diff --git a/x-pack/qa/openldap-tests/build.gradle b/x-pack/qa/openldap-tests/build.gradle index 6e2c91dff75..5305699b9a0 100644 --- a/x-pack/qa/openldap-tests/build.gradle +++ b/x-pack/qa/openldap-tests/build.gradle @@ -1,8 +1,5 @@ -Project idpFixtureProject = xpackProject("test:idp-fixture") -evaluationDependsOn(idpFixtureProject.path) - apply plugin: 'elasticsearch.standalone-test' -apply plugin: 'elasticsearch.vagrantsupport' +apply plugin: 'elasticsearch.test.fixtures' dependencies { // "org.elasticsearch.plugin:x-pack-core:${version}" doesn't work with idea because the testArtifacts are also here @@ -11,21 +8,13 @@ dependencies { testCompile project(path: xpackModule('core'), configuration: 'testArtifacts') } -task openLdapFixture { - dependsOn "vagrantCheckVersion", "virtualboxCheckVersion", idpFixtureProject.up -} +testFixtures.useFixture ":x-pack:test:idp-fixture" +Project idpFixtureProject = xpackProject("test:idp-fixture") String outputDir = "${project.buildDir}/generated-resources/${project.name}" task copyIdpTrust(type: Copy) { - from idpFixtureProject.file('src/main/resources/certs/idptrust.jks'); - from idpFixtureProject.file('src/main/resources/certs/ca.crt'); + from idpFixtureProject.file('openldap/certs/ca.jks'); + from idpFixtureProject.file('openldap/certs/ca_server.pem'); into outputDir } -if (project.rootProject.vagrantSupported) { - project.sourceSets.test.output.dir(outputDir, builtBy: copyIdpTrust) - unitTest.dependsOn openLdapFixture - unitTest.finalizedBy idpFixtureProject.halt -} else { - unitTest.enabled = false - testingConventions.enabled = false -} +project.sourceSets.test.output.dir(outputDir, builtBy: copyIdpTrust) diff --git a/x-pack/qa/openldap-tests/src/test/java/org/elasticsearch/test/OpenLdapTests.java b/x-pack/qa/openldap-tests/src/test/java/org/elasticsearch/test/OpenLdapTests.java index bb88103048a..e2efdae9941 100644 --- a/x-pack/qa/openldap-tests/src/test/java/org/elasticsearch/test/OpenLdapTests.java +++ b/x-pack/qa/openldap-tests/src/test/java/org/elasticsearch/test/OpenLdapTests.java @@ -57,7 +57,7 @@ public class OpenLdapTests extends ESTestCase { public static final String PASSWORD = "NickFuryHeartsES"; private static final String HAWKEYE_DN = "uid=hawkeye,ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com"; - public static final String LDAPTRUST_PATH = "/idptrust.jks"; + public static final String LDAPTRUST_PATH = "/ca.jks"; private static final SecureString PASSWORD_SECURE_STRING = new SecureString(PASSWORD.toCharArray()); public static final String REALM_NAME = "oldap-test"; diff --git a/x-pack/qa/openldap-tests/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapUserSearchSessionFactoryTests.java b/x-pack/qa/openldap-tests/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapUserSearchSessionFactoryTests.java index a4351b69678..b899d28273d 100644 --- a/x-pack/qa/openldap-tests/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapUserSearchSessionFactoryTests.java +++ b/x-pack/qa/openldap-tests/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapUserSearchSessionFactoryTests.java @@ -48,7 +48,7 @@ public class OpenLdapUserSearchSessionFactoryTests extends ESTestCase { private Settings globalSettings; private ThreadPool threadPool; - private static final String LDAPCACERT_PATH = "/ca.crt"; + private static final String LDAPCACERT_PATH = "/ca_server.pem"; @Before public void init() { diff --git a/x-pack/qa/openldap-tests/src/test/java/org/elasticsearch/xpack/security/authc/ldap/SearchGroupsResolverTests.java b/x-pack/qa/openldap-tests/src/test/java/org/elasticsearch/xpack/security/authc/ldap/SearchGroupsResolverTests.java index 98794dd4f70..036cf8ad0db 100644 --- a/x-pack/qa/openldap-tests/src/test/java/org/elasticsearch/xpack/security/authc/ldap/SearchGroupsResolverTests.java +++ b/x-pack/qa/openldap-tests/src/test/java/org/elasticsearch/xpack/security/authc/ldap/SearchGroupsResolverTests.java @@ -181,6 +181,6 @@ public class SearchGroupsResolverTests extends GroupsResolverTestCase { @Override protected String trustPath() { - return "/idptrust.jks"; + return "/ca.jks"; } } diff --git a/x-pack/qa/saml-idp-tests/build.gradle b/x-pack/qa/saml-idp-tests/build.gradle index 2b90cbaf9a6..33aca42914c 100644 --- a/x-pack/qa/saml-idp-tests/build.gradle +++ b/x-pack/qa/saml-idp-tests/build.gradle @@ -1,9 +1,9 @@ Project idpFixtureProject = xpackProject("test:idp-fixture") evaluationDependsOn(idpFixtureProject.path) -apply plugin: 'elasticsearch.vagrantsupport' apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.rest-test' +apply plugin: 'elasticsearch.test.fixtures' dependencies { // "org.elasticsearch.plugin:x-pack-core:${version}" doesn't work with idea because the testArtifacts are also here @@ -12,24 +12,16 @@ dependencies { testCompile project(path: xpackModule('security'), configuration: 'testArtifacts') testCompile 'com.google.jimfs:jimfs:1.1' } +testFixtures.useFixture ":x-pack:test:idp-fixture" -task idpFixture { - dependsOn "vagrantCheckVersion", "virtualboxCheckVersion", idpFixtureProject.up -} String outputDir = "${project.buildDir}/generated-resources/${project.name}" task copyIdpCertificate(type: Copy) { - from idpFixtureProject.file('src/main/resources/certs/ca.crt'); + from idpFixtureProject.file('idp/shibboleth-idp/credentials/idp-browser.pem'); into outputDir } -if (project.rootProject.vagrantSupported) { - project.sourceSets.test.output.dir(outputDir, builtBy: copyIdpCertificate) - integTestCluster.dependsOn idpFixture, copyIdpCertificate - integTest.finalizedBy idpFixtureProject.halt -} else { - integTest.enabled = false - testingConventions.enabled = false -} +project.sourceSets.test.output.dir(outputDir, builtBy: copyIdpCertificate) +integTestCluster.dependsOn copyIdpCertificate integTestCluster { setting 'xpack.license.self_generated.type', 'trial' @@ -60,7 +52,7 @@ integTestCluster { setting 'xpack.ml.enabled', 'false' - extraConfigFile 'idp-metadata.xml', idpFixtureProject.file("src/main/resources/provision/generated/idp-metadata.xml") + extraConfigFile 'idp-metadata.xml', idpFixtureProject.file("idp/shibboleth-idp/metadata/idp-metadata.xml") setupCommand 'setupTestAdmin', 'bin/elasticsearch-users', 'useradd', "test_admin", '-p', 'x-pack-test-password', '-r', "superuser" diff --git a/x-pack/qa/saml-idp-tests/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticationIT.java b/x-pack/qa/saml-idp-tests/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticationIT.java index b28c7926c38..6e432f5260f 100644 --- a/x-pack/qa/saml-idp-tests/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticationIT.java +++ b/x-pack/qa/saml-idp-tests/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticationIT.java @@ -367,7 +367,7 @@ public class SamlAuthenticationIT extends ESRestTestCase { private URI submitLoginForm(CloseableHttpClient client, BasicHttpContext context, URI formUri) throws IOException { final HttpPost form = new HttpPost(formUri); List params = new ArrayList<>(); - params.add(new BasicNameValuePair("j_username", "Thor")); + params.add(new BasicNameValuePair("j_username", "thor")); params.add(new BasicNameValuePair("j_password", "NickFuryHeartsES")); params.add(new BasicNameValuePair("_eventId_proceed", "")); form.setEntity(new UrlEncodedFormEntity(params)); @@ -376,7 +376,6 @@ public class SamlAuthenticationIT extends ESRestTestCase { assertThat(response.getStatusLine().getStatusCode(), equalTo(302)); return response.getFirstHeader("Location").getValue(); }); - assertThat(redirect, startsWith("/")); String target = execute(client, new HttpGet(formUri.resolve(redirect)), context, response -> { assertHttpOk(response.getStatusLine()); @@ -620,7 +619,7 @@ public class SamlAuthenticationIT extends ESRestTestCase { } private SSLContext getClientSslContext() throws Exception { - final Path pem = getDataPath("/ca.crt"); + final Path pem = getDataPath("/idp-browser.pem"); final Certificate[] certificates = CertParsingUtils.readCertificates(Collections.singletonList(pem)); final X509ExtendedTrustManager trustManager = CertParsingUtils.trustManager(certificates); SSLContext context = SSLContext.getInstance("TLS"); diff --git a/x-pack/test/idp-fixture/README.txt b/x-pack/test/idp-fixture/README.txt index fff29f38797..8e42bb142e4 100644 --- a/x-pack/test/idp-fixture/README.txt +++ b/x-pack/test/idp-fixture/README.txt @@ -1,6 +1 @@ -Provisions OpenLDAP + shibboleth IDP 3.3.1 . -Uses ansible on the guest. - -Run: `vagrant up --provision` - -Any issues: albert.zaharovits@elastic.co +Provisions OpenLDAP + shibboleth IDP 3.4.2 using docker compose diff --git a/x-pack/test/idp-fixture/Vagrantfile b/x-pack/test/idp-fixture/Vagrantfile deleted file mode 100644 index c05fa33ba1a..00000000000 --- a/x-pack/test/idp-fixture/Vagrantfile +++ /dev/null @@ -1,24 +0,0 @@ -Vagrant.configure("2") do |config| - - config.vm.define "test.shibboleth.elastic.local" do |config| - config.vm.box = "elastic/ubuntu-16.04-x86_64" - end - - config.vm.hostname = "localhost" - - if Vagrant.has_plugin?("vagrant-cachier") - config.cache.scope = :box - end - - config.vm.network "forwarded_port", guest: 389, host: 60389, protocol: "tcp" - config.vm.network "forwarded_port", guest: 636, host: 60636, protocol: "tcp" - config.vm.network "forwarded_port", guest: 8080, host: 60080, protocol: "tcp" - config.vm.network "forwarded_port", guest: 8443, host: 60443, protocol: "tcp" - - config.vm.provision "ansible_local" do |ansible| - ansible.verbose = "v" - ansible.playbook = "src/main/resources/provision/playbook.yml" - ansible.install_mode = "pip" - end - -end diff --git a/x-pack/test/idp-fixture/build.gradle b/x-pack/test/idp-fixture/build.gradle index e7fbfc3779a..93f5b14ad23 100644 --- a/x-pack/test/idp-fixture/build.gradle +++ b/x-pack/test/idp-fixture/build.gradle @@ -1,42 +1,4 @@ apply plugin: 'elasticsearch.build' +apply plugin: 'elasticsearch.test.fixtures' -Map vagrantEnvVars = [ - 'VAGRANT_CWD' : "${project.projectDir.absolutePath}", - 'VAGRANT_VAGRANTFILE' : 'Vagrantfile', - 'VAGRANT_PROJECT_DIR' : "${project.projectDir.absolutePath}" -] - -String box = "test.shibboleth.elastic.local" - -task update(type: org.elasticsearch.gradle.vagrant.VagrantCommandTask) { - command 'box' - subcommand 'update' - boxName box - environmentVars vagrantEnvVars -} - -task up(type: org.elasticsearch.gradle.vagrant.VagrantCommandTask) { - command 'up' - args '--provision', '--provider', 'virtualbox' - boxName box - environmentVars vagrantEnvVars - dependsOn update -} - -task halt(type: org.elasticsearch.gradle.vagrant.VagrantCommandTask) { - command 'halt' - boxName box - environmentVars vagrantEnvVars -} - -task destroy(type: org.elasticsearch.gradle.vagrant.VagrantCommandTask) { - command 'destroy' - args '-f' - boxName box - environmentVars vagrantEnvVars - dependsOn halt -} - -thirdPartyAudit.enabled = false -unitTest.enabled = false -jarHell.enabled = false +unitTest.enabled = false \ No newline at end of file diff --git a/x-pack/test/idp-fixture/docker-compose.yml b/x-pack/test/idp-fixture/docker-compose.yml new file mode 100644 index 00000000000..830e04a7bc4 --- /dev/null +++ b/x-pack/test/idp-fixture/docker-compose.yml @@ -0,0 +1,40 @@ +version: '3.1' +services: + openldap: + command: --copy-service --loglevel debug + image: "osixia/openldap:1.2.3" + ports: + - "30389:389" + - "60636:636" + environment: + LDAP_ADMIN_PASSWORD: "NickFuryHeartsES" + LDAP_DOMAIN: "oldap.test.elasticsearch.com" + LDAP_BASE_DN: "DC=oldap,DC=test,DC=elasticsearch,DC=com" + LDAP_TLS: "true" + LDAP_TLS_CRT_FILENAME: "ldap_server.pem" + LDAP_TLS_CA_CRT_FILENAME: "ca_server.pem" + LDAP_TLS_KEY_FILENAME: "ldap_server.key" + LDAP_TLS_VERIFY_CLIENT: "never" + LDAP_TLS_CIPHER_SUITE: "NORMAL" + LDAP_LOG_LEVEL: 256 + volumes: + - ./openldap/ldif/users.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/20-bootstrap-users.ldif + - ./openldap/ldif/config.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/10-bootstrap-config.ldif + - ./openldap/certs:/container/service/slapd/assets/certs + + shibboleth-idp: + image: "unicon/shibboleth-idp:3.4.2" + depends_on: + - openldap + environment: + - JETTY_MAX_HEAP=64m + - JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=secret + - JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=secret + ports: + - "4443:4443" + links: + - openldap:openldap + volumes: + - ./idp/shibboleth-idp/conf:/opt/shibboleth-idp/conf + - ./idp/shibboleth-idp/credentials:/opt/shibboleth-idp/credentials + - ./idp/shib-jetty-base/start.d/ssl.ini:/opt/shib-jetty-base/start.d/ssl.ini diff --git a/x-pack/test/idp-fixture/idp/shib-jetty-base/start.d/ssl.ini b/x-pack/test/idp-fixture/idp/shib-jetty-base/start.d/ssl.ini new file mode 100644 index 00000000000..1a20bd1a612 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shib-jetty-base/start.d/ssl.ini @@ -0,0 +1,4 @@ +--module=ssl +jetty.ssl.port=4443 +jetty.sslContext.keyStorePath=/opt/shibboleth-idp/credentials/idp-browser.p12 +jetty.sslContext.keyStoreType=PKCS12 \ No newline at end of file diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/access-control.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/access-control.xml new file mode 100644 index 00000000000..a9184e6c72a --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/access-control.xml @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/admin/general-admin.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/admin/general-admin.xml new file mode 100644 index 00000000000..2814bf629cb --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/admin/general-admin.xml @@ -0,0 +1,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/admin/metrics.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/admin/metrics.xml new file mode 100644 index 00000000000..f9b5c162f3e --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/admin/metrics.xml @@ -0,0 +1,129 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/files/attribute-filter.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/attribute-filter.xml similarity index 96% rename from x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/files/attribute-filter.xml rename to x-pack/test/idp-fixture/idp/shibboleth-idp/conf/attribute-filter.xml index 09892d65f6e..3dec2143d62 100644 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/files/attribute-filter.xml +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/attribute-filter.xml @@ -13,7 +13,6 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd"> - diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/attribute-resolver.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/attribute-resolver.xml new file mode 100644 index 00000000000..00c24e94236 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/attribute-resolver.xml @@ -0,0 +1,85 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + uid mail cn + + + + + + + + cn + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/audit.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/audit.xml new file mode 100644 index 00000000000..43f029d9d81 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/audit.xml @@ -0,0 +1,33 @@ + + + + + + + + + + + + + + http://shibboleth.net/ns/profiles/status + http://shibboleth.net/ns/profiles/mdquery + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/authn-comparison.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/authn-comparison.xml new file mode 100644 index 00000000000..f167b7a330d --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/authn-comparison.xml @@ -0,0 +1,77 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/authn-events-flow.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/authn-events-flow.xml new file mode 100644 index 00000000000..88466778108 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/authn-events-flow.xml @@ -0,0 +1,22 @@ + + + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/duo-authn-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/duo-authn-config.xml new file mode 100644 index 00000000000..2867f484f5f --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/duo-authn-config.xml @@ -0,0 +1,29 @@ + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/duo.properties b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/duo.properties new file mode 100644 index 00000000000..d479fc29be8 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/duo.properties @@ -0,0 +1,30 @@ +## Duo integration settings + +## Note: If upgrading from pre-3.3 IdP versions, you will need to manually add a pointer +## to this property file to idp.properties. + +## The first set of properties support DuoWeb "iframe" integration. + +idp.duo.apiHost = hostname +idp.duo.applicationKey = key +idp.duo.integrationKey = key +idp.duo.secretKey = key + +## The second set are used for direct AuthAPI usage for ECP support. +## A seperate integration has to be created for this to work. + +#idp.duo.nonbrowser.apiHost = %{idp.duo.apiHost} +#idp.duo.nonbrowser.applicationKey = key +#idp.duo.nonbrowser.integrationKey = key +#idp.duo.nonbrowser.secretKey = key + +## Request header names for Duo non-browser credentials. +# idp.duo.nonbrowser.header.factor = X-Shibboleth-Duo-Factor +# idp.duo.nonbrowser.header.device = X-Shibboleth-Duo-Device +# idp.duo.nonbrowser.header.factor = X-Shibboleth-Duo-Passcode + +## Enables auto selection of factor/device if not specified by client. +# idp.duo.nonbrowser.auto = true + +## Enables transmission of client address to Duo during authentication. +# idp.duo.nonbrowser.clientAddressTrusted = true diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/external-authn-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/external-authn-config.xml new file mode 100644 index 00000000000..8b3a1596f9f --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/external-authn-config.xml @@ -0,0 +1,70 @@ + + + + + + + + + + + + + + + + + + UnknownUsername + + + + + InvalidPassword + + + + + ExpiredPassword + + + + + ExpiringPassword + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/function-authn-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/function-authn-config.xml new file mode 100644 index 00000000000..cf7876af693 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/function-authn-config.xml @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/general-authn.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/general-authn.xml new file mode 100644 index 00000000000..56990225ec2 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/general-authn.xml @@ -0,0 +1,158 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/ipaddress-authn-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/ipaddress-authn-config.xml new file mode 100644 index 00000000000..a3ee096f3aa --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/ipaddress-authn-config.xml @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/jaas-authn-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/jaas-authn-config.xml new file mode 100644 index 00000000000..daef4d2b740 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/jaas-authn-config.xml @@ -0,0 +1,27 @@ + + + + + + + + + + + ShibUserPassAuth + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/jaas.config b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/jaas.config new file mode 100644 index 00000000000..232e93d4271 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/jaas.config @@ -0,0 +1,11 @@ +ShibUserPassAuth { + /* + com.sun.security.auth.module.Krb5LoginModule required; + */ + + org.ldaptive.jaas.LdapLoginModule required + ldapUrl="ldap://localhost:10389" + baseDn="ou=people,dc=example,dc=org" + userFilter="uid={user}"; + +}; \ No newline at end of file diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/krb5-authn-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/krb5-authn-config.xml new file mode 100644 index 00000000000..d3590a2adce --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/krb5-authn-config.xml @@ -0,0 +1,31 @@ + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/ldap-authn-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/ldap-authn-config.xml new file mode 100644 index 00000000000..56d1bc7f8e7 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/ldap-authn-config.xml @@ -0,0 +1,135 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/mfa-authn-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/mfa-authn-config.xml new file mode 100644 index 00000000000..f1b3918d033 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/mfa-authn-config.xml @@ -0,0 +1,101 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/password-authn-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/password-authn-config.xml new file mode 100644 index 00000000000..f27051bec5f --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/password-authn-config.xml @@ -0,0 +1,121 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + NoCredentials + CLIENT_NOT_FOUND + Client not found + DN_RESOLUTION_FAILURE + + + + + InvalidCredentials + PREAUTH_FAILED + INVALID_CREDENTIALS + Checksum failed + + + + + AccountLocked + Clients credentials have been revoked + + + + + PASSWORD_EXPIRED + + + + + ACCOUNT_WARNING + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/remoteuser-authn-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/remoteuser-authn-config.xml new file mode 100644 index 00000000000..4b7e722528e --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/remoteuser-authn-config.xml @@ -0,0 +1,75 @@ + + + + + + + + + + + + + + + + + + NoCredentials + + + + + UnknownUsername + + + + + InvalidPassword + + + + + ExpiredPassword + + + + + ExpiringPassword + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/remoteuser-internal-authn-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/remoteuser-internal-authn-config.xml new file mode 100644 index 00000000000..9e68c854bdc --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/remoteuser-internal-authn-config.xml @@ -0,0 +1,63 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/spnego-authn-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/spnego-authn-config.xml new file mode 100644 index 00000000000..07563b9a954 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/spnego-authn-config.xml @@ -0,0 +1,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + SPNEGONotAvailable + + + + + NTLMUnsupported + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/x509-authn-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/x509-authn-config.xml new file mode 100644 index 00000000000..18b015a8102 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/x509-authn-config.xml @@ -0,0 +1,44 @@ + + + + + + + + + + + + + NoCredentials + InvalidCredentials + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/x509-internal-authn-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/x509-internal-authn-config.xml new file mode 100644 index 00000000000..bad3029307d --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/x509-internal-authn-config.xml @@ -0,0 +1,21 @@ + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/c14n/attribute-sourced-subject-c14n-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/c14n/attribute-sourced-subject-c14n-config.xml new file mode 100644 index 00000000000..938b30f1186 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/c14n/attribute-sourced-subject-c14n-config.xml @@ -0,0 +1,44 @@ + + + + + + altuid + + + + + altuid + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/c14n/simple-subject-c14n-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/c14n/simple-subject-c14n-config.xml new file mode 100644 index 00000000000..3cddfa67ac7 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/c14n/simple-subject-c14n-config.xml @@ -0,0 +1,27 @@ + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/c14n/subject-c14n-events-flow.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/c14n/subject-c14n-events-flow.xml new file mode 100644 index 00000000000..c4936f31401 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/c14n/subject-c14n-events-flow.xml @@ -0,0 +1,22 @@ + + + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/c14n/subject-c14n.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/c14n/subject-c14n.xml new file mode 100644 index 00000000000..9740fdd76d1 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/c14n/subject-c14n.xml @@ -0,0 +1,109 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName + urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos + + + + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/c14n/x500-subject-c14n-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/c14n/x500-subject-c14n-config.xml new file mode 100644 index 00000000000..1ae25e40581 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/c14n/x500-subject-c14n-config.xml @@ -0,0 +1,37 @@ + + + + + + + + + + + 2.5.4.3 + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/cas-protocol.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/cas-protocol.xml new file mode 100644 index 00000000000..535cf0aa524 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/cas-protocol.xml @@ -0,0 +1,108 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/credentials.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/credentials.xml new file mode 100644 index 00000000000..dde530b7f28 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/credentials.xml @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/errors.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/errors.xml new file mode 100644 index 00000000000..a9f40745274 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/errors.xml @@ -0,0 +1,122 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/global.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/global.xml new file mode 100644 index 00000000000..457a814d007 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/global.xml @@ -0,0 +1,52 @@ + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/idp.properties b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/idp.properties new file mode 100644 index 00000000000..f03eaf6d6d7 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/idp.properties @@ -0,0 +1,212 @@ +# Load any additional property resources from a comma-delimited list +idp.additionalProperties=/conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/authn/duo.properties + +# In most cases (and unless noted in the surrounding comments) the +# commented settings in the distributed files are the default +# behavior for V3. +# +# Uncomment them and change the value to change functionality. + +# Set the entityID of the IdP +idp.entityID=https://test.shibboleth.elastic.local/ + +# Set the file path which backs the IdP's own metadata publishing endpoint at /shibboleth. +# Set to empty value to disable and return a 404. +#idp.entityID.metadataFile=%{idp.home}/metadata/idp-metadata.xml + +# Set the scope used in the attribute resolver for scoped attributes +idp.scope=test.elastic.co + +# General cookie properties (maxAge only applies to persistent cookies) +# Note the default for idp.cookie.secure, you will usually want it set. +#idp.cookie.secure = false +#idp.cookie.httpOnly = true +#idp.cookie.domain = +#idp.cookie.path = +#idp.cookie.maxAge = 31536000 + +# HSTS/CSP response headers +#idp.hsts = max-age=0 +# X-Frame-Options value, set to DENY or SAMEORIGIN to block framing +#idp.frameoptions = DENY +# Content-Security-Policy value, set to match X-Frame-Options default +#idp.csp = frame-ancestors 'none'; + +# Set the location of user-supplied web flow definitions +#idp.webflows = %{idp.home}/flows + +# Set the location of Velocity view templates +#idp.views = %{idp.home}/views + +# Settings for internal AES encryption key +#idp.sealer.storeType = JCEKS +#idp.sealer.updateInterval = PT15M +#idp.sealer.aliasBase = secret +idp.sealer.storeResource=%{idp.home}/credentials/sealer.jks +idp.sealer.versionResource=%{idp.home}/credentials/sealer.kver +idp.sealer.storePassword=secret +idp.sealer.keyPassword=secret + +# Settings for public/private signing and encryption key(s) +# During decryption key rollover, point the ".2" properties at a second +# keypair, uncomment in credentials.xml, then publish it in your metadata. +idp.signing.key=%{idp.home}/credentials/idp-signing.key +idp.signing.cert=%{idp.home}/credentials/idp-signing.crt +idp.encryption.key=%{idp.home}/credentials/idp-encryption.key +idp.encryption.cert=%{idp.home}/credentials/idp-encryption.crt +#idp.encryption.key.2 = %{idp.home}/credentials/idp-encryption-old.key +#idp.encryption.cert.2 = %{idp.home}/credentials/idp-encryption-old.crt + +# Sets the bean ID to use as a default security configuration set +#idp.security.config = shibboleth.DefaultSecurityConfiguration + +# To downgrade to SHA-1, set to shibboleth.SigningConfiguration.SHA1 +#idp.signing.config = shibboleth.SigningConfiguration.SHA256 + +# To upgrade to AES-GCM encryption, set to shibboleth.EncryptionConfiguration.GCM +# This is unlikely to work for all SPs, but this is a quick way to test them. +#idp.encryption.config = shibboleth.EncryptionConfiguration.CBC + +# Configures trust evaluation of keys used by services at runtime +# Defaults to supporting both explicit key and PKIX using SAML metadata. +#idp.trust.signatures = shibboleth.ChainingSignatureTrustEngine +# To pick only one set to one of: +# shibboleth.ExplicitKeySignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine +#idp.trust.certificates = shibboleth.ChainingX509TrustEngine +# To pick only one set to one of: +# shibboleth.ExplicitKeyX509TrustEngine, shibboleth.PKIXX509TrustEngine + +# If true, encryption will happen whenever a key to use can be located, but +# failure to encrypt won't result in request failure. +#idp.encryption.optional = false + +# Configuration of client- and server-side storage plugins +#idp.storage.cleanupInterval = PT10M +#idp.storage.htmlLocalStorage = false + +# Set to true to expose more detailed errors in responses to SPs +#idp.errors.detailed = false +# Set to false to skip signing of SAML response messages that signal errors +#idp.errors.signed = true +# Name of bean containing a list of Java exception classes to ignore +#idp.errors.excludedExceptions = ExceptionClassListBean +# Name of bean containing a property set mapping exception names to views +#idp.errors.exceptionMappings = ExceptionToViewPropertyBean +# Set if a different default view name for events and exceptions is needed +#idp.errors.defaultView = error + +# Set to false to disable the IdP session layer +#idp.session.enabled = true + +# Set to "shibboleth.StorageService" for server-side storage of user sessions +#idp.session.StorageService = shibboleth.ClientSessionStorageService + +# Size of session IDs +#idp.session.idSize = 32 +# Bind sessions to IP addresses +#idp.session.consistentAddress = true +# Inactivity timeout +#idp.session.timeout = PT60M +# Extra time to store sessions for logout +#idp.session.slop = PT0S +# Tolerate storage-related errors +#idp.session.maskStorageFailure = false +# Track information about SPs logged into +#idp.session.trackSPSessions = false +# Support lookup by SP for SAML logout +#idp.session.secondaryServiceIndex = false +# Length of time to track SP sessions +#idp.session.defaultSPlifetime = PT2H + +# Regular expression matching login flows to enable, e.g. IPAddress|Password +idp.authn.flows=Password + +# Default lifetime and timeout of various authentication methods +#idp.authn.defaultLifetime = PT60M +#idp.authn.defaultTimeout = PT30M + +# Whether to populate relying party user interface information for display +# during authentication, consent, terms-of-use. +#idp.authn.rpui = true + +# Whether to prioritize "active" results when an SP requests more than +# one possible matching login method (V2 behavior was to favor them) +#idp.authn.favorSSO = false + +# Whether to fail requests when a user identity after authentication +# doesn't match the identity in a pre-existing session. +#idp.authn.identitySwitchIsError = false + +# Set to "shibboleth.StorageService" or custom bean for alternate storage of consent +#idp.consent.StorageService = shibboleth.ClientPersistentStorageService + +# Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute +# to key user consent storage records (and set the attribute name) +#idp.consent.attribute-release.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey +#idp.consent.attribute-release.userStorageKeyAttribute = uid +#idp.consent.terms-of-use.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey +#idp.consent.terms-of-use.userStorageKeyAttribute = uid + +# Suffix of message property used as value of consent storage records when idp.consent.compareValues is true. +# Defaults to text displayed to the user. +#idp.consent.terms-of-use.consentValueMessageCodeSuffix = .text + +# Flags controlling how built-in attribute consent feature operates +#idp.consent.allowDoNotRemember = true +#idp.consent.allowGlobal = true +#idp.consent.allowPerAttribute = false + +# Whether attribute values and terms of use text are compared +#idp.consent.compareValues = false +# Maximum number of consent records for space-limited storage (e.g. cookies) +#idp.consent.maxStoredRecords = 10 +# Maximum number of consent records for larger/server-side storage (0 = no limit) +#idp.consent.expandedMaxStoredRecords = 0 + +# Time in milliseconds to expire consent storage records. +#idp.consent.storageRecordLifetime = P1Y + +# Whether to lookup metadata, etc. for every SP involved in a logout +# for use by user interface logic; adds overhead so off by default. +#idp.logout.elaboration = false + +# Whether to require logout requests/responses be signed/authenticated. +#idp.logout.authenticated = true + +# Message freshness and replay cache tuning +#idp.policy.messageLifetime = PT3M +#idp.policy.clockSkew = PT3M + +# Set to custom bean for alternate storage of replay cache +#idp.replayCache.StorageService = shibboleth.StorageService +#idp.replayCache.strict = true + +# Toggles whether to allow outbound messages via SAML artifact +#idp.artifact.enabled = true +# Suppresses typical signing/encryption when artifact binding used +#idp.artifact.secureChannel = true +# May differ to direct SAML 2 artifact lookups to specific server nodes +#idp.artifact.endpointIndex = 2 +# Set to custom bean for alternate storage of artifact map state +#idp.artifact.StorageService = shibboleth.StorageService + +# Comma-delimited languages to use if not match can be found with the +# browser-supported languages, defaults to an empty list. +idp.ui.fallbackLanguages=en,fr,de + +# Storage service used by CAS protocol +# Defaults to shibboleth.StorageService (in-memory) +# MUST be server-side storage (e.g. in-memory, memcached, database) +# NOTE that idp.session.StorageService requires server-side storage +# when CAS protocol is enabled +#idp.cas.StorageService=shibboleth.StorageService + +# CAS service registry implementation class +#idp.cas.serviceRegistryClass=net.shibboleth.idp.cas.service.PatternServiceRegistry + +# F-TICKS auditing - set a salt to include hashed username +#idp.fticks.federation=MyFederation +#idp.fticks.algorithm=SHA-256 +#idp.fticks.salt=somethingsecret +#idp.fticks.loghost=localhost +#idp.fticks.logport=514 diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/consent-intercept-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/consent-intercept-config.xml new file mode 100644 index 00000000000..a0892117b67 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/consent-intercept-config.xml @@ -0,0 +1,121 @@ + + + + + + + + + + + + + + + + + + + + + transientId + persistentId + eduPersonTargetedID + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/context-check-intercept-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/context-check-intercept-config.xml new file mode 100644 index 00000000000..aae07f0f250 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/context-check-intercept-config.xml @@ -0,0 +1,63 @@ + + + + + + + + + + + + + + * + + + + + + + + + + + + + \ No newline at end of file diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/expiring-password-intercept-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/expiring-password-intercept-config.xml new file mode 100644 index 00000000000..b3bf96d525e --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/expiring-password-intercept-config.xml @@ -0,0 +1,31 @@ + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/impersonate-intercept-config.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/impersonate-intercept-config.xml new file mode 100644 index 00000000000..7dfda2b9126 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/impersonate-intercept-config.xml @@ -0,0 +1,25 @@ + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/intercept-events-flow.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/intercept-events-flow.xml new file mode 100644 index 00000000000..6214e8080c1 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/intercept-events-flow.xml @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/profile-intercept.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/profile-intercept.xml new file mode 100644 index 00000000000..7b4c8aa900b --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/profile-intercept.xml @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/ldap.properties b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/ldap.properties new file mode 100644 index 00000000000..da38962f6a1 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/ldap.properties @@ -0,0 +1,24 @@ +idp.authn.LDAP.authenticator = bindSearchAuthenticator +idp.authn.LDAP.ldapURL = ldap://openldap:389 +idp.authn.LDAP.useStartTLS = false +idp.authn.LDAP.sslConfig = certificateTrust +idp.authn.LDAP.trustCertificates= %{idp.home}/credentials/ca_server.pem +idp.authn.LDAP.baseDN = ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +idp.authn.LDAP.subtreeSearch = true +idp.authn.LDAP.userFilter = (uid={user}) +idp.authn.LDAP.bindDN = cn=admin,DC=oldap,DC=test,DC=elasticsearch,DC=com +idp.authn.LDAP.bindDNCredential = NickFuryHeartsES +idp.authn.LDAP.dnFormat = uid=%s,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +idp.attribute.resolver.LDAP.ldapURL = ldap://openldap:389 +idp.attribute.resolver.LDAP.useStartTLS = false +idp.attribute.resolver.LDAP.sslConfig = certificateTrust +idp.attribute.resolver.LDAP.trustCertificates= %{idp.home}/credentials/ca_server.pem +idp.attribute.resolver.LDAP.baseDN = ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +idp.attribute.resolver.LDAP.subtreeSearch = true +idp.attribute.resolver.LDAP.userFilter = (uid={user}) +idp.attribute.resolver.LDAP.bindDN = cn=admin,DC=oldap,DC=test,DC=elasticsearch,DC=com +idp.attribute.resolver.LDAP.bindDNCredential = NickFuryHeartsES +idp.attribute.resolver.LDAP.dnFormat = uid=%s,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +idp.attribute.resolver.LDAP.searchFilter = (uid={user}) +idp.attribute.resolver.LDAP.connectTimeout = 5 +idp.attribute.resolver.LDAP.responseTimeout = 5 \ No newline at end of file diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/logback.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/logback.xml new file mode 100644 index 00000000000..e1f38b83830 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/logback.xml @@ -0,0 +1,124 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + UTF-8 + %date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short} + + + + + + + VelocityStatusMatcher + ResourceManager : unable to find resource 'status.vm' in any resource loader. + + VelocityStatusMatcher.matches(formattedMessage) + + DENY + + + + + + 0 + + + + + ${idp.fticks.loghost:-localhost} + ${idp.fticks.logport:-514} + AUTH + [%thread] %logger %msg + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/metadata-providers.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/metadata-providers.xml new file mode 100644 index 00000000000..d7230054af6 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/metadata-providers.xml @@ -0,0 +1,78 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/files/relying-party.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/relying-party.xml similarity index 100% rename from x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/files/relying-party.xml rename to x-pack/test/idp-fixture/idp/shibboleth-idp/conf/relying-party.xml diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/saml-nameid.properties b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/saml-nameid.properties new file mode 100644 index 00000000000..bbc15970731 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/saml-nameid.properties @@ -0,0 +1,37 @@ +# Properties involving SAML NameIdentifier/NameID generation/consumption + +# For the most part these settings only deal with "transient" and "persistent" +# identifiers. See saml-nameid.xml and c14n/subject-c14n.xml for advanced +# settings + +# Comment out to disable legacy NameID generation via Attribute Resolver +#idp.nameid.saml2.legacyGenerator = shibboleth.LegacySAML2NameIDGenerator +#idp.nameid.saml1.legacyGenerator = shibboleth.LegacySAML1NameIdentifierGenerator + +# Default NameID Formats to use when nothing else is called for. +# Don't change these just to change the Format used for a single SP! +#idp.nameid.saml2.default = urn:oasis:names:tc:SAML:2.0:nameid-format:transient +#idp.nameid.saml1.default = urn:mace:shibboleth:1.0:nameIdentifier + +# Set to shibboleth.StoredTransientIdGenerator for server-side transient ID storage +#idp.transientId.generator = shibboleth.CryptoTransientIdGenerator + +# Persistent IDs can be computed on the fly with a hash, or managed in a database + +# For computed IDs, set a source attribute and a secret salt: +#idp.persistentId.sourceAttribute = changethistosomethingreal +#idp.persistentId.useUnfilteredAttributes = true +# Do *NOT* share the salt with other people, it's like divulging your private key. +#idp.persistentId.algorithm = SHA +#idp.persistentId.salt = changethistosomethingrandom +# BASE64 will match V2 values, we recommend BASE32 encoding for new installs. +idp.persistentId.encoding = BASE32 + +# To use a database, use shibboleth.StoredPersistentIdGenerator +#idp.persistentId.generator = shibboleth.ComputedPersistentIdGenerator +# For basic use, set this to a JDBC DataSource bean name: +#idp.persistentId.dataSource = PersistentIdDataSource +# For advanced use, set to a bean inherited from shibboleth.JDBCPersistentIdStore +#idp.persistentId.store = MyPersistentIdStore +# Set to an empty property to skip hash-based generation of first stored ID +#idp.persistentId.computed = shibboleth.ComputedPersistentIdGenerator diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/saml-nameid.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/saml-nameid.xml new file mode 100644 index 00000000000..7d82cf52048 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/saml-nameid.xml @@ -0,0 +1,64 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/services.properties b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/services.properties new file mode 100644 index 00000000000..0aa900731a4 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/services.properties @@ -0,0 +1,65 @@ +# Configure the resources to load for various services, +# and the settings for failure handling and auto-reload. + +# failFast=true prevents IdP startup if a configuration is bad +# checkInterval = PT0S means never reload (this is the default) + +# Global default for fail-fast behavior of most subsystems +# with individual override possible below. +#idp.service.failFast = false + +#idp.service.logging.resource = %{idp.home}/conf/logback.xml +#idp.service.logging.failFast = true +idp.service.logging.checkInterval = PT5M + +# Set to shibboleth.LegacyRelyingPartyResolverResources with legacy V2 relying-party.xml +#idp.service.relyingparty.resources = shibboleth.RelyingPartyResolverResources +#idp.service.relyingparty.failFast = false +idp.service.relyingparty.checkInterval = PT15M + +#idp.service.metadata.resources = shibboleth.MetadataResolverResources +#idp.service.metadata.failFast = false +#idp.service.metadata.checkInterval = PT0S + +#idp.service.attribute.resolver.resources = shibboleth.AttributeResolverResources +#idp.service.attribute.resolver.failFast = false +idp.service.attribute.resolver.checkInterval = PT15M +#idp.service.attribute.resolver.maskFailures = true +#idp.service.attribute.resolver.stripNulls = false + +#idp.service.attribute.filter.resources = shibboleth.AttributeFilterResources +# NOTE: Failing the filter fast leaves no filters enabled. +#idp.service.attribute.filter.failFast = false +idp.service.attribute.filter.checkInterval = PT15M +#idp.service.attribute.filter.maskFailures = true + +#idp.service.nameidGeneration.resources = shibboleth.NameIdentifierGenerationResources +#idp.service.nameidGeneration.failFast = false +idp.service.nameidGeneration.checkInterval = PT15M + +#idp.service.access.resources = shibboleth.AccessControlResources +#idp.service.access.failFast = true +idp.service.access.checkInterval = PT5M + +#idp.service.cas.registry.resources = shibboleth.CASServiceRegistryResources +#idp.service.cas.registry.failFast = false +idp.service.cas.registry.checkInterval = PT15M + +#idp.message.resources = shibboleth.MessageSourceResources +#idp.message.cacheSeconds = 300 + +# Parameters for pre-defined HttpClient instances which perform in-memory and filesystem caching. +# These are used with components such as remote configuration resources that are explicitly wired +# with these client instances, *not* by default with HTTP metadata resolvers. +#idp.httpclient.useSecurityEnhancedTLSSocketFactory = false +#idp.httpclient.connectionDisregardTLSCertificate = false +#idp.httpclient.connectionRequestTimeout = PT1M +#idp.httpclient.connectionTimeout = PT1M +#idp.httpclient.socketTimeout = PT1M +#idp.httpclient.maxConnectionsTotal = 100 +#idp.httpclient.maxConnectionsPerRoute = 100 +#idp.httpclient.memorycaching.maxCacheEntries = 50 +#idp.httpclient.memorycaching.maxCacheEntrySize = 1048576 +#idp.httpclient.filecaching.maxCacheEntries = 100 +#idp.httpclient.filecaching.maxCacheEntrySize = 10485760 +idp.httpclient.filecaching.cacheDirectory = %{idp.home}/tmp/httpClientCache \ No newline at end of file diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/services.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/services.xml new file mode 100644 index 00000000000..e04ac8f0afc --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/services.xml @@ -0,0 +1,100 @@ + + + + + + + + + %{idp.home}/conf/relying-party.xml + %{idp.home}/conf/credentials.xml + %{idp.home}/system/conf/relying-party-system.xml + + + + + %{idp.home}/conf/relying-party.xml + %{idp.home}/system/conf/legacy-relying-party-defaults.xml + + + + %{idp.home}/conf/metadata-providers.xml + %{idp.home}/system/conf/metadata-providers-system.xml + + + + %{idp.home}/conf/attribute-resolver.xml + + + + %{idp.home}/conf/attribute-filter.xml + + + + %{idp.home}/conf/saml-nameid.xml + %{idp.home}/system/conf/saml-nameid-system.xml + + + + %{idp.home}/conf/access-control.xml + %{idp.home}/system/conf/access-control-system.xml + + + + %{idp.home}/conf/cas-protocol.xml + + + + + %{idp.home}/messages/messages + %{idp.home}/system/messages/messages + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/session-manager.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/session-manager.xml new file mode 100644 index 00000000000..7372029719c --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/session-manager.xml @@ -0,0 +1,29 @@ + + + + + + + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/README b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/README new file mode 100644 index 00000000000..a4e6f92c18c --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/README @@ -0,0 +1,2 @@ +openssl req -x509 -newkey rsa:4096 -nodes -keyout idp-browser.key -out idp-browser.pem -days 10000 -subj "/CN=localhost" +openssl pkcs12 -in idp-browser.pem -inkey idp-browser.key -export -out idp-browser.p12 diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/ca_server.pem b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/ca_server.pem new file mode 100644 index 00000000000..d090cbf6d3a --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/ca_server.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEAzCCAmugAwIBAgIUGJBYO12hG0Uo/jCDsHqz9KNR25cwDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAxMOTERBUCBTZXJ2ZXIgQ0EwHhcNMTkwMzA4MTY1MzI2WhcN +MjAwMzA3MTY1MzI2WjAZMRcwFQYDVQQDEw5MREFQIFNlcnZlciBDQTCCAaIwDQYJ +KoZIhvcNAQEBBQADggGPADCCAYoCggGBALtPoq9PwkRZyV2ZKU98RoVxERWOfVw3 +W5QmU+jBDD7vz0xRvjD2Xz+AtAqLyYCE90d8xnaxY42rZ7IXjd9K56rwVuvjgBfV +6iVV1Vo5q5yxsZTsiR+Zrjd3F/AvhTXRsn2GLo2rS2Q64CjodJqzhPvLiZSoUCXs +sdv+sGCZ8H4Wjomygu4HzoS+y+b6wEfcynd7c0thEsYcqacGcvsxXOSU2bnyx8Z4 +T3VeYb2i+DWXBtFACzC/bzVzft+Kui+buktgkdCTkJe2Q/TWjqlhGH/o3A98xZRm ++UDnyJG3Et4MDLNmhpizSsFw8gB4DsK7OrcepcPzsAYvG0VoI5flQnraMNTlTZ5X +bwgtzpRolDEx4qKKPfcYauLEuP5YsteVbPcZwUBNxF+YWi800XDN2D8abUrQ1NyK +fKAoOf7xAHGzZm78lvuhWxKL7/L0TFMCtxdYxzNXQsT4ZgvbtKT3moc8Rw0Jyc3p +/C45CpEwlqDdYcEx2bM/gaFR/KkUbEGyawIDAQABo0MwQTAPBgNVHRMBAf8EBTAD +AQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYEFP+p8954Rx6o/i4G/3U6qVKu +lsDJMA0GCSqGSIb3DQEBCwUAA4IBgQCdoxcQxfKd209+TsXjymbrMSWBbfDHLQml +ocKF2EF92hOBJnAm5E8Z2+ZHAZ0hbsl8r1dSIhZuqb7GGE7KfN+mFTP0YlteciPg +0NDM0GsaryftkWe9Lwkt9M72vHP8sCjorskpmYWhHBWgkTfd5Uzso0w3wYNJpeuX +qGOjrjcfpRrDk/fyWUgVPkTBmmEEFWCJHSZF8N+BMHrTiw9UsJXBwbHa983Sm9Lq +pK61y2LTo9OHBHCFl0DmzHiH7AEg9RmJlUqMomn8b/gquIoplUchUtS/h7BVPgqz +w6vS3fE8FgHODthGv55xqhaPV23ZFv6QUlc80yzY3BhYyfu21O/gzo3wmKC6fq9L +pWK2CYgdtDAV0vjTchkYM12iJDLJBdNoLzVZrXqxFMWjVZN2N7GVyc3PGzyOAquf +LuuvSAhErt84mh8MwAbVie09iDTbqPgFjn+D1AK70ocfMVGM2lwOmk0vvCLHtxE7 +fh/9Tf0GS1BHkmgzWwXqTkCK71mJQvs= +-----END CERTIFICATE----- diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-backchannel.crt b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-backchannel.crt new file mode 100644 index 00000000000..d9f2e9b24c7 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-backchannel.crt @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEUjCCArqgAwIBAgIVALjpmEEY4k5+2/JXwk5y+MoDnWiAMA0GCSqGSIb3DQEB +CwUAMCgxJjAkBgNVBAMMHXRlc3Quc2hpYmJvbGV0aC5lbGFzdGljLmxvY2FsMB4X +DTE5MDMwODEzMTg1OVoXDTM5MDMwODEzMTg1OVowKDEmMCQGA1UEAwwddGVzdC5z +aGliYm9sZXRoLmVsYXN0aWMubG9jYWwwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAw +ggGKAoIBgQC98CVCuq4MBwBGia77i7tdUMFql+KbY5mY/eENspY59aPZbI6/oMSU +v4Uu3iJux8gGlBmkzxoefhuIA93lE+RS3k1iezxtS0fQW8drYCtJRT9j8xuEdzo9 +hHV3wa4lhnC8Mfn6K79jzj0Y6PkDCSS3wn80YYAQpI0sV6baxGuRByL7BMjHITFw +EbFYsph6zQ/3SZu1OWocVdgZkF+n3zraUDuj87M+Tn6RRhWF0Jq/vFAUNCTWr7Iw +GTUib9LWx3v5IqXttu9NBMSd5Q5mIoPWW+/RA3mpcsN51rVRa2od6HABpiEv7I7B +yEtBVNPkYfOPF2TIxefeyIl3UCD5sF/2nDAZfe/ENnJFQwqnPAXwXrlPlLCoWsOl +OOHfyE7tbORkVXNuWYq9TcTNLEIuB081Utxsoa+iiWGyn0/uYDg2NGxJ2V2/PISf +LhUilCJSmNbMUFirVSUJD8mntn8VRidn1/Wx7RCphPGmMmJtAN080/+zCOJVE4/G +6JnRMFpNZO0CAwEAAaNzMHEwHQYDVR0OBBYEFH9wTxThSEj7nswt0sIjbpw86itt +MFAGA1UdEQRJMEeCHXRlc3Quc2hpYmJvbGV0aC5lbGFzdGljLmxvY2FshiZodHRw +czovL3Rlc3Quc2hpYmJvbGV0aC5lbGFzdGljLmxvY2FsLzANBgkqhkiG9w0BAQsF +AAOCAYEApBpPTKvKUwcZ8Tfm3TZPINmSXI05OWU1Xu8gdFB0EoUDFE9/uHTJgfmS +5ZjUT8YGhHH883XKNq9JhmyCb5V5ZSjONzMGplcsTAkk0guU0DqKvabyVsQuyne6 +nCkbAr/srtJFutiFJDGmfAmhTSFTVmpI4stpyC+y5Y0PhcUQa6Ytz8wGTMJvftv5 +2S5zhX9IDaWo4C97WWnSXaFepi5n1i4wlCj5HgDkEhoeEt5byJMxzDdN9whEI5Ju +VPMUcRcJNajnSKA1SVAznUpJbHSu0WAfM/MQ9ucX3o3A5J/bA9xlknsEWtugtvRK +KCwuibrOddrv/cQQbpPjDhWk/VF7tOA1kuSHHdYICB+WjWU463bv0rLm6QXqkDU4 +f3XuG2zJTmVQEzBdmv9ATlqQ+sADV216Vyy5I/delW0WnmePGTuxBj+Xm7VrbYNi +WOveqK14343Bpbo8H/V2UvTPGF+oICnmw0fgG7SChtcDY9won6mRVCcy+01TeOua +TSYuiKRN +-----END CERTIFICATE----- diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-backchannel.p12 b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-backchannel.p12 new file mode 100644 index 00000000000..4c19a5c22cb Binary files /dev/null and b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-backchannel.p12 differ diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-browser.key b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-browser.key new file mode 100644 index 00000000000..fb9aae8983d --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-browser.key @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,448E229091A1814C + +2GcUr2daklgGwVg37U/wo1qdWQhr1PYL6q77UWyWTnjgMC00hHwPF7ChkLmD8jXa +eSxk3Myih85SudgOFydnDAecj3WZ5s1T1LuH1jXN5yg2WAjQKwzoxKvAELfjbX4A +gM5cNMI62DfpFJHnj4WVJioFvXuNB58TM30D1yFZbqUm5I2nThxzoNVKUuOwZ+Ct +Xr/rpX0AaKLJJ7iIws/iByBLvf75/mmharHWTqJV/dh/mqvpstvMXtlr/YpL0jq7 +I1nF9jutGGCkdUmCnXEjE5eGOdgOd8hPuHIHgDAWILqbaGNSmMs3KaJWrOxSp0i2 +ilQPmjqSSI7KKGDay9UeEF9FPuLQvSk1S9/e4IC2lG30wqZpJ8kY7DJmhXXvG7eg +6BGUOpZ/haXqltI9gNRa/PlME7zk26S0KPSqorh5ajDeMKcX7g8aQEh4kM7Rp5Ne +94dW2mwUj1mqHrkgPJewExlRq6TE23DUA4fbm45VnducaIhz6nw6deQNzArnl61+ +yLXjd6R+usRJubh2NK5yKWAJczI7bzyTU1B+wYFK9m9HTGi3JQFFG4hGwktjSy39 +2HHO5swES2di18Yq0unzAagK9+ngAkWECIRjswqaFSfFW9FZdsACiS62BTcXygHv +AP6dm1ofL1kO8/QYF+fTKmLP+mTtVYs0TE219u5gAXODHIMDIdpM4O/weAcoAjP+ +WVDefvFC/A986ZogG/xePyh01fkQFRWjSUq73IWOxflWQOZC6ur65YDhFhcNRfq7 ++pEv5oourj4613ei1THhA/OZKedn3oqTxCZcp4BeTksI3lwJKWxlO799UHb2hiKR +ICnNskE7jvYEQLJS7oesqJjtme3ERaevRVZJXf9h+/1Ohv4PZOtNHS4EKVzECPJn +OLtr221QRkyqME4PeI5u6pTkTQj8y2sC6jZ17nlNXDtP6bCiLUsB64HDAhu1+7gm +ahsFcwe66iNo8UHptKSlVl+3kjSHLO6MvDvFSxuk5ZbA/6leXEnl/9sm0vjE/dgj +n+Q+WbE0+plfP91AR3KeH/NNPF6R6n6aFAIo6ZK4inUKTSe7QEK9qgJo5I3nIhoa +hwKkf3rvcNYsPrB0n98ncoR7CSjjfjzou6m5oXgtsdiC8IrnjsUXY8VsfHqrBbJD +usqa0E0R1n2atfiFs7Lmm2tJLIfYnTyfxCoU9U6IbPbwgoD11vy6wZV138BXL4Vq +E/7JZGP1E7/M3TziFgg8tQRVw9Y7tKI1AFXH5FPbTLubqqp8oiH5QSSUC2lsDTRV +I6DA43W2Et2gn16moW3qFekO6qkQh3XYLiyH76zLQ44ebsB3wdwONxOcCpDIvikw +UWKnJ4XXAHbVs8B4myShjUN3yiDMHQ5g0dkJDgd0oJv5lYZJD2LH/xn+FJfVN+Xr +csD6Dgv7mAsvaOTtv3s4zBNtWEdnZpOy4agsFr+dCH9V/Wqq3Cp8y6nOAGHW1Yw7 +HS7s7cZqssEhSAoQUgtqLr4MsfysDM9LhPSc/wHGt9lOfTyJkp1B8rWuIkMy/A2C +YU92pHLXtd1VW0gJd410GUXKNRB8gw4MakRvKCEQgaARXMFVYUJGfTPP43ZcDgeK +FBpeYT+7lJxm0GN9B8hzcTI3BiD+efZRXVw+qltOq/I0m7896lMJjoigF1i8y/ou +537CyaCmasK6V4b2omF78omRYa8xG/6UUTV5n3RA7+KTEvk8RyCl1+Hqu1Yk9Tnk +bjR2xMnF6PG7MUWzOaDFjlL+LWb5OF9gsmkBOz+Gf8wc0ZKFvkoqgv65Q/miklKO +A/jPY8KzWFMAXHo3JP+PiFlLAmJHVpnMumUCycd62P3Omp8HWgyz3dG68ubwlQlU +OwYaJapke1SazUBNdGIxFw4PPJbd/AuoTb0hKznVZrAGW/QmH6vtQLIL38t3i97b +ZW3SmhF1CmBngcVe4jmWtv+ElWNfB83XpLdF8Az7JxKruwvQpsIkn8lZKpEaibP8 +RyqbDIdIvgetcHgSZTZrHROzk+a2XFBxvX0FG48I15yY5KG2/uZrg5KWztXF/wh8 +GB2m6OVko2+6jb9ffs3ur+NTYBbWHgt0VaZW/TJMduIar6z7KRPahCdPJE+ZJL9B +Y1UzzmQhyp5bgTtrn9/NwXotM62OCiTNm7+asdUOkj5Yg8NG//CbRcjPmIO9zLkt +qZnyvf187oFZoaoqAcxrBCBHVUC5iqi3gJ3IVtjKM/qN+uqazuayzEl5XqCXCIIY +EQycYGOXzGZJp9ZpUlbnsazUAwxqo+eoxpzRXw66dLAZRcriXGhvcittVKuVAbxr +rRs8rYXvGYyUlNH15qiGzU7zRiKIzjV43m6KSFxGPX0vQdKif9kNc66YJ5C3FmwD +RZT3u/YED+QUg9QGNIhIJX+boV6yBjiZp+TUGiEfymPPbf7MXiUdGo1TWuSYjC+r +GOI80Bt6np5gXeQxW8vIEVspiPkiFqag9xrG3XfWZjYnLg1ue8sufrSu7B9oRwXJ +1E4l02nSCrb+PHlrEDC0BfK+3cGyahu58ayX1LfgMMGoYn1Z5lirIRlZr+lFNq7V +F001QMJLCAwoUv2pNheJTD2GuvJDY4F+BepQe0GiMhRKTxiUEyHpuVPUenBn+yKj +S1Jo12oVxNZvPx1z4dbqbeQBu1uLwLpGj39HW+FvuQYA1pi+sAyBGV5mTnOaAyyK +qRVevAYOVqToXmIrmwqFirl4q/UHX+8KKXZE7+t5l6jx1ik9fbwPBk9xYTguRUDR +JMLlwq6z9wz405z4yL4wcr988kqEp8rflUEBOP7uQXHAqHPVRV8eidkuW/Q7XmbP +s3lxo3CW22txdZvrhkIRTAPuHAoVf06F/DSKufpwTYDEd6vwRgupC1K8Cj8irVjV +PzZmwQDzgIhp3PvuiIxqiQRRGbu2uZa4YnryFG5ROY32S8u4CJ/3YrdnK9x5ZhwI +L2KVja++t1EAcq7lvAelV5+5k4CMGYkiHVRZc8oM6H6DQFeanD3wo/wJExOwp07M +y3Lg8snXFFKbwpIPoMFvo8tc+AvxpNR3ByycxcuEdjKPCLZaAZ7WpjWDm5INJRmc +QpYqhhwVWGLITtrW0z8vJEIffDT7dx/Z1pPkmBhqXgfQgr6650sravzrvWooYmmL +-----END RSA PRIVATE KEY----- diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-browser.p12 b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-browser.p12 new file mode 100644 index 00000000000..30d0583b378 Binary files /dev/null and b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-browser.p12 differ diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-browser.pem b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-browser.pem new file mode 100644 index 00000000000..51324a9c4d7 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-browser.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFCTCCAvGgAwIBAgIUXgnF25GwdlFAe0byzIYbN3AT2WIwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDMwODIxMTAzMFoXDTQ2MDcy +NDIxMTAzMFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEAth/Euk/QuccVqvRBivjqn6T/1KRRxnAeSVnbfaww1XS2 +aIj7CjAmuOblA3MPZcnpO9l3xTwcLGCzoel/BopjF6rbQM92U/XcZO3i5p9SrXZ3 +tLn0RWbv3+0yN3J8tbsBNsoIoOCdBurBmwRMCtQn+WaX04BIVDOeRRPGrtnQaKGk +vtKigxf5GOLsVlvmb4749MUdtR+PrmtNWpN47MLpMCLEWK0OS1CyAgUyu+ktJCMV +aBX29aHK3y7oIURgFrXtsMWavCtMhGHZYvuKOhfoBszWM6zEC73NyuKX8CewIoRO +HnV+r9SpHuTqVS0Pcrts8TtBcLWCbGUlHl2IYc36tiWw5H0/85im0h62o+b2OXoj +1PV2xSPBQf970YvjJhPu7OIxde3uIGcITWfcMTYINdpuguII0WJnVXbzNnluUoNg +c1QudVfFbNU0M9WexL7JRp3++IZKynuCzJ8g/LAUArt5OetYz8CsGkR9ijd4S42P +9t9DrMb71XWwV8aKxjTcfh2GEYbG/ZRZdZnXyuNrt04uoCrNp8q5yv+xtJeKG2So +PfgpzckpZhk9P4WqSz0JXLn1WweCjEOdJ31NVbGqWjQAPYmGNjb6k0Jf/wdopmtV +UehZUnUg1zeI39JSd189Z9NR/Up7yi/Mn/TVCC8TOouWs4QYcuWal/B1JF2PZlEC +AwEAAaNTMFEwHQYDVR0OBBYEFKSTsih4bvNakB2hY87W4PZj5fK2MB8GA1UdIwQY +MBaAFKSTsih4bvNakB2hY87W4PZj5fK2MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggIBACfJSHzEx2fTGFrHDh5DCacixQmK5NDNh8kpQyuTLFyF2LZ+ ++iYqEQjd8Mqd3i6NDzv199P9RrrpnKG+SfrIKRff98sHAssxwLXzHTZJePJMWauP +JfCX2wxojPHWa/3cXBcxPQa3T/HAvN4U9GMIziQllmr/7R8LBqtkWBwei7/3lQAH +RYStfdC1ROG4rbrLgVhEKf0SQ8cFcHkrxxTsomVI+8aS9cCLPdKo0N4jaV4hVocv +nD6QpDIFzqpLYYFTRSNK3niJ30pxHbwlzluj9oYQcdX9zS+CkiX6N+ELPcR7J3/h +0Pt7HkII5XU43yf3ApRVodIW2bdEL1i4ccH86gzvoijaJJdGazXXNjnCsL6zuJPT +tLfQEbMHPzGOUnkfVC6eO/4POqXva9cZd+bk+SpbDJCJowOHTpl7U3SEFgttiJXo +N4+BZhHVBhUxjLGXqiZmtaffXeXXuWzVbYj/ve3ymL++hCkh3niqajpdu2cKvRaN +VDNi5tO7nwruMaAmsUi6KJVui8tFB9CtDbK/UTeNfi2xUrFrPUJICyUW7wnb1ayL +w+FPAjV5+OBZ1HOsnP3ktC4e7WWfo/8pENMRPMr62oJS244Docdzg6HCdu2SBSK+ +ulX+uylH2rmBDIQ6IAj8cSBYVKyQZFbUCERCoF1KxmChL+49h9cSB0SJTiFa +-----END CERTIFICATE----- diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-encryption.crt b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-encryption.crt new file mode 100644 index 00000000000..514fe401b78 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-encryption.crt @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEUTCCArmgAwIBAgIUcpV0WDMWve6/1FPqzjYJnMLDLRIwDQYJKoZIhvcNAQEL +BQAwKDEmMCQGA1UEAwwddGVzdC5zaGliYm9sZXRoLmVsYXN0aWMubG9jYWwwHhcN +MTkwMzA4MTMxODU5WhcNMzkwMzA4MTMxODU5WjAoMSYwJAYDVQQDDB10ZXN0LnNo +aWJib2xldGguZWxhc3RpYy5sb2NhbDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC +AYoCggGBAI4haOiDT0q1eBqwKWbOUfxTVQ2d3nC4wpPekB8YixcePBHu1GEKnCmO +E1/EHyhc5EA0p+IV4GRfwEC4bwWOFt5xY2XJREeXg21G1pQ0R2aHIb9cmJWuHHBt +4pIaEiOw1se4zfiTNgcO2WOc6ixmx/cJYjd+FvMPP3Y96JFycVt7f4DTUZ/IGUTO +jOjwRet9vpBHBzIIN+MEnarwd3mPt3FLhsMU09Q/C3Jfw9x+HcSrCQn7d/3ucvZL +iRdYfGxr6YVapwij5eRkVDx6pRi4jTWgNy7BGieWJLElDoPTapmPZxhTIkxnv9/A +HqZmOc2hErU/aPKe/H5doC9Sfj9jEhXURVYeK7Rsmq8IVW6WnVxODjO62/mS58Uu +slkLiNBd0GDx+PRm7YG1k3khJFihtL1xfKIE8PUEqemYIvoHY3/xTujplUDTdHlC +VRaf5/QhT+vgcn7JEXnWtgW1SzSg//lmN1htfOlPb4pXa/Y/Gg2JrsMXXgu098X8 +u++qOorK2QIDAQABo3MwcTAdBgNVHQ4EFgQUUxIigNlOHt4GZvE4XwmwPq0H2xsw +UAYDVR0RBEkwR4IddGVzdC5zaGliYm9sZXRoLmVsYXN0aWMubG9jYWyGJmh0dHBz +Oi8vdGVzdC5zaGliYm9sZXRoLmVsYXN0aWMubG9jYWwvMA0GCSqGSIb3DQEBCwUA +A4IBgQB3V3QLkSEnix65cZVH1x4ayZfkyYUeXqQEpjsnz4wGPmWXQp/vJ313mWsV +dtA6uCEHAhAi1It8QpOw0DkQQ39GYLANkra1skjGqOgqjsqCsEX9haaIVvRrG1YP +GA5C6nq88C4KgAYzhfzmOTkDvCLeM/adSV9q8y4juPsrOod81zBjp5GhLfraVUXq +6gwMjRqE+eEgX1RGiYDNl3oar4WB6+cCiTsbkJwHsmGc2LviHxlkPRSIPkJtTUAW +bTCN38FxQda9Ao6ZavSn2Da/HhQm1yxpOdEfTeBSFS5e6NSqj+X1Mc8y0L5cLUyZ +kqQ+q2xhMap2WyDxUm5db9OR5VkrpejR7+f+CYVD7CTt7bqoHQZgaOrGJLje0ZQX +cAeMgEFja4nK0TY8+eD+ijEZ3y/LRMsIl5Hetxaw1atgoVKociuhoF5wZSK0OsDQ +Qx/AEkhqDaSUfSZvSJlD645k/E20NGiK/a8nsquJ3Tkl8rQDEk8r/IKJVmo+vkuX +NgQpDdo= +-----END CERTIFICATE----- diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-encryption.key b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-encryption.key new file mode 100644 index 00000000000..6d7535ba8e1 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-encryption.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAjiFo6INPSrV4GrApZs5R/FNVDZ3ecLjCk96QHxiLFx48Ee7U +YQqcKY4TX8QfKFzkQDSn4hXgZF/AQLhvBY4W3nFjZclER5eDbUbWlDRHZochv1yY +la4ccG3ikhoSI7DWx7jN+JM2Bw7ZY5zqLGbH9wliN34W8w8/dj3okXJxW3t/gNNR +n8gZRM6M6PBF632+kEcHMgg34wSdqvB3eY+3cUuGwxTT1D8Lcl/D3H4dxKsJCft3 +/e5y9kuJF1h8bGvphVqnCKPl5GRUPHqlGLiNNaA3LsEaJ5YksSUOg9NqmY9nGFMi +TGe/38AepmY5zaEStT9o8p78fl2gL1J+P2MSFdRFVh4rtGyarwhVbpadXE4OM7rb ++ZLnxS6yWQuI0F3QYPH49GbtgbWTeSEkWKG0vXF8ogTw9QSp6Zgi+gdjf/FO6OmV +QNN0eUJVFp/n9CFP6+ByfskReda2BbVLNKD/+WY3WG186U9vildr9j8aDYmuwxde +C7T3xfy776o6isrZAgMBAAECggGAOUyk06AkdlUEj5XXixfAm74ouu2bQMxrvVtr +tO2bHX3V79DeFCVH4cTicKhLe2U/q9bOm+n/5ddoVW9FavLmq1UBIobqnQYrOQHm +/ia5Zk8yPsigxy9DTdwvDIGwMG1ZmXkaqI0Iqf3FjFA1ZCMnmKNS0lZmACV0i0HY +IdMGekAmnhQTgxwTe9bdngdH2PF/wwCvmO8RQNeajNCXCg3zgZxWPw2FfLrR7ZFI +D/tUGvZtFXYo4NmhxUOciCnnN3qlNq4toWZdejQvy0nKUzjRyy/fRpA0CZY7eiIh +/jlOdEM4ZKnDi9i0PU9eqWNBvwM4I5qd5EOYUjZZ4rySGcSW9eoKAYIEcjhu93hl +o1YUjL/R74ySxluX/dC6WBR2GFJsQdUSm3vIoXUl64Fbhro0dgbUhXQI/fO15yeQ +lTYzQygFrDs3z9xvl0/ajvGQC9v63SfADkUvE3pUExqTVkYLj7vNBMQRcXYGZnyO +Ltp2DfkZ+P4/Y8mYOM8xG6VebEf1AoHBANQsx3Z7c4WE3yHcKcqvqKzzTmWZBwEd +NzGA2ARzVuYJhJxtpHSiY21qrV84xqqtEmYVrfXmB0f0iy+rARg8MbYUHXrrn3Ro +FC4HRX6c7uof66nDRjSIWIVYuU93k/H+5n9EvJ22keSANm5yCHnNViYDiJmrwS2B +vE9t3iGoJQzz+tPJ6Z9i71giZRRByePwQBEOsrbn5W57lStTDDAINlAwqMxqJcSg +4boNJURVAEFba2iGUvcDzuh6Zgep+KAx2wKBwQCrfOBmCvapiqW4WEvgMiPGkGEw +pJXwH2hzqNzM9E5xFj0ZXWToDmDpyWneO+KtPRX54+KqdzNrYoV9eX7a3w12hTd4 +U/dwqLBS3rtuJFWstZ93/RXcxsAvlHjKzZijfmhkS2Er/Aoifv+ItaYYvDZcBZW7 +5Qv8wb66E7cBmhoDm9Y09DkuJ39T9cLtVMH47+n84X39kMHr0EGoHoiIJ2fUpIVJ +xsLYEHcdzf7EgvgakzTUIre2zaBoUECoxiGE1lsCgcBwv6L3GT8YMrWH/sDOjm3q +Chkc8CbCts2/pqIkK06AS4qGvdTojeqcGFYtBbS8ud/PE7Ivu58e45qbKBoa0NHx +2dqYmWFQsIYYt5B8adSj4XaP7c7+132CztUan4ak0DmYY+R/Qqdgb6l9I2fRogYn +iTUrxBORpSF2bAHgjMOzkGs35FIbeq2Jfi2MiDFKyT6iUdcyTySig1WPgkA1vgdu +sYzho36ScJPDFH07RJgwIu5+yvKHhSSMcY6KgA44woUCgcAQeB+87RSfV7duqtwu +neIdscQDverAcuO/J9p8vIHEDpSzmOqV9ruL+FH4i9vLM3Cm3SHpqSUBDScw07hB +IObUGRsorTe4VBsK+mUZwNeRjKfSCDZPS68tYp7vKyubmApCh5K/fKckhPnZkUhw +W7MEx2yH7Qlnrtu4VyheOQSCkDbUQxgyvIxX7eRYkqlGVRQtuyI0dfCJyyhjEvud +x9sK6vn6CeKwiXRHIn9zM/jL5JNQRD1Mixb6rapoCw8xCL0CgcEAsYHLgf5lZYaB +ZON5w3+OJUEBypASaR8J0w8Na2uqs3KBTtclG6v7OiaWm8o9D/08W6VqA0X+lzCR +93gJuC2r+j+GTkfY77I7JV5AJzUaGSIPqbm7XWzGVsy/jKYksASMh9qgUaYdWjv9 +7Agqr4L/Jv0iwauDjd5y8EIkJ0vDHKceeupwzXO3aMPf9gi9n9VcFg7lcWc/jjCW +T4fbuKUAPUb/ttjBWKUhBiTBMg9aLbbGNbPO8WM/2Scrkepr7De0 +-----END RSA PRIVATE KEY----- diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-signing.crt b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-signing.crt new file mode 100644 index 00000000000..db092d8f818 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-signing.crt @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEUjCCArqgAwIBAgIVAMo/bS4nTf4TlWhmWu7auvJhceTMMA0GCSqGSIb3DQEB +CwUAMCgxJjAkBgNVBAMMHXRlc3Quc2hpYmJvbGV0aC5lbGFzdGljLmxvY2FsMB4X +DTE5MDMwODEzMTg1OVoXDTM5MDMwODEzMTg1OVowKDEmMCQGA1UEAwwddGVzdC5z +aGliYm9sZXRoLmVsYXN0aWMubG9jYWwwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAw +ggGKAoIBgQCGXWD/YD5VD52S6vmy1iRzYI7ZxAsyiDSOP3qQgRtcHssgNluTae6r +GIoj5m3tfQayHmh7ctI3zLhwReD9GlLZuV2JxaIfn/4e1N2dsLFvgYMmao9g41DE +/RG2Zjl/K9Ux3v0xUx5uoK0p68GR3ykYjf/Ea0AIJCx+SfRt6uOQ0nlAC19/gffJ +G1pzcbWxZMxx5jJ8bULtxbAgC7tW21V9kq6fBKwTpJS7XVC4xwou8Vi5NnoPwjbv +f9Agg1TuLI+Loa0+gK3exh0jGlHfvBZMobX8fZI7yDkt60hFe5g97R2yJuVekHR3 +VUyAG1xYWcS2l6tJ7XVQKRrwlwUumG0bsnBfa918p6V7pOsS5quKTCQpWkxpXO37 +BSbd3TrlpSde0ncFHg3bAxIPtlxbJe87CA4y9JuyrjqCqw8WC5clNCvlGBx5aKgu +986/TWK8neeJZTQRpo+Nwf+Q8tuNb21tYA7B04h2MMumdRcVJ5IXDuVuVZJecNZp +LZODW3bHiGECAwEAAaNzMHEwHQYDVR0OBBYEFGtVRTYHCuBUetx2T2KF8MkvAcwQ +MFAGA1UdEQRJMEeCHXRlc3Quc2hpYmJvbGV0aC5lbGFzdGljLmxvY2FshiZodHRw +czovL3Rlc3Quc2hpYmJvbGV0aC5lbGFzdGljLmxvY2FsLzANBgkqhkiG9w0BAQsF +AAOCAYEAe5fL8bstZsj6p1lZ3fIMjeRcz60BmDyIobQFTQu9PkRa3hcLZdCRtuNL +BfQbNr4Kymo8GP9c/RkmjIxl32cyCrt7kLWLurUptfYO8IgXpvnQ8EfdSO9PBDag +x5WVg8SHVJ+IeL2k+D/EnyQUisQPau0JmJCNQsAuzGrg8FmHa7IBDvWtAmO4BRRd +pZgyC/mfEwF8mbGoRJt7oHs30a+5RVHUhRDLhQD0+L3efgEvq+9lsDKIQHzG2ITg +Z5qqLkYP6nlNlMHU+xS9by4DT4u9IOOsQJ2DS/PNrYFRLNUwDKkdBFrhy3uM0UYl +e8Gvcow0paET4e1i50Urk7Yrnadcr7B9nNqHCrqW6QyuZmurhxyhAIiwYlc+fCVy +BUM9IlZ9yuQNRmTLr9irWbajfKSTtfzJDwid9ZKmKCDzDMci3oobVc8xTOGckoyB +QEyPGpCHu0JACjMUt/qqt/qD0xJTIibRrwPEOBKrxrCFwMfzdKnlmVUGNhI4cA88 +TvpYlz3p +-----END CERTIFICATE----- diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-signing.key b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-signing.key new file mode 100644 index 00000000000..9c45533265b --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/idp-signing.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAhl1g/2A+VQ+dkur5stYkc2CO2cQLMog0jj96kIEbXB7LIDZb +k2nuqxiKI+Zt7X0Gsh5oe3LSN8y4cEXg/RpS2bldicWiH5/+HtTdnbCxb4GDJmqP +YONQxP0RtmY5fyvVMd79MVMebqCtKevBkd8pGI3/xGtACCQsfkn0berjkNJ5QAtf +f4H3yRtac3G1sWTMceYyfG1C7cWwIAu7VttVfZKunwSsE6SUu11QuMcKLvFYuTZ6 +D8I273/QIINU7iyPi6GtPoCt3sYdIxpR37wWTKG1/H2SO8g5LetIRXuYPe0dsibl +XpB0d1VMgBtcWFnEtperSe11UCka8JcFLphtG7JwX2vdfKele6TrEuarikwkKVpM +aVzt+wUm3d065aUnXtJ3BR4N2wMSD7ZcWyXvOwgOMvSbsq46gqsPFguXJTQr5Rgc +eWioLvfOv01ivJ3niWU0EaaPjcH/kPLbjW9tbWAOwdOIdjDLpnUXFSeSFw7lblWS +XnDWaS2Tg1t2x4hhAgMBAAECggGAVHAgQbxYz5m1m5tg+dsLIxqeCwnhQ4tHA9Gu +k1sfN3/+hKrEV9pta0ZLoY3wrRsx9wOXA2U/6GMV0TCI2GYPhNWxi6AQZzFjQDrj +XnKovvsz0ROMMQYJPxIObILHRTzliKaqlLG4YStGRx7qEWKdb9nkzqnbnoIlF+Qf +4GeJRPyPyAidpgKmFdLDv+LInMdMl5NjTMBZHBVsvmbA/y9tBTIF3NbR0LJP6YMV +9FjY9HElIZezk22omk/HGneOCvMi/ywPyyniw+0DkEBpfh32k9jAMBmIfK0+xL7g +PKUDGhvLgAKrh0s1Vu4xpIWlhR+71ImHNJfPLvRv4H39uzDZDkAA5sIvLFfctweF +wTzudDapDQbqvZubjmj8KoGzThuTxQL/dxOnR6I0nFLNTQdVGf5k4tyMeMr1Lb4C +mKpqGrmkkcgl4GLqE9FNcgXGY2nqLhJboQ7J+9ApT391rESbHHTaqCzeEAtcjLwJ +c+OE/n3J35u5PnvrTvFtkY9n01UBAoHBAOiry2q0B1rPWboR6tLu8ejhit9H1kYy +VosWieOyoH4XhyIwkNna2EXABoI5ZN2xGgjAud/ilbtMr5IoSszfBGeQvQVp0aYI +njWWi+xC2+/7wGIj4ButDhl11d8UUhOfZW23cwVAVQAT6nzeaQ/2c7I9rqvIMHNq +8s+CauT6Q9P4NT4X2JvoYmjkUqeoKyNfgXATOjez2NReG97KaSg7kD5FLAkwi9iG +8Lh0O4SwQu+SkqLMwMsG0CvZOV4RvW4AUQKBwQCT1kGOa4c1F6E1gOeaYIWgHfP5 +Y8C0+SyysjPIp+g/Ct3dmnmglTvowtNqqInFTbEV/xlbR5wg5Oe0f4Js6++nzIx0 +ScC1031oGukQSI06nsa5Xr2UJ2xNqaF4CDgXpzpFWbfcapVl77TOlnmR1Lla7t4A +HNo0SG7mHXtX1GYptYzMxsug7cltXgYNHt15R6m4pdxd8gYHThb0OLZyvS6saSFO ++e7EepekeOwGPO/T68iriaihdgKEYnPl5IPbkxECgcBTp2jUrXOzf7eoAccnHcgW +TflLPB3bUT/ydCERn+i6TSVF8qYx3dBCi78LVS1h08ojeX+a8nGZTQIXD6uNK2X/ +AngjmR9KjfCsHbujL4q6Jw7Nek6aRMc7+jTyJvE3ouip4PpW2gF1rLNzP9gQaDDC +1hCWLLzW0o4Ic8CRITX/4U7rS1GTBKNVSTo6k2knJ7B3JkKZQm1kNY3ZtXbHg1ri +OKaTi0PMjv+/ofLAS0tVraJRLELo/EMecNSCcOhlw3ECgcEAgmwdz6BrWtpq3UHI +kTggCt8B8v0e8El3NnriFl6TFLLogu0Z6iJeBP2D+G+Rg6AD32z7GL03LwnipClt +jdwjxHw/WQQL4B0hYKuE+1mWRqX2mWjMhRy2flltWvCdU7izPqVlAC6DeLedYjf8 +Ljxl/aQH9D9//Wn9dEOEIjr+mkNRYQLseB/veO3fFsopByrCv2SL4dF3ohAxTemO +g/EEcRQaT4tNKscgavhG+UXfKq2zjinWvALZO6ODrcgIz7iRAoHBAMqWH5QzlffH +mDhvm4gm7FcriNLSsS3OkoQ2u0DLmSIGlIdUUJLy9PVgJCV7RpGQM0pCm79l+Htz +DZzRtGX+qp1xQbM7TuDcD5Ft8a7ZvAZ0Jb/Jz3CKgqPOIkEqZvnCgPY349aopqlA +AKHavKVIyMYws2FpzXU7C59GW0xKq6F3OXbJig5HiRzltwb7sTyTPDYtX4GzHxBM +VRKTMpJhCjx+kUEmENE75PV8xMcNn3wZyAIpoK4l2NNvP2Ryzd1J6w== +-----END RSA PRIVATE KEY----- diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/sealer.jks b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/sealer.jks new file mode 100644 index 00000000000..598086ecb7e Binary files /dev/null and b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/sealer.jks differ diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/sealer.kver b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/sealer.kver new file mode 100644 index 00000000000..398a8429032 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/credentials/sealer.kver @@ -0,0 +1,2 @@ +#Fri Mar 08 13:19:00 UTC 2019 +CurrentVersion=1 diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/metadata/idp-metadata.xml b/x-pack/test/idp-fixture/idp/shibboleth-idp/metadata/idp-metadata.xml new file mode 100644 index 00000000000..7cec10ee3df --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/metadata/idp-metadata.xml @@ -0,0 +1,121 @@ + + + + + + + + test.elastic.co + + + + + + + +MIIEUjCCArqgAwIBAgIVALjpmEEY4k5+2/JXwk5y+MoDnWiAMA0GCSqGSIb3DQEB +CwUAMCgxJjAkBgNVBAMMHXRlc3Quc2hpYmJvbGV0aC5lbGFzdGljLmxvY2FsMB4X +DTE5MDMwODEzMTg1OVoXDTM5MDMwODEzMTg1OVowKDEmMCQGA1UEAwwddGVzdC5z +aGliYm9sZXRoLmVsYXN0aWMubG9jYWwwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAw +ggGKAoIBgQC98CVCuq4MBwBGia77i7tdUMFql+KbY5mY/eENspY59aPZbI6/oMSU +v4Uu3iJux8gGlBmkzxoefhuIA93lE+RS3k1iezxtS0fQW8drYCtJRT9j8xuEdzo9 +hHV3wa4lhnC8Mfn6K79jzj0Y6PkDCSS3wn80YYAQpI0sV6baxGuRByL7BMjHITFw +EbFYsph6zQ/3SZu1OWocVdgZkF+n3zraUDuj87M+Tn6RRhWF0Jq/vFAUNCTWr7Iw +GTUib9LWx3v5IqXttu9NBMSd5Q5mIoPWW+/RA3mpcsN51rVRa2od6HABpiEv7I7B +yEtBVNPkYfOPF2TIxefeyIl3UCD5sF/2nDAZfe/ENnJFQwqnPAXwXrlPlLCoWsOl +OOHfyE7tbORkVXNuWYq9TcTNLEIuB081Utxsoa+iiWGyn0/uYDg2NGxJ2V2/PISf +LhUilCJSmNbMUFirVSUJD8mntn8VRidn1/Wx7RCphPGmMmJtAN080/+zCOJVE4/G +6JnRMFpNZO0CAwEAAaNzMHEwHQYDVR0OBBYEFH9wTxThSEj7nswt0sIjbpw86itt +MFAGA1UdEQRJMEeCHXRlc3Quc2hpYmJvbGV0aC5lbGFzdGljLmxvY2FshiZodHRw +czovL3Rlc3Quc2hpYmJvbGV0aC5lbGFzdGljLmxvY2FsLzANBgkqhkiG9w0BAQsF +AAOCAYEApBpPTKvKUwcZ8Tfm3TZPINmSXI05OWU1Xu8gdFB0EoUDFE9/uHTJgfmS +5ZjUT8YGhHH883XKNq9JhmyCb5V5ZSjONzMGplcsTAkk0guU0DqKvabyVsQuyne6 +nCkbAr/srtJFutiFJDGmfAmhTSFTVmpI4stpyC+y5Y0PhcUQa6Ytz8wGTMJvftv5 +2S5zhX9IDaWo4C97WWnSXaFepi5n1i4wlCj5HgDkEhoeEt5byJMxzDdN9whEI5Ju +VPMUcRcJNajnSKA1SVAznUpJbHSu0WAfM/MQ9ucX3o3A5J/bA9xlknsEWtugtvRK +KCwuibrOddrv/cQQbpPjDhWk/VF7tOA1kuSHHdYICB+WjWU463bv0rLm6QXqkDU4 +f3XuG2zJTmVQEzBdmv9ATlqQ+sADV216Vyy5I/delW0WnmePGTuxBj+Xm7VrbYNi +WOveqK14343Bpbo8H/V2UvTPGF+oICnmw0fgG7SChtcDY9won6mRVCcy+01TeOua +TSYuiKRN + + + + + + + + + +MIIEUjCCArqgAwIBAgIVAMo/bS4nTf4TlWhmWu7auvJhceTMMA0GCSqGSIb3DQEB +CwUAMCgxJjAkBgNVBAMMHXRlc3Quc2hpYmJvbGV0aC5lbGFzdGljLmxvY2FsMB4X +DTE5MDMwODEzMTg1OVoXDTM5MDMwODEzMTg1OVowKDEmMCQGA1UEAwwddGVzdC5z +aGliYm9sZXRoLmVsYXN0aWMubG9jYWwwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAw +ggGKAoIBgQCGXWD/YD5VD52S6vmy1iRzYI7ZxAsyiDSOP3qQgRtcHssgNluTae6r +GIoj5m3tfQayHmh7ctI3zLhwReD9GlLZuV2JxaIfn/4e1N2dsLFvgYMmao9g41DE +/RG2Zjl/K9Ux3v0xUx5uoK0p68GR3ykYjf/Ea0AIJCx+SfRt6uOQ0nlAC19/gffJ +G1pzcbWxZMxx5jJ8bULtxbAgC7tW21V9kq6fBKwTpJS7XVC4xwou8Vi5NnoPwjbv +f9Agg1TuLI+Loa0+gK3exh0jGlHfvBZMobX8fZI7yDkt60hFe5g97R2yJuVekHR3 +VUyAG1xYWcS2l6tJ7XVQKRrwlwUumG0bsnBfa918p6V7pOsS5quKTCQpWkxpXO37 +BSbd3TrlpSde0ncFHg3bAxIPtlxbJe87CA4y9JuyrjqCqw8WC5clNCvlGBx5aKgu +986/TWK8neeJZTQRpo+Nwf+Q8tuNb21tYA7B04h2MMumdRcVJ5IXDuVuVZJecNZp +LZODW3bHiGECAwEAAaNzMHEwHQYDVR0OBBYEFGtVRTYHCuBUetx2T2KF8MkvAcwQ +MFAGA1UdEQRJMEeCHXRlc3Quc2hpYmJvbGV0aC5lbGFzdGljLmxvY2FshiZodHRw +czovL3Rlc3Quc2hpYmJvbGV0aC5lbGFzdGljLmxvY2FsLzANBgkqhkiG9w0BAQsF +AAOCAYEAe5fL8bstZsj6p1lZ3fIMjeRcz60BmDyIobQFTQu9PkRa3hcLZdCRtuNL +BfQbNr4Kymo8GP9c/RkmjIxl32cyCrt7kLWLurUptfYO8IgXpvnQ8EfdSO9PBDag +x5WVg8SHVJ+IeL2k+D/EnyQUisQPau0JmJCNQsAuzGrg8FmHa7IBDvWtAmO4BRRd +pZgyC/mfEwF8mbGoRJt7oHs30a+5RVHUhRDLhQD0+L3efgEvq+9lsDKIQHzG2ITg +Z5qqLkYP6nlNlMHU+xS9by4DT4u9IOOsQJ2DS/PNrYFRLNUwDKkdBFrhy3uM0UYl +e8Gvcow0paET4e1i50Urk7Yrnadcr7B9nNqHCrqW6QyuZmurhxyhAIiwYlc+fCVy +BUM9IlZ9yuQNRmTLr9irWbajfKSTtfzJDwid9ZKmKCDzDMci3oobVc8xTOGckoyB +QEyPGpCHu0JACjMUt/qqt/qD0xJTIibRrwPEOBKrxrCFwMfzdKnlmVUGNhI4cA88 +TvpYlz3p + + + + + + + + + +MIIEUTCCArmgAwIBAgIUcpV0WDMWve6/1FPqzjYJnMLDLRIwDQYJKoZIhvcNAQEL +BQAwKDEmMCQGA1UEAwwddGVzdC5zaGliYm9sZXRoLmVsYXN0aWMubG9jYWwwHhcN +MTkwMzA4MTMxODU5WhcNMzkwMzA4MTMxODU5WjAoMSYwJAYDVQQDDB10ZXN0LnNo +aWJib2xldGguZWxhc3RpYy5sb2NhbDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC +AYoCggGBAI4haOiDT0q1eBqwKWbOUfxTVQ2d3nC4wpPekB8YixcePBHu1GEKnCmO +E1/EHyhc5EA0p+IV4GRfwEC4bwWOFt5xY2XJREeXg21G1pQ0R2aHIb9cmJWuHHBt +4pIaEiOw1se4zfiTNgcO2WOc6ixmx/cJYjd+FvMPP3Y96JFycVt7f4DTUZ/IGUTO +jOjwRet9vpBHBzIIN+MEnarwd3mPt3FLhsMU09Q/C3Jfw9x+HcSrCQn7d/3ucvZL +iRdYfGxr6YVapwij5eRkVDx6pRi4jTWgNy7BGieWJLElDoPTapmPZxhTIkxnv9/A +HqZmOc2hErU/aPKe/H5doC9Sfj9jEhXURVYeK7Rsmq8IVW6WnVxODjO62/mS58Uu +slkLiNBd0GDx+PRm7YG1k3khJFihtL1xfKIE8PUEqemYIvoHY3/xTujplUDTdHlC +VRaf5/QhT+vgcn7JEXnWtgW1SzSg//lmN1htfOlPb4pXa/Y/Gg2JrsMXXgu098X8 +u++qOorK2QIDAQABo3MwcTAdBgNVHQ4EFgQUUxIigNlOHt4GZvE4XwmwPq0H2xsw +UAYDVR0RBEkwR4IddGVzdC5zaGliYm9sZXRoLmVsYXN0aWMubG9jYWyGJmh0dHBz +Oi8vdGVzdC5zaGliYm9sZXRoLmVsYXN0aWMubG9jYWwvMA0GCSqGSIb3DQEBCwUA +A4IBgQB3V3QLkSEnix65cZVH1x4ayZfkyYUeXqQEpjsnz4wGPmWXQp/vJ313mWsV +dtA6uCEHAhAi1It8QpOw0DkQQ39GYLANkra1skjGqOgqjsqCsEX9haaIVvRrG1YP +GA5C6nq88C4KgAYzhfzmOTkDvCLeM/adSV9q8y4juPsrOod81zBjp5GhLfraVUXq +6gwMjRqE+eEgX1RGiYDNl3oar4WB6+cCiTsbkJwHsmGc2LviHxlkPRSIPkJtTUAW +bTCN38FxQda9Ao6ZavSn2Da/HhQm1yxpOdEfTeBSFS5e6NSqj+X1Mc8y0L5cLUyZ +kqQ+q2xhMap2WyDxUm5db9OR5VkrpejR7+f+CYVD7CTt7bqoHQZgaOrGJLje0ZQX +cAeMgEFja4nK0TY8+eD+ijEZ3y/LRMsIl5Hetxaw1atgoVKociuhoF5wZSK0OsDQ +Qx/AEkhqDaSUfSZvSJlD645k/E20NGiK/a8nsquJ3Tkl8rQDEk8r/IKJVmo+vkuX +NgQpDdo= + + + + + + + + + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/views/admin/unlock-keys.vm b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/admin/unlock-keys.vm new file mode 100644 index 00000000000..3b15f3e034d --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/admin/unlock-keys.vm @@ -0,0 +1,96 @@ +## +## Velocity Template for Attended Startup Unlock Utility +## +## Velocity context will contain the following properties: +## flowRequestContext - the Spring Web Flow RequestContext +## request - HttpServletRequest +## response - HttpServletResponse +## profileRequestContext +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## +#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service")) +#set ($titleSuffix = $springMacroRequestContext.getMessage("idp.unlock-keys.title", "Attended Restart Key Unlock")) +#set ($eventId = $profileRequestContext.getSubcontext("org.opensaml.profile.context.EventContext").getEvent()) +#set ($state = $flowRequestContext.getCurrentState().getId()) + + + + + + $title - $titleSuffix + + + + +
+
+
+ #springMessageText( +

$title - $titleSuffix

+
+ +
+ #if ($state == "end") + #springMessageText("idp.unlock-keys.complete", "The system is unlocked and ready for use.") +

Validation Link

+ #else + #if ($eventId == "InvalidMessage") +

+ #springMessageText("idp.unlock-keys.error", "Unlock failed; check log for specific message.") +

+

+ #end + +
+ + + +
+ + +
+ +
+ + +
+ + + +
+ + +
+ +
+ +
+ +
+ +
+ +
+ #end +
+
+ +
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+ +
+ + \ No newline at end of file diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/views/client-storage/client-storage-read.vm b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/client-storage/client-storage-read.vm new file mode 100644 index 00000000000..1993c14d712 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/client-storage/client-storage-read.vm @@ -0,0 +1,53 @@ +## +## Velocity template to read from local storage. +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## loadContext - context with details about the storage keys to load +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service")) +#set ($titleSuffix = $springMacroRequestContext.getMessage("idp.client-storage-read.suffix", "Loading Session Information")) +## + + + + + + $title - $titleSuffix + + + + +
+
+
+

$title - $titleSuffix

+
+
+ $springMacroRequestContext.getMessage("idp.client-storage-read.text", "Loading login session information from the browser...") +
+ + #parse( "client-storage/read.vm" ) +
+
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/views/client-storage/client-storage-write.vm b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/client-storage/client-storage-write.vm new file mode 100644 index 00000000000..4b92d6b81ba --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/client-storage/client-storage-write.vm @@ -0,0 +1,53 @@ +## +## Velocity template to write to local storage. +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## saveContext - context with details about the storage data to save +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service")) +#set ($titleSuffix = $springMacroRequestContext.getMessage("idp.client-storage-write.suffix", "Saving Session Information...")) +## + + + + + + $title - $titleSuffix + + + + +
+
+
+

$title - $titleSuffix

+
+
+ $springMacroRequestContext.getMessage("idp.client-storage-write.text", "Saving login session information to the browser...") +
+ + #parse( "client-storage/write.vm" ) +
+
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + \ No newline at end of file diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/views/duo.vm b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/duo.vm new file mode 100644 index 00000000000..cf4f96a80ee --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/duo.vm @@ -0,0 +1,83 @@ +## +## Velocity Template for Duo login view-state +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## authenticationContext - context with authentication request information +## rpUIContext - the context with SP UI information from the metadata +## canonicalUsername - name of user passed to Duo +## duoHost - API hostname for Duo frame +## duoRequest - signed Duo request message +## duoScriptPath - path to Duo JavaScript source +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## + + + + + + + #springMessageText("idp.title", "Web Login Service") + + + + +
+
+
+ #springMessageText( +
+ +
+
+ +

#springMessageText("idp.login.duoRequired", "Authentication with Duo is required for the requested service.")

+ + + + +
+ + +
+ +

+ #springMessageText("idp.login.duoCancel", "Cancel this Request") +

+
+
+ +
+
+
+ +
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/views/error.vm b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/error.vm new file mode 100644 index 00000000000..dcb8e2b06b8 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/error.vm @@ -0,0 +1,73 @@ +## +## Velocity Template for error end-state +## +## Velocity context will contain the following properties +## flowRequestContext - the Spring Web Flow RequestContext +## profileRequestContext - root of context tree +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## +#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service")) +#set ($defaultTitleSuffix = $springMacroRequestContext.getMessage("idp.title.suffix", "Error")) +## +#if ($flowRequestContext) + ## This handles flow events, the most common case. + #set ($eventId = $flowRequestContext.getCurrentEvent().getId()) + #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "error")) + #set ($titleSuffix = $springMacroRequestContext.getMessage("${eventKey}.title", "$defaultTitleSuffix")) + #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "$defaultTitleSuffix: $eventId")) + #if ($eventId == "AccessDenied" or $eventId == "ContextCheckDenied") + $response.setStatus(403) + #elseif ($eventId == "AttributeReleaseRejected" || $eventId == "TermsRejected") + $response.setStatus(200) + #elseif ($eventKey == "unexpected" || $eventKey == "runtime-error" || $eventKey == "error") + $response.setStatus(500) + #else + $response.setStatus(400) + #end +#elseif ($exception) + ## This handles exceptions that reach the Spring-MVC exception handler. + #set ($eventId = $exception.getClass().getSimpleName()) + #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "error")) + #set ($titleSuffix = $springMacroRequestContext.getMessage("${eventKey}.title", "$defaultTitleSuffix")) + #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "$defaultTitleSuffix: $eventId")) +#else + ## This is a catch-all that theoretically shouldn't happen? + #set ($titleSuffix = $defaultTitleSuffix) + #set ($message = $springMacroRequestContext.getMessage("idp.message", "An unidentified error occurred.")) +#end +## + + + + + + $title - $titleSuffix + + + + +
+
+
+ #springMessageText( +

$title - $titleSuffix

+
+ +
+ #evaluate($message) +
+
+ +
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+ +
+ + \ No newline at end of file diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/views/intercept/attribute-release.vm b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/intercept/attribute-release.vm new file mode 100644 index 00000000000..20bde4609e0 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/intercept/attribute-release.vm @@ -0,0 +1,159 @@ +## +## Velocity Template for DisplayAttributeReleasePage view-state +## +## Velocity context will contain the following properties : +## +## attributeReleaseContext - context holding consentable attributes +## attributeReleaseFlowDescriptor - attribute consent flow descriptor +## attributeDisplayNameFunction - function to display attribute name +## attributeDisplayDescriptionFunction - function to display attribute description +## consentContext - context representing the state of a consent flow +## encoder - HTMLEncoder class +## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl) +## flowExecutionUrl - form action location +## flowRequestContext - Spring Web Flow RequestContext +## profileRequestContext - OpenSAML profile request context +## request - HttpServletRequest +## response - HttpServletResponse +## rpUIContext - context with SP UI information from the metadata +## environment - Spring Environment object for property resolution +#set ($serviceName = $rpUIContext.serviceName) +#set ($serviceDescription = $rpUIContext.serviceDescription) +#set ($informationURL = $rpUIContext.informationURL) +#set ($privacyStatementURL = $rpUIContext.privacyStatementURL) +#set ($rpOrganizationLogo = $rpUIContext.getLogo()) +#set ($rpOrganizationName = $rpUIContext.organizationName) +#set ($replaceDollarWithNewline = true) +## + + + + + + + #springMessageText("idp.attribute-release.title", "Information Release") + + +
+
+
+ + #if ($rpOrganizationLogo) + + #end +
+ #if ($serviceName) +

+ #springMessageText("idp.attribute-release.serviceNameLabel", "You are about to access the service:")
+ $serviceName + #if ($rpOrganizationName) + #springMessageText("idp.attribute-release.of", "of") $encoder.encodeForHTML($rpOrganizationName) + #end +

+ #end + #if ($serviceDescription) +

+ #springMessageText("idp.attribute-release.serviceDescriptionLabel", "Description as provided by this service:")
+ $encoder.encodeForHTML($serviceDescription) +
+

+ #end + #if ($informationURL) +

+ #springMessageText("idp.attribute-release.informationURLLabel", "Additional information about the service") +

+ #end +
+ + + + + + + + #foreach ($attribute in $attributeReleaseContext.getConsentableAttributes().values()) + + + + + + #end + +
+ #springMessageText("idp.attribute-release.attributesHeader", "Information to be Provided to Service") +
$encoder.encodeForHTML($attributeDisplayNameFunction.apply($attribute)) + #foreach ($value in $attribute.values) + #if ($replaceDollarWithNewline) + #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()).replaceAll($encoder.encodeForHTML("$"),"
")) + #else + #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue())) + #end + #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) + + #else + $encodedValue + #end +
+ #end + 		+ #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) + #set ($inputType = "checkbox") + #else + #set ($inputType = "hidden") + #end + +
+
+ #if ($privacyStatementURL) +

+ #springMessageText("idp.attribute-release.privacyStatementURLLabel", "Data privacy information of the service") +

+ #end +
+

+ #springMessageText("idp.attribute-release.confirmationQuestion", "The information above would be shared with the service if you proceed. Do you agree to release this information to the service every time you access it?") +

+ #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) +
+ #springMessageText("idp.attribute-release.consentMethod", "Select an information release consent duration:") + #end + #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed) +

+ + +

    +
  • #springMessageText("idp.attribute-release.doNotRememberConsentItem", "I agree to send my information this time.")
    • +
+

+ #end + #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) +

+ + +

    +
  • #springMessageText("idp.attribute-release.rememberConsentItem", "I agree that the same information will be sent automatically to this service in the future.")
    • +
+

+ #end + #if ($attributeReleaseFlowDescriptor.globalConsentAllowed) +

+ + +

    +
  • #springMessageText("idp.attribute-release.globalConsentItem", "I agree that all of my information will be released to any service.")
    • +
+

+ #end + #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) + #springMessageText("idp.attribute-release.consentMethodRevoke", "This setting can be revoked at any time with the checkbox on the login page.") +
+ #end +

+ + +

+
+
+
+ + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/views/intercept/expiring-password.vm b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/intercept/expiring-password.vm new file mode 100644 index 00000000000..4395844a200 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/intercept/expiring-password.vm @@ -0,0 +1,54 @@ +## +## Velocity Template for expiring password view +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## authenticationContext - context with authentication request information +## authenticationErrorContext - context with login error state +## authenticationWarningContext - context with login warning state +## ldapResponseContext - context with LDAP state (if using native LDAP) +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## + + + + + + #springMessageText("idp.title", "Web Login Service") + + + + + +
+
+
+ #springMessageText( +

#springMessageText("idp.login.expiringSoon", "Your password will be expiring soon!")

+
+ +
+

#springMessageText("idp.login.changePassword", "To create a new password now, go to") + #.

+

#springMessageText("idp.login.proceedBegin", "Your login will proceed in 20 seconds or you may click") + #springMessageText("idp.login.proceedHere", "here") + #springMessageText("idp.login.proceedEnd", "to continue").

+
+
+ +
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+ +
+ + \ No newline at end of file diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/views/intercept/impersonate.vm b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/intercept/impersonate.vm new file mode 100644 index 00000000000..2bae957b249 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/intercept/impersonate.vm @@ -0,0 +1,90 @@ +## +## Velocity Template for expiring password view +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## rpUIContext - the context with SP UI information from the metadata +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## +#set ($rpContext = $profileRequestContext.getSubcontext('net.shibboleth.idp.profile.context.RelyingPartyContext')) + + + + + + #springMessageText("idp.title", "Web Login Service") + + + + +
+
+
+ #springMessageText( +

#springMessageText("idp.impersonate.header", "Account Impersonation")

+
+ +
+ +
+ + #set ($serviceName = $rpUIContext.serviceName) + #if ($serviceName && !$rpContext.getRelyingPartyId().contains($serviceName)) + + $encoder.encodeForHTML($serviceName) + + #end + + + #springMessageText("idp.impersonate.text", "Enter an account name to impersonate to this service or continue normally.") + + +
+ + + + + +
+ +
+ +
+ +
+ +
+ +
+ +
+
+ +
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+ +
+ + \ No newline at end of file diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/views/intercept/terms-of-use.vm b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/intercept/terms-of-use.vm new file mode 100644 index 00000000000..1bf12c7e7f1 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/intercept/terms-of-use.vm @@ -0,0 +1,67 @@ +## +## Velocity Template for DisplayTermsOfUsePage view-state +## +## Velocity context will contain the following properties : +## +## encoder - HTMLEncoder class +## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl) +## flowExecutionUrl - form action location +## flowRequestContext - Spring Web Flow RequestContext +## request - HttpServletRequest +## response - HttpServletResponse +## rpUIContext - context with SP UI information from the metadata +## termsOfUseId - terms of use ID to lookup message strings +## environment - Spring Environment object for property resolution +#set ($serviceName = $rpUIContext.serviceName) +#set ($rpOrganizationLogo = $rpUIContext.getLogo()) +## + + + + + + + #springMessageText("${termsOfUseId}.title", "Terms of Use") + + +
+
+ + #if ($rpOrganizationLogo) + + #end +
+ #if ($rpOrganizationLogo) +
+

#springMessageText("${termsOfUseId}.title", "Terms of Use")

+
+ #end +
+ #springMessageText("${termsOfUseId}.text", "Terms of Use Text...") +
+
+
+
+ +
+
+
+
+ + + #if ($requireCheckbox) +

#springMessageText("idp.terms-of-use.required", "Please check this box if you want to proceed.")

+ #end + +
+
+
+
+
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/views/login-error.vm b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/login-error.vm new file mode 100644 index 00000000000..44676b32190 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/login-error.vm @@ -0,0 +1,24 @@ +## Velocity Template for login error message production, included by login.vm +## +## authenticationErrorContext - context containing error data, if available +## +#if ($authenticationErrorContext && $authenticationErrorContext.getClassifiedErrors().size() > 0 && $authenticationErrorContext.getClassifiedErrors().iterator().next() != "ReselectFlow") + ## This handles errors that are classified by the message maps in the authentication config. + #set ($eventId = $authenticationErrorContext.getClassifiedErrors().iterator().next()) + #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "login")) + #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "Login Failure: $eventId")) +#elseif ($authenticationErrorContext && $authenticationErrorContext.getExceptions().size() > 0) + ## This handles login exceptions that are left unclassified. + #set ($loginException = $authenticationErrorContext.getExceptions().get(0)) + #if ($loginException.getMessage()) + #set ($message = "Login Failure: $loginException.getMessage()") + #else + #set ($message = $loginException.toString()) + #end +#end + +#if ($message) +
+

$encoder.encodeForHTML($message)

+
+#end diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/views/login.vm b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/login.vm new file mode 100644 index 00000000000..4ebf9bfc6a6 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/login.vm @@ -0,0 +1,144 @@ +## +## Velocity Template for DisplayUsernamePasswordPage view-state +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## authenticationContext - context with authentication request information +## authenticationErrorContext - context with login error state +## authenticationWarningContext - context with login warning state +## ldapResponseContext - context with LDAP state (if using native LDAP) +## rpUIContext - the context with SP UI information from the metadata +## extendedAuthenticationFlows - collection of "extended" AuthenticationFlowDescriptor objects +## passwordPrincipals - contents of the shibboleth.authn.Password.PrincipalOverride bean +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## +#set ($rpContext = $profileRequestContext.getSubcontext('net.shibboleth.idp.profile.context.RelyingPartyContext')) +#set ($username = $authenticationContext.getSubcontext('net.shibboleth.idp.authn.context.UsernamePasswordContext', true).getUsername()) +#set ($passwordEnabled = false) +#if (!$passwordPrincipals or $passwordPrincipals.isEmpty() or $authenticationContext.isAcceptable($passwordPrincipals)) + #set ($passwordEnabled = true) +#end +## + + + + + + #springMessageText("idp.title", "Web Login Service") + + + +
+
+
+ #springMessageText( +
+ +
+
+ #parse("login-error.vm") + +
+ + #set ($serviceName = $rpUIContext.serviceName) + #if ($serviceName && !$rpContext.getRelyingPartyId().contains($serviceName)) + + #springMessageText("idp.login.loginTo", "Login to") $encoder.encodeForHTML($serviceName) + + #end + + #if ($passwordEnabled) +
+ + +
+ +
+ + +
+ + ## You may need to modify this to taste, such as changing the flow name its checking for to authn/MFA. + #if (!$authenticationContext.getActiveResults().containsKey('authn/Password')) +
+ + +
+ #end + + #end + +
+ + +
+ + #if ($passwordEnabled) +
+ +
+ #end + + #foreach ($extFlow in $extendedAuthenticationFlows) + #if ($authenticationContext.isAcceptable($extFlow) and $extFlow.apply(profileRequestContext)) +
+ +
+ #end + #end +
+ + #* + // + // SP Description & Logo (optional) + // These idpui lines will display added information (if available + // in the metadata) about the Service Provider (SP) that requested + // authentication. These idpui lines are "active" in this example + // (not commented out) - this extra SP info will be displayed. + // Remove or comment out these lines to stop the display of the + // added SP information. + // + *# + #set ($logo = $rpUIContext.getLogo()) + #if ($logo) + $encoder.encodeForHTMLAttribute($serviceName) + #end + #set ($desc = $rpUIContext.getServiceDescription()) + #if ($desc) + $encoder.encodeForHTML($desc) + #end + +
+
+ +
+
+
+ +
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + + \ No newline at end of file diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/views/logout-complete.vm b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/logout-complete.vm new file mode 100644 index 00000000000..d780252c906 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/logout-complete.vm @@ -0,0 +1,59 @@ +## +## Velocity Template for logout flow's concluding view-state (no propagation) +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## logoutContext - context with SPSession details for logout operation +## multiRPContext - context with RelyingPartyContexts and possibly SP UI information from the metadata +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## + + + + + + #springMessageText("idp.title", "Web Login Service") + + + + +
+
+
+ #springMessageText( +
+ +
+
+

#springMessageText("idp.logout.local", "You elected not to log out of all the applications accessed during your session.")

+
+
+ +
+
+
+ + + #if ( $profileRequestContext.getProfileId().contains("saml2/logout") ) + + #end + +
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + + \ No newline at end of file diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/views/logout-propagate.vm b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/logout-propagate.vm new file mode 100644 index 00000000000..86b3fa14d65 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/logout-propagate.vm @@ -0,0 +1,58 @@ +## +## Velocity Template for logout flow's concluding view-state (with propagation) +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## logoutContext - context with SPSession details for logout operation +## multiRPContext - context with RelyingPartyContexts and possibly SP UI information from the metadata +## htmlEncoder - HTMLEncoder class +## urlEncoder - urlEncoder class +## codecUtil - CodecUtil class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## + + + + + + #springMessageText("idp.title", "Web Login Service") + + + + + +
+
+
+ #springMessageText( +
+ +
+
+

#springMessageText("idp.logout.attempt", "Attempting to log out of the following services:")

+ #parse("logout/propagate.vm") +
+
+ +
+
+
+ +
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + + \ No newline at end of file diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/views/logout.vm b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/logout.vm new file mode 100644 index 00000000000..d31ae0e6a01 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/logout.vm @@ -0,0 +1,107 @@ +## +## Velocity Template for logout flow's starting view-state +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## logoutContext - context with SPSession details for logout operation +## multiRPContext - context with RelyingPartyContexts and possibly SP UI information from the metadata +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## +#set ($rpContext = $profileRequestContext.getSubcontext("net.shibboleth.idp.profile.context.RelyingPartyContext")) +#if ($rpContext) +#set ($rpUIContext = $rpContext.getSubcontext("net.shibboleth.idp.ui.context.RelyingPartyUIContext")) +#end + + + + + + #if ( $logoutContext and !$logoutContext.getSessionMap().isEmpty() ) + + #end + #springMessageText("idp.title", "Web Login Service") + + + + +
+
+
+ #springMessageText( +
+ +
+
+

This page is displayed when a logout operation at the Identity Provider completes. This page is an example + and should be customized. It is not fully internationalized because the presentation will be a highly localized + decision, and we don't have a good suggestion for a default.

+
+ + #if ($rpContext) +

#springMessageText("idp.logout.sp-initiated", "You have been logged out of the following service:")

+
+ #if ($rpUIContext) + $encoder.encodeForHTML($rpUIContext.getServiceName()) + #else + $encoder.encodeForHTML($rpContext.getRelyingPartyId()) + #end +
+
+ #end + + #if ( $logoutContext and !$logoutContext.getSessionMap().isEmpty() ) +

#springMessageText("idp.logout.ask", "Would you like to attempt to log out of all services accessed during your session? Please select Yes or No to ensure the logout operation completes, or wait a few seconds for Yes.")

+
+ +
+ + +
+ +
+

#springMessageText("idp.logout.contactServices", "If you proceed, the system will attempt to contact the following services:")

+
    + #foreach ($sp in $logoutContext.getSessionMap().keySet()) + #set ($rpCtx = $multiRPContext.getRelyingPartyContextById($sp)) + #if ($rpCtx) + #set ($rpUIContext = $rpCtx.getSubcontext("net.shibboleth.idp.ui.context.RelyingPartyUIContext")) + #end + #if ($rpUIContext and $rpUIContext.getServiceName()) +
  1. $encoder.encodeForHTML($rpUIContext.getServiceName())
    2. + #else +
  2. $encoder.encodeForHTML($sp)
    3. + #end + #end +
+ #else +

#springMessageText("idp.logout.complete", "The logout operation is complete, and no other services appear to have been accessed during this session.")

+ + + #end + +
+
+ +
+
+
+ +
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + + \ No newline at end of file diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/views/spnego-unavailable.vm b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/spnego-unavailable.vm new file mode 100644 index 00000000000..3673f02a21e --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/spnego-unavailable.vm @@ -0,0 +1,49 @@ +## +## Velocity Template for SPNEGO unauthorized page +## +## This is not a Spring Webflow view, but a special view internal to the +## SPNEGO login flow, so it doesn't contain all of the usual SWF variables. +## +## Velocity context will contain the following properties +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## profileRequestContext - root of context tree +## errorUrl - URL to call to indicate error and return back to the login flow +## +#set ($eventKey = $springMacroRequestContext.getMessage("SPNEGOUnavailable", "spnego-unavailable")) + + + + + + #springMessageText("idp.title", "Web Login Sevice") - #springMessageText("${eventKey}.title", "Error") + + + + +
+
+
+ #springMessageText( +

#springMessageText("idp.title", "Web Login Sevice") - #springMessage("idp.title.suffix", "Error")

+
+ +
+ #springMessageText("${eventKey}.message", "Your web browser doesn't support authentication with your desktop login credentials.") + +
+
+ +
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/views/user-prefs.vm b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/user-prefs.vm new file mode 100644 index 00000000000..8de0503cd77 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/views/user-prefs.vm @@ -0,0 +1,60 @@ +## +## Velocity Template for user preferences view +## +## Velocity context will contain the following properties +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## + + + + + + #springMessageText("idp.userprefs.title", "Web Login Service") - #springMessageText("idp.userprefs.title.suffix", "Login Preferences") + + + + +
+
+
+ #springMessageText( +

#springMessageText("idp.title", "Web Login Service") - #springMessageText("idp.userprefs.title.suffix", "Login Preferences")

+

+ #springMessage("idp.userprefs.info") +

+
+ + + + +
+ +
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + + diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/css/consent.css b/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/css/consent.css new file mode 100644 index 00000000000..5daabeed018 --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/css/consent.css @@ -0,0 +1,150 @@ +.box { + width:600px; + margin-left: auto; + margin-right: auto; + margin-top: 50px; + background-color: white; + -webkit-box-shadow: 1px 1px 15px #999999; + -moz-box-shadow: 1px 1px 15px #999999; + box-shadow: 1px 1px 15px #999999; + -webkit-border-radius: 8px; + -moz-border-radius: 8px; + border-radius: 8px; + overflow: auto; + padding: 1.268em; +} + +body { + font-family:Verdana, Geneva, sans-serif; + font-size: 12px; +} + +h1 { + font-size: 13px; + padding-bottom: 12px; +} + +a { + color: #00247D; + text-decoration: underline; +} + +a:visited { + color: #00247D; + text-decoration: underline; +} + +a:focus, a:hover, a:active { + color: #F39800; + text-decoration: underline; +} + +#tou-content { + font-family:monospace; + width: 95%; + border: solid 1px #666; + margin: 4px; + padding: 10px; + overflow: hidden; +} + +#tou-content li{ + margin-bottom:10px; +} + +#tou-acceptance { + width: 95%; + border: solid 1px #666; + background-color: #F0F0F0; + margin: 4px; + padding: 10px; + text-align: left; + overflow: hidden; +} + +.service_name { + font-weight: bold; +} + +.service_description { + font-style: italic; +} + +.organization_name { +} + +#attributeRelease-consent { + width: 95%; + border: solid 1px #666; + background-color: #F0F0F0; + margin: 4px; + overflow: hidden; +} + +#attributeRelease { + width: 95%; + margin: 4px; + border: solid 1px black; + overflow: auto; +} + +#attributeRelease table { + border-collapse: collapse; + border: none 0px white; + width: 100%; +} + +#attributeRelease td { + padding: 3px 7px; + vertical-align: top; +} + +#attributeRelease th { + text-align: left; + font-size: 18px; + padding: 5px 7px; + background-color:#00247D; + color: white; +} + +#attributeRelease tr:nth-of-type(even) { + background-color: #E4E5E3; +} + +.federation_logo +{ + width: 50%; + float: left; + padding-top: 35px; + border: 0; +} +.organization_logo +{ + width: 50%; + float: right; + border: 0; +} + +.form-error { + padding: 0; + color: #B61601; +} + +/* Device specific styles */ +@media only screen and (max-device-width: 721px){ + .box { + width: auto; + box-shadow: none; + border-radius: 0; + -webkit-box-shadow: none; + -webkit-border-radius: 0; + -moz-box-shadow: none; + -moz-border-radius: 0; + padding: 0; + margin-top:0; + } + #tou-content, #tou-acceptance{ + /*width:87%;*/ + width:auto; + } +} diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/css/logout.css b/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/css/logout.css new file mode 100644 index 00000000000..26f18931c9d --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/css/logout.css @@ -0,0 +1,12 @@ +/* Success/Failure indicators for logout propagation. */ + +.success { + background: url(../images/success-32x32.png) no-repeat left center; + line-height: 36px; + padding-left: 36px; +} +.failure { + background: url(../images/failure-32x32.png) no-repeat left center; + line-height: 36px; + padding-left: 36px; +} diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/css/main.css b/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/css/main.css new file mode 100644 index 00000000000..116b31e444f --- /dev/null +++ b/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/css/main.css @@ -0,0 +1,165 @@ +* { + margin: 0; + padding: 0; +} +header, footer, section, nav { + display: block; +} +html, body { + height: 100%; +} +body { + font-family:Verdana, Geneva, sans-serif; + font-size: 12px; + line-height: 1.5; + color: #717171; + background: #717171; +} +a:link, +a:visited { + text-decoration: none; + color: #717171; +} +img { + max-width: 100%; + margin-bottom: 12px; +} + +.wrapper { + background: #ffffff; +} + +.container { + position: relative; + left: 34%; + width: 540px; + margin-left: -270px; +} +.container-footer { + padding-top: 12px; +} +@media only screen and (max-width: 1020px) { + .container { + left: 45%; + } +} +@media only screen and (max-width: 650px) { + .container { + position: static; + margin: 0 auto; + width: 280px; + } +} + +header { + padding: 20px 0; +} + +.logo img { + border: none; +} +@media only screen and (max-width: 650px) { + .logo img { + display: none; + } + .logo { + background: url(../images/dummylogo-mobile.png) no-repeat top center; + display: block; + height: 115px; + width: 100px; + margin: 0 auto; + } +} + +.content { + padding-bottom: 80px; + overflow: hidden; +} + +.column { + float: left; +} +.column.one { + width: 50%; + margin-right: 48px; +} + +form { + width: 240px; + padding-bottom: 21px; +} +form label { /* labels are hidden */ + font-weight: bold; +} +form legend { + font-size:1.2em; + margin-bottom: 12px; +} +.form-element-wrapper { + margin-bottom: 12px; +} +.form-element { + width: 100%; + padding: 13px 12px; + border: none; + font-size: 14px; + border-radius: 4px; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; +} +.form-field { + color: #B7B7B7; + border: 1px solid #B7B7B7; +} +.form-field-focus, +.form-field:focus, +input[type="text"]:focus { + color: #333333; + border-color: #333; +} +.form-button { + background: #B61601; + box-sizing: content-box; + -moz-box-sizing: content-box; + color: #ffffff; + cursor: pointer; +} +.form-button:hover { + background: #FF6400; +} +.form-error { + padding: 0; + color: #B61601; +} + +.list-help { + margin-top: 40px; /* offset padding on first anchor */ + list-style: none; +} +.list-help-item a { + display: block; + padding: 6px 0; +} +.item-marker { + color: #be0000; +} + +footer { + color: #ffffff; + font-size: 11px; + background: #717171; +} +.footer-text { + margin-bottom: 12px; +} +.footer-links a:link, +.footer-links a:visited { + color: #ffffff; + font-weight: bold; +} +.footer-links a:after { + content: "\00a0\00a0\00a0|\00a0\00a0"; +} +.footer-links a.last:after { + content: ""; +} diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/images/dummylogo-mobile.png b/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/images/dummylogo-mobile.png new file mode 100644 index 00000000000..8ba3c95a12a Binary files /dev/null and b/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/images/dummylogo-mobile.png differ diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/images/dummylogo.png b/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/images/dummylogo.png new file mode 100644 index 00000000000..e89ede6e208 Binary files /dev/null and b/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/images/dummylogo.png differ diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/images/failure-32x32.png b/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/images/failure-32x32.png new file mode 100644 index 00000000000..3c48e4669dc Binary files /dev/null and b/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/images/failure-32x32.png differ diff --git a/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/images/success-32x32.png b/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/images/success-32x32.png new file mode 100644 index 00000000000..aa512048d8f Binary files /dev/null and b/x-pack/test/idp-fixture/idp/shibboleth-idp/webapp/images/success-32x32.png differ diff --git a/x-pack/test/idp-fixture/openldap/certs/README b/x-pack/test/idp-fixture/openldap/certs/README new file mode 100644 index 00000000000..d5c95b625c4 --- /dev/null +++ b/x-pack/test/idp-fixture/openldap/certs/README @@ -0,0 +1,5 @@ +certtool -p --outfile ca_server.key +certtool -s --load-privkey ca_server.key --template templates/ca_server.conf --outfile ca_server.pem +certtool -p --sec-param high --outfile ldap_server.key +certtool -c --load-privkey ldap_server.key --load-ca-certificate ca_server.pem --load-ca-privkey ca_server.key --template templates/ldap_server.conf --outfile ldap_server.pem +keytool -importcert -file ca_server.pem -alias idp-fixture-ca -keystore ca.jks -noprompt -storepass changeit diff --git a/x-pack/test/idp-fixture/openldap/certs/ca.jks b/x-pack/test/idp-fixture/openldap/certs/ca.jks new file mode 100644 index 00000000000..0b1e25b8c0f Binary files /dev/null and b/x-pack/test/idp-fixture/openldap/certs/ca.jks differ diff --git a/x-pack/test/idp-fixture/openldap/certs/ca_server.key b/x-pack/test/idp-fixture/openldap/certs/ca_server.key new file mode 100644 index 00000000000..170940eb1e7 --- /dev/null +++ b/x-pack/test/idp-fixture/openldap/certs/ca_server.key @@ -0,0 +1,182 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: High (3072 bits) + +modulus: + 00:bb:4f:a2:af:4f:c2:44:59:c9:5d:99:29:4f:7c:46 + 85:71:11:15:8e:7d:5c:37:5b:94:26:53:e8:c1:0c:3e + ef:cf:4c:51:be:30:f6:5f:3f:80:b4:0a:8b:c9:80:84 + f7:47:7c:c6:76:b1:63:8d:ab:67:b2:17:8d:df:4a:e7 + aa:f0:56:eb:e3:80:17:d5:ea:25:55:d5:5a:39:ab:9c + b1:b1:94:ec:89:1f:99:ae:37:77:17:f0:2f:85:35:d1 + b2:7d:86:2e:8d:ab:4b:64:3a:e0:28:e8:74:9a:b3:84 + fb:cb:89:94:a8:50:25:ec:b1:db:fe:b0:60:99:f0:7e + 16:8e:89:b2:82:ee:07:ce:84:be:cb:e6:fa:c0:47:dc + ca:77:7b:73:4b:61:12:c6:1c:a9:a7:06:72:fb:31:5c + e4:94:d9:b9:f2:c7:c6:78:4f:75:5e:61:bd:a2:f8:35 + 97:06:d1:40:0b:30:bf:6f:35:73:7e:df:8a:ba:2f:9b + ba:4b:60:91:d0:93:90:97:b6:43:f4:d6:8e:a9:61:18 + 7f:e8:dc:0f:7c:c5:94:66:f9:40:e7:c8:91:b7:12:de + 0c:0c:b3:66:86:98:b3:4a:c1:70:f2:00:78:0e:c2:bb + 3a:b7:1e:a5:c3:f3:b0:06:2f:1b:45:68:23:97:e5:42 + 7a:da:30:d4:e5:4d:9e:57:6f:08:2d:ce:94:68:94:31 + 31:e2:a2:8a:3d:f7:18:6a:e2:c4:b8:fe:58:b2:d7:95 + 6c:f7:19:c1:40:4d:c4:5f:98:5a:2f:34:d1:70:cd:d8 + 3f:1a:6d:4a:d0:d4:dc:8a:7c:a0:28:39:fe:f1:00:71 + b3:66:6e:fc:96:fb:a1:5b:12:8b:ef:f2:f4:4c:53:02 + b7:17:58:c7:33:57:42:c4:f8:66:0b:db:b4:a4:f7:9a + 87:3c:47:0d:09:c9:cd:e9:fc:2e:39:0a:91:30:96:a0 + dd:61:c1:31:d9:b3:3f:81:a1:51:fc:a9:14:6c:41:b2 + 6b: + +public exponent: + 01:00:01: + +private exponent: + 4b:e3:5f:ce:17:4a:65:d6:da:b6:89:2f:2b:7c:f6:35 + 6a:31:b9:c2:19:18:1b:75:86:f8:60:56:94:a0:19:7f + 9f:45:14:79:31:ed:1f:79:e2:f3:0e:b2:c3:d8:c6:06 + 49:78:4c:10:1a:9e:72:ef:56:fb:d8:7f:2a:50:76:bb + d2:d3:e4:8e:2f:7f:78:b3:7c:9c:e1:eb:c4:21:bb:42 + 62:e8:2b:4d:02:f8:88:95:00:33:3a:a4:86:1b:df:f1 + a8:d9:8c:52:e9:6b:8a:18:30:69:62:84:9b:88:d0:00 + 13:de:91:d3:ff:64:de:18:d1:40:c6:c4:dc:99:8a:fc + 28:93:b1:37:4a:a8:ef:0a:e9:22:43:5a:a4:3c:79:3f + ae:58:dd:c5:54:76:fe:bc:ee:1f:35:85:b0:2f:b7:ab + 04:83:91:ca:c3:15:ad:f8:c3:5c:91:cc:fb:12:04:e4 + 43:66:d3:c3:b4:e4:5a:72:15:70:f9:b0:82:ee:76:f0 + b8:d7:2c:fc:07:2b:64:73:a6:64:1d:d2:d9:93:88:f3 + a7:9e:20:41:03:75:f8:14:80:63:1f:df:2f:85:c7:02 + 18:c1:f6:f6:2d:65:0d:10:f8:9a:61:a8:06:e8:20:1c + 8e:42:e7:a2:25:37:85:75:24:b3:86:a8:b4:6f:cd:5b + be:19:bb:95:53:2b:a7:a5:f1:e2:44:41:47:5e:5c:39 + 35:f7:bd:ac:fe:76:07:da:72:ce:22:b9:60:97:97:9b + c8:ee:24:7a:28:97:d8:48:57:8a:40:f0:64:6c:2d:1f + f4:ff:d3:9f:a0:93:16:28:33:e3:13:e3:2d:76:30:70 + a4:de:3d:f4:1b:a0:f3:55:25:7e:98:7b:26:8c:8c:63 + cb:a1:e9:dd:b4:e8:18:31:aa:ab:87:b8:24:6d:de:5b + 4e:14:2e:d1:27:9b:2e:f0:7d:c5:7a:be:68:15:b0:1d + 57:b4:34:7f:88:ff:03:61:28:12:e4:58:50:82:7b:81 + + +prime1: + 00:f3:95:0d:b3:ea:5c:48:1a:d8:2f:24:a4:09:c3:56 + 21:a5:96:44:ff:d9:6b:42:f3:c6:87:e6:a9:c1:6e:8e + aa:cb:c7:f0:d9:28:b5:48:36:dc:a6:e1:47:f4:5f:64 + 25:61:1e:6c:4c:01:45:02:2a:22:29:2f:26:a1:ba:15 + 62:f4:c7:5d:04:04:9c:89:8a:1b:e3:95:e5:17:5f:8d + 33:65:b3:42:e6:36:16:5e:b7:bc:97:03:21:15:11:36 + 3c:e6:b6:dc:c3:37:f4:1a:57:7a:bc:c6:4a:83:3f:ca + 2b:64:9e:9a:14:2a:92:c8:a3:f7:4a:fa:39:e1:b3:07 + a7:19:a6:5d:19:71:09:e1:6b:a4:ec:5f:d2:08:79:c8 + cb:4b:ac:b0:bb:96:ae:95:9a:f6:6d:1e:19:79:33:c7 + 4e:e2:bf:e2:af:16:a8:81:46:33:14:a6:cf:f3:20:cc + e3:4b:3a:93:19:ff:c1:8e:61:e1:bb:f2:03:d9:66:fa + 93: + +prime2: + 00:c4:dc:32:8d:8a:aa:71:17:6b:da:04:61:55:bd:5b + de:37:fe:85:c5:9f:31:6f:d1:68:de:87:b7:86:d5:39 + c8:c4:3c:5f:9d:d0:9b:69:74:3b:ca:85:84:b6:09:cc + bd:ba:e4:f0:af:47:dd:25:10:5e:25:72:2d:d5:4e:40 + f5:8a:09:09:97:40:34:60:1e:d5:88:b7:4d:04:3b:51 + 01:2a:a0:42:bf:12:0b:51:d0:38:df:d3:7f:c7:92:26 + d9:5c:e1:e0:52:12:f0:bc:08:cc:c1:90:70:82:11:02 + 77:a7:00:0c:73:a8:7c:e8:61:64:f4:ee:42:27:82:31 + 4a:56:f9:ce:49:62:96:b6:c2:32:f3:dc:01:a5:cf:04 + 3b:ef:68:01:2e:df:ea:5e:79:b7:39:ac:d5:49:c9:d0 + 82:5a:75:60:c1:fe:8a:00:b3:b2:e3:ab:d5:e2:54:0a + dd:8d:0f:f3:7b:00:40:82:dd:86:6d:7c:69:ec:25:57 + c9: + +coefficient: + 7e:50:e0:a0:d5:37:7e:fb:33:36:85:96:1c:5b:ee:12 + 61:de:88:d8:e1:4d:8e:a8:ce:d5:b3:59:78:4f:53:8c + 82:21:f3:e8:41:07:34:75:89:69:02:72:a0:e2:82:c6 + 06:20:0a:ab:a1:6f:9c:fc:62:b2:80:89:54:29:e2:96 + e2:63:2d:c0:f6:1f:22:6a:7f:43:28:aa:8a:d2:f9:62 + 71:42:b8:01:1c:1a:3d:16:1f:37:e8:b9:c4:1e:5b:e6 + f9:b9:77:d4:aa:82:9c:14:1c:97:ab:a0:84:e8:2a:ed + 73:96:6f:14:ee:f7:a3:42:97:07:b6:01:2a:7b:c6:93 + ca:cd:bf:e1:8b:37:c9:48:b5:ce:95:19:59:ef:e3:f6 + df:85:5e:6e:b5:8c:3e:43:ea:bf:8a:af:53:51:aa:43 + 9f:00:9f:88:04:2c:cc:cf:f1:28:db:00:e6:81:f4:a7 + e1:85:64:b4:65:f8:ce:d9:b1:50:64:12:2a:ab:76:f8 + + +exp1: + 13:38:18:8b:b0:9b:35:69:40:d3:7f:6d:9e:03:96:a1 + 33:02:87:51:34:a3:7c:f5:e5:1d:45:fa:f0:f3:3b:38 + 88:b9:ae:ec:43:85:02:3c:a9:ee:54:ea:2b:82:f7:50 + e7:b7:d1:cd:b1:6f:f3:7a:c5:95:40:4e:29:06:98:b7 + 65:1e:f1:dc:e6:4c:3f:a1:f1:0f:64:fd:5d:79:c1:97 + 63:97:e0:58:6f:be:16:1d:23:39:3b:1a:fa:21:90:88 + ff:9f:40:0d:fb:35:3c:7a:d8:89:5a:8f:f8:89:28:f7 + 81:89:ee:18:57:3f:9b:ab:2c:50:f3:2b:6b:fe:87:45 + 0d:06:0e:64:7a:81:d0:12:81:41:d1:51:ae:2f:85:c3 + 5c:a6:34:8f:a8:94:ff:e2:e9:3c:b4:da:47:b0:e9:31 + f5:3c:34:b3:a1:f3:0b:b8:31:41:98:e3:e1:88:1e:02 + 75:26:1b:03:3b:25:d7:89:2b:99:7b:c0:08:00:53:17 + + +exp2: + 00:9d:7a:f5:69:eb:52:db:f3:7b:90:c5:ce:43:b3:9e + a9:4f:2b:ea:41:a4:4e:fc:ff:8d:9f:ee:fb:ee:fd:e6 + 22:e8:70:cf:a0:c4:bf:7e:85:c0:4b:0b:b2:95:99:93 + 52:f8:0e:ab:47:dc:fa:58:eb:16:15:68:98:a7:b9:d9 + 17:53:9c:55:32:cc:e6:d9:39:f1:62:54:18:65:59:3a + 3c:ef:a7:92:9d:9d:46:b6:e5:16:8a:5f:7c:29:df:8d + fa:76:66:2f:78:18:b4:c2:07:5c:1d:40:79:f0:62:c1 + 11:8c:e3:ea:12:1f:e8:04:51:dd:5c:5e:b9:47:37:cc + 4c:86:f5:81:83:8d:3d:b9:e7:f2:b0:c7:ff:fd:6f:75 + 18:a9:35:0f:35:3b:65:16:bc:d1:c9:6e:ac:95:41:bf + ee:77:84:cc:a9:84:01:4b:fc:75:0f:d2:67:e0:8d:90 + bf:99:57:f8:54:1e:68:7d:07:cf:c1:08:35:07:f6:fb + 99: + + +Public Key PIN: + pin-sha256:8n9vHwv9uP15hLS09K0gyVdW8LzD7lVp0qIUFexwEho= +Public Key ID: + sha256:f27f6f1f0bfdb8fd7984b4b4f4ad20c95756f0bcc3ee5569d2a21415ec70121a + sha1:ffa9f3de78471ea8fe2e06ff753aa952ae96c0c9 + +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAu0+ir0/CRFnJXZkpT3xGhXERFY59XDdblCZT6MEMPu/PTFG+ +MPZfP4C0CovJgIT3R3zGdrFjjatnsheN30rnqvBW6+OAF9XqJVXVWjmrnLGxlOyJ +H5muN3cX8C+FNdGyfYYujatLZDrgKOh0mrOE+8uJlKhQJeyx2/6wYJnwfhaOibKC +7gfOhL7L5vrAR9zKd3tzS2ESxhyppwZy+zFc5JTZufLHxnhPdV5hvaL4NZcG0UAL +ML9vNXN+34q6L5u6S2CR0JOQl7ZD9NaOqWEYf+jcD3zFlGb5QOfIkbcS3gwMs2aG +mLNKwXDyAHgOwrs6tx6lw/OwBi8bRWgjl+VCetow1OVNnldvCC3OlGiUMTHiooo9 +9xhq4sS4/liy15Vs9xnBQE3EX5haLzTRcM3YPxptStDU3Ip8oCg5/vEAcbNmbvyW ++6FbEovv8vRMUwK3F1jHM1dCxPhmC9u0pPeahzxHDQnJzen8LjkKkTCWoN1hwTHZ +sz+BoVH8qRRsQbJrAgMBAAECggGAS+NfzhdKZdbatokvK3z2NWoxucIZGBt1hvhg +VpSgGX+fRRR5Me0feeLzDrLD2MYGSXhMEBqecu9W+9h/KlB2u9LT5I4vf3izfJzh +68Qhu0Ji6CtNAviIlQAzOqSGG9/xqNmMUulrihgwaWKEm4jQABPekdP/ZN4Y0UDG +xNyZivwok7E3SqjvCukiQ1qkPHk/rljdxVR2/rzuHzWFsC+3qwSDkcrDFa34w1yR +zPsSBORDZtPDtORachVw+bCC7nbwuNcs/AcrZHOmZB3S2ZOI86eeIEEDdfgUgGMf +3y+FxwIYwfb2LWUNEPiaYagG6CAcjkLnoiU3hXUks4aotG/NW74Zu5VTK6el8eJE +QUdeXDk1972s/nYH2nLOIrlgl5ebyO4keiiX2EhXikDwZGwtH/T/05+gkxYoM+MT +4y12MHCk3j30G6DzVSV+mHsmjIxjy6Hp3bToGDGqq4e4JG3eW04ULtEnmy7wfcV6 +vmgVsB1XtDR/iP8DYSgS5FhQgnuBAoHBAPOVDbPqXEga2C8kpAnDViGllkT/2WtC +88aH5qnBbo6qy8fw2Si1SDbcpuFH9F9kJWEebEwBRQIqIikvJqG6FWL0x10EBJyJ +ihvjleUXX40zZbNC5jYWXre8lwMhFRE2POa23MM39BpXerzGSoM/yitknpoUKpLI +o/dK+jnhswenGaZdGXEJ4Wuk7F/SCHnIy0ussLuWrpWa9m0eGXkzx07iv+KvFqiB +RjMUps/zIMzjSzqTGf/BjmHhu/ID2Wb6kwKBwQDE3DKNiqpxF2vaBGFVvVveN/6F +xZ8xb9Fo3oe3htU5yMQ8X53Qm2l0O8qFhLYJzL265PCvR90lEF4lci3VTkD1igkJ +l0A0YB7ViLdNBDtRASqgQr8SC1HQON/Tf8eSJtlc4eBSEvC8CMzBkHCCEQJ3pwAM +c6h86GFk9O5CJ4IxSlb5zklilrbCMvPcAaXPBDvvaAEu3+peebc5rNVJydCCWnVg +wf6KALOy46vV4lQK3Y0P83sAQILdhm18aewlV8kCgcATOBiLsJs1aUDTf22eA5ah +MwKHUTSjfPXlHUX68PM7OIi5ruxDhQI8qe5U6iuC91Dnt9HNsW/zesWVQE4pBpi3 +ZR7x3OZMP6HxD2T9XXnBl2OX4FhvvhYdIzk7GvohkIj/n0AN+zU8etiJWo/4iSj3 +gYnuGFc/m6ssUPMra/6HRQ0GDmR6gdASgUHRUa4vhcNcpjSPqJT/4uk8tNpHsOkx +9Tw0s6HzC7gxQZjj4YgeAnUmGwM7JdeJK5l7wAgAUxcCgcEAnXr1aetS2/N7kMXO +Q7OeqU8r6kGkTvz/jZ/u++795iLocM+gxL9+hcBLC7KVmZNS+A6rR9z6WOsWFWiY +p7nZF1OcVTLM5tk58WJUGGVZOjzvp5KdnUa25RaKX3wp3436dmYveBi0wgdcHUB5 +8GLBEYzj6hIf6ARR3VxeuUc3zEyG9YGDjT255/Kwx//9b3UYqTUPNTtlFrzRyW6s +lUG/7neEzKmEAUv8dQ/SZ+CNkL+ZV/hUHmh9B8/BCDUH9vuZAoHAflDgoNU3fvsz +NoWWHFvuEmHeiNjhTY6oztWzWXhPU4yCIfPoQQc0dYlpAnKg4oLGBiAKq6FvnPxi +soCJVCniluJjLcD2HyJqf0MoqorS+WJxQrgBHBo9Fh836LnEHlvm+bl31KqCnBQc +l6ughOgq7XOWbxTu96NClwe2ASp7xpPKzb/hizfJSLXOlRlZ7+P234VebrWMPkPq +v4qvU1GqQ58An4gELMzP8SjbAOaB9KfhhWS0ZfjO2bFQZBIqq3b4 +-----END RSA PRIVATE KEY----- diff --git a/x-pack/test/idp-fixture/openldap/certs/ca_server.pem b/x-pack/test/idp-fixture/openldap/certs/ca_server.pem new file mode 100644 index 00000000000..d090cbf6d3a --- /dev/null +++ b/x-pack/test/idp-fixture/openldap/certs/ca_server.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEAzCCAmugAwIBAgIUGJBYO12hG0Uo/jCDsHqz9KNR25cwDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAxMOTERBUCBTZXJ2ZXIgQ0EwHhcNMTkwMzA4MTY1MzI2WhcN +MjAwMzA3MTY1MzI2WjAZMRcwFQYDVQQDEw5MREFQIFNlcnZlciBDQTCCAaIwDQYJ +KoZIhvcNAQEBBQADggGPADCCAYoCggGBALtPoq9PwkRZyV2ZKU98RoVxERWOfVw3 +W5QmU+jBDD7vz0xRvjD2Xz+AtAqLyYCE90d8xnaxY42rZ7IXjd9K56rwVuvjgBfV +6iVV1Vo5q5yxsZTsiR+Zrjd3F/AvhTXRsn2GLo2rS2Q64CjodJqzhPvLiZSoUCXs +sdv+sGCZ8H4Wjomygu4HzoS+y+b6wEfcynd7c0thEsYcqacGcvsxXOSU2bnyx8Z4 +T3VeYb2i+DWXBtFACzC/bzVzft+Kui+buktgkdCTkJe2Q/TWjqlhGH/o3A98xZRm ++UDnyJG3Et4MDLNmhpizSsFw8gB4DsK7OrcepcPzsAYvG0VoI5flQnraMNTlTZ5X +bwgtzpRolDEx4qKKPfcYauLEuP5YsteVbPcZwUBNxF+YWi800XDN2D8abUrQ1NyK +fKAoOf7xAHGzZm78lvuhWxKL7/L0TFMCtxdYxzNXQsT4ZgvbtKT3moc8Rw0Jyc3p +/C45CpEwlqDdYcEx2bM/gaFR/KkUbEGyawIDAQABo0MwQTAPBgNVHRMBAf8EBTAD +AQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYEFP+p8954Rx6o/i4G/3U6qVKu +lsDJMA0GCSqGSIb3DQEBCwUAA4IBgQCdoxcQxfKd209+TsXjymbrMSWBbfDHLQml +ocKF2EF92hOBJnAm5E8Z2+ZHAZ0hbsl8r1dSIhZuqb7GGE7KfN+mFTP0YlteciPg +0NDM0GsaryftkWe9Lwkt9M72vHP8sCjorskpmYWhHBWgkTfd5Uzso0w3wYNJpeuX +qGOjrjcfpRrDk/fyWUgVPkTBmmEEFWCJHSZF8N+BMHrTiw9UsJXBwbHa983Sm9Lq +pK61y2LTo9OHBHCFl0DmzHiH7AEg9RmJlUqMomn8b/gquIoplUchUtS/h7BVPgqz +w6vS3fE8FgHODthGv55xqhaPV23ZFv6QUlc80yzY3BhYyfu21O/gzo3wmKC6fq9L +pWK2CYgdtDAV0vjTchkYM12iJDLJBdNoLzVZrXqxFMWjVZN2N7GVyc3PGzyOAquf +LuuvSAhErt84mh8MwAbVie09iDTbqPgFjn+D1AK70ocfMVGM2lwOmk0vvCLHtxE7 +fh/9Tf0GS1BHkmgzWwXqTkCK71mJQvs= +-----END CERTIFICATE----- diff --git a/x-pack/test/idp-fixture/openldap/certs/dhparam.pem b/x-pack/test/idp-fixture/openldap/certs/dhparam.pem new file mode 100644 index 00000000000..dd367416641 --- /dev/null +++ b/x-pack/test/idp-fixture/openldap/certs/dhparam.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEAtZwsen2sON6thsExpNTYxdZK1TyHdTvGbpzHZwHGSVftCjwrSz7D +8VO4hN6DVP4+Lrb0LeXp1k2jOm2a9yftoWysNmtjVq2KhVcGArH4m0krL87Fmwr3 +k3GdkLuyNkVYndoE9bVBphN3uq7jHRJxwEBge2lUf4tDdEFNlKXx4hRG1T4JW61N +ilvtJQ7Ei9xxjywDqn26H5KABSsfbsTXhjdjg3XH0Gy0SlD3x/8ft97ZX7nvHZzf +2TSyejCy7aW6Avpj6yReZGY5lzVnMvStm8rxCkM9cciZuSJK2mOPfl5cgCZWOux6 +0LLkh9qaZdrBi6dqVOp/A8SQ5/6Ee8/1uwIBAg== +-----END DH PARAMETERS----- diff --git a/x-pack/test/idp-fixture/openldap/certs/ldap_server.csr b/x-pack/test/idp-fixture/openldap/certs/ldap_server.csr new file mode 100644 index 00000000000..db9f2e7d3a7 --- /dev/null +++ b/x-pack/test/idp-fixture/openldap/certs/ldap_server.csr @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA1sVcsoRGCjsZ/POI/Eek4NdBM9edkDbHf00L4Vg6 +qjKzoFvLOyEMalan4/vLvvHpY5oYhTn46m9rDDaIZD2vbNDkkzLDHTTRodSsaEu5 +nk7/knmjr6pIXMY9AKVqGOkBIcJOCnzE2PXMDcQY8RPLVSh5/flHaxoYkjXSxqgy +pp0Oo6D3/52B86br9r6XRAZXZtaPOdLAQODwUnr3ANI9RRkcN2ZVAIj2DYsrU2/j +z+hySr/PVBUs5r7ntfNSuEgju0HV0csApatvpjiXLpKQYuiedpzLG+fsSFSSONay +jDLCTz1fCc9j89j6RsiAKsemv3B6sFA59aqGaKusM62vmQIDAQABoAAwDQYJKoZI +hvcNAQELBQADggEBAMdzUH4W+ukDAIYQqMS/JcgriMqKfDbyVb9cynrZFvP3KUvr +40BB3mMJ3upNf9Ndk+V/JeK3hc7DKY6ZpZfJ1q6OnlxLZdp5FGEOrJbix2LYFNgr +3GMXooYiyOoiTkS6cOUUMTcA9KipZZ35MsMXx6DApJiYZtDzlMiUOca75DGl+UE3 +/mlcEwui+qI09WoOqKzMrdnX6XOGVMHtMBh63LPjGT9UcjDAWV6bRpvjXAswzG9y +bzJ5k3aaHsi859ADhzJNjK727tryN0Kr8cVN7AXLcEoi5nhU7Cc8JFW87Pkl7JL7 +O97Tb50CQHTqJ55AhlnC+jaGBVAcCGrQLFB69VI= +-----END CERTIFICATE REQUEST----- diff --git a/x-pack/test/idp-fixture/openldap/certs/ldap_server.key b/x-pack/test/idp-fixture/openldap/certs/ldap_server.key new file mode 100644 index 00000000000..80c98bae8a6 --- /dev/null +++ b/x-pack/test/idp-fixture/openldap/certs/ldap_server.key @@ -0,0 +1,182 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: High (3072 bits) + +modulus: + 00:cc:3e:53:8a:0e:c9:14:3d:f9:ed:bf:87:5d:11:9c + 4c:e3:04:5a:f7:53:11:36:ab:e2:60:2a:fc:cb:0a:8c + 17:c6:93:d4:a6:95:1f:5f:8c:c3:84:37:b2:7e:cd:da + 0e:7d:6d:d1:a0:90:84:8c:56:5d:ae:32:0b:9f:83:47 + 9f:95:ab:6e:d2:76:24:6b:fa:0d:e4:95:93:26:94:66 + 10:dd:39:ae:f8:4b:86:e2:33:56:3f:c6:13:71:4a:8f + 67:7a:90:8d:7f:98:df:09:87:fe:97:5a:55:92:df:9b + ea:eb:b8:5a:43:09:0c:38:22:98:67:d5:e3:69:5e:8b + cd:31:2c:b8:10:54:45:e9:e4:2c:10:83:e4:f8:de:07 + 3b:a6:9d:9b:6c:74:f8:b7:2b:0b:bb:1d:24:b7:55:86 + 82:23:2b:51:e7:63:21:ae:1b:86:b5:a8:c0:63:38:59 + 03:3b:69:c7:2d:6c:e2:ef:89:91:67:f2:75:0e:d5:9e + 18:ce:e6:c5:db:58:7e:2c:2a:5e:70:15:77:ad:e9:41 + f5:5c:bd:e8:67:17:c8:5c:fa:2d:7a:f3:5b:bf:51:f1 + ee:22:f9:c4:f1:21:40:c6:d9:57:8f:54:d0:be:7f:dd + 81:57:b6:8c:a2:2b:90:1c:58:2c:cf:b5:c8:93:34:5c + 88:be:91:7d:5f:4f:09:50:cb:7e:b7:05:16:86:07:3f + ec:a5:86:4c:45:99:98:77:84:39:1c:24:f9:24:8a:74 + be:dd:26:41:04:7b:23:71:79:85:07:c2:9e:cc:ba:ce + e5:4b:85:80:37:ee:57:50:74:94:f2:59:0c:a7:c3:36 + e2:8f:2c:e7:ee:d3:ee:82:bd:b5:80:bd:2a:a6:fb:0b + eb:f7:b9:c0:e9:20:99:88:f3:05:05:3d:d8:64:6c:d1 + 51:57:ad:3c:f3:8b:51:1d:ba:0b:8b:77:bf:84:ec:25 + 7d:18:d5:17:ad:6d:85:34:11:8b:e0:a7:78:b4:61:4c + f3: + +public exponent: + 01:00:01: + +private exponent: + 17:91:dd:bc:21:e6:ac:92:56:64:4c:65:07:a5:7f:9f + 13:d7:ad:d3:ba:df:52:aa:d5:4d:f9:c8:00:7a:70:1e + 52:49:3f:12:16:45:6f:96:63:fd:bf:1b:b7:2c:74:4c + 95:c6:f5:99:0c:f4:6e:e9:8c:98:0c:a8:70:b9:0a:ab + ec:ee:c2:b4:40:f4:05:0d:ef:4a:80:c4:61:80:60:a2 + f3:94:b3:8f:6d:cf:dc:0c:c6:98:47:78:78:eb:7c:cf + 19:42:d3:41:75:57:cf:d6:c4:d7:9c:92:21:87:f2:8b + 52:b6:8c:9c:0d:d0:3e:2e:27:de:5b:bd:89:ac:62:7f + c4:7b:ff:a5:ca:c3:e2:b0:f5:30:d6:b7:b6:cc:90:93 + 1e:b0:33:7e:79:a5:36:26:1e:8d:72:58:89:5b:b2:51 + 14:53:ec:78:c2:64:e1:9d:c5:96:f3:29:78:89:c9:23 + e9:58:54:a6:f6:58:de:01:c7:28:f2:be:f5:7e:4b:67 + 26:88:66:3e:9f:33:8d:93:9a:aa:6f:26:fa:a3:0f:6b + 0d:f1:4b:43:eb:75:26:17:ea:58:05:78:66:f2:d6:56 + 0c:90:fb:56:80:d1:0e:6d:96:53:5c:f0:f2:0e:76:5b + f7:f0:c5:9f:fb:82:9c:ff:fa:2c:b7:db:66:1e:06:cb + 71:8b:b3:f6:5d:40:6e:b4:6a:ed:fc:f3:7b:f5:b0:82 + 81:ba:99:9e:f8:1b:71:15:72:a7:34:a6:f2:d8:cd:4c + 6d:b2:db:d0:7a:45:7a:8a:ab:ea:34:89:dd:35:16:5f + d1:a7:d5:22:05:d2:fb:23:47:0e:98:ff:34:e5:9a:be + ac:20:4b:03:c1:2c:90:2d:58:2b:4a:7d:f3:70:3c:a7 + a3:ed:54:fc:46:fe:cd:0c:cc:fb:c6:c6:e3:f8:25:e8 + b0:2e:12:5f:9f:74:65:1c:17:6d:ff:d5:e3:8e:12:b8 + ea:a0:84:de:d3:c5:1d:62:48:39:05:28:20:09:a0:49 + + +prime1: + 00:d1:c7:15:99:9c:ca:fb:df:78:58:04:10:7d:1e:15 + af:6f:1a:58:d4:c6:1f:34:12:42:79:97:23:22:8c:b9 + b5:2f:dc:8d:31:37:01:6c:ee:d0:a5:3a:91:82:af:d0 + 2f:20:be:fb:e3:35:35:02:71:73:9e:8e:37:a5:e7:78 + db:08:e3:64:10:01:88:84:b2:c5:70:13:e3:80:36:b4 + f3:92:97:e1:47:f8:54:f9:1f:b3:c7:8b:a3:00:91:3e + b8:9b:58:e3:8d:d4:aa:0a:57:e6:77:50:b8:f2:5c:f4 + 60:79:f6:65:14:e1:ed:7b:e2:f3:53:81:72:1a:95:0d + 08:cd:9b:d2:d1:37:df:78:43:80:9e:f8:97:92:6c:28 + f3:43:4d:1e:4f:9e:e4:3d:0e:65:10:8d:26:49:f4:96 + 3f:d0:e8:fb:92:f3:db:4d:2a:8a:c6:30:5a:f3:bb:3e + 72:1b:f1:7d:07:94:ba:00:a3:6c:3d:12:38:b8:78:78 + c5: + +prime2: + 00:f9:3f:12:f5:b1:78:bd:2a:b3:40:63:67:bd:44:03 + 13:35:d3:b8:8e:32:e3:c4:81:f3:32:eb:e5:54:64:a3 + 87:13:93:03:fa:66:9f:a4:b3:5c:89:85:b5:07:3b:3c + dd:4a:45:0f:7c:23:cb:7f:16:fc:75:d5:46:75:c3:df + 20:7a:e9:ca:93:20:ff:a1:85:04:e1:ce:2e:f6:be:f5 + 97:35:5a:25:c0:11:5b:8d:cc:35:8f:62:64:f3:11:f3 + 21:8a:18:0d:6e:dc:b3:a9:cf:0b:d5:3e:9d:41:67:95 + 19:02:2d:8f:72:6d:04:b0:d9:73:cb:0c:13:88:0a:ab + 02:4f:c4:7e:8d:be:b5:99:98:15:61:7d:db:14:59:44 + 41:f7:da:3d:be:2a:71:5c:27:71:0e:2f:c6:b1:32:ac + d7:2a:f1:41:7d:3b:d4:92:a2:5f:5b:cb:e1:b1:95:f7 + 5b:c6:09:f8:d6:80:02:81:44:f9:fd:19:cc:36:bf:5a + 57: + +coefficient: + 10:45:fc:ba:29:7c:26:04:e4:93:eb:de:23:5a:f7:aa + 34:5b:ff:3e:6a:3f:68:66:ba:32:3f:16:e1:0c:39:3a + bb:39:70:c4:1e:71:0b:55:67:ab:d7:f6:f2:d8:ec:9a + 49:89:b8:85:0a:fb:69:66:20:58:94:fa:2d:d8:97:47 + 23:46:4c:67:5c:c3:da:e0:75:80:40:b3:0c:b4:29:d1 + be:61:88:0a:cf:9e:a8:94:5c:f1:05:c4:32:ae:0e:c8 + df:05:e2:59:5e:25:3a:12:f6:83:bd:98:1f:86:af:51 + 9d:22:25:cf:60:39:d1:8d:40:ae:4e:c9:85:10:e1:93 + 2f:b5:8a:3f:d0:9e:0c:44:31:d1:66:d1:15:e1:c3:df + 49:30:46:22:86:ca:e3:cf:33:7d:8b:8c:2c:bc:ad:62 + ef:7f:88:80:9d:d7:ba:b2:c4:13:c9:49:99:f6:7e:4f + fa:71:f0:8c:ec:b7:89:79:1d:13:16:ee:e9:40:bf:bc + + +exp1: + 00:b1:3b:ec:89:ee:28:a9:08:b3:1a:59:c4:bc:90:d0 + 6d:7a:06:de:8a:56:21:42:d3:32:8a:9c:20:b9:2e:00 + 30:8e:91:5e:50:f8:52:22:00:db:12:de:1a:d6:39:48 + 40:a8:ff:f2:bc:91:d5:89:8c:e4:cc:4f:07:c1:09:81 + d8:3c:f8:31:30:3c:bb:64:b1:cd:91:d5:9b:de:55:5a + 28:77:f0:0e:0b:ca:49:b0:79:12:61:43:1e:a2:7a:14 + 6d:d0:02:17:af:5a:bf:97:21:90:bb:b9:dd:a8:16:d4 + f9:35:d1:f0:b0:e5:f8:c9:34:83:b4:47:a7:69:c2:08 + 53:29:b3:bf:37:b8:66:fb:aa:bc:5e:93:55:2c:06:69 + ca:ad:4f:d8:8e:18:86:68:f7:62:77:cb:69:50:0e:6f + 6a:d7:4c:20:50:95:ea:f0:95:42:ce:13:48:a4:a7:cc + 28:88:67:4c:e5:3c:c8:b1:85:61:0b:6f:fb:b0:0f:48 + a9: + +exp2: + 00:d9:8d:0f:4c:7a:aa:6b:5a:c0:f8:db:8b:29:ed:1a + 4e:03:36:98:a9:2d:8c:16:f2:62:47:39:15:83:73:10 + 35:0f:85:cb:fc:1c:e5:0d:4a:2c:e4:30:5b:91:43:48 + 5d:d2:bc:b2:c6:65:2b:f2:f3:2a:4a:e3:6c:4b:d0:3a + 8a:4c:1e:92:5d:97:78:e9:0f:84:f2:5f:18:28:f1:06 + c6:03:a0:7a:c0:c9:a5:c2:ff:d2:64:23:ba:ff:5a:d4 + 7f:9a:dc:61:a5:39:68:6c:38:37:18:db:3d:41:60:5b + 08:68:19:42:52:db:0b:34:1d:a9:6f:3a:4c:35:fb:31 + c6:a3:bf:5b:c2:f7:09:e5:55:94:9b:f2:d1:6d:52:79 + 3c:a7:4c:cb:85:97:e0:38:52:88:e0:9c:1c:ee:7f:cf + d3:43:3d:2f:2f:53:30:b9:08:96:f9:35:dc:fa:37:6e + 9f:a1:1d:05:20:9c:bd:12:fe:14:c1:b1:69:c9:03:7e + a3: + + +Public Key PIN: + pin-sha256:wyBZajWAUdEUpePlX91IQ/gQL4qDtQQpucnDP9XsdCY= +Public Key ID: + sha256:c320596a358051d114a5e3e55fdd4843f8102f8a83b50429b9c9c33fd5ec7426 + sha1:21275e0d7571a19e74ef0fd70c7af2423c61d6b8 + +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAzD5Tig7JFD357b+HXRGcTOMEWvdTETar4mAq/MsKjBfGk9Sm +lR9fjMOEN7J+zdoOfW3RoJCEjFZdrjILn4NHn5WrbtJ2JGv6DeSVkyaUZhDdOa74 +S4biM1Y/xhNxSo9nepCNf5jfCYf+l1pVkt+b6uu4WkMJDDgimGfV42lei80xLLgQ +VEXp5CwQg+T43gc7pp2bbHT4tysLux0kt1WGgiMrUedjIa4bhrWowGM4WQM7acct +bOLviZFn8nUO1Z4YzubF21h+LCpecBV3relB9Vy96GcXyFz6LXrzW79R8e4i+cTx +IUDG2VePVNC+f92BV7aMoiuQHFgsz7XIkzRciL6RfV9PCVDLfrcFFoYHP+ylhkxF +mZh3hDkcJPkkinS+3SZBBHsjcXmFB8KezLrO5UuFgDfuV1B0lPJZDKfDNuKPLOfu +0+6CvbWAvSqm+wvr97nA6SCZiPMFBT3YZGzRUVetPPOLUR26C4t3v4TsJX0Y1Ret +bYU0EYvgp3i0YUzzAgMBAAECggGAF5HdvCHmrJJWZExlB6V/nxPXrdO631Kq1U35 +yAB6cB5SST8SFkVvlmP9vxu3LHRMlcb1mQz0bumMmAyocLkKq+zuwrRA9AUN70qA +xGGAYKLzlLOPbc/cDMaYR3h463zPGULTQXVXz9bE15ySIYfyi1K2jJwN0D4uJ95b +vYmsYn/Ee/+lysPisPUw1re2zJCTHrAzfnmlNiYejXJYiVuyURRT7HjCZOGdxZbz +KXiJySPpWFSm9ljeAcco8r71fktnJohmPp8zjZOaqm8m+qMPaw3xS0PrdSYX6lgF +eGby1lYMkPtWgNEObZZTXPDyDnZb9/DFn/uCnP/6LLfbZh4Gy3GLs/ZdQG60au38 +83v1sIKBupme+BtxFXKnNKby2M1MbbLb0HpFeoqr6jSJ3TUWX9Gn1SIF0vsjRw6Y +/zTlmr6sIEsDwSyQLVgrSn3zcDyno+1U/Eb+zQzM+8bG4/gl6LAuEl+fdGUcF23/ +1eOOErjqoITe08UdYkg5BSggCaBJAoHBANHHFZmcyvvfeFgEEH0eFa9vGljUxh80 +EkJ5lyMijLm1L9yNMTcBbO7QpTqRgq/QLyC+++M1NQJxc56ON6XneNsI42QQAYiE +ssVwE+OANrTzkpfhR/hU+R+zx4ujAJE+uJtY443UqgpX5ndQuPJc9GB59mUU4e17 +4vNTgXIalQ0IzZvS0TffeEOAnviXkmwo80NNHk+e5D0OZRCNJkn0lj/Q6PuS89tN +KorGMFrzuz5yG/F9B5S6AKNsPRI4uHh4xQKBwQD5PxL1sXi9KrNAY2e9RAMTNdO4 +jjLjxIHzMuvlVGSjhxOTA/pmn6SzXImFtQc7PN1KRQ98I8t/Fvx11UZ1w98geunK +kyD/oYUE4c4u9r71lzVaJcARW43MNY9iZPMR8yGKGA1u3LOpzwvVPp1BZ5UZAi2P +cm0EsNlzywwTiAqrAk/Efo2+tZmYFWF92xRZREH32j2+KnFcJ3EOL8axMqzXKvFB +fTvUkqJfW8vhsZX3W8YJ+NaAAoFE+f0ZzDa/WlcCgcEAsTvsie4oqQizGlnEvJDQ +bXoG3opWIULTMoqcILkuADCOkV5Q+FIiANsS3hrWOUhAqP/yvJHViYzkzE8HwQmB +2Dz4MTA8u2SxzZHVm95VWih38A4LykmweRJhQx6iehRt0AIXr1q/lyGQu7ndqBbU ++TXR8LDl+Mk0g7RHp2nCCFMps783uGb7qrxek1UsBmnKrU/YjhiGaPdid8tpUA5v +atdMIFCV6vCVQs4TSKSnzCiIZ0zlPMixhWELb/uwD0ipAoHBANmND0x6qmtawPjb +iyntGk4DNpipLYwW8mJHORWDcxA1D4XL/BzlDUos5DBbkUNIXdK8ssZlK/LzKkrj +bEvQOopMHpJdl3jpD4TyXxgo8QbGA6B6wMmlwv/SZCO6/1rUf5rcYaU5aGw4Nxjb +PUFgWwhoGUJS2ws0HalvOkw1+zHGo79bwvcJ5VWUm/LRbVJ5PKdMy4WX4DhSiOCc +HO5/z9NDPS8vUzC5CJb5Ndz6N26foR0FIJy9Ev4UwbFpyQN+owKBwBBF/LopfCYE +5JPr3iNa96o0W/8+aj9oZroyPxbhDDk6uzlwxB5xC1Vnq9f28tjsmkmJuIUK+2lm +IFiU+i3Yl0cjRkxnXMPa4HWAQLMMtCnRvmGICs+eqJRc8QXEMq4OyN8F4lleJToS +9oO9mB+Gr1GdIiXPYDnRjUCuTsmFEOGTL7WKP9CeDEQx0WbRFeHD30kwRiKGyuPP +M32LjCy8rWLvf4iAnde6ssQTyUmZ9n5P+nHwjOy3iXkdExbu6UC/vA== +-----END RSA PRIVATE KEY----- diff --git a/x-pack/test/idp-fixture/openldap/certs/ldap_server.pem b/x-pack/test/idp-fixture/openldap/certs/ldap_server.pem new file mode 100644 index 00000000000..91a7bc5e4f0 --- /dev/null +++ b/x-pack/test/idp-fixture/openldap/certs/ldap_server.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEZTCCAs2gAwIBAgIUZBVU/AqHa0docwSi4yaYO9Obx3EwDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAxMOTERBUCBTZXJ2ZXIgQ0EwHhcNMTkwMzA4MTY1NDEzWhcN +MjkwMzA3MTY1NDEzWjAwMRIwEAYDVQQDEwlsb2NhbGhvc3QxGjAYBgNVBAoTEUVs +YXN0aWNzZWFyY2ggQi5WMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA +zD5Tig7JFD357b+HXRGcTOMEWvdTETar4mAq/MsKjBfGk9SmlR9fjMOEN7J+zdoO +fW3RoJCEjFZdrjILn4NHn5WrbtJ2JGv6DeSVkyaUZhDdOa74S4biM1Y/xhNxSo9n +epCNf5jfCYf+l1pVkt+b6uu4WkMJDDgimGfV42lei80xLLgQVEXp5CwQg+T43gc7 +pp2bbHT4tysLux0kt1WGgiMrUedjIa4bhrWowGM4WQM7acctbOLviZFn8nUO1Z4Y +zubF21h+LCpecBV3relB9Vy96GcXyFz6LXrzW79R8e4i+cTxIUDG2VePVNC+f92B +V7aMoiuQHFgsz7XIkzRciL6RfV9PCVDLfrcFFoYHP+ylhkxFmZh3hDkcJPkkinS+ +3SZBBHsjcXmFB8KezLrO5UuFgDfuV1B0lPJZDKfDNuKPLOfu0+6CvbWAvSqm+wvr +97nA6SCZiPMFBT3YZGzRUVetPPOLUR26C4t3v4TsJX0Y1RetbYU0EYvgp3i0YUzz +AgMBAAGjgY0wgYowDAYDVR0TAQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3Qw +EwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQU +ISdeDXVxoZ507w/XDHryQjxh1rgwHwYDVR0jBBgwFoAU/6nz3nhHHqj+Lgb/dTqp +Uq6WwMkwDQYJKoZIhvcNAQELBQADggGBAArKYQAXly79TzWGvaA8lY82LzbBqRPg +OD8bx15fSA87ODdLgjOsJncN4LPJXbBMTT+0uoOh43/+6eBcvKCeyUEfb3nyR0EN +W5JQu7AOtcUNqlsDkvCNfF4hqdICJqis+Z9GZi9K1k444wL5hjzt5wRY5/Qrlvsn +jZD2d/ZiUfEj1sQyAQGpwmTDALGIb6UkfTWCBJgLSAp6E8BWzj9RAlNvDvONk5NC +yFFzzbz1uohP8z9dZPwv/eVN5IV7JFCW+SQUcsbThFS+DJ8Qkj3Zc1uGXEW1duEz +I6OBNGAVSHloP9S5cQWhjbOAGFeHY0zVh1dYj+EI/NxEkNUHC7AeYfE1tcCiMsro +wIUGONPmsaF8ArVeX3NJY+0WYoU+x4OBtllTsvV64giAWamqn7Fra9SGqRmBPmqQ +I7gVz2BPVINLXuxkcIbnDg7Ck7DB4HPPZKbg+n79c3HOs2g2Fo0R22UBk15GfpQ3 +wcgKu37UYja8tk+faDOuiHtnumAuUx/Nzg== +-----END CERTIFICATE----- diff --git a/x-pack/test/idp-fixture/openldap/certs/templates/ca_server.conf b/x-pack/test/idp-fixture/openldap/certs/templates/ca_server.conf new file mode 100644 index 00000000000..dedc35fa94e --- /dev/null +++ b/x-pack/test/idp-fixture/openldap/certs/templates/ca_server.conf @@ -0,0 +1,3 @@ +cn = LDAP Server CA +ca +cert_signing_key diff --git a/x-pack/test/idp-fixture/openldap/certs/templates/ldap_server.conf b/x-pack/test/idp-fixture/openldap/certs/templates/ldap_server.conf new file mode 100644 index 00000000000..5dd1446afa8 --- /dev/null +++ b/x-pack/test/idp-fixture/openldap/certs/templates/ldap_server.conf @@ -0,0 +1,7 @@ +organization = "Elasticsearch B.V" +cn = localhost +dns_name = localhost +tls_www_server +encryption_key +signing_key +expiration_days = 3652 diff --git a/x-pack/test/idp-fixture/openldap/ldif/config.ldif b/x-pack/test/idp-fixture/openldap/ldif/config.ldif new file mode 100644 index 00000000000..45d2c206599 --- /dev/null +++ b/x-pack/test/idp-fixture/openldap/ldif/config.ldif @@ -0,0 +1,15 @@ + +dn: olcDatabase={1}mdb,cn=config +changetype: modify +replace: olcAccess +olcAccess: {0}to attrs=userPassword,shadowLastChange + by self write + by anonymous auth + by dn="cn=admin,DC=oldap,DC=test,DC=elasticsearch,DC=com" write + by * none +olcAccess: {1}to dn.base="" by * read +olcAccess: {2}to * + by self write + by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write + by dn="cn=admin,DC=oldap,DC=test,DC=elasticsearch,DC=com" write + by * read diff --git a/x-pack/test/idp-fixture/openldap/ldif/users.ldif b/x-pack/test/idp-fixture/openldap/ldif/users.ldif new file mode 100644 index 00000000000..367672d2749 --- /dev/null +++ b/x-pack/test/idp-fixture/openldap/ldif/users.ldif @@ -0,0 +1,234 @@ + +dn: ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +objectClass: organizationalUnit +ou: people + +dn: uid=kraken,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +uid: kraken +uidNumber: 1000 +gidNumber: 1000 +homeDirectory: /home/1000 +cn: Commander Kraken +sn: Commander Kraken +objectClass: top +objectClass: posixAccount +objectClass: inetOrgPerson +userPassword: NickFuryHeartsES +mail: kraken@oldap.test.elasticsearch.com + +dn: uid=hulk,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +uid: hulk +uidNumber: 1001 +gidNumber: 1001 +homeDirectory: /home/1001 +cn: Bruce Banner +sn: Bruce Banner +objectClass: top +objectClass: posixAccount +objectClass: inetOrgPerson +userPassword: NickFuryHeartsES +mail: hulk@oldap.test.elasticsearch.com + +dn: uid=hawkeye,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +uid: hawkeye +uidNumber: 1002 +gidNumber: 1002 +homeDirectory: /home/1001 +cn: Clint Barton +sn: Clint Barton +objectClass: top +objectClass: posixAccount +objectClass: inetOrgPerson +userPassword: NickFuryHeartsES +mail: hawkeye@oldap.test.elasticsearch.com + +dn: uid=jarvis,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +uid: jarvis +uidNumber: 1003 +gidNumber: 1003 +homeDirectory: /home/1003 +cn: Jarvis +sn: Jarvis +objectClass: top +objectClass: posixAccount +objectClass: inetOrgPerson +userPassword: NickFuryHeartsES +mail: jarvis@oldap.test.elasticsearch.com + +dn: uid=blackwidow,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +uid: blackwidow +uidNumber: 1004 +gidNumber: 1004 +homeDirectory: /home/1004 +cn: Natasha Romanova +sn: Natasha Romanova +objectClass: top +objectClass: posixAccount +objectClass: inetOrgPerson +userPassword: NickFuryHeartsES +mail: blackwidow@oldap.test.elasticsearch.com + +dn: uid=fury,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +uid: fury +uidNumber: 1005 +gidNumber: 1005 +homeDirectory: /home/1005 +cn: Nick Fury +sn: Nick Fury +objectClass: top +objectClass: posixAccount +objectClass: inetOrgPerson +userPassword: NickFuryHeartsES +mail: fury@oldap.test.elasticsearch.com + +dn: uid=phil,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +uid: phil +uidNumber: 1006 +gidNumber: 1006 +homeDirectory: /home/1006 +cn: Phil Colson +sn: Phil Colson +objectClass: top +objectClass: posixAccount +objectClass: inetOrgPerson +userPassword: NickFuryHeartsES +mail: phil@oldap.test.elasticsearch.com + +dn: uid=cap,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +uid: cap +uidNumber: 1007 +gidNumber: 1007 +homeDirectory: /home/1007 +cn: Steve Rogers +sn: Steve Rogers +objectClass: top +objectClass: posixAccount +objectClass: inetOrgPerson +userPassword: NickFuryHeartsES +mail: cap@oldap.test.elasticsearch.com + +dn: uid=thor,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +uid: thor +uidNumber: 1008 +gidNumber: 1008 +homeDirectory: /home/1008 +cn: Thor Odinson +sn: Thor Odinson +objectClass: top +objectClass: posixAccount +objectClass: inetOrgPerson +userPassword: NickFuryHeartsES +mail: thor@oldap.test.elasticsearch.com + +dn: uid=ironman,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +uid: ironman +uidNumber: 1009 +gidNumber: 1009 +homeDirectory: /home/1009 +cn: Tony Stark +sn: Tony Stark +objectClass: top +objectClass: posixAccount +objectClass: inetOrgPerson +userPassword: NickFuryHeartsES +mail: ironman@oldap.test.elasticsearch.com + +dn: uid=odin,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +uid: odin +uidNumber: 1010 +gidNumber: 1010 +homeDirectory: /home/1010 +cn: Gods +sn: Gods +objectClass: top +objectClass: posixAccount +objectClass: inetOrgPerson +userPassword: NickFuryHeartsES +mail: odin@oldap.test.elasticsearch.com + +dn: uid=selvig,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +uid: selvig +uidNumber: 1011 +gidNumber: 1011 +homeDirectory: /home/1011 +cn: Erik Selvig +sn: Erik Selvig +objectClass: top +objectClass: posixAccount +objectClass: inetOrgPerson +userPassword: NickFuryHeartsES +mail: selvig@oldap.test.elasticsearch.com + +dn: cn=Hydra,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +cn: Hydra +objectClass: top +objectClass: posixGroup +gidNumber: 101 +memberUid: raken + +dn: cn=Geniuses,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +cn: Geniuses +objectClass: top +objectClass: posixGroup +gidNumber: 102 +memberUid: hulk +memberUid: ironman +memberUid: selvig + +dn: cn=SHIELD,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +cn: SHIELD +objectClass: top +objectClass: posixGroup +gidNumber: 103 +memberUid: hulk +memberUid: hawkeye +memberUid: blackwidow +memberUid: fury +memberUid: phil +memberUid: cap +memberUid: thor +memberUid: ironman + +dn: cn=Philanthropists,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +cn: Philanthropists +objectClass: top +objectClass: posixGroup +gidNumber: 104 +memberUid: hulk +memberUid: thor +memberUid: ironman + +dn: cn=Avengers,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +cn: Avengers +objectClass: top +objectClass: posixGroup +gidNumber: 105 +memberUid: hulk +memberUid: hawkeye +memberUid: blackwidow +memberUid: fury +memberUid: cap +memberUid: thor +memberUid: ironman + +dn: cn=Gods,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +cn: Gods +objectClass: top +objectClass: posixGroup +gidNumber: 106 +memberUid: thor +memberUid: odin + +dn: cn=Playboys,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +cn: Playboys +objectClass: top +objectClass: posixGroup +gidNumber: 107 +memberUid: ironman + +dn: cn=Billionaries,ou=people,DC=oldap,DC=test,DC=elasticsearch,DC=com +cn: Billionaries +objectClass: top +objectClass: posixGroup +gidNumber: 108 +memberUid: ironman \ No newline at end of file diff --git a/x-pack/test/idp-fixture/src/main/resources/certs/README.txt b/x-pack/test/idp-fixture/src/main/resources/certs/README.txt deleted file mode 100644 index 0cf738156a7..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/certs/README.txt +++ /dev/null @@ -1,15 +0,0 @@ -File in this directory are: - -idp-ca.crt -idp-ca.key - Description: A CA for the IdP - Generated Date: 2018-02-07 - Command: bin/elasticsearch-certutil ca --ca-dn 'CN=idp-fixture,OU=elasticsearch,DC=elastic,DC=co' --days 5000 -keysize 1024 --out idp-ca.zip --pem - X-Pack Version: 6.2.0 - -idptrust.jks - Description: Java Keystore Format of CA cert - Generated Date: 2018-02-07 - Command: keytool -importcert -file ca.crt -alias idp-fixture-ca -keystore idptrust.jks -noprompt -storepass changeit - Java Version: Java(TM) SE Runtime Environment (build 9.0.1+11) - diff --git a/x-pack/test/idp-fixture/src/main/resources/certs/ca.crt b/x-pack/test/idp-fixture/src/main/resources/certs/ca.crt deleted file mode 100644 index 1ab8e866c17..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/certs/ca.crt +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDEDCCAnmgAwIBAgIVAOLlDV8Lvg17LwKqchYKcsog1SyKMA0GCSqGSIb3DQEB -CwUAMFsxEjAQBgoJkiaJk/IsZAEZFgJjbzEXMBUGCgmSJomT8ixkARkWB2VsYXN0 -aWMxFjAUBgNVBAsTDWVsYXN0aWNzZWFyY2gxFDASBgNVBAMTC2lkcC1maXh0dXJl -MB4XDTE4MDIwNzAzMjAwNloXDTMxMTAxNzAzMjAwNlowWzESMBAGCgmSJomT8ixk -ARkWAmNvMRcwFQYKCZImiZPyLGQBGRYHZWxhc3RpYzEWMBQGA1UECxMNZWxhc3Rp -Y3NlYXJjaDEUMBIGA1UEAxMLaWRwLWZpeHR1cmUwgZ8wDQYJKoZIhvcNAQEBBQAD -gY0AMIGJAoGBALWf8R7uGnrrmuQ26khwQ/81f+x57RgE1cHQGp0sBkwsijzZPpuU -8ZkqYMNXG/LU2hNfAv4LeCsighgo4Le+TkBKncbucQcNM+dLINvhAfgYp9QAdGjk -89hxWEQ6p/Tr98TG0Qd7jZa6bu8azMf7+bmjKpHaffIMpxDnkPZsaxodAgMBAAGj -gc8wgcwwHQYDVR0OBBYEFDsd63fpzLH1G+aduhypBPctWuNNMIGZBgNVHSMEgZEw -gY6AFDsd63fpzLH1G+aduhypBPctWuNNoV+kXTBbMRQwEgYDVQQDEwtpZHAtZml4 -dHVyZTEWMBQGA1UECxMNZWxhc3RpY3NlYXJjaDEXMBUGCgmSJomT8ixkARkWB2Vs -YXN0aWMxEjAQBgoJkiaJk/IsZAEZFgJjb4IVAOLlDV8Lvg17LwKqchYKcsog1SyK -MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAi1bfK31u7deMDLXv -Axrg1nJjEzMjkb6F/tqA2hJCokvWz2sdKPLHfrfOu2edHm4qQABAdnmRtE/1xsYm -xVuZA+O7khEkXv5ql65HIgCHL0hEvFWfKzMDCjgm+1rvNTMbgsRj2RGzEQeu/Aqg -Nv2mnc0Vjk3kaAQ0JtmCI8k6fM0= ------END CERTIFICATE----- diff --git a/x-pack/test/idp-fixture/src/main/resources/certs/ca.key b/x-pack/test/idp-fixture/src/main/resources/certs/ca.key deleted file mode 100644 index 9f93ff3b7ce..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/certs/ca.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQC1n/Ee7hp665rkNupIcEP/NX/see0YBNXB0BqdLAZMLIo82T6b -lPGZKmDDVxvy1NoTXwL+C3grIoIYKOC3vk5ASp3G7nEHDTPnSyDb4QH4GKfUAHRo -5PPYcVhEOqf06/fExtEHe42Wum7vGszH+/m5oyqR2n3yDKcQ55D2bGsaHQIDAQAB -AoGACfOsm5xCWS/ludGEftmf8DD3RHbd1e4V5FvJyYjrA2uBW5ovwwijQFhBGxL/ -1gtxs5QGLvNj70Ehzb8XqRnFYcrSUxkABCcO9vJf8wuamtPeaQzlSVSVM9myjkBu -2EhegkFXSgFiVX6A/sxm8e8bqxxouz46Upa2/YLKhcb5oiECQQDb3HhP0hIx0oDj -h1FXLACtbTlYUg8gGylD17RsWSPB765tOTt65/KztyH8BmdlTAKxIC5BHEQLYiug -u3KwPEk5AkEA03qFxj/quoH6l0y7i8kah97KCtiM0kg4oXYDuSDIzt4NqdNw/UWx -p3DGiIPpY5errR1ytyPiiuM2j+c5oUcMBQJAfC4SZkMos6tJ0Tlk3++iklHWyePP -VzsAG6mB5pCSeb9+rYJd7hWEJ62QLGERlU1RV+ntNilY5XUVXzuAk7n5QQJBANLg -31q0S9WVXRPYUT/v1kPcVi6Ah9P8bnQa4VWOqo8WABvzmz0DbUahf2eL2oQULv3e -WpDi+Lk0HylaEi6PUR0CQQDHTzjyjuTLmnPw5AvZw7oQgilZxTUhOapw3Ihcq/KA -T8oFnLwmnMs+kZOO6e2QcagXaFXufH1w/MvxhSjHj8SO ------END RSA PRIVATE KEY----- diff --git a/x-pack/test/idp-fixture/src/main/resources/certs/idptrust.jks b/x-pack/test/idp-fixture/src/main/resources/certs/idptrust.jks deleted file mode 100644 index fbd3135095f..00000000000 Binary files a/x-pack/test/idp-fixture/src/main/resources/certs/idptrust.jks and /dev/null differ diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/playbook.yml b/x-pack/test/idp-fixture/src/main/resources/provision/playbook.yml deleted file mode 100644 index 24474a832d2..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/playbook.yml +++ /dev/null @@ -1,11 +0,0 @@ -- hosts: all - - vars_files: - - vars/default.yml - - roles: - - { role: java-8-openjdk, become: yes } - - { role: certs, become: yes } - - { role: openldap, become: yes } - - { role: tomcat-8, become: yes } - - { role: shibboleth, become: yes } diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/README b/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/README deleted file mode 100644 index 748d912bd2c..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/README +++ /dev/null @@ -1,2 +0,0 @@ -Generates CA and OpenLDAP Service Key/Certificate -See: https://www.digitalocean.com/community/tutorials/how-to-encrypt-openldap-connections-using-starttls diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/files/ca_server.conf b/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/files/ca_server.conf deleted file mode 100644 index 3a412ac9076..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/files/ca_server.conf +++ /dev/null @@ -1,3 +0,0 @@ -cn = Vagrant Server CA -ca -cert_signing_key diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/tasks/main.yml b/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/tasks/main.yml deleted file mode 100644 index 553b9eff5d7..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/tasks/main.yml +++ /dev/null @@ -1,106 +0,0 @@ ---- - -- name: Install GNUtls - apt: - name: "{{ item }}" - state: installed - update_cache: yes - with_items: - - gnutls-bin - - ssl-cert - -- name: Create GNUtls templates dir - file: - path: "{{ ssl_dir_templates }}" - state: directory - group: ssl-cert - mode: 0777 - -- name: Copy server cert template - template: - src: cert_server.conf.j2 - dest: "{{ ssl_dir_templates }}/cert_server.conf" - mode: 0666 - -- name: Copy server keystore template - template: - src: keystore_server.conf.j2 - dest: "{{ ssl_dir_templates }}/keystore_server.conf" - mode: 0666 - -- name: Copy CA Cert - copy: - src: "../certs/ca.crt" - dest: "{{ ssl_dir_certs }}/ca_server.pem" - mode: 0666 - register: copy_ca - -- name: Copy CA Key - copy: - src: "../certs/ca.key" - dest: "{{ ssl_dir_private }}/ca_server.key" - mode: 0600 - -- name: Create Key for LDAP Service - command: "certtool -p --sec-param high --outfile {{ ssl_dir_private }}/{{ openldap_key_name }}" - args: - creates: "{{ ssl_dir_private }}/{{ openldap_key_name }}" - -- name: Set group for LDAP Key - file: - path: "{{ ssl_dir_private }}/{{ openldap_key_name }}" - group: ssl-cert - mode: 0640 - -- name: Delete old LDAP cert - file: - path: "{{ ssl_dir_certs }}/{{ openldap_cert_name}}" - state: absent - when: copy_ca.changed - -- name: Create Cert for LDAP - command: "certtool -c --load-privkey {{ ssl_dir_private }}/{{ openldap_key_name }} --load-ca-certificate {{ ssl_dir_certs }}/ca_server.pem --load-ca-privkey {{ ssl_dir_private }}/ca_server.key --template {{ ssl_dir_templates }}/cert_server.conf --outfile {{ ssl_dir_certs }}/{{ openldap_cert_name}}" - args: - creates: "{{ ssl_dir_certs }}/{{ openldap_cert_name}}" - -- name: Create Key for Tomcat Service - command: "certtool -p --sec-param high --outfile {{ ssl_dir_private }}/{{ tomcat_key_name }}" - args: - creates: "{{ ssl_dir_private }}/{{ tomcat_key_name }}" - -- name: Set group for Tomcat Key - file: - path: "{{ ssl_dir_private }}/{{ tomcat_key_name }}" - group: ssl-cert - mode: 0640 - -- name: Delete old Tomcat cert - file: - path: "{{ ssl_dir_certs }}/{{ tomcat_cert_name }}" - state: absent - when: copy_ca.changed - -- name: Create Cert for Tomcat - command: "certtool -c --load-privkey {{ ssl_dir_private }}/{{ tomcat_key_name }} --load-ca-certificate {{ ssl_dir_certs }}/ca_server.pem --load-ca-privkey {{ ssl_dir_private }}/ca_server.key --template {{ ssl_dir_templates }}/cert_server.conf --outfile {{ ssl_dir_certs }}/{{ tomcat_cert_name}}" - args: - creates: "{{ ssl_dir_certs }}/{{ tomcat_cert_name}}" - register: tomcat_cert - -- name: Delete old Tomcat Keystore - file: - path: "{{ ssl_dir_private }}/{{ tomcat_keystore_name }}" - state: absent - when: tomcat_cert.changed - -- name: Create Keystore for Tomcat - command: "certtool --load-ca-certificate {{ ssl_dir_certs }}/ca_server.pem --load-privkey {{ ssl_dir_private }}/{{ tomcat_key_name }} --load-certificate {{ ssl_dir_certs }}/{{ tomcat_cert_name }} --template {{ ssl_dir_templates }}/keystore_server.conf --outder --to-p12 --outfile {{ ssl_dir_private }}/{{ tomcat_keystore_name }}" - args: - creates: "{{ ssl_dir_private }}/{{ tomcat_keystore_name }}" - notify: Restart Tomcat Service - -- name: Set group for Tomcat Keystore - file: - path: "{{ ssl_dir_private }}/{{ tomcat_keystore_name }}" - group: ssl-cert - mode: 0640 -... diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/templates/cert_server.conf.j2 b/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/templates/cert_server.conf.j2 deleted file mode 100644 index 448264d3681..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/templates/cert_server.conf.j2 +++ /dev/null @@ -1,7 +0,0 @@ -organization = Elastic.co -cn = {{ ansible_fqdn }} -dns_name = {{ ansible_fqdn }} -tls_www_server -encryption_key -signing_key -expiration_days = 3652 diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/templates/keystore_server.conf.j2 b/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/templates/keystore_server.conf.j2 deleted file mode 100644 index ee7eeaf5239..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/templates/keystore_server.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -pkcs12_key_name = {{ tomcat_key_alias }} -password = {{ tomcat_keystore_pass }} diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/vars/main.yml b/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/vars/main.yml deleted file mode 100644 index a364fc641d2..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/certs/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -ssl_dir_templates: "{{ ssl_dir }}/templates" diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/java-8-openjdk/tasks/main.yml b/x-pack/test/idp-fixture/src/main/resources/provision/roles/java-8-openjdk/tasks/main.yml deleted file mode 100644 index 1951a6f31a0..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/java-8-openjdk/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- - -- name: Install openjdk-8 - apt: - name: openjdk-8-jdk-headless - state: latest - update_cache: true - -- name: Capture JAVA_HOME - shell: readlink -e /etc/alternatives/java | sed 's|/jre/bin/java||' - register: java_home - -- set_fact: - java_home: "{{ java_home.stdout }}" - -... diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/handlers/main.yml b/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/handlers/main.yml deleted file mode 100644 index cad57b49f6a..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: restart slapd - become: yes - service: name=slapd state=restarted diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/tasks/configure.yml b/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/tasks/configure.yml deleted file mode 100644 index 00a06b319b1..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/tasks/configure.yml +++ /dev/null @@ -1,29 +0,0 @@ -- name: Hash Password - shell: "slappasswd -s {{ ldap_password }}" - register: passwd - -- name: Setting default db - ldap_attr: - dn: "{{ default_db_dn }}" - name: "{{ item.key }}" - values: "{{ item.val }}" - state: exact - with_items: - - { key: olcSuffix, val: "{{ ldap_domain_dn }}" } - - { key: olcRootDN, val: "cn=admin,{{ ldap_domain_dn }}" } - - { key: olcRootPW, val: "{{ passwd.stdout }}" } - - { key: olcAccess, val: "{0}to attrs=userPassword,shadowLastChange\n - by self write\n - by anonymous auth\n - by dn=\"cn=admin,{{ ldap_domain_dn }}\" write\n - by * none" } - - { key: olcAccess, val: "{1}to dn.base=\"\" by * read" } - - { key: olcAccess, val: "{2}to * \n - by self write\n - by dn.base=\"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\" write\n - by dn=\"cn=admin,{{ ldap_domain_dn }}\" write\n - by * read" } - # - { key: olcAccess, val: "{0}to *\n - # by dn.base=\"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\" write\n - # by dn.base=\"cn=admin,{{ ldap_domain_dn }}\" write\n - # by * none"} diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/tasks/install.yml b/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/tasks/install.yml deleted file mode 100644 index ccf1d5c7794..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/tasks/install.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- - -- name: Install openldap - apt: name={{ item }} state=installed update_cache=yes - with_items: - - slapd - - ldap-utils - -- name: Create service user for openldap - user: - name: "{{ openldap_server_user }}" - group: "{{ openldap_server_user }}" - createhome: no - system: yes - -- name: Add openldap service user to the ssl-cert group - user: - name: "{{ openldap_server_user }}" - append: yes - groups: ssl-cert - -- name: Copy slapd defaults - template: - src: slapd.j2 - dest: /etc/default/slapd - owner: "{{ openldap_server_user }}" - mode: 0644 - -- name: Restart slapd - service: name=slapd state=restarted enabled=yes - -# bug: https://github.com/ansible/ansible/issues/25665 -# When solved the commented section should replace the copying -# and execution of the subsequent 2 ldif files -#- name: Configure openldap server tls/ssl - 1 -# become: yes -# ignore_errors: yes -# ldap_attr: -# dn: cn=config -# name: "{{ item.0 }}" -# values: "{{ item.1 }}" -# state: exact -# with_together: -# - [ "olcTLSCertificateFile", "olcTLSCertificateKeyFile" ] -# - [ "{{ openldap_ssl_dir }}/cert.pem", "{{ openldap_ssl_dir }}/key.pem" ] - -- name: Copy TLS ldif add config - template: - src: tls_add.ldif.j2 - dest: /tmp/tls_add.ldif - -- name: Run TLS ldif add config - shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/tls_add.ldif - notify: - - restart slapd - ignore_errors: yes - register: addTLS - -- name: Copy TLS ldif replace config - template: - src: tls_replace.ldif.j2 - dest: /tmp/tls_replace.ldif - when: addTLS|failed - -- name: Run TLS ldif replace config - shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/tls_replace.ldif - notify: - - restart slapd - when: addTLS|failed - -- name: Restart slapd - service: name=slapd state=restarted enabled=yes - -- name: Configure local clients to trust slapd cert - template: - src: ldap.conf.j2 - dest: /etc/ldap/ldap.conf - backup: yes -... diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/tasks/main.yml b/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/tasks/main.yml deleted file mode 100644 index a836c535bf6..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/tasks/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- include: provision_deps.yml -- include: install.yml -- include: configure.yml -- include: populate.yml -... diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/tasks/populate.yml b/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/tasks/populate.yml deleted file mode 100644 index 0c1200042e3..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/tasks/populate.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- - -- name: Hash Password - shell: "slappasswd -s {{ ldap_password }}" - register: passwd - -- name: Load top level entry - ldap_entry: - dn: "{{ ldap_domain_dn }}" - objectClass: domain - attributes: - dc: "{{ ldap_domain.split('.')[0] }}" - -- name: Add people root entry - ldap_entry: - dn: "ou=people,{{ ldap_domain_dn }}" - objectClass: organizationalUnit - attributes: - ou: people - -- name: Add people entries - ldap_entry: - dn: "uid={{ item.uid }},ou=people,{{ ldap_domain_dn }}" - objectClass: - - top - - posixAccount - - inetOrgPerson - attributes: - userPassword: "{{ passwd.stdout }}" - uid: "{{ item.uid }}" - uidNumber: "{{ item.uidNumber }}" - gidNumber: "{{ item.uidNumber }}" - homeDirectory: "/home/{{ item.uidNumber }}" - mail: "{{ item.name }}@{{ ldap_domain }}" - cn: "{{ item.name }}" - sn: "{{ item.name }}" - with_items: - - { uid: kraken, uidNumber: 1000, name: "Commander Kraken" } - - { uid: hulk, uidNumber: 1001, name: "Bruce Banner" } - - { uid: hawkeye, uidNumber: 1002, name: "Clint Barton" } - - { uid: jarvis, uidNumber: 1003, name: "Jarvis" } - - { uid: blackwidow, uidNumber: 1004, name: "Natasha Romanova" } - - { uid: fury, uidNumber: 1005, name: "Nick Fury" } - - { uid: phil, uidNumber: 1006, name: "Phil Colson" } - - { uid: cap, uidNumber: 1007, name: "Steve Rogers" } - - { uid: thor, uidNumber: 1008, name: "Thor Odinson" } - - { uid: ironman, uidNumber: 1009, name: "Tony Stark" } - - { uid: odin, uidNumber: 1010, name: "Gods" } - - { uid: selvig, uidNumber: 1011, name: "Erik Selvig" } - -- name: Add group entries - ldap_entry: - dn: "cn={{ item.name }},ou=people,{{ ldap_domain_dn }}" - objectClass: - - top - - posixGroup - attributes: - cn: "{{ item.name }}" - gidNumber: "{{ item.gid }}" - with_items: - - "{{ group_members }}" - -- name: Populate group entries - ldap_attr: - dn: "cn={{ item.0.name }},ou=people,{{ ldap_domain_dn }}" - name: memberUid - values: "{{ item.1 }}" - with_subelements: - - "{{ group_members }}" - - memberUid - -# print users: -# sudo ldapsearch -H ldapi:// -Y EXTERNAL -LLL -b "{{ ldap_domain_dn }}" '(objectClass=person)' cn mail uid -# print groups: -# sudo ldapsearch -H ldapi:// -Y EXTERNAL -LLL -b "{{ ldap_domain_dn }}" '(objectClass=posixGroup)' - -... diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/tasks/provision_deps.yml b/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/tasks/provision_deps.yml deleted file mode 100644 index 2c1874c488a..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/tasks/provision_deps.yml +++ /dev/null @@ -1,10 +0,0 @@ -- name: Install python-ldap dependecies - apt: name={{ item }} state=installed update_cache=yes - with_items: - - libsasl2-dev - - python-dev - - libldap2-dev - - libssl-dev - -- name: Install python-ldap - pip: name=python-ldap diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/templates/ldap.conf.j2 b/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/templates/ldap.conf.j2 deleted file mode 100644 index e3b49df61ee..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/templates/ldap.conf.j2 +++ /dev/null @@ -1,17 +0,0 @@ -# -# LDAP Defaults -# - -# See ldap.conf(5) for details -# This file should be world readable but not world writable. - -#BASE dc=example,dc=com -#URI ldap://ldap.example.com ldap://ldap-master.example.com:666 - -#SIZELIMIT 12 -#TIMELIMIT 15 -#DEREF never - -# TLS certificates (needed for GnuTLS) -#TLS_CACERT /etc/ssl/certs/ca-certificates.crt -TLS_CACERT {{ ssl_dir_certs }}/ca_server.pem diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/templates/slapd.j2 b/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/templates/slapd.j2 deleted file mode 100644 index 5a202fa9fe6..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/templates/slapd.j2 +++ /dev/null @@ -1,46 +0,0 @@ -# Default location of the slapd.conf file or slapd.d cn=config directory. If -# empty, use the compiled-in default (/etc/ldap/slapd.d with a fallback to -# /etc/ldap/slapd.conf). -SLAPD_CONF= - -# System account to run the slapd server under. If empty the server -# will run as root. - -SLAPD_USER="{{ openldap_server_user }}" - -# System group to run the slapd server under. If empty the server will -# run in the primary group of its user. -SLAPD_GROUP="{{ openldap_server_user }}" - -# Path to the pid file of the slapd server. If not set the init.d script -# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.d by -# default) -SLAPD_PIDFILE= - -# slapd normally serves ldap only on all TCP-ports 389. slapd can also -# service requests on TCP-port 636 (ldaps) and requests via unix -# sockets. -# Example usage: -# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///" -SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///" - -# If SLAPD_NO_START is set, the init script will not start or restart -# slapd (but stop will still work). Uncomment this if you are -# starting slapd via some other means or if you don't want slapd normally -# started at boot. -#SLAPD_NO_START=1 - -# If SLAPD_SENTINEL_FILE is set to path to a file and that file exists, -# the init script will not start or restart slapd (but stop will still -# work). Use this for temporarily disabling startup of slapd (when doing -# maintenance, for example, or through a configuration management system) -# when you don't want to edit a configuration file. -SLAPD_SENTINEL_FILE=/etc/ldap/noslapd - -# For Kerberos authentication (via SASL), slapd by default uses the system -# keytab file (/etc/krb5.keytab). To use a different keytab file, -# uncomment this line and change the path. -#export KRB5_KTNAME=/etc/krb5.keytab - -# Additional options to pass to slapd -SLAPD_OPTIONS="" diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/templates/tls_add.ldif.j2 b/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/templates/tls_add.ldif.j2 deleted file mode 100644 index f2bbefd3aee..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/templates/tls_add.ldif.j2 +++ /dev/null @@ -1,10 +0,0 @@ -dn: cn=config -changetype: modify -add: olcTLSCACertificateFile -olcTLSCACertificateFile: {{ ssl_dir_certs }}/ca_server.pem -- -add: olcTLSCertificateFile -olcTLSCertificateFile: {{ ssl_dir_certs }}/{{ openldap_cert_name }} -- -add: olcTLSCertificateKeyFile -olcTLSCertificateKeyFile: {{ ssl_dir_private }}/{{ openldap_key_name }} diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/templates/tls_replace.ldif.j2 b/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/templates/tls_replace.ldif.j2 deleted file mode 100644 index 40af5a77bec..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/templates/tls_replace.ldif.j2 +++ /dev/null @@ -1,10 +0,0 @@ -dn: cn=config -changetype: modify -replace: olcTLSCACertificateFile -olcTLSCACertificateFile: {{ ssl_dir_certs }}/ca_server.pem -- -replace: olcTLSCertificateFile -olcTLSCertificateFile: {{ ssl_dir_certs }}/{{ openldap_cert_name }} -- -replace: olcTLSCertificateKeyFile -olcTLSCertificateKeyFile: {{ ssl_dir_private }}/{{ openldap_key_name }} diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/vars/main.yml b/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/vars/main.yml deleted file mode 100644 index dd61e48ca2b..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/openldap/vars/main.yml +++ /dev/null @@ -1,10 +0,0 @@ -default_db_dn: "olcDatabase={1}mdb,cn=config" -group_members: - - {name: Hydra, gid: 101, memberUid: [kraken] } - - {name: Geniuses, gid: 102, memberUid: [hulk, ironman, selvig] } - - {name: SHIELD, gid: 103, memberUid: [hulk, hawkeye, blackwidow, fury, phil, cap, thor, ironman] } - - {name: Philanthropists, gid: 104, memberUid: [hulk, thor, ironman] } - - {name: Avengers, gid: 105, memberUid: [hulk, hawkeye, blackwidow, fury, cap, thor, ironman] } - - {name: Gods, gid: 106, memberUid: [thor, odin] } - - {name: Playboys, gid: 107, memberUid: [ironman] } - - {name: Billionaries, gid: 108, memberUid: [ironman] } diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/files/attribute-resolver.xml b/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/files/attribute-resolver.xml deleted file mode 100644 index 9ee1bd3f178..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/files/attribute-resolver.xml +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - uid mail cn - - - - - - - - cn - - - - - - diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/handlers/main.yml b/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/handlers/main.yml deleted file mode 100644 index f3d67396f50..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Restart Tomcat Service - become: yes - service: name=tomcat8 state=restarted enabled=yes diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/tasks/main.yml b/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/tasks/main.yml deleted file mode 100644 index 275a7ca9d9f..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/tasks/main.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- -- name: Download Shibboleth IdP - get_url: - url: "http://shibboleth.net/downloads/identity-provider/{{ shib_idp_version }}/shibboleth-identity-provider-{{ shib_idp_version }}.tar.gz" - timeout: 30 - dest: "/tmp/shibboleth-identity-provider-{{ shib_idp_version }}.tar.gz" - sha256sum: 8bd852dcdc7e6729ee645c0374a3c476b152fa24506fb86ffec33dfd190e607c - -- name: Create base directory for shibboleth idp - file: - path: "{{ shib_installdir }}" - state: directory - owner: "{{ ansible_ssh_user }}" - -- name: Extract shibboleth - unarchive: - src: "/tmp/shibboleth-identity-provider-{{ shib_idp_version }}.tar.gz" - dest: "{{ shib_installdir }}" - remote_src: yes - -- name: Copying shibboleth idp install files - template: - src: idp.properties.j2 - dest: "{{ shib_installdir }}/shibboleth-identity-provider-{{ shib_idp_version }}/bin/idp.properties" - -- name: Copying shibboleth ldap properties - template: - src: ldap.properties.j2 - dest: "{{ shib_installdir }}/shibboleth-identity-provider-{{ shib_idp_version }}/bin/ldap.properties" - -- name: Copy silent installation file - template: - src: idp.silent.params.j2 - dest: "{{ shib_installdir }}/shibboleth-identity-provider-{{ shib_idp_version }}/bin/idp.silent.params" - -- name: Install Shibboleth IdP - shell: "{{ shib_installdir }}/shibboleth-identity-provider-{{ shib_idp_version }}/bin/install.sh -propertyfile {{ shib_installdir }}/shibboleth-identity-provider-{{ shib_idp_version }}/bin/idp.silent.params" - environment: - JAVA_HOME: "{{ java_home }}" - args: - creates: "{{ shib_home }}" - -- name: Turn on log debugging level - ignore_errors: yes - replace: - path: "{{ shib_home }}/conf/logback.xml" - regexp: '' - replace: "" - -# HACK! -- name: Fix metadata error because of port after hostname - replace: - path: "{{ shib_home }}/metadata/idp-metadata.xml" - regexp: "({{ shib_dns_name }}):8443" - replace: '\1' - -- name: Fetch idp metadata - fetch: - src: "{{ shib_home }}/metadata/idp-metadata.xml" - dest: "generated/" - flat: yes - -- name: Setting attr resolve/release policy and enable unverified RPs - copy: - src: "{{ item }}" - dest: "{{ shib_home }}/conf/{{ item }}" - mode: 0600 - with_items: - - attribute-resolver.xml - - attribute-filter.xml - - relying-party.xml - -- name: Change owner and group for Shibboleth IdP - file: - path: "{{ shib_home }}" - recurse: yes - owner: tomcat8 - group: tomcat8 - -- name: Copy shib war descriptor to Catalina localhost - template: - src: idp.xml.j2 - dest: /etc/tomcat8/Catalina/localhost/idp.xml - owner: tomcat8 - group: tomcat8 - notify: Restart Tomcat Service - -... diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/templates/idp.properties.j2 b/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/templates/idp.properties.j2 deleted file mode 100644 index 0b7f0f76f2a..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/templates/idp.properties.j2 +++ /dev/null @@ -1,4 +0,0 @@ -idp.entityID=https://test.shibboleth.elastic.local/ -idp.scope=test.elastic.co -idp.sealer.storePassword={{ idp_sealer_password }} -idp.sealer.keyPassword={{ idp_sealer_password }} diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/templates/idp.silent.params.j2 b/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/templates/idp.silent.params.j2 deleted file mode 100644 index dd919887ad9..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/templates/idp.silent.params.j2 +++ /dev/null @@ -1,8 +0,0 @@ -idp.noprompt="true" -idp.host.name={{ shib_dns_name }} -idp.src.dir={{ shib_installdir }}/shibboleth-identity-provider-{{ shib_idp_version }}/ -idp.target.dir={{ shib_installdir }}/shibboleth-idp/ -idp.sealer.password={{ idp_sealer_password }} -idp.keystore.password={{ idp_keystore_password }} -idp.merge.properties={{ shib_installdir }}/shibboleth-identity-provider-{{ shib_idp_version }}/bin/idp.properties -ldap.merge.properties={{ shib_installdir }}/shibboleth-identity-provider-{{ shib_idp_version }}/bin/ldap.properties diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/templates/idp.xml.j2 b/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/templates/idp.xml.j2 deleted file mode 100644 index db75a533f8d..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/templates/idp.xml.j2 +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - - diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/templates/ldap.properties.j2 b/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/templates/ldap.properties.j2 deleted file mode 100644 index 939effe589f..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/shibboleth/templates/ldap.properties.j2 +++ /dev/null @@ -1,11 +0,0 @@ -idp.authn.LDAP.authenticator = bindSearchAuthenticator -idp.authn.LDAP.ldapURL = ldap://{{ ansible_fqdn }}:389 -idp.authn.LDAP.useStartTLS = true -idp.authn.LDAP.sslConfig = certificateTrust -idp.authn.LDAP.trustCertificates= {{ ssl_dir_certs }}/ca_server.pem -idp.authn.LDAP.baseDN = ou=people,{{ ldap_domain_dn }} -idp.authn.LDAP.subtreeSearch = true -idp.authn.LDAP.userFilter = (uid={user}) -idp.authn.LDAP.bindDN = cn=admin,{{ ldap_domain_dn }} -idp.authn.LDAP.bindDNCredential = {{ ldap_password }} -idp.authn.LDAP.dnFormat = uid=%s,ou=people,{{ ldap_domain_dn }} diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/tomcat-8/handlers/main.yml b/x-pack/test/idp-fixture/src/main/resources/provision/roles/tomcat-8/handlers/main.yml deleted file mode 100644 index f3d67396f50..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/tomcat-8/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Restart Tomcat Service - become: yes - service: name=tomcat8 state=restarted enabled=yes diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/tomcat-8/tasks/main.yml b/x-pack/test/idp-fixture/src/main/resources/provision/roles/tomcat-8/tasks/main.yml deleted file mode 100644 index e018e58f9ba..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/tomcat-8/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- - -- name: Install Tomcat 8 - apt: - name: tomcat8 - update_cache: yes - state: latest - -- name: Add tomcat8 service user to the ssl-cert group - user: - name: tomcat8 - append: yes - groups: ssl-cert - -- name: Enable HTTPS connector - template: - src: server.xml.j2 - dest: /etc/tomcat8/server.xml - group: tomcat8 - mode: 0640 - notify: Restart Tomcat Service -... diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/roles/tomcat-8/templates/server.xml.j2 b/x-pack/test/idp-fixture/src/main/resources/provision/roles/tomcat-8/templates/server.xml.j2 deleted file mode 100644 index 62ba3233223..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/roles/tomcat-8/templates/server.xml.j2 +++ /dev/null @@ -1,147 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/x-pack/test/idp-fixture/src/main/resources/provision/vars/default.yml b/x-pack/test/idp-fixture/src/main/resources/provision/vars/default.yml deleted file mode 100644 index de2c85f4ea3..00000000000 --- a/x-pack/test/idp-fixture/src/main/resources/provision/vars/default.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -ssl_dir: /etc/ssl -ssl_dir_private: "{{ ssl_dir }}/private" -ssl_dir_certs: "{{ ssl_dir }}/certs" - -openldap_server_user: openldap -openldap_key_name: ldap_server.key -openldap_cert_name: ldap_server.pem - -ldap_password: NickFuryHeartsES -ldap_domain: oldap.test.elasticsearch.com -ldap_domain_dn: "dc={{ ldap_domain.split('.')[0] }},dc={{ ldap_domain.split('.')[1] }},dc={{ ldap_domain.split('.')[2] }},dc={{ ldap_domain.split('.')[3] }}" - -tomcat_key_name: tomcat_server.key -tomcat_cert_name: tomcat_server.pem -tomcat_keystore_name: tomcat_server.p12 -tomcat_keystore_pass: secret -tomcat_key_alias: tomcat - -shib_idp_version: 3.3.1 -shib_installdir: /opt -shib_home: "{{ shib_installdir }}/shibboleth-idp" -shib_dns_name: "{{ ansible_fqdn }}:60443" -idp_sealer_password: secret -idp_keystore_password: secret1 -...