Upgrade to upstream 0.11.0 release.

Includes ECP support, see NEWS for all changes.

Update mellon_create_metadata.sh to match internally generated metadata,
includes AssertionConsumerService for postResponse, artifactResponse &
paosResponse.

.gitignore

@@ -2,3 +2,4 @@
 /mod_auth_mellon-0.8.0.tar.gz
 /mod_auth_mellon-0.9.1.tar.gz
 /mod_auth_mellon-0.10.0.tar.gz
+/mod_auth_mellon-0.11.0.tar.gz

mellon_create_metadata.sh

@@ -38,14 +38,17 @@ BASEURL="$(echo "$BASEURL" | sed 's#/$##')"
 
 OUTFILE="$(echo "$ENTITYID" | sed 's/[^A-Za-z.]/_/g' | sed 's/__*/_/g')"
 echo "Output files:"
-echo "Private key:               $OUTFILE.key"
+echo "Private key:                              $OUTFILE.key"
-echo "Certificate:               $OUTFILE.cert"
+echo "Certificate:                              $OUTFILE.cert"
-echo "Metadata:                  $OUTFILE.xml"
+echo "Metadata:                                 $OUTFILE.xml"
-echo "Host:                      $HOST"
+echo "Host:                                     $HOST"
 echo
 echo "Endpoints:"
-echo "SingleLogoutService:       $BASEURL/logout"
+echo "SingleLogoutService (SOAP):               $BASEURL/logout"
-echo "AssertionConsumerService:  $BASEURL/postResponse"
+echo "SingleLogoutService (HTTP-Redirect):      $BASEURL/logout"
+echo "AssertionConsumerService (HTTP-POST):     $BASEURL/postResponse"
+echo "AssertionConsumerService (HTTP-Artifact): $BASEURL/artifactResponse"
+echo "AssertionConsumerService (PAOS):          $BASEURL/paosResponse"
 echo
 
 # No files should not be readable by the rest of the world.
@@ -72,18 +75,49 @@ rm -f "$TEMPLATEFILE"
 CERT="$(grep -v '^-----' "$OUTFILE.cert")"
 
 cat >"$OUTFILE.xml" <<EOF
-<EntityDescriptor entityID="$ENTITYID" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+<EntityDescriptor
-    <KeyDescriptor use="signing">
+ entityID="$ENTITYID"
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
-        <ds:X509Data>
+ <SPSSODescriptor
-          <ds:X509Certificate>$CERT</ds:X509Certificate>
+   AuthnRequestsSigned="true"
-        </ds:X509Data>
+   WantAssertionsSigned="true"
-      </ds:KeyInfo>
+   protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-    </KeyDescriptor>
+   <KeyDescriptor use="signing">
-    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="$BASEURL/logout"/>
+     <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="$BASEURL/postResponse" index="0"/>
+       <ds:X509Data>
-  </SPSSODescriptor>
+         <ds:X509Certificate>$CERT</ds:X509Certificate>
+       </ds:X509Data>
+     </ds:KeyInfo>
+   </KeyDescriptor>
+   <KeyDescriptor use="encryption">
+     <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+       <ds:X509Data>
+         <ds:X509Certificate>$CERT</ds:X509Certificate>
+       </ds:X509Data>
+     </ds:KeyInfo>
+   </KeyDescriptor>
+   <SingleLogoutService
+     Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+     Location="$BASEURL/logout" />
+   <SingleLogoutService
+     Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+     Location="$BASEURL/logout" />
+   <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+   <AssertionConsumerService
+     index="0"
+     isDefault="true"
+     Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+     Location="$BASEURL/postResponse" />
+   <AssertionConsumerService
+     index="1"
+     Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
+     Location="$BASEURL/artifactResponse" />
+   <AssertionConsumerService
+     index="2"
+     Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
+     Location="$BASEURL/paosResponse" />
+ </SPSSODescriptor>
 </EntityDescriptor>
 EOF
 

mod_auth_mellon.spec

@@ -1,7 +1,7 @@
 Summary: A SAML 2.0 authentication module for the Apache Httpd Server
 Name: mod_auth_mellon
-Version: 0.10.0
+Version: 0.11.0
-Release: 2%{?dist}
+Release: 1%{?dist}
 Group: System Environment/Daemons
 Source0: https://github.com/UNINETT/mod_auth_mellon/releases/download/v%{version}/%{name}-%{version}.tar.gz
 Source1: auth_mellon.conf
@@ -48,7 +48,7 @@ install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/%{name}
 
 %files
 %defattr(-,root,root)
-%doc README COPYING
+%doc README COPYING NEWS
 %config(noreplace) %{_httpd_modconfdir}/10-auth_mellon.conf
 %config(noreplace) %{_httpd_confdir}/auth_mellon.conf
 %{_httpd_moddir}/mod_auth_mellon.so
@@ -57,6 +57,13 @@ install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/%{name}
 %dir /run/%{name}/
 
 %changelog
+* Fri Sep 18 2015 John Dennis <jdennis@redhat.com> - 0.11.0-1
+- Upgrade to upstream 0.11.0 release.
+- Includes ECP support, see NEWS for all changes.
+- Update mellon_create_metadata.sh to match internally generated metadata,
+  includes AssertionConsumerService for postResponse, artifactResponse &
+  paosResponse.
+
 * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
 

sources

@@ -1 +1 @@
-389b2c68d6974253e565b939dbea42ae  mod_auth_mellon-0.10.0.tar.gz
+d24347881f1c60f26cf686d22cf419de  mod_auth_mellon-0.11.0.tar.gz