { // 2. look for IdP String idpEntityID = (String) consumer.getJwtClaims().getClaim(JWT_CLAIM_IDP_ENTITYID); + if (idpEntityID == null) { + throw new NotFoundException("No SAML 2.0 IdP information found in the access token"); + } SAML2IdPEntity idp = cache.get(idpEntityID); if (idp == null) { throw new NotFoundException("SAML 2.0 IdP '" + idpEntityID + "'"); http://git-wip-us.apache.org/repos/asf/syncope/blob/622806cb/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java index 282f8dc..4c06967 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java @@ -71,6 +71,8 @@ import org.apache.syncope.common.rest.api.service.RealmService; import org.apache.syncope.common.rest.api.service.RelationshipTypeService; import org.apache.syncope.common.rest.api.service.ReportTemplateService; import org.apache.syncope.common.rest.api.service.RoleService; +import org.apache.syncope.common.rest.api.service.SAML2IdPService; +import org.apache.syncope.common.rest.api.service.SAML2SPService; import org.apache.syncope.common.rest.api.service.SchemaService; import org.apache.syncope.common.rest.api.service.SecurityQuestionService; import org.apache.syncope.common.rest.api.service.SyncopeService; @@ -209,6 +211,10 @@ public abstract class AbstractITCase { protected static CamelRouteService camelRouteService; + protected static SAML2SPService saml2SpService; + + protected static SAML2IdPService saml2IdPService; + @BeforeClass public static void securitySetup() { InputStream propStream = null; @@ -267,6 +273,8 @@ public abstract class AbstractITCase { schemaService = adminClient.getService(SchemaService.class); securityQuestionService = adminClient.getService(SecurityQuestionService.class); camelRouteService = adminClient.getService(CamelRouteService.class); + saml2SpService = adminClient.getService(SAML2SPService.class); + saml2IdPService = adminClient.getService(SAML2IdPService.class); } protected static String getUUIDString() { http://git-wip-us.apache.org/repos/asf/syncope/blob/622806cb/fit/core-reference/src/test/java/org/apache/syncope/fit/SAML2SPDetector.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/SAML2SPDetector.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/SAML2SPDetector.java new file mode 100644 index 0000000..88c4473 --- /dev/null +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/SAML2SPDetector.java @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.fit; + +import org.apache.syncope.client.lib.AnonymousAuthenticationHandler; +import org.apache.syncope.client.lib.SyncopeClientFactoryBean; +import org.apache.syncope.common.rest.api.service.SAML2SPService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class SAML2SPDetector { + + private static final Logger LOG = LoggerFactory.getLogger(SAML2SPDetector.class); + + private static Boolean ENABLED; + + public static boolean isSAML2SPAvailable() { + synchronized (LOG) { + if (ENABLED == null) { + try { + new SyncopeClientFactoryBean(). + setAddress(AbstractITCase.ADDRESS). + setContentType(SyncopeClientFactoryBean.ContentType.XML). + create(new AnonymousAuthenticationHandler( + AbstractITCase.ANONYMOUS_UNAME, AbstractITCase.ANONYMOUS_KEY)). + getService(SAML2SPService.class).getMetadata("http://localhost:9080/syncope";); + ENABLED = true; + } catch (Exception e) { + // ignore + ENABLED = false; + } + } + } + return ENABLED; + } +} http://git-wip-us.apache.org/repos/asf/syncope/blob/622806cb/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java new file mode 100644 index 0000000..5e1647b --- /dev/null +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java @@ -0,0 +1,157 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.fit.core; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + +import java.io.InputStream; +import java.io.InputStreamReader; +import java.nio.charset.StandardCharsets; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.collections4.IterableUtils; +import org.apache.commons.collections4.Predicate; +import org.apache.cxf.jaxrs.client.WebClient; +import org.apache.cxf.staxutils.StaxUtils; +import org.apache.syncope.client.lib.AnonymousAuthenticationHandler; +import org.apache.syncope.client.lib.SyncopeClient; +import org.apache.syncope.client.lib.SyncopeClientFactoryBean; +import org.apache.syncope.common.lib.to.MappingItemTO; +import org.apache.syncope.common.lib.to.SAML2IdPTO; +import org.apache.syncope.common.lib.to.SAML2RequestTO; +import org.apache.syncope.common.rest.api.service.SAML2SPService; +import org.apache.syncope.fit.AbstractITCase; +import org.apache.syncope.fit.SAML2SPDetector; +import org.junit.AfterClass; +import org.junit.Assume; +import org.junit.BeforeClass; +import org.junit.Test; +import org.w3c.dom.Document; + +public class SAML2ITCase extends AbstractITCase { + + private static SyncopeClient anonymous; + + @BeforeClass + public static void setupAnonymousClient() { + anonymous = new SyncopeClientFactoryBean(). + setAddress(ADDRESS). + create(new AnonymousAuthenticationHandler(ANONYMOUS_UNAME, ANONYMOUS_KEY)); + } + + @BeforeClass + public static void importFromIdPMetadata() { + Assume.assumeTrue(SAML2SPDetector.isSAML2SPAvailable()); + + assertTrue(saml2IdPService.list().isEmpty()); + + WebClient.client(saml2IdPService). + accept(MediaType.APPLICATION_XML_TYPE). + type(MediaType.APPLICATION_XML_TYPE); + try { + saml2IdPService.importFromMetadata(SAML2ITCase.class.getResourceAsStream("/ssocircle.xml")); + saml2IdPService.importFromMetadata(SAML2ITCase.class.getResourceAsStream("/testshib-providers.xml")); + } catch (Exception e) { + LOG.error("Unexpected error while importing SAML 2.0 IdP metadata", e); + } finally { + WebClient.client(saml2IdPService). + accept(clientFactory.getContentType().getMediaType()). + type(clientFactory.getContentType().getMediaType()); + } + + assertEquals(2, saml2IdPService.list().size()); + } + + @AfterClass + public static void clearIdPs() { + Assume.assumeTrue(SAML2SPDetector.isSAML2SPAvailable()); + + for (SAML2IdPTO idp : saml2IdPService.list()) { + saml2IdPService.delete(idp.getKey()); + } + } + + @Test + public void spMetadata() { + Assume.assumeTrue(SAML2SPDetector.isSAML2SPAvailable()); + + try { + SAML2SPService service = anonymous.getService(SAML2SPService.class); + WebClient.client(service).accept(MediaType.APPLICATION_XML_TYPE); + Response response = service.getMetadata(ADDRESS); + assertNotNull(response); + + Document responseDoc = StaxUtils.read( + new InputStreamReader((InputStream) response.getEntity(), StandardCharsets.UTF_8)); + assertEquals("EntityDescriptor", responseDoc.getDocumentElement().getLocalName()); + assertEquals("urn:oasis:names:tc:SAML:2.0:metadata", responseDoc.getDocumentElement().getNamespaceURI()); + } catch (Exception e) { + LOG.error("During SAML 2.0 SP metadata parsing", e); + fail(e.getMessage()); + } + } + + @Test + public void createLoginRequest() { + SAML2RequestTO loginRequest = anonymous.getService(SAML2SPService.class). + createLoginRequest(ADDRESS, "https://idp.testshib.org/idp/shibboleth";); + assertNotNull(loginRequest); + + assertEquals("https://idp.testshib.org/idp/profile/SAML2/POST/SSO";, loginRequest.getIdpServiceAddress()); + assertNotNull(loginRequest.getContent()); + assertTrue(Base64.isBase64(loginRequest.getContent())); + assertNotNull(loginRequest.getRelayState()); + } + + @Test + public void setIdPMapping() { + SAML2IdPTO ssoCircle = IterableUtils.find(saml2IdPService.list(), new Predicate<SAML2IdPTO>() { + + @Override + public boolean evaluate(final SAML2IdPTO object) { + return "https://idp.ssocircle.com".equals(object.getEntityID()); + } + }); + assertNotNull(ssoCircle); + assertFalse(ssoCircle.getMappingItems().isEmpty()); + assertNotNull(ssoCircle.getConnObjectKeyItem()); + assertNotEquals("email", ssoCircle.getConnObjectKeyItem().getIntAttrName()); + assertNotEquals("EmailAddress", ssoCircle.getConnObjectKeyItem().getExtAttrName()); + + ssoCircle.getMappingItems().clear(); + + MappingItemTO keyMapping = new MappingItemTO(); + keyMapping.setIntAttrName("email"); + keyMapping.setExtAttrName("EmailAddress"); + ssoCircle.setConnObjectKeyItem(keyMapping); + + saml2IdPService.update(ssoCircle); + + ssoCircle = saml2IdPService.read(ssoCircle.getKey()); + assertEquals("email", ssoCircle.getConnObjectKeyItem().getIntAttrName()); + assertEquals("EmailAddress", ssoCircle.getConnObjectKeyItem().getExtAttrName()); + } + +} http://git-wip-us.apache.org/repos/asf/syncope/blob/622806cb/fit/core-reference/src/test/resources/ssocircle.xml ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/resources/ssocircle.xml b/fit/core-reference/src/test/resources/ssocircle.xml new file mode 100644 index 0000000..3d01fe0 --- /dev/null +++ b/fit/core-reference/src/test/resources/ssocircle.xml @@ -0,0 +1,106 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<EntityDescriptor entityID="https://idp.ssocircle.com"; xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + <IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <KeyDescriptor use="signing"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> + <ds:X509Data> + <ds:X509Certificate> +MIIEYzCCAkugAwIBAgIDIAZmMA0GCSqGSIb3DQEBCwUAMC4xCzAJBgNVBAYTAkRF +MRIwEAYDVQQKDAlTU09DaXJjbGUxCzAJBgNVBAMMAkNBMB4XDTE2MDgwMzE1MDMy +M1oXDTI2MDMwNDE1MDMyM1owPTELMAkGA1UEBhMCREUxEjAQBgNVBAoTCVNTT0Np +cmNsZTEaMBgGA1UEAxMRaWRwLnNzb2NpcmNsZS5jb20wggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCAwWJyOYhYmWZF2TJvm1VyZccs3ZJ0TsNcoazr2pTW +cY8WTRbIV9d06zYjngvWibyiylewGXcYONB106ZNUdNgrmFd5194Wsyx6bPvnjZE +ERny9LOfuwQaqDYeKhI6c+veXApnOfsY26u9Lqb9sga9JnCkUGRaoVrAVM3yfghv +/Cg/QEg+I6SVES75tKdcLDTt/FwmAYDEBV8l52bcMDNF+JWtAuetI9/dWCBe9VTC +asAr2Fxw1ZYTAiqGI9sW4kWS2ApedbqsgH3qqMlPA7tg9iKy8Yw/deEn0qQIx8Gl +VnQFpDgzG9k+jwBoebAYfGvMcO/BDXD2pbWTN+DvbURlAgMBAAGjezB5MAkGA1Ud +EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj +YXRlMB0GA1UdDgQWBBQhAmCewE7aonAvyJfjImCRZDtccTAfBgNVHSMEGDAWgBTA +1nEA+0za6ppLItkOX5yEp8cQaTANBgkqhkiG9w0BAQsFAAOCAgEAAhC5/WsF9ztJ +Hgo+x9KV9bqVS0MmsgpG26yOAqFYwOSPmUuYmJmHgmKGjKrj1fdCINtzcBHFFBC1 +maGJ33lMk2bM2THx22/O93f4RFnFab7t23jRFcF0amQUOsDvltfJw7XCal8JdgPU +g6TNC4Fy9XYv0OAHc3oDp3vl1Yj8/1qBg6Rc39kehmD5v8SKYmpE7yFKxDF1ol9D +KDG/LvClSvnuVP0b4BWdBAA9aJSFtdNGgEvpEUqGkJ1osLVqCMvSYsUtHmapaX3h +iM9RbX38jsSgsl44Rar5Ioc7KXOOZFGfEKyyUqucYpjWCOXJELAVAzp7XTvA2q55 +u31hO0w8Yx4uEQKlmxDuZmxpMz4EWARyjHSAuDKEW1RJvUr6+5uA9qeOKxLiKN1j +o6eWAcl6Wr9MreXR9kFpS6kHllfdVSrJES4ST0uh1Jp4EYgmiyMmFCbUpKXifpsN +WCLDenE3hllF0+q3wIdu+4P82RIM71n7qVgnDnK29wnLhHDat9rkC62CIbonpkVY +mnReX0jze+7twRanJOMCJ+lFg16BDvBcG8u0n/wIDkHHitBI7bU1k6c6DydLQ+69 +h8SCo6sO9YuD+/3xAGKad4ImZ6vTwlB4zDCpu6YgQWocWRXE+VkOb+RBfvP755PU +aLfL63AFVlpOnEpIio5++UjNJRuPuAA= + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + <KeyDescriptor use="encryption"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> + <ds:X509Data> + <ds:X509Certificate> +MIIEYzCCAkugAwIBAgIDIAZmMA0GCSqGSIb3DQEBCwUAMC4xCzAJBgNVBAYTAkRF +MRIwEAYDVQQKDAlTU09DaXJjbGUxCzAJBgNVBAMMAkNBMB4XDTE2MDgwMzE1MDMy +M1oXDTI2MDMwNDE1MDMyM1owPTELMAkGA1UEBhMCREUxEjAQBgNVBAoTCVNTT0Np +cmNsZTEaMBgGA1UEAxMRaWRwLnNzb2NpcmNsZS5jb20wggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCAwWJyOYhYmWZF2TJvm1VyZccs3ZJ0TsNcoazr2pTW +cY8WTRbIV9d06zYjngvWibyiylewGXcYONB106ZNUdNgrmFd5194Wsyx6bPvnjZE +ERny9LOfuwQaqDYeKhI6c+veXApnOfsY26u9Lqb9sga9JnCkUGRaoVrAVM3yfghv +/Cg/QEg+I6SVES75tKdcLDTt/FwmAYDEBV8l52bcMDNF+JWtAuetI9/dWCBe9VTC +asAr2Fxw1ZYTAiqGI9sW4kWS2ApedbqsgH3qqMlPA7tg9iKy8Yw/deEn0qQIx8Gl +VnQFpDgzG9k+jwBoebAYfGvMcO/BDXD2pbWTN+DvbURlAgMBAAGjezB5MAkGA1Ud +EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj +YXRlMB0GA1UdDgQWBBQhAmCewE7aonAvyJfjImCRZDtccTAfBgNVHSMEGDAWgBTA +1nEA+0za6ppLItkOX5yEp8cQaTANBgkqhkiG9w0BAQsFAAOCAgEAAhC5/WsF9ztJ +Hgo+x9KV9bqVS0MmsgpG26yOAqFYwOSPmUuYmJmHgmKGjKrj1fdCINtzcBHFFBC1 +maGJ33lMk2bM2THx22/O93f4RFnFab7t23jRFcF0amQUOsDvltfJw7XCal8JdgPU +g6TNC4Fy9XYv0OAHc3oDp3vl1Yj8/1qBg6Rc39kehmD5v8SKYmpE7yFKxDF1ol9D +KDG/LvClSvnuVP0b4BWdBAA9aJSFtdNGgEvpEUqGkJ1osLVqCMvSYsUtHmapaX3h +iM9RbX38jsSgsl44Rar5Ioc7KXOOZFGfEKyyUqucYpjWCOXJELAVAzp7XTvA2q55 +u31hO0w8Yx4uEQKlmxDuZmxpMz4EWARyjHSAuDKEW1RJvUr6+5uA9qeOKxLiKN1j +o6eWAcl6Wr9MreXR9kFpS6kHllfdVSrJES4ST0uh1Jp4EYgmiyMmFCbUpKXifpsN +WCLDenE3hllF0+q3wIdu+4P82RIM71n7qVgnDnK29wnLhHDat9rkC62CIbonpkVY +mnReX0jze+7twRanJOMCJ+lFg16BDvBcG8u0n/wIDkHHitBI7bU1k6c6DydLQ+69 +h8SCo6sO9YuD+/3xAGKad4ImZ6vTwlB4zDCpu6YgQWocWRXE+VkOb+RBfvP755PU +aLfL63AFVlpOnEpIio5++UjNJRuPuAA= + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc";> + <xenc:KeySize xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>128</xenc:KeySize> +</EncryptionMethod> + </KeyDescriptor> + <ArtifactResolutionService index="0" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.ssocircle.com:443/sso/ArtifactResolver/metaAlias/publicidp"/> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.ssocircle.com:443/sso/IDPSloRedirect/metaAlias/publicidp"; ResponseLocation="https://idp.ssocircle.com:443/sso/IDPSloRedirect/metaAlias/publicidp"/> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.ssocircle.com:443/sso/IDPSloPost/metaAlias/publicidp"; ResponseLocation="https://idp.ssocircle.com:443/sso/IDPSloPost/metaAlias/publicidp"/> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.ssocircle.com:443/sso/IDPSloSoap/metaAlias/publicidp"/> + <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.ssocircle.com:443/sso/IDPMniRedirect/metaAlias/publicidp"; ResponseLocation="https://idp.ssocircle.com:443/sso/IDPMniRedirect/metaAlias/publicidp"/> + <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.ssocircle.com:443/sso/IDPMniPOSTmetaAlias/publicidp"; ResponseLocation="https://idp.ssocircle.com:443/sso/IDPMniPOST/metaAlias/publicidp"/> + <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.ssocircle.com:443/sso/IDPMniSoap/metaAlias/publicidp"/> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.ssocircle.com:443/sso/SSORedirect/metaAlias/publicidp"/> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.ssocircle.com:443/sso/SSOPOST/metaAlias/publicidp"/> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.ssocircle.com:443/sso/SSOSoap/metaAlias/publicidp"/> + <NameIDMappingService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.ssocircle.com:443/sso/NIMSoap/metaAlias/publicidp"/> + </IDPSSODescriptor> +</EntityDescriptor> http://git-wip-us.apache.org/repos/asf/syncope/blob/622806cb/fit/core-reference/src/test/resources/testshib-providers.xml ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/resources/testshib-providers.xml b/fit/core-reference/src/test/resources/testshib-providers.xml new file mode 100644 index 0000000..6320ccb --- /dev/null +++ b/fit/core-reference/src/test/resources/testshib-providers.xml @@ -0,0 +1,321 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<EntitiesDescriptor Name="urn:mace:shibboleth:testshib:two" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; + xmlns:mdalg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> + + <!-- This file contains the metadata for the testing IdP and SP + that are operated by TestShib as a service for testing new + Shibboleth and SAML providers. --> + + <EntityDescriptor entityID="https://idp.testshib.org/idp/shibboleth";> + + <Extensions> + <mdalg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"; /> + <mdalg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"; /> + <mdalg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; /> + <mdalg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> + <mdalg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"; /> + <mdalg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"; /> + <mdalg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; /> + <mdalg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> + </Extensions> + + <IDPSSODescriptor + protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:2.0:protocol"> + <Extensions> + <shibmd:Scope regexp="false">testshib.org</shibmd:Scope> + <mdui:UIInfo> + <mdui:DisplayName xml:lang="en">TestShib Test IdP</mdui:DisplayName> + <mdui:Description xml:lang="en">TestShib IdP. Use this as a source of attributes + for your test SP.</mdui:Description> + <mdui:Logo height="88" width="253" + >https://www.testshib.org/testshibtwo.jpg</mdui:Logo> + </mdui:UIInfo> + + </Extensions> + + <!-- new signing key --> + <KeyDescriptor> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> + MIIDAzCCAeugAwIBAgIVAPX0G6LuoXnKS0Muei006mVSBXbvMA0GCSqGSIb3DQEB + CwUAMBsxGTAXBgNVBAMMEGlkcC50ZXN0c2hpYi5vcmcwHhcNMTYwODIzMjEyMDU0 + WhcNMzYwODIzMjEyMDU0WjAbMRkwFwYDVQQDDBBpZHAudGVzdHNoaWIub3JnMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9C4J2DiRTEhJAWzPt1S3ryh + m3M2P3hPpwJwvt2q948vdTUxhhvNMuc3M3S4WNh6JYBs53R+YmjqJAII4ShMGNEm + lGnSVfHorex7IxikpuDPKV3SNf28mCAZbQrX+hWA+ann/uifVzqXktOjs6DdzdBn + xoVhniXgC8WCJwKcx6JO/hHsH1rG/0DSDeZFpTTcZHj4S9MlLNUtt5JxRzV/MmmB + 3ObaX0CMqsSWUOQeE4nylSlp5RWHCnx70cs9kwz5WrflnbnzCeHU2sdbNotBEeTH + ot6a2cj/pXlRJIgPsrL/4VSicPZcGYMJMPoLTJ8mdy6mpR6nbCmP7dVbCIm/DQID + AQABoz4wPDAdBgNVHQ4EFgQUUfaDa2mPi24x09yWp1OFXmZ2GPswGwYDVR0RBBQw + EoIQaWRwLnRlc3RzaGliLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEASKKgqTxhqBzR + OZ1eVy++si+eTTUQZU4+8UywSKLia2RattaAPMAcXUjO+3cYOQXLVASdlJtt+8QP + dRkfp8SiJemHPXC8BES83pogJPYEGJsKo19l4XFJHPnPy+Dsn3mlJyOfAa8RyWBS + 80u5lrvAcr2TJXt9fXgkYs7BOCigxtZoR8flceGRlAZ4p5FPPxQR6NDYb645jtOT + MVr3zgfjP6Wh2dt+2p04LG7ENJn8/gEwtXVuXCsPoSCDx9Y0QmyXTJNdV1aB0AhO + RkWPlFYwp+zOyOIR+3m1+pqWFpn0eT/HrxpdKa74FA3R2kq4R7dXe4G0kUgXTdqX + MLRKhDgdmA== + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"; /> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> + </KeyDescriptor> + + <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" + Location="https://idp.testshib.org:8443/idp/profile/SAML1/SOAP/ArtifactResolution"; + index="1"/> + <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" + Location="https://idp.testshib.org:8443/idp/profile/SAML2/SOAP/ArtifactResolution"; + index="2"/> + + <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> + + <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" + Location="https://idp.testshib.org/idp/profile/Shibboleth/SSO"/> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + Location="https://idp.testshib.org/idp/profile/SAML2/POST/SSO"/> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + Location="https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO"/> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" + Location="https://idp.testshib.org/idp/profile/SAML2/SOAP/ECP"/> + + </IDPSSODescriptor> + + <AttributeAuthorityDescriptor + protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol"> + + <!-- new SSL/TLS --> + <KeyDescriptor> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> + MIIDAzCCAeugAwIBAgIVAPX0G6LuoXnKS0Muei006mVSBXbvMA0GCSqGSIb3DQEB + CwUAMBsxGTAXBgNVBAMMEGlkcC50ZXN0c2hpYi5vcmcwHhcNMTYwODIzMjEyMDU0 + WhcNMzYwODIzMjEyMDU0WjAbMRkwFwYDVQQDDBBpZHAudGVzdHNoaWIub3JnMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9C4J2DiRTEhJAWzPt1S3ryh + m3M2P3hPpwJwvt2q948vdTUxhhvNMuc3M3S4WNh6JYBs53R+YmjqJAII4ShMGNEm + lGnSVfHorex7IxikpuDPKV3SNf28mCAZbQrX+hWA+ann/uifVzqXktOjs6DdzdBn + xoVhniXgC8WCJwKcx6JO/hHsH1rG/0DSDeZFpTTcZHj4S9MlLNUtt5JxRzV/MmmB + 3ObaX0CMqsSWUOQeE4nylSlp5RWHCnx70cs9kwz5WrflnbnzCeHU2sdbNotBEeTH + ot6a2cj/pXlRJIgPsrL/4VSicPZcGYMJMPoLTJ8mdy6mpR6nbCmP7dVbCIm/DQID + AQABoz4wPDAdBgNVHQ4EFgQUUfaDa2mPi24x09yWp1OFXmZ2GPswGwYDVR0RBBQw + EoIQaWRwLnRlc3RzaGliLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEASKKgqTxhqBzR + OZ1eVy++si+eTTUQZU4+8UywSKLia2RattaAPMAcXUjO+3cYOQXLVASdlJtt+8QP + dRkfp8SiJemHPXC8BES83pogJPYEGJsKo19l4XFJHPnPy+Dsn3mlJyOfAa8RyWBS + 80u5lrvAcr2TJXt9fXgkYs7BOCigxtZoR8flceGRlAZ4p5FPPxQR6NDYb645jtOT + MVr3zgfjP6Wh2dt+2p04LG7ENJn8/gEwtXVuXCsPoSCDx9Y0QmyXTJNdV1aB0AhO + RkWPlFYwp+zOyOIR+3m1+pqWFpn0eT/HrxpdKa74FA3R2kq4R7dXe4G0kUgXTdqX + MLRKhDgdmA== + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"; /> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> + </KeyDescriptor> + + <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" + Location="https://idp.testshib.org:8443/idp/profile/SAML1/SOAP/AttributeQuery"/> + <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" + Location="https://idp.testshib.org:8443/idp/profile/SAML2/SOAP/AttributeQuery"/> + + <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> + + </AttributeAuthorityDescriptor> + + <Organization> + <OrganizationName xml:lang="en">TestShib Two Identity Provider</OrganizationName> + <OrganizationDisplayName xml:lang="en">TestShib Two</OrganizationDisplayName> + <OrganizationURL xml:lang="en">http://www.testshib.org/testshib-two/</OrganizationURL> + </Organization> + <ContactPerson contactType="technical"> + <GivenName>Nate</GivenName> + <SurName>Klingenstein</SurName> + <EmailAddress>[email protected]</EmailAddress> + </ContactPerson> + </EntityDescriptor> + + <!-- = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = --> + <!-- Metadata for SP.TESTSHIB.ORG --> + <!-- = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = --> + + <EntityDescriptor entityID="https://sp.testshib.org/shibboleth-sp";> + + <Extensions> + <mdalg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> + <mdalg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> + <mdalg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <mdalg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> + <mdalg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <mdalg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> + <mdalg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> + <mdalg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> + <mdalg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> + <mdalg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> + <mdalg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> + <mdalg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <mdalg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> + <mdalg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> + <mdalg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <mdalg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> + </Extensions> + + + <!-- An SP supporting SAML 1 and 2 contains this element with protocol support as shown. --> + <SPSSODescriptor + protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext";> + + <Extensions> + <!-- A request initiator at /Testshib that you can use to customize authentication requests issued to your IdP by TestShib. --> + <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://sp.testshib.org/Shibboleth.sso/TestShib"/> + + <mdui:UIInfo> + <mdui:DisplayName xml:lang="en">TestShib Test SP</mdui:DisplayName> + <mdui:Description xml:lang="en">TestShib SP. Log into this to test your machine. + Once logged in check that all attributes that you expected have been + released.</mdui:Description> + <mdui:Logo height="88" width="253">https://www.testshib.org/testshibtwo.jpg</mdui:Logo> + </mdui:UIInfo> + </Extensions> + + <KeyDescriptor> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> + MIIEPjCCAyagAwIBAgIBADANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJVUzEV + MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMSIwIAYD + VQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3ZpZGVyMRgwFgYDVQQDEw9zcC50ZXN0 + c2hpYi5vcmcwHhcNMDYwODMwMjEyNDM5WhcNMTYwODI3MjEyNDM5WjB3MQswCQYD + VQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1 + cmdoMSIwIAYDVQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3ZpZGVyMRgwFgYDVQQD + Ew9zcC50ZXN0c2hpYi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB + AQDJyR6ZP6MXkQ9z6RRziT0AuCabDd3x1m7nLO9ZRPbr0v1LsU+nnC363jO8nGEq + sqkgiZ/bSsO5lvjEt4ehff57ERio2Qk9cYw8XCgmYccVXKH9M+QVO1MQwErNobWb + AjiVkuhWcwLWQwTDBowfKXI87SA7KR7sFUymNx5z1aoRvk3GM++tiPY6u4shy8c7 + vpWbVfisfTfvef/y+galxjPUQYHmegu7vCbjYP3On0V7/Ivzr+r2aPhp8egxt00Q + XpilNai12LBYV3Nv/lMsUzBeB7+CdXRVjZOHGuQ8mGqEbsj8MBXvcxIKbcpeK5Zi + JCVXPfarzuriM1G5y5QkKW+LAgMBAAGjgdQwgdEwHQYDVR0OBBYEFKB6wPDxwYrY + StNjU5P4b4AjBVQVMIGhBgNVHSMEgZkwgZaAFKB6wPDxwYrYStNjU5P4b4AjBVQV + oXukeTB3MQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYD + VQQHEwpQaXR0c2J1cmdoMSIwIAYDVQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3Zp + ZGVyMRgwFgYDVQQDEw9zcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN + BgkqhkiG9w0BAQUFAAOCAQEAc06Kgt7ZP6g2TIZgMbFxg6vKwvDL0+2dzF11Onpl + 5sbtkPaNIcj24lQ4vajCrrGKdzHXo9m54BzrdRJ7xDYtw0dbu37l1IZVmiZr12eE + Iay/5YMU+aWP1z70h867ZQ7/7Y4HW345rdiS6EW663oH732wSYNt9kr7/0Uer3KD + 9CuPuOidBacospDaFyfsaJruE99Kd6Eu/w5KLAGG+m0iqENCziDGzVA47TngKz2v + PVA+aokoOyoz3b53qeti77ijatSEoKjxheBWpO+eoJeGq/e49Um3M2ogIX/JAlMa + Inh+vYSYngQB2sx9LGkR9KHaMKNIGCDehk93Xla4pWJx1w== + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> + <EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> + <EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> + </KeyDescriptor> + + <!-- This tells IdPs that Single Logout is supported and where/how to request it. --> + + <SingleLogoutService Location="https://sp.testshib.org/Shibboleth.sso/SLO/SOAP"; + Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/> + <SingleLogoutService Location="https://sp.testshib.org/Shibboleth.sso/SLO/Redirect"; + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/> + <SingleLogoutService Location="https://sp.testshib.org/Shibboleth.sso/SLO/POST"; + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/> + <SingleLogoutService Location="https://sp.testshib.org/Shibboleth.sso/SLO/Artifact"; + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/> + + + <!-- This tells IdPs that you only need transient identifiers. --> + <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> + <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> + + <!-- + This tells IdPs where and how to send authentication assertions. Mostly + the SP will tell the IdP what location to use in its request, but this + is how the IdP validates the location and also figures out which + SAML version/binding to use. + --> + + <AssertionConsumerService index="1" isDefault="true" + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + Location="https://sp.testshib.org/Shibboleth.sso/SAML2/POST"/> + <AssertionConsumerService index="2" + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" + Location="https://sp.testshib.org/Shibboleth.sso/SAML2/POST-SimpleSign"/> + <AssertionConsumerService index="3" + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" + Location="https://sp.testshib.org/Shibboleth.sso/SAML2/Artifact"/> + <AssertionConsumerService index="4" + Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" + Location="https://sp.testshib.org/Shibboleth.sso/SAML/POST"/> + <AssertionConsumerService index="5" + Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" + Location="https://sp.testshib.org/Shibboleth.sso/SAML/Artifact"/> + <AssertionConsumerService index="6" + Binding="http://schemas.xmlsoap.org/ws/2003/07/secext"; + Location="https://sp.testshib.org/Shibboleth.sso/ADFS"/> + + <!-- A couple additional assertion consumers for the registration webapp. --> + + <AssertionConsumerService index="7" + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + Location="https://www.testshib.org/Shibboleth.sso/SAML2/POST"/> + <AssertionConsumerService index="8" + Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" + Location="https://www.testshib.org/Shibboleth.sso/SAML/POST"/> + + </SPSSODescriptor> + + <!-- This is just information about the entity in human terms. --> + <Organization> + <OrganizationName xml:lang="en">TestShib Two Service Provider</OrganizationName> + <OrganizationDisplayName xml:lang="en">TestShib Two</OrganizationDisplayName> + <OrganizationURL xml:lang="en">http://www.testshib.org/testshib-two/</OrganizationURL> + </Organization> + <ContactPerson contactType="technical"> + <GivenName>Nate</GivenName> + <SurName>Klingenstein</SurName> + <EmailAddress>[email protected]</EmailAddress> + </ContactPerson> + + </EntityDescriptor> + + +</EntitiesDescriptor> +
