From e62375e6eedb105e216d530317d6cd42fd0bfd8b Mon Sep 17 00:00:00 2001
From: "Eric J. Bowersox" <erbo@erbosoft.com>
Date: Tue, 17 Jun 2003 23:17:34 +0000
Subject: [PATCH] starting to set up the IDP side of SourceID-SSO support (not
 ready yet)

---
 build.xml                                     |  86 ++++++-
 conf-sso/{sp => }/dynamo.xml                  |   0
 conf-sso/idp/sourceid-sso-providers.xml       | 227 ++++++++++++++++++
 conf-sso/idp/sourceid-sso.xml                 |  92 +++++++
 conf-sso/idp/venice-idp.keystore              | Bin 0 -> 1291 bytes
 conf-sso/{sp => }/logging.xml                 |   2 +-
 conf-sso/sp/sourceid-sso.xml                  |   2 -
 conf-sso/{sp => }/web.xml                     |   0
 .../idp/scripts/sourceid/errorHandler.js      |  25 ++
 9 files changed, 428 insertions(+), 6 deletions(-)
 rename conf-sso/{sp => }/dynamo.xml (100%)
 create mode 100644 conf-sso/idp/sourceid-sso-providers.xml
 create mode 100644 conf-sso/idp/sourceid-sso.xml
 create mode 100644 conf-sso/idp/venice-idp.keystore
 rename conf-sso/{sp => }/logging.xml (96%)
 rename conf-sso/{sp => }/web.xml (100%)
 create mode 100644 venice-data-sso/idp/scripts/sourceid/errorHandler.js

diff --git a/build.xml b/build.xml
index 4d10be9..f145396 100644
--- a/build.xml
+++ b/build.xml
@@ -425,17 +425,20 @@
       <fileset dir="${sourceid.base}/conf" includes="*.xsd"/>
     </copy>
     <copy todir="assembly/venice-sp/WEB-INF">
-      <fileset dir="conf-sso/sp">
+      <fileset dir="conf-sso">
         <include name="dynamo.xml"/>
         <include name="web.xml"/>
+      </fileset>
+      <fileset dir="conf-sso/sp">
         <include name="sourceid-sso.xml"/>
         <include name="sourceid-sso-providers.xml"/>
         <include name="venice-sp.keystore"/>
       </fileset>
     </copy>
-    <copy file="conf-sso/sp/logging.xml" todir="assembly/venice-sp/WEB-INF">
+    <copy file="conf-sso/logging.xml" todir="assembly/venice-sp/WEB-INF">
       <filterset>
         <filter token="LOGDIR" value="${logfile.dir}"/>
+        <filter token="WHICH" value="sp"/>
       </filterset>
     </copy>
     <copy file="${sourceid.base}/conf/server-config.wsdd" todir="assembly/venice-sp/WEB-INF"
@@ -451,11 +454,88 @@
     </copy>
   </target>
 
+  <!-- ============================================================================
+    "assemble-venice-sso-idp" - Pseudo-target that creates the directory structure
+                                for Venice, with configuration as a SourceID-SSO
+                                Identity Provider.
+    ============================================================================ -->
+
+  <target name="assemble-venice-sso-idp" depends="init,all-jars" if="sourceid.present">
+    <mkdir dir="assembly/venice-idp"/>
+    <mkdir dir="assembly/venice-idp/WEB-INF/classes"/>
+    <mkdir dir="assembly/venice-idp/WEB-INF/lib"/>
+    <mkdir dir="assembly/venice-idp/WEB-INF/modules"/>
+    <mkdir dir="assembly/venice-idp/WEB-INF/xsd"/>
+    <copy todir="assembly/venice-idp/WEB-INF/classes" preservelastmodified="yes">
+      <fileset dir="${sourceid.base}/conf">
+        <include name="commons-logging.properties"/>
+        <include name="ApplicationResources.properties"/>
+      </fileset>
+    </copy>
+    <copy todir="assembly/venice-idp/WEB-INF/lib">
+      <fileset dir="jars" includes="venice-sso-helper.jar,venice-base.jar,dynamo-framework.jar,baseutil.jar"/>
+      <fileset dir="drivers" includes="*.jar"/>
+      <fileset dir="${bsf.lib}" includes="${bsf.jarfile}"/>
+      <fileset dir="${collections.lib}" includes="${collections.jarfile}"/>
+      <fileset dir="${commlang.lib}" includes="${commlang.jarfile}"/>
+      <fileset dir="${rhino.lib}" includes="${rhino.jarfile}"/>
+      <fileset dir="${log4j.lib}" includes="${log4j.jarfile}"/>
+      <fileset dir="${velocity.lib}" includes="${velocity.jarfile}"/>
+      <fileset dir="${lucene.lib}" includes="${lucene.jarfile}"/>
+      <fileset dir="${sourceid.base}" includes="sourceid-sso.jar"/>
+      <fileset dir="${sourceid.base}/webapp/WEB-INF/lib">
+        <include name="axis-ant.jar"/>
+        <include name="axis.jar"/>
+        <include name="castor-0.9.4.2-xml.jar"/>
+        <include name="commons-discovery.jar"/>
+        <include name="commons-logging.jar"/>
+        <include name="jaxrpc.jar"/>
+        <include name="saaj.jar"/>
+        <include name="wsdl4j.jar"/>
+        <include name="xalan.jar"/>
+        <include name="xml-apis.jar"/>
+        <include name="xmlsec.jar"/>
+      </fileset>
+    </copy>
+    <copy todir="assembly/venice-idp/WEB-INF/xsd" preservelastmodified="yes">
+      <fileset dir="${sourceid.base}/conf" includes="*.xsd"/>
+    </copy>
+    <copy todir="assembly/venice-idp/WEB-INF">
+      <fileset dir="conf-sso">
+        <include name="dynamo.xml"/>
+        <include name="web.xml"/>
+      </fileset>
+      <fileset dir="conf-sso/idp">
+        <include name="sourceid-sso.xml"/>
+        <include name="sourceid-sso-providers.xml"/>
+        <include name="venice-idp.keystore"/>
+      </fileset>
+    </copy>
+    <copy file="conf-sso/logging.xml" todir="assembly/venice-idp/WEB-INF">
+      <filterset>
+        <filter token="LOGDIR" value="${logfile.dir}"/>
+        <filter token="WHICH" value="idp"/>
+      </filterset>
+    </copy>
+    <copy file="${sourceid.base}/conf/server-config.wsdd" todir="assembly/venice-idp/WEB-INF"
+          preservelastmodified="yes"/>
+    <copy todir="assembly/venice-idp/WEB-INF">
+      <fileset dir="venice-data" includes="**/*"/>
+    </copy>
+    <copy todir="assembly/venice-idp/WEB-INF" overwrite="yes">
+      <fileset dir="venice-data-sso/idp" includes="**/*"/>
+    </copy>
+    <copy todir="assembly/venice-idp">
+      <fileset dir="venice-web" includes="**/*"/>
+    </copy>
+  </target>
+
   <!-- ============================================================================
     "all-assemblies" - Pseudo-target that assembles all Web application directory
                        structures.
     ============================================================================ -->
-  <target name="all-assemblies" depends="init,assemble-test-app,assemble-venice,assemble-venice-sso-sp"/>
+  <target name="all-assemblies"
+          depends="init,assemble-test-app,assemble-venice,assemble-venice-sso-sp,assemble-venice-sso-idp"/>
 
   <!-- ============================================================================
     "all" - Pseudo-target that builds everything.
diff --git a/conf-sso/sp/dynamo.xml b/conf-sso/dynamo.xml
similarity index 100%
rename from conf-sso/sp/dynamo.xml
rename to conf-sso/dynamo.xml
diff --git a/conf-sso/idp/sourceid-sso-providers.xml b/conf-sso/idp/sourceid-sso-providers.xml
new file mode 100644
index 0000000..7f4b24c
--- /dev/null
+++ b/conf-sso/idp/sourceid-sso-providers.xml
@@ -0,0 +1,227 @@
+<?xml version="1.0"?>
+
+<ProviderDirectory xmlns:lib="http://projectliberty.org/schemas/core/2002/12" 
+                   xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+                   xmlns="http://www.sourceid.org/schemas/sso/providers/2002/11">
+	
+  <lib:SPDescriptor xmlns:lib="http://projectliberty.org/schemas/core/2002/12"
+                    xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <lib:ProviderID>Venice-SSO-SP</lib:ProviderID>
+
+    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+      <ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#">MIICbjCCAdcCBD7AlmwwDQYJKoZIhvcNAQEEBQAwfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNPMQ8wDQYDVQQHEwZEZW52ZXIxIzAhBgNVBAoTGlNpbHZlcndyaXN0IERlc2lnbiBTdHVkaW9zMRQwEgYDVQQLEwtEZXZlbG9wbWVudDEWMBQGA1UEAxMNRXJpYyBCb3dlcnNveDAeFw0wMzA1MTMwNjUzMzJaFw0wMzA4MTEwNjUzMzJaMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMSMwIQYDVQQKExpTaWx2ZXJ3cmlzdCBEZXNpZ24gU3R1ZGlvczEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxFjAUBgNVBAMTDUVyaWMgQm93ZXJzb3gwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvjYZPJwt16vTVIKleltTVDyvswVr2vCd9aHg7rKPhNKN+iVS2XY+Y5IopgcVtshQx/SbWnPNldtpGtFewaSQzCud/Lhja1xoGO/nTbjRr7MrPlR3yub8KO90tgslZ9yjEPZDWDEr3Y59ieDpMtAnYjS2GQ2LFRHq63kzd4AXg1AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAVhJqkLZd59BiTjvRF0ZtBKXe+kxnvyclc0MeIzkzGFmnpMuSpSyZ3LlYp0uvFn5OADM6KkXj7DgXIqb1bqIvXmlwDds+oO3KL+WdHBO9KHW0KjR2jpIujpmJ8Eaf/cefcOxxA00CMrwBeL8EXyAaynpcT78nrT5iN3FZwMkBi9o=</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+
+    <lib:AssertionConsumerServiceURL>http://localhost:8080/venice-sp/sso/authnRequest</lib:AssertionConsumerServiceURL>
+    <lib:SoapEndpoint>http://localhost:8080/venice-sp/sso/soap/endpoint</lib:SoapEndpoint>
+    <lib:SingleLogoutServiceURL>http://localhost:8080/venice-sp/sso/logout</lib:SingleLogoutServiceURL>
+    <lib:SingleLogoutServiceReturnURL>http://localhost:8080/venice-sp/sso/logout</lib:SingleLogoutServiceReturnURL>
+    <lib:FederationTerminationServiceURL>http://localhost:8080/venice-sp/sso/fedterm</lib:FederationTerminationServiceURL>
+    <lib:FederationTerminationServiceReturnURL>http://localhost:8080/venice-sp/sso/fedterm</lib:FederationTerminationServiceReturnURL>
+
+    <lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</lib:FederationTerminationNotificationProtocolProfile>
+    <lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</lib:FederationTerminationNotificationProtocolProfile>
+    <lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</lib:SingleLogoutProtocolProfile>
+    <lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</lib:SingleLogoutProtocolProfile>
+    <lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http-get</lib:SingleLogoutProtocolProfile>
+    <lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</lib:RegisterNameIdentifierProtocolProfile>
+    <lib:RegisterNameIdentifierServiceURL>http://localhost:9080/sourceid-sso/sso/rni</lib:RegisterNameIdentifierServiceURL>
+    <lib:RegisterNameIdentifierServiceReturnURL>http://localhost:9080/sourceid-sso/sso/rni</lib:RegisterNameIdentifierServiceReturnURL>
+    <lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-http</lib:RegisterNameIdentifierProtocolProfile>
+    <lib:AuthnRequestsSigned>false</lib:AuthnRequestsSigned>
+
+  </lib:SPDescriptor>
+	
+	<!--
+		Sample Service Provider Descriptor. If this instance of SourceID-SSO is configured to
+		operate in the "idp" role, then the entry below describes a Service Provider with which
+		we are federated. If this instance is configured to operate in the "sp" role, then the entry
+		below will be ignored.
+	 -->
+	<lib:SPDescriptor xmlns:lib="http://projectliberty.org/schemas/core/2002/12" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+		<!--
+			Customize the following line to match the ProviderID of the remote provider; if the other
+			provider is SourceID-SSO, then the ProviderID below should match the <provider-id> element
+			in the other deployment's sourceid-sso.xml.
+		 -->
+		<lib:ProviderID>SourceID-Sample-SP</lib:ProviderID>
+		<!--
+			The following KeyInfo represents the public key contained in the sample "sourceid.keystore"
+			file bundled with SourceID-SSO 
+		 -->
+		<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+			<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+				<ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#">MIICSjCCAbMCBD4coSAwDQYJKoZIhvcNAQEEBQAwbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjAeFw0wMzAxMDgyMjA3MjhaFw0wMzA0MDgyMjA3MjhaMGwxEDAOBgNVBAYTB1Vua25vd24xEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24xEDAOBgNVBAMTB1Vua25vd24wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJhokczPBJlZe48d5oKZiX6vo7DBU5b54t9JjSHLOEZd0XK5w81BY4iX8QADMc7GyTrqDDrehfh4S5eQO89Fll50D4f6HpSI2QGtionDrj3kuET9nW9n98IzWc3eiLLH+5q3VGm04rylo4PTnJCeMYmDRqYJkWR1xQbNsrv9HHJAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAI16O969XJkYRJaTiPXMcJg8XRM9oHKqc4L6YEDXGvnQ8NfTPDuJEzKIcU8QWNnprcY+MOue+O2YvP7u9NQuKK4zDA14CcIRb8G+VMLFa2A+BYiD66yIBWsb89YNFYnvH379wGp+ankQBTdljpgFo6Bt+fXmZxB6mToBdXy0h5b8=</ds:X509Certificate>
+			</ds:X509Data>
+		</ds:KeyInfo>
+		<!--
+			The endpoints in the following URL's are correct for services offered by SourceID-SSO.
+			If federating this installation with another instance of SourceID-SSO, then all you need to do
+			is customize the URL's to match your deployment (e.g. replace "http://localhost:9080/sso-sample-sp"
+			with your server name and servlet context).
+		 -->
+		<lib:AssertionConsumerServiceURL>http://localhost:8080/sso-sample-sp/sso/authnRequest</lib:AssertionConsumerServiceURL>
+		<lib:SoapEndpoint>http://localhost:8080/sso-sample-sp/sso/soap/endpoint</lib:SoapEndpoint>
+		<lib:SingleLogoutServiceURL>http://localhost:8080/sso-sample-sp/sso/logout</lib:SingleLogoutServiceURL>
+		<lib:SingleLogoutServiceReturnURL>http://localhost:8080/sso-sample-sp/sso/logout</lib:SingleLogoutServiceReturnURL>
+		<lib:FederationTerminationServiceURL>http://localhost:8080/sso-sample-sp/sso/fedterm</lib:FederationTerminationServiceURL>
+		<lib:FederationTerminationServiceReturnURL>http://localhost:8080/sso-sample-sp/sso/fedterm</lib:FederationTerminationServiceReturnURL>
+		<!--
+			The following profile declarations indicate the variants of the Liberty Protocol which 
+			this provider can speak.
+		 -->
+		<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</lib:FederationTerminationNotificationProtocolProfile>
+		<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</lib:FederationTerminationNotificationProtocolProfile>
+		<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</lib:SingleLogoutProtocolProfile>
+		<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</lib:SingleLogoutProtocolProfile>
+		<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http-get</lib:SingleLogoutProtocolProfile>
+		<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</lib:RegisterNameIdentifierProtocolProfile>
+		<lib:RegisterNameIdentifierServiceURL>http://localhost:8080/sourceid-sso/sso/rni</lib:RegisterNameIdentifierServiceURL>
+		<lib:RegisterNameIdentifierServiceReturnURL>http://localhost:8080/sourceid-sso/sso/rni</lib:RegisterNameIdentifierServiceReturnURL>
+		<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-http</lib:RegisterNameIdentifierProtocolProfile>
+		<lib:AuthnRequestsSigned>false</lib:AuthnRequestsSigned>
+	</lib:SPDescriptor>
+
+	<!--
+		Sample Identity Provider Descriptor. If this instance of SourceID-SSO is configured to
+		operate in the "sp" role, then the entry below describes an Identity Provider with which
+		we are federated. If this instance is configured to operate in the "idp" role, then the entry
+		below will be ignored.
+	 -->
+	<lib:IDPDescriptor xmlns:lib="http://projectliberty.org/schemas/core/2002/12" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+		<!--
+			Customize the following line to match the ProviderID of the remote provider; if the other
+			provider is SourceID-SSO, then the ProviderID below should match the <provider-id> element
+			in the other deployment's sourceid-sso.xml.
+		 -->
+		<lib:ProviderID>SourceID-Sample-IDP</lib:ProviderID>
+		<!--
+			The following KeyInfo represents the public key contained in the sample "sourceid.keystore"
+			file bundled with SourceID-SSO 
+		 -->
+		<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+			<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+				<ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#">MIICSjCCAbMCBD4coSAwDQYJKoZIhvcNAQEEBQAwbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjAeFw0wMzAxMDgyMjA3MjhaFw0wMzA0MDgyMjA3MjhaMGwxEDAOBgNVBAYTB1Vua25vd24xEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24xEDAOBgNVBAMTB1Vua25vd24wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJhokczPBJlZe48d5oKZiX6vo7DBU5b54t9JjSHLOEZd0XK5w81BY4iX8QADMc7GyTrqDDrehfh4S5eQO89Fll50D4f6HpSI2QGtionDrj3kuET9nW9n98IzWc3eiLLH+5q3VGm04rylo4PTnJCeMYmDRqYJkWR1xQbNsrv9HHJAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAI16O969XJkYRJaTiPXMcJg8XRM9oHKqc4L6YEDXGvnQ8NfTPDuJEzKIcU8QWNnprcY+MOue+O2YvP7u9NQuKK4zDA14CcIRb8G+VMLFa2A+BYiD66yIBWsb89YNFYnvH379wGp+ankQBTdljpgFo6Bt+fXmZxB6mToBdXy0h5b8=</ds:X509Certificate>
+			</ds:X509Data>
+		</ds:KeyInfo>
+		<!--
+			The endpoints in the following URL's are correct for services offered by SourceID-SSO.
+			If federating this installation with another instance of SourceID-SSO, then all you need to do
+			is customize the URL's to match your deployment (e.g. replace "http://localhost:8080/sso-sample-idp"
+			with your server name and servlet context).
+		 -->
+		<lib:SoapEndpoint>http://localhost:8080/sso-sample-idp/sso/soap/endpoint</lib:SoapEndpoint>
+		<lib:SingleLogoutServiceURL>http://localhost:8080/sso-sample-idp/sso/logout</lib:SingleLogoutServiceURL>
+		<lib:SingleLogoutServiceReturnURL>http://localhost:8080/sso-sample-idp/sso/logout</lib:SingleLogoutServiceReturnURL>
+		<lib:FederationTerminationServiceURL>http://localhost:8080/sso-sample-idp/sso/fedterm</lib:FederationTerminationServiceURL>
+		<lib:FederationTerminationServiceReturnURL>http://localhost:8080/sso-sample-idp/sso/fedterm</lib:FederationTerminationServiceReturnURL>
+		<lib:SingleSignOnServiceURL>http://localhost:8080/sso-sample-idp/sso/authn</lib:SingleSignOnServiceURL>
+		<!--
+			The following profile declarations indicate the variants of the Liberty Protocol which 
+			this provider can speak.
+		 -->
+		<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</lib:RegisterNameIdentifierProtocolProfile>
+		<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</lib:FederationTerminationNotificationProtocolProfile>
+		<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</lib:FederationTerminationNotificationProtocolProfile>
+		<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-soap</lib:SingleLogoutProtocolProfile>
+		<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-http</lib:SingleLogoutProtocolProfile>
+		<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-art</lib:SingleSignOnProtocolProfile>
+		<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-post</lib:SingleSignOnProtocolProfile>
+		<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/wml-post</lib:SingleSignOnProtocolProfile>
+		<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/lecp</lib:SingleSignOnProtocolProfile>
+	</lib:IDPDescriptor>
+	
+	<!--
+		The following IDPDescriptor and two SPDescriptors are commented out. They represent the parameters
+		needed to federate with the Sun IPL, not included with this distribution.
+	  -->
+	  
+	<!-- Sun IPL IDP, commented out by default -->
+	<!--
+	<lib:IDPDescriptor>
+		<lib:ProviderID>http://localhost:8080/idp</lib:ProviderID>
+		<ds:KeyInfo>
+			<ds:KeyValue>
+				<ds:RSAKeyValue>
+					<ds:Modulus>sbYgCsImOgGr2Ynd3sp88UiIjKglM4nmNz+OdJJvJON5ov8ncuj9Gqnf0/huBASUW1fPFLoy9pGDydZlF4jneMp5PZ+7DjcZQrffiQkA+FO28CtviRgj1m8qGGHynP1XEoseBxHKYVtCmyvyN72q8zO6ANq/WdqSBB8hOqqtpFk=</ds:Modulus>
+					<ds:Exponent>AQAB</ds:Exponent>
+				</ds:RSAKeyValue>
+			</ds:KeyValue>
+		</ds:KeyInfo>
+		<lib:SoapEndpoint>http://localhost:8080/idp/soap</lib:SoapEndpoint>
+		<lib:SingleLogoutServiceURL>http://localhost:8080/idp/logout</lib:SingleLogoutServiceURL>
+		<lib:SingleLogoutServiceReturnURL>http://localhost:8080/idp/logout-completion</lib:SingleLogoutServiceReturnURL>
+		<lib:FederationTerminationServiceURL>http://localhost:8080/idp/fedterm</lib:FederationTerminationServiceURL>
+		<lib:FederationTerminationServiceReturnURL>http://localhost:8080/idp/federate.jsp</lib:FederationTerminationServiceReturnURL>
+		<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</lib:FederationTerminationNotificationProtocolProfile>
+		<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</lib:FederationTerminationNotificationProtocolProfile>
+		<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-soap</lib:SingleLogoutProtocolProfile>
+		<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-http</lib:SingleLogoutProtocolProfile>
+		<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</lib:RegisterNameIdentifierProtocolProfile>
+		<lib:SingleSignOnServiceURL>http://localhost:8080/idp/authn</lib:SingleSignOnServiceURL>
+		<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-post</lib:SingleSignOnProtocolProfile>
+		<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-art</lib:SingleSignOnProtocolProfile>
+	</lib:IDPDescriptor>
+	-->
+	
+	<!-- Sun IPL SP (1), commented out by default -->
+	<!--
+	<lib:SPDescriptor>
+		<lib:ProviderID>http://localhost:8080/sp</lib:ProviderID>
+		<ds:KeyInfo>
+			<ds:KeyValue>
+				<ds:RSAKeyValue>
+					<ds:Modulus>sbYgCsImOgGr2Ynd3sp88UiIjKglM4nmNz+OdJJvJON5ov8ncuj9Gqnf0/huBASUW1fPFLoy9pGDydZlF4jneMp5PZ+7DjcZQrffiQkA+FO28CtviRgj1m8qGGHynP1XEoseBxHKYVtCmyvyN72q8zO6ANq/WdqSBB8hOqqtpFk=</ds:Modulus>
+					<ds:Exponent>AQAB</ds:Exponent>
+				</ds:RSAKeyValue>
+			</ds:KeyValue>
+		</ds:KeyInfo>
+		<lib:SoapEndpoint>http://localhost:8080/sp/soap</lib:SoapEndpoint>
+		<lib:SingleLogoutServiceURL>http://localhost:8080/sp/logout</lib:SingleLogoutServiceURL>
+		<lib:SingleLogoutServiceReturnURL>http://localhost:8080/sp/logout-completion</lib:SingleLogoutServiceReturnURL>
+		<lib:FederationTerminationServiceURL>http://localhost:8080/sp/fedterm</lib:FederationTerminationServiceURL>
+		<lib:FederationTerminationServiceReturnURL>http://localhost:8080/sp/federate.jsp</lib:FederationTerminationServiceReturnURL>
+		<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</lib:FederationTerminationNotificationProtocolProfile>
+		<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</lib:FederationTerminationNotificationProtocolProfile>
+		<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</lib:SingleLogoutProtocolProfile>
+		<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</lib:SingleLogoutProtocolProfile>
+		<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http-get</lib:SingleLogoutProtocolProfile>
+		<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</lib:RegisterNameIdentifierProtocolProfile>
+		<lib:AssertionConsumerServiceURL>http://localhost:8080/sp/assertion</lib:AssertionConsumerServiceURL>
+		<lib:AuthnRequestsSigned>false</lib:AuthnRequestsSigned>
+	</lib:SPDescriptor>
+	-->
+	
+	<!-- Sun IPL SP (2), commented out by default -->
+	<!--
+	<lib:SPDescriptor>
+		<lib:ProviderID>http://localhost:8080/sp2</lib:ProviderID>
+		<ds:KeyInfo>
+			<ds:KeyValue>
+				<ds:RSAKeyValue>
+					<ds:Modulus>sbYgCsImOgGr2Ynd3sp88UiIjKglM4nmNz+OdJJvJON5ov8ncuj9Gqnf0/huBASUW1fPFLoy9pGDydZlF4jneMp5PZ+7DjcZQrffiQkA+FO28CtviRgj1m8qGGHynP1XEoseBxHKYVtCmyvyN72q8zO6ANq/WdqSBB8hOqqtpFk=</ds:Modulus>
+					<ds:Exponent>AQAB</ds:Exponent>
+				</ds:RSAKeyValue>
+			</ds:KeyValue>
+		</ds:KeyInfo>
+		<lib:SoapEndpoint>http://localhost:8080/sp2/soap</lib:SoapEndpoint>
+		<lib:SingleLogoutServiceURL>http://localhost:8080/sp2/logout</lib:SingleLogoutServiceURL>
+		<lib:SingleLogoutServiceReturnURL>http://localhost:8080/sp2/logout-completion</lib:SingleLogoutServiceReturnURL>
+		<lib:FederationTerminationServiceURL>http://localhost:8080/sp2/fedterm</lib:FederationTerminationServiceURL>
+		<lib:FederationTerminationServiceReturnURL>http://localhost:8080/sp2/federate.jsp</lib:FederationTerminationServiceReturnURL>
+		<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</lib:FederationTerminationNotificationProtocolProfile>
+		<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</lib:FederationTerminationNotificationProtocolProfile>
+		<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</lib:SingleLogoutProtocolProfile>
+		<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</lib:SingleLogoutProtocolProfile>
+		<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http-get</lib:SingleLogoutProtocolProfile>
+		<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</lib:RegisterNameIdentifierProtocolProfile>
+		<lib:AssertionConsumerServiceURL>http://localhost:8080/sp2/assertion</lib:AssertionConsumerServiceURL>
+		<lib:AuthnRequestsSigned>false</lib:AuthnRequestsSigned>
+	</lib:SPDescriptor>
+	-->
+	
+	
+</ProviderDirectory>
+
diff --git a/conf-sso/idp/sourceid-sso.xml b/conf-sso/idp/sourceid-sso.xml
new file mode 100644
index 0000000..237bc15
--- /dev/null
+++ b/conf-sso/idp/sourceid-sso.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0"?>
+
+<SourceID-SSO>
+  <!-- See SourceID-SSO documentation for more detailed documentation for these options -->
+	
+  <!--
+    The unique ProviderID of this installation. The value here should appear in other sites'
+    <SPDescriptor> or <IDPDescriptor> elements describing this site.
+  -->	
+  <provider-id>Venice-SSO-IDP</provider-id>
+
+  <!--
+    The role of this site with respect to the Liberty Protocol; valid values are "sp" and "idp".
+   -->	
+  <provider-role>idp</provider-role>
+
+  <provider-directory>/WEB-INF/sourceid-sso-providers.xml</provider-directory>
+	
+  <exception-handlers>
+    <default>/defaultExceptionHandler.jsp</default>
+  </exception-handlers>
+	
+  <signing-key>
+    <keystore-path>/WEB-INF/venice-idp.keystore</keystore-path>
+    <keystore-password>thecheat</keystore-password>
+    <key-alias>thatkey</key-alias>
+    <key-password>strongbad</key-password>
+  </signing-key>
+
+  <idp-authentication-uri>TODO</idp-authentication-uri>
+  <idp-authn-lifespan>1800</idp-authn-lifespan>
+  <idp-logout-render-page>TODO</idp-logout-render-page>
+  <idp-logout-done-image>TODO</idp-logout-done-image>
+  <idp-post-assertion-render-page>TODO</idp-post-assertion-render-page>
+
+  <!--
+    Here, you may optionally specify a Session-context attribute which SourceID-SSO should remove whenever
+    a user is logged off (either via a browser-based front-channel, or via a SOAP-based backchannel). SourceID-SSO
+    will already cleanup it's own session tracking info for the user, effectively logging them out of SourceID-SSO.
+    By putting an attribute key here, you can have SourceID-SSO log the user out of your application as well.
+    Future versions of SourceID-SSO will also support JAAS-based login/logout.
+  -->
+  <remove-session-attribute-on-logout>dynamo.session</remove-session-attribute-on-logout>
+
+  <!--
+    When generating or consuming assertions, tolerances for "Not Before" and "Not On or After" are encoded in the
+    assertion document. Liberty Protocol recommends 1 minute for "Not Before", and 5 minutes for "Not On Or After".
+    Enter the number of SECONDS for these tolerances below (default values should work).
+  -->
+  <assert-tolerance-not-before>60</assert-tolerance-not-before>
+  <assert-tolerance-not-on-or-after>300</assert-tolerance-not-on-or-after>
+
+  <!--
+    Here, set the AccountHandler implementation class. The default configuration
+    is to use the "in-memory handler", which is really for demo and testing purposes only,
+    as it does not connect to any actual persistent storage. The SourceID-SSO User's Guide
+    describes how to implement an AccountHandler for your user directory. You may also use
+    the provided JDBC Account Handler, with simple table mappings described in the file
+    sourceid-sso-jdbc.xml. Or for LDAP access, use the JNDI Account Handler, with attribute
+    mappings described in the file sourceid-sso-jndi.xml.
+  -->
+  <account-handler>com.silverwrist.venice.sourceid.VeniceAccountHandler</account-handler>
+	
+  <artifact-handler>org.sourceid.sso.handlers.ArtifactHandlerInMemoryImpl</artifact-handler>
+	
+  <!--
+    If you plan to implement a LECP (Liberty-Enabled Client or Proxy) and run SourceID
+    as an IDP, then you need to write an adaptor class for SourceID to acquire the currently
+    authenticated userID "out of band". This is because the LECP profile specifies that
+    IDP authentication occurs (you guessed it) "out of band". If you don't know what this
+    is for, you almost certainly don't need it. The sample class below is for testing and
+    illustration purposes only, do NOT deploy it in a production capacity (e.g. leave this
+    commented out!).
+  -->
+  <!--
+  <out-of-band-authn-handler>org.sourceid.sso.tests.OOBAuthnHandlerTest</out-of-band-authn-handler>
+  -->
+
+  <!--
+    To use the Identity Provider Introduction via Common Domain Cookie (Liberty Bindings and
+    Profiles, section 3.6), then uncomment these lines and configure your Common Domain (which
+    you share with your other Identity Providers and Service Providers), as well as the host
+    name (INCLUDING PORT NUMBER IF NOT STANDARD) of this web application within that Common
+    Domain. Commenting out these options will disable the Identity Provider Introduction
+    protocol.
+  -->
+  <!--
+  <common-domain>your-trust-circle-common-domain.com</common-domain>
+  <common-domain-host>this-server.your-trust-circle-common-domain.com:8080</common-domain-host>
+  -->
+
+</SourceID-SSO>
diff --git a/conf-sso/idp/venice-idp.keystore b/conf-sso/idp/venice-idp.keystore
new file mode 100644
index 0000000000000000000000000000000000000000..337b6a446bebcbccb0b216329bc7002f1fd12b35
GIT binary patch
literal 1291
zcmezO_TO6u1_mY|W&~sQl8nTX?9@si=j#n7g$F?KeuE~)ZUa6xE^RhO7Dg>5K}JSa
z29_qqa`l>PZ)y~ISYGk{SK7fpVc~}ZM~<F)`0wKqv$Ing&)qGuNLH4=<*K=M4xhg6
zv|CMIvlj{6_%q98j#khtG3EoRO*_k{uTM&iy4}Xy-fgt{@S8uX!Oa&!=RZDoVn^z^
zvhXjps#gx4FEfo%e7s?i|G9;tvtMwinwkH6*`|Krs%gOLzaFKZ1Ulz7-kUyK{Mw!O
zEI)%2z8aS}S}X3nT6-Wn!mLJeU+!FQt^4yl^BMne%-`3v$~Z3iG~+%|xss1-cDqdo
zPTSm6k;)j5z@_N#T;$U2+CIJP^UmoPPAN!a6*|6^RlVM6AG+8swleZ#a>_-YHQ7to
zPC9!cGBQO>aITZp)8_9!?yH6NKNc_8YWDYyW5>1HiB&h_!`FTm@SJ^I)j90?(d_nq
zXO2jPZx>5BLhc7}PFufrTi~`87k*xF{^}7|l@PvI_xhSy@r^sw%gv-VN^H5drEvZH
zlljNEzQ=vk+_Qax_S^5D_RVS%yxIOTdbhCZk&P~QeAn~aSA*k;HA2tSz><N1*~FlU
z*}$NQ=^Yb`-TQeK2Hb4yT5TTZELfOX84T(SxeYkkm_u3EgqcEvVH^%&CTD*`egj^R
z47)I!OKM(OYLTI`fg(tNOIRv6GY2S8UX)o}qTrHRoSB}d5L{B4l9^v@C}JQ4Qp7FH
z?UGuSnv-9Uo0?Z*C}to65@i<VbuG$FR&dHMPc16WuP~4k=QS`kFf%kaGBz+aGKd0m
zEe%bf+yQrA6XSMZ;?{u$86%J*&(zq+@V7p=QMOb_Gw8n89KAPBo_`bE9%S?0h2gNA
zeZ#guwM^Go2c^K@k+!`NzxE&fy363(>Di$<*Bh-HWKHrvr6p|7o*A%o$^7{*SgHk-
z4*Bn1dHvt^W70pY!=E2pu}qYo<#+S9%SYu7Gns}6M~O`|`d0dRop$1Nt@odlm?h_4
z^k6*BB+4*7A)sGWnfuJ9NjsYsy>8+D5Fzsw<h1V(7qniRZF}$Zp4BmCJHmHXPFcVE
zm({DLpW!~-w(L#mfsx^TyRJm~KPzMxXl&TxDORZb!bd|)c>8%yqn;DX9@>aib%)gS
zYCKrHPELFCveJopi|e_6DVipI{GC+AsA7F)$;W*w0w;8?Xukh2>gjy8N!@924b`El
zDU3eW|IT}AF*mj_Ff}&V_G-+u52!k;o%)vPcCg%*^2rBZeiz!8D#pMcaa2Lh>0s;C
zB-@`Cw^=*IX-rN3`RDn^JFgXc`JD3;qnV$m{+ZSHZQs%Ba(o5l%1UB^H+N2SdA{w)
z|2F34@Z6QW2Zb-Y2gT%dmECQaUNf^V&uq@F@Bfq6?tcBO%XIlNpOUTSU0NvVoLQg2
zK!-^rE@SDl6`C8Adf9E>D;|`o^fQZ$XA;TcWlZDKPIZ{Kb?S5d|M_osuJN!x8?}Cd
V{TZ#6eSVE<m+wdMonC&h4FG!82b2H+

literal 0
HcmV?d00001

diff --git a/conf-sso/sp/logging.xml b/conf-sso/logging.xml
similarity index 96%
rename from conf-sso/sp/logging.xml
rename to conf-sso/logging.xml
index 2ef6de0..76aaa63 100644
--- a/conf-sso/sp/logging.xml
+++ b/conf-sso/logging.xml
@@ -21,7 +21,7 @@
 
   <!-- Define the standard file appender. -->
   <appender name="STDLOG" class="org.apache.log4j.RollingFileAppender">
-    <param name="File" value="@LOGDIR@/venice-sp.log"/>
+    <param name="File" value="@LOGDIR@/venice-@WHICH@.log"/>
     <param name="Append" value="true"/>
     <param name="MaxFileSize" value="10MB"/>
     <param name="MaxBackupIndex" value="5"/>
diff --git a/conf-sso/sp/sourceid-sso.xml b/conf-sso/sp/sourceid-sso.xml
index 0937d86..077b3d7 100644
--- a/conf-sso/sp/sourceid-sso.xml
+++ b/conf-sso/sp/sourceid-sso.xml
@@ -38,8 +38,6 @@
     will already cleanup it's own session tracking info for the user, effectively logging them out of SourceID-SSO.
     By putting an attribute key here, you can have SourceID-SSO log the user out of your application as well.
     Future versions of SourceID-SSO will also support JAAS-based login/logout.
-
-    The sample value below works for the sample JSP-based application distributed with SourceID-SSO.
   -->
   <remove-session-attribute-on-logout>dynamo.session</remove-session-attribute-on-logout>
 
diff --git a/conf-sso/sp/web.xml b/conf-sso/web.xml
similarity index 100%
rename from conf-sso/sp/web.xml
rename to conf-sso/web.xml
diff --git a/venice-data-sso/idp/scripts/sourceid/errorHandler.js b/venice-data-sso/idp/scripts/sourceid/errorHandler.js
new file mode 100644
index 0000000..5306cec
--- /dev/null
+++ b/venice-data-sso/idp/scripts/sourceid/errorHandler.js
@@ -0,0 +1,25 @@
+// The contents of this file are subject to the Mozilla Public License Version 1.1
+// (the "License"); you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
+// 
+// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
+// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
+// language governing rights and limitations under the License.
+// 
+// The Original Code is the Venice Web Communities System.
+// 
+// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
+// for Silverwrist Design Studios.  Portions created by Eric J. Bowersox are
+// Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios.  All Rights Reserved.
+// 
+// Contributor(s): 
+
+importPackage(Packages.com.silverwrist.dynamo.iface);
+importPackage(Packages.com.silverwrist.dynamo.util);
+importPackage(Packages.com.silverwrist.venice.content);
+
+req = bsf.lookupBean("request");           // get request
+rhelp = bsf.lookupBean("request_help");    // get request helper
+
+ex = cast.toThrowable(rhelp.getChainParameter("javax.servlet.jsp.jspException"));
+dynamo.scriptReturn(new ErrorBox("Captured SourceID Error",ex));