Upgrade to upstream 0.11.0 release.

Includes ECP support, see NEWS for all changes. Update mellon_create_metadata.sh to match internally generated metadata, includes AssertionConsumerService for postResponse, artifactResponse & paosResponse.
2015-09-17 21:49:53 -04:00 · 2015-09-17 21:49:53 -04:00 · 5d207147c3
commit 5d207147c3
parent 781ae1c943
4 changed files with 64 additions and 22 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,4 @@
 /mod_auth_mellon-0.8.0.tar.gz
 /mod_auth_mellon-0.9.1.tar.gz
 /mod_auth_mellon-0.10.0.tar.gz
+/mod_auth_mellon-0.11.0.tar.gz
--- a/mellon_create_metadata.sh
+++ b/mellon_create_metadata.sh
@ -44,8 +44,11 @@ echo "Metadata:                  $OUTFILE.xml"
 echo "Host:                                     $HOST"
 echo
 echo "Endpoints:"
-echo "SingleLogoutService:       $BASEURL/logout"
-echo "AssertionConsumerService:  $BASEURL/postResponse"
+echo "SingleLogoutService (SOAP):               $BASEURL/logout"
+echo "SingleLogoutService (HTTP-Redirect):      $BASEURL/logout"
+echo "AssertionConsumerService (HTTP-POST):     $BASEURL/postResponse"
+echo "AssertionConsumerService (HTTP-Artifact): $BASEURL/artifactResponse"
+echo "AssertionConsumerService (PAOS):          $BASEURL/paosResponse"
 echo

 # No files should not be readable by the rest of the world.
@ -72,8 +75,14 @@ rm -f "$TEMPLATEFILE"
 CERT="$(grep -v '^-----' "$OUTFILE.cert")"

 cat >"$OUTFILE.xml" <<EOF
-<EntityDescriptor entityID="$ENTITYID" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<EntityDescriptor
+ entityID="$ENTITYID"
+ xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+ <SPSSODescriptor
+   AuthnRequestsSigned="true"
+   WantAssertionsSigned="true"
+   protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
   <KeyDescriptor use="signing">
     <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
       <ds:X509Data>
@ -81,8 +90,33 @@ cat >"$OUTFILE.xml" <<EOF
       </ds:X509Data>
     </ds:KeyInfo>
   </KeyDescriptor>
-    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="$BASEURL/logout"/>
-    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="$BASEURL/postResponse" index="0"/>
+   <KeyDescriptor use="encryption">
+     <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+       <ds:X509Data>
+         <ds:X509Certificate>$CERT</ds:X509Certificate>
+       </ds:X509Data>
+     </ds:KeyInfo>
+   </KeyDescriptor>
+   <SingleLogoutService
+     Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+     Location="$BASEURL/logout" />
+   <SingleLogoutService
+     Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+     Location="$BASEURL/logout" />
+   <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+   <AssertionConsumerService
+     index="0"
+     isDefault="true"
+     Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+     Location="$BASEURL/postResponse" />
+   <AssertionConsumerService
+     index="1"
+     Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
+     Location="$BASEURL/artifactResponse" />
+   <AssertionConsumerService
+     index="2"
+     Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
+     Location="$BASEURL/paosResponse" />
 </SPSSODescriptor>
 </EntityDescriptor>
 EOF
--- a/mod_auth_mellon.spec
+++ b/mod_auth_mellon.spec
@ -1,7 +1,7 @@
 Summary: A SAML 2.0 authentication module for the Apache Httpd Server
 Name: mod_auth_mellon
-Version: 0.10.0
-Release: 2%{?dist}
+Version: 0.11.0
+Release: 1%{?dist}
 Group: System Environment/Daemons
 Source0: https://github.com/UNINETT/mod_auth_mellon/releases/download/v%{version}/%{name}-%{version}.tar.gz
 Source1: auth_mellon.conf
@ -48,7 +48,7 @@ install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/%{name}

 %files
 %defattr(-,root,root)
-%doc README COPYING
+%doc README COPYING NEWS
 %config(noreplace) %{_httpd_modconfdir}/10-auth_mellon.conf
 %config(noreplace) %{_httpd_confdir}/auth_mellon.conf
 %{_httpd_moddir}/mod_auth_mellon.so
@ -57,6 +57,13 @@ install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/%{name}
 %dir /run/%{name}/

 %changelog
+* Fri Sep 18 2015 John Dennis <jdennis@redhat.com> - 0.11.0-1
+- Upgrade to upstream 0.11.0 release.
+- Includes ECP support, see NEWS for all changes.
+- Update mellon_create_metadata.sh to match internally generated metadata,
+  includes AssertionConsumerService for postResponse, artifactResponse &
+  paosResponse.
+
 * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-389b2c68d6974253e565b939dbea42ae  mod_auth_mellon-0.10.0.tar.gz
+d24347881f1c60f26cf686d22cf419de  mod_auth_mellon-0.11.0.tar.gz