Marvin S. Addison serac

## AssertionUtil.cs
/*
 * Licensed to Jasig under one or more contributor license
 * agreements. See the NOTICE file distributed with this work
 * for additional information regarding copyright ownership.
 * Jasig licenses this file to you under the Apache License,
 * Version 2.0 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a
 * copy of the License at:
 *
 * http://www.apache.org/licenses/LICENSE-2.0

## test-extension-flow.diff
Index: idp-conf/src/test/java/net/shibboleth/idp/test/flows/ExtensionFlowTest.java
===================================================================
--- idp-conf/src/test/java/net/shibboleth/idp/test/flows/ExtensionFlowTest.java	(revision 0)
+++ idp-conf/src/test/java/net/shibboleth/idp/test/flows/ExtensionFlowTest.java	(working copy)
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the University Corporation for Advanced Internet Development,
+ * Inc. (UCAID) under one or more contributor license agreements.  See the
+ * NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The UCAID licenses this file to You under the Apache

## find-incommon-r_and_s.py
#!/usr/bin/env python

import xml.etree.ElementTree as ET
import urllib2

response = urllib2.urlopen('http://md.incommon.org/InCommon/InCommon-metadata.xml')
try:
  data = response.read()
finally:
  response.close()

## animation.html
<html>
	<head>
		<title>Simple Web Animation</title>
		<script src="http://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
	</head>
	<body style="font-family:Helvetica,sans-serif">

		<form>
			<fieldset style="border:2px solid #999; width:50%; margin:auto auto">
				<label for="imgurl">Image URL</label>

## idpctl
#!/bin/bash
#
#==================================================================
#
# Shibboleth IdP application control script.
# Supported operations:
#  - start
#  - stop
#  - restart
#  - status

## X509AuthServlet.java.diff
Index: idp-authn-impl/src/main/java/net/shibboleth/idp/authn/impl/X509AuthServlet.java
===================================================================
--- idp-authn-impl/src/main/java/net/shibboleth/idp/authn/impl/X509AuthServlet.java	(revision 7486)
+++ idp-authn-impl/src/main/java/net/shibboleth/idp/authn/impl/X509AuthServlet.java	(working copy)
@@ -35,6 +35,7 @@
 import net.shibboleth.idp.authn.ExternalAuthentication;
 import net.shibboleth.idp.authn.ExternalAuthenticationException;
 import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
+import net.shibboleth.utilities.java.support.collection.Pair;
 import net.shibboleth.utilities.java.support.resolver.CriteriaSet;

## PolicyTrustEngine.java
package edu.vt.middleware.idp.authn;

import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.cryptacular.x509.ExtensionReader;
import org.opensaml.security.trust.TrustEngine;
import org.opensaml.security.x509.X509Credential;
import org.slf4j.Logger;

## java-idp.diff
Index: idp-conf/src/main/resources/conf/idp.properties
===================================================================
--- idp-conf/src/main/resources/conf/idp.properties	(revision 7643)
+++ idp-conf/src/main/resources/conf/idp.properties	(working copy)
@@ -101,6 +101,12 @@
 # usually in conjunction with the idp.authn.resolveAttribute property below.
 #idp.authn.flows.initial = Password

+# If true the same constraints are applied to the initial authn flow as the
+# "regular" authn flow to ensure the authentication requirements of the

## SaslAuthzBindActivator.java
package edu.vt.middleware.idp.authn;

import com.google.common.base.Function;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.logic.ConstraintViolationException;
import org.ldaptive.*;
import org.ldaptive.pool.Activator;
import org.ldaptive.sasl.SaslConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

## kryo-tgt.bin
TGT-1-JAGo69rXn4IuYt5M4oevMOKpXL4ggqOYystTowLYNgHJpb4ej5-cas-tier-1 0 1375
passwordStateACTIVEDENTIFIER 82A00DEAC2111F7EE0440003BA624FA9uid1145718
                     accountStateACTIVELOA@urn:oasis:names:tc:SAML:2.0:post:ac:classes:nist-800-63:v1-0-2:2authIdseracvirginiaTechAffiliationXX-EMPLOYEE-STATE
         XX-EMPLOYEEXX-ACTIVE-MEMBERXX-STAFF
XX-STUDENTXX-ALUM-CONSTITUENTXX-ALUMgroupMembership5uugid=irm.dat.authz.fiddlestix,ou=Groups,dc=xx,dc=yyy)uugid=ita.osx.lion,ou=Groups,dc=xx,dc=yyy-uugid=fiddlestix.staff,ou=Groups,dc=xx,dc=yyy6uugid=fiddlestix.wiki.authz.ctu,ou=Groups,dc=xx,dc=yyy'uugid=seti.certs,ou=Groups,dc=xx,dc=yyyFormatted NameseracauthenticationMethod9org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler%samlAuthenticationStatementAuthMethodAurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransportLOA@urn:oasis:names:tc:SAML:2.0:post:ac:classes:nist-800-63:v1-0-2:2�����M%QBTGT-1-JAGo69rXn4IuYt5M4oevMOKpXL4ggqOYystTowLYNgHJpb4ej5-cas-tier-1
	/*
	* Licensed to Jasig under one or more contributor license
	* agreements. See the NOTICE file distributed with this work
	* for additional information regarding copyright ownership.
	* Jasig licenses this file to you under the Apache License,
	* Version 2.0 (the "License"); you may not use this file
	* except in compliance with the License. You may obtain a
	* copy of the License at:
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	Index: idp-conf/src/test/java/net/shibboleth/idp/test/flows/ExtensionFlowTest.java
	===================================================================
	--- idp-conf/src/test/java/net/shibboleth/idp/test/flows/ExtensionFlowTest.java (revision 0)
	+++ idp-conf/src/test/java/net/shibboleth/idp/test/flows/ExtensionFlowTest.java (working copy)
	@@ -0,0 +1,37 @@
	+/*
	+ * Licensed to the University Corporation for Advanced Internet Development,
	+ * Inc. (UCAID) under one or more contributor license agreements. See the
	+ * NOTICE file distributed with this work for additional information regarding
	+ * copyright ownership. The UCAID licenses this file to You under the Apache
	#!/usr/bin/env python

	import xml.etree.ElementTree as ET
	import urllib2

	response = urllib2.urlopen('http://md.incommon.org/InCommon/InCommon-metadata.xml')
	try:
	data = response.read()
	finally:
	response.close()
	<html>
	<head>
	<title>Simple Web Animation</title>
	<script src="http://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
	</head>
	<body style="font-family:Helvetica,sans-serif">

	<form>
	<fieldset style="border:2px solid #999; width:50%; margin:auto auto">
	<label for="imgurl">Image URL</label>
	#!/bin/bash
	#
	#==================================================================
	#
	# Shibboleth IdP application control script.
	# Supported operations:
	# - start
	# - stop
	# - restart
	# - status
	Index: idp-authn-impl/src/main/java/net/shibboleth/idp/authn/impl/X509AuthServlet.java
	===================================================================
	--- idp-authn-impl/src/main/java/net/shibboleth/idp/authn/impl/X509AuthServlet.java (revision 7486)
	+++ idp-authn-impl/src/main/java/net/shibboleth/idp/authn/impl/X509AuthServlet.java (working copy)
	@@ -35,6 +35,7 @@
	import net.shibboleth.idp.authn.ExternalAuthentication;
	import net.shibboleth.idp.authn.ExternalAuthenticationException;
	import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
	+import net.shibboleth.utilities.java.support.collection.Pair;
	import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
	package edu.vt.middleware.idp.authn;

	import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
	import net.shibboleth.utilities.java.support.logic.Constraint;
	import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
	import org.bouncycastle.asn1.x509.PolicyInformation;
	import org.cryptacular.x509.ExtensionReader;
	import org.opensaml.security.trust.TrustEngine;
	import org.opensaml.security.x509.X509Credential;
	import org.slf4j.Logger;
	Index: idp-conf/src/main/resources/conf/idp.properties
	===================================================================
	--- idp-conf/src/main/resources/conf/idp.properties (revision 7643)
	+++ idp-conf/src/main/resources/conf/idp.properties (working copy)
	@@ -101,6 +101,12 @@
	# usually in conjunction with the idp.authn.resolveAttribute property below.
	#idp.authn.flows.initial = Password

	+# If true the same constraints are applied to the initial authn flow as the
	+# "regular" authn flow to ensure the authentication requirements of the
	package edu.vt.middleware.idp.authn;

	import com.google.common.base.Function;
	import net.shibboleth.utilities.java.support.logic.Constraint;
	import net.shibboleth.utilities.java.support.logic.ConstraintViolationException;
	import org.ldaptive.*;
	import org.ldaptive.pool.Activator;
	import org.ldaptive.sasl.SaslConfig;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;
	TGT-1-JAGo69rXn4IuYt5M4oevMOKpXL4ggqOYystTowLYNgHJpb4ej5-cas-tier-1 0 1375
	passwordStateACTIVEDENTIFIER 82A00DEAC2111F7EE0440003BA624FA9uid1145718
	accountStateACTIVELOA@urn:oasis:names:tc:SAML:2.0:post:ac:classes:nist-800-63:v1-0-2:2authIdseracvirginiaTechAffiliationXX-EMPLOYEE-STATE
	XX-EMPLOYEEXX-ACTIVE-MEMBERXX-STAFF
	XX-STUDENTXX-ALUM-CONSTITUENTXX-ALUMgroupMembership5uugid=irm.dat.authz.fiddlestix,ou=Groups,dc=xx,dc=yyy)uugid=ita.osx.lion,ou=Groups,dc=xx,dc=yyy-uugid=fiddlestix.staff,ou=Groups,dc=xx,dc=yyy6uugid=fiddlestix.wiki.authz.ctu,ou=Groups,dc=xx,dc=yyy'uugid=seti.certs,ou=Groups,dc=xx,dc=yyyFormatted NameseracauthenticationMethod9org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler%samlAuthenticationStatementAuthMethodAurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransportLOA@urn:oasis:names:tc:SAML:2.0:post:ac:classes:nist-800-63:v1-0-2:2��M%QBTGT-1-JAGo69rXn4IuYt5M4oevMOKpXL4ggqOYystTowLYNgHJpb4ej5-cas-tier-1