Releases

From Guanxi

Jump to: navigation, search

Contents

Guanxi SP 2.2.0 released 2/3/10

Beans

  • v1.4.3
  • Updated xsd/guanxi-sp.xsd, added GPSService to engineInfoType. Removed AuthConsumerURL, WAYFLocationService, SAML2WBSSOService. Removed TrustStore, TrustStorePassword, Keystore, KeystorePassword, CertificateAlias, KeyType, Profiles from Guard

Common

  • v2.0.7
  • Updated org.guanxi.common.Bag. Can also now emit to and construct from JSON

Core

  • v2.0.6
  • Updated pom.xml Made junit scope of test

Engine

  • v2.2.0
  • Added org.guanxi.sp.engine.service.generic.GenericProfileService
  • Updated org.guanxi.sp.engine.service.shibboleth.AuthConsumerServiceThread. Now sends the attributes to the Guard in JSON format
  • Updated org.guanxi.sp.engine.service.saml2.WebBrowserSSOAuthConsumerService. Now sends the attributes to the Guard in JSON format
  • Removed org.guanxi.sp.engine.service.saml2.WebBrowserSSOService. Replaced by org.guanxi.sp.engine.service.saml2.SAML2ProfileService
  • Removed org.guanxi.sp.engine.service.shibboleth.WAYFLocationService. Replaced by org.guanxi.sp.engine.service.shibboleth.ShibbolethProfileService
  • Updated WEB-INF/web.xml. Added servlet mapping for /gps/*
  • Updated /src/main/resources/log4j.properties. Removed WebBrowserSSOService, WAYFLocationService. Added GenericProfileService, SAML2ProfileService, ShibbolethProfileService
  • Added src/main/webapp/WEB-INF/guanxi_sp_engine/jsp/shibboleth/wayf.jsp
  • Added src/main/webapp/WEB-INF/guanxi_sp_engine/config/profiles/generic/generic-profile-service.xml
  • Added src/main/webapp/WEB-INF/guanxi_sp_engine/config/services/generic/generic-profile-service.xml
  • Removed src/main/webapp/WEB-INF/guanxi_sp_engine/config/services/saml2/web-browser-sso-service.xml
  • Removed src/main/webapp/WEB-INF/guanxi_sp_engine/config/services/saml2/wayf-location-service.xml
  • Updated src/main/webapp/WEB-INF/guanxi_sp_engine/config/profiles/saml2/web-browser-sso.xml. Removed /s2/wbsso
  • Updated src/main/webapp/WEB-INF/guanxi_sp_engine/config/profiles/shibboleth/shibboleth.xml. Removed WAYF location service

Guard

  • v2.2.0
  • Updated org.guanxi.sp.guard.GuardBase. Added gotoEngineGPS. Removed all keystore, truststore and config file processing. The Guard now redirects the browser to the Engine where the profile is decided
  • Updated org.guanxi.sp.guard.Guard. Now delegates all profile selection to the Engine via gotoEngineGPS
  • Updated org.guanxi.sp.guard.Logout to use logj4 instead of commons logging
  • Updated org.guanxi.sp.guard.AttributeConsumer. Now constructs a Bag of attributes directly from the JSON from the Engine
  • Removed org.guanxi.sp.guard.Profile
  • Updated src/main/webapp/WEB-INF/web.xml. url-pattern set to /protected/*
  • Updated src/main/webapp/WEB-INF/guanxi_sp_guard/config/guanxi-sp-guard.xml. Added GPSService to EngineInfo. Removed all other Engine, Profile, Truststore and Keystore sections
  • Removed src/main/webapp/free, src/main/webapp/s2wbsso, src/main/webapp/s2wbsso-redirect
  • Removed src/main/webapp/WEB-INF/guanxi_sp_guard/keystore
  • Removed src/main/webapp/WEB-INF/guanxi_sp_guard/truststore
  • Updated src/main/php/.htaccess. Updated for new JSON and multi profile Engine compatibility
  • Updated src/main/php/config.php. Updated for new JSON and multi profile Engine compatibility
  • Updated src/main/php/GuanxiAttributeConsumerService.php. Updated for new JSON and multi profile Engine compatibility
  • Updated src/main/php/GuanxiGuard.php. Updated for new JSON and multi profile Engine compatibility
  • Updated src/main/php/GuanxiPodderService.php. Updated for new JSON and multi profile Engine compatibility
  • Updated src/main/php/GuanxiSessionVerifierService.php. Updated for new JSON and multi profile Engine compatibility
  • Updated src/main/php/headers.php. Updated for new JSON and multi profile Engine compatibility
  • Updated src/main/php/Pod.php. Updated for new JSON and multi profile Engine compatibility
  • Added src/main/php/metadata.xml

Guanxi IdP 2.2.1 released 24/2/10

  • Updated org.guanxi.idp.service.shibboleth.AttributeAuthority. Fixed bug where it was always replying with a NameIdentifier Format of urn:mace:shibboleth:1.0:nameIdentifier, causing some SPs to reject the assertion

Guanxi IdP 2.2.0, Guanxi SP Engine 2.1.0, Guanxi SP Guard 2.1.0 released 23/2/10

Beans

  • v1.4.2
  • Updated xsd/guanxi_sp.xsd. Added Guard multiprofile support. Added friendlyName to attributorAttributeType. Added friendlyName to mapType
  • Updated xsd/guanxi_sp.xsd. Added KeyType to Guard
  • Updated xsd/guanxi.xsdconfig. Added Guard multiprofile support

Common

  • v2.0.6
  • Added org.guanxi.common.definitions.EduPersonOID
  • Updated org.guanxi.common.definitions.SAML, added SAML2 definitions
  • Updated org.guanxi.common.definitions.Guanxi. Added WAYF_PARAM_GUARD_BINDING
  • Updated org.guanxi.common.security.SecUtils. Updated sign. Now gets the algorithm from the private key
  • Updated org.guanxi.common.security.SecUtils. Updated createSelfSignedKeystore to take a key type parameter to handle DSA and RSA keys
  • Updated org.guanxi.common.trust.TrustUtils::getX509CertFromSignature, getX509CertFromSignature and verifySignature to handle SAML2 as well as SAML1
  • Updated org.guanxi.common.Utils. Added base64(byte[] data). Added inflate, deflate and supporting constants
  • Updated org.guanxi.common.TrustUtils. Updated setIdNode to handle SAML2 ID

Core

  • v2.0.5
  • Updated pom.xml. Added sourceEncoding and outputEncoding for UTF-8
  • Updated messages/idp.properties, added some error messages
  • Updated messages/sp.properties, added some error messages
  • Deleted all unused messages/*.properties files

IdP

  • v2.2.0
  • Updated org.guanxi.idp.service.shibboleth.SSO. Updated handleRequestInternal to stop and display an error if it can't sign the Response
  • Updated org.guanxi.idp.service.AuthHandler. Added error checking to addRequiredParamsAsPrefixedAttributes
  • Updated org.guanxi.idp.service.shibboleth.AttributeAuthority. Updated preHandle to use a BufferedReader
  • Updated org.guanxi.idp.farm.attributors.Attributor. Removed arp and mapper and updated getAttributes to take them as params
  • Updated org.guanxi.idp.farm.attributors.FlatFileAttributor. Updated getAttributes to accept arp and mapper instead of having them injected at startup. Removed setCurrentUserAttrbiutesInMapper. Added packageAttributesForMapper
  • Updated org.guanxi.idp.farm.attributors.JDBCAttributor. Updated getAttributes to accept arp and mapper instead of having them injected at startup. Added packageAttributesForMapper
  • Updated org.guanxi.idp.farm.attributors.LDAPAttributor. Updated getAttributes to accept arp and mapper instead of having them injected at startup. Removed setCurrentUserAttrbiutesInMapper. Added packageAttributesForMapper
  • Updated org.guanxi.idp.farm.attributors.SimpleAttributor. ARP engine and mapper are not passed in instead of being injected at startup in order to support multiple attribute profiles
  • Updated org.guanxi.idp.service.shibboleth.AttributeAuthority. Now has ARP engine and mapper injected which it passes to the attributors, to allow multiple attribute profile support
  • Updated org.guanxi.idp.util.AttributeMap. map now returns a GuanxiAttribute instead of boolean. The class no longer stores mapped state. All mapped names and values are stored in the generated GuanxiAttribute.
  • Updated org.guanxi.idp.service.GenericAuthHandler. Added profile support to addRequiredParamsAsPrefixedAttributes
  • Updated org.guanxi.idp.service.AuthHandler. Added FORM_METHOD_ATTRIBUTE
  • Updated org.guanxi.idp.attribute.AttributeTest. Added arp-engine.xml and aa-service.xml to attributorConfigFiles
  • Updated org.guanxi.idp.attribute.DBAttributeTest. Now injects ARP and mapper into AttributeAuthority
  • Updated org.guanxi.idp.attribute.FlatFileAttributeTest. Now injects ARP and mapper into AttributeAuthority
  • Updated org.guanxi.idp.Paths. Added arp-engine.xml and aa-service.xml. Added saml2map.xml
  • Updated org.guanxi.idp.attribute.AttributeTestSuite. Added FlatFileAttributeSAML2Test
  • Updated org.guanxi.idp.attribute.FlatFileAttributeTest. Changed it to use the arp engine and shibboleth mapper directly
  • Updated org.guanxi.idp.persistence.db.JDBCPersistenceEngine. Added more logging
  • Added org.guanxi.idp.service.generic.GenericGuanxiPrincipalFactory
  • Added org.guanxi.idp.service.GenericAuthHandler
  • Added org.guanxi.idp.service.saml2.WebBrowserSSO
  • Added org.guanxi.idp.service.saml2.WebBrowserSSOAuthHandler
  • Added org.guanxi.idp.service.SSOBase
  • Added org.guanxi.idp.util.GuanxiAttribute
  • Added org.guanxi.idp.attribute.FlatFileAttributeSAML2Test
  • Added src/main/webapp/WEB-INF/guanxi_idp/config/spring/profiles/generic/principal-factory.xml
  • Added src/main/webapp/WEB-INF/guanxi_idp/config/spring/profiles/saml2/web-browser-sso.xml
  • Added src/main/webapp/WEB-INF/guanxi_idp/config/spring/profiles/saml2/web-browser-sso-service.xml
  • Added src/main/webapp/WEB-INF/guanxi_idp/config/spring/services/saml2/web-browser-sso-auth-service.xml
  • Added src/main/webapp/WEB-INF/guanxi_idp/jsp/saml2/http-post.jsp
  • Added src/main/webapp/WEB-INF/guanxi_idp/jsp/saml2/http-redirect.jsp
  • Added src/main/webapp/WEB-INF/guanxi_idp/config/shared/custom-arps/arp-bags-saml2.xml
  • Added src/main/webapp/WEB-INF/guanxi_idp/config/shared/saml2map.xml
  • Added src/main/webapp/WEB-INF/guanxi_idp/config/shared/custom-maps/saml2
  • Added src/main/webapp/WEB-INF/guanxi_idp/config/spring/farm/arp.xml
  • Added src/test/resources/contextroot/WEB-INF/guanxi_idp/config/spring/farm/arp.xml
  • Added src/test/resources/contextroot/WEB-INF/guanxi_idp/config/shared/custom-arps/arp-bags-saml2.xml
  • Added src/test/resources/contextroot/WEB-INF/guanxi_idp/config/shared/saml2map.xml
  • Updated src/main/webapp/WEB-INF/guanxi_idp/config/spring/services/url-rewriter.xml. Added WBSSO mapping
  • Updated src/main/webapp/WEB-INF/guanxi_idp/config/spring/services/ui.xml. Added WBSSO to SimpleUrlHandlerMapping mappings.
  • Updated src/main/webapp/WEB-INF/web.xml. Added SAML2 endpoints
  • Updated src/main/webapp/WEB-INF/guanxi_idp/config/shared/arp.xml. Added custom-arps/arp-bags-saml2.xml
  • Updated src/main/webapp/WEB-INF/guanxi_idp/config/shared/vars.xml. Added SAML2 attribute profile definitions for eduPerson
  • Updated src/main/webapp/WEB-INF/guanxi_idp/config/spring/farm/attributors.xml. The attributors no longer have an ARP engine and Mapper injected
  • Updated src/main/webapp/WEB-INF/guanxi_idp/config/spring/farm/mapper.xml. Renamed attributeMapper to shibbolethAttributeMapper and added saml2AttributeMapper
  • Updated src/main/webapp/WEB-INF/guanxi_idp/config/spring/services/shibboleth/aa-service.xml. ARP engine and Mapper are now injected here instead of each attributor
  • Updated src/main/webapp/WEB-INF/guanxi_idp/config/jsp/authenticator.jsp. Form method now depends on profile
  • Updated src/test/resources/contextroot/WEB-INF/guanxi_idp/config/spring/farm/attributors.xml. The attributors no longer have an ARP engine and Mapper injected
  • Updated src/test/resources/contextroot/WEB-INF/guanxi_idp/config/spring/farm/mapper.xml. Renamed attributeMapper to shibbolethAttributeMapper and added saml2AttributeMapper
  • Updated src/test/resources/contextroot/WEB-INF/guanxi_idp/config/spring/services/shibboleth/aa-service.xml. ARP engine and Mapper are now injected here instead of each attributor
  • Updated src/test/resources/contextroot/WEB-INF/guanxi_idp/config/shared/arp.xml. Added arp-bags-saml2.xml
  • Updated src/test/resources/contextroot/WEB-INF/guanxi_idp/config/shared/custom-arps/arp-providers.xml. Added eduPersonSAML2Profile-eduperson and eduPersonSAML2Profile-common to protectedapp-guard
  • Updated src/test/resources/contextroot/WEB-INF/guanxi_idp/config/shared/vars.xml. Added SAML2 definitions
  • Added src/test/resources/contextroot/WEB-INF/guanxi_idp/config/shared/custom-maps/saml2

Engine

  • v2.1.0
  • Updated org.guanxi.sp.engine.service.shibboleth.AuthConsumerServiceThread::processGuardConnection to send the SOAP/SAML in an explicit POST variable
  • Updated org.guanxi.sp.engine.service.shibboleth.AuthConsumerServiceThread::processAAConnection to pass the hostname to the trust engine for virtual KeyName validation
  • Updated org.guanxi.sp.engine.trust.EngineTrustTest. Now loads BC provider as PKIX path validation requires it. Now checks that PKIX path validation fails as the certs have expired.
  • Updated org.guanxi.sp.engine.Bootstrap. Now passes the key type to createSelfSignedKeystore
  • Updated org.guanxi.sp.engine.form.RegisterGuardFormController. Updated createGuardMetadataFile to create SAML2 metadata with embedded signing and encryption certs
  • Updated src/main/resources/log4j.properties. Fixed bug with GuardVerifier. Added WebBrowserSSOService and WebBrowserSSOAuthConsumerService
  • Updated src/main/webapp/WEB-INF/web.xml. Added SAML2 endpoints.
  • Updated src/main/webapp/WEB-INF/guanxi_sp_engine/config/spring/application/config.xml. Changed keyType to RSA to support encryption
  • Added org.guanxi.sp.engine.security.GuardVerifier
  • Added org.guanxi.sp.engine.service.saml2.WebBrowserSSOAuthConsumerService
  • Added org.guanxi.sp.engine.service.saml2.WebBrowserSSOService
  • Updated org.guanxi.sp.engine.service.shibboleth.AuthConsumerService. Added getPodderURL. Updated () to use getPodderURL() (targetconnect)
  • Updated org.guanxi.sp.engine.service.shibboleth.WAYFLocationService. Added getLookupGuardId. Updated handleRequestInternal() to use getLookupGuardId() (targetconnect)
  • Added src/main/webapp/WEB-INF/guanxi_sp_engine/config/spring/profiles/saml2/web-browser-sso.xml
  • Added src/main/webapp/WEB-INF/guanxi_sp_engine/config/spring/security/guard-verifier.xml
  • Added src/main/webapp/WEB-INF/guanxi_sp_engine/config/spring/services/saml2/web-browser-sso-auth-consumer-service.xml
  • Added src/main/webapp/WEB-INF/guanxi_sp_engine/config/spring/services/saml2/web-browser-sso-service.xml
  • Added src/main/webapp/WEB-INF/guanxi_sp_engine/jsp/saml2/http-post.jsp
  • Added src/main/webapp/WEB-INF/guanxi_sp_engine/jsp/saml2/http-redirect.jsp

Guard

  • v2.1.0
  • Updated org.guanxi.sp.guard.Guard to URL encode the WAYF URL and parameters
  • Updated org.guanxi.sp.guard.AttributeConsumer::process to read the SOAP/SAML from the Engine from an explicit request parameter instead of reading from the InputStream. This fixes problems when running in Blackboard.
  • Updated org.guanxi.sp.guard.AttributeConsumer. Refactored process() to make it more efficient for handling SAML1 and SAML2 attributes. Added processSAML1Response, processSAML2Response
  • Updated org.guanxi.sp.guard.Guard. Now extends GuardBase. Added multiprofile support with explicit support for SAML2 Web Browser SSO Profile.
  • Updated org.guanxi.sp.guard.Guard. Updated doFilter to dynamically work out cookie name based on postProcessGetGuardId. Also calls preSuccessFilterChain before finishing the chain (targetconnect)
  • Updated org.guanxi.sp.guard.Guard. Now adds the cookie name to the GuardRequest to let applications logout by destroying the Pod.
  • Updated org.guanxi.sp.guard.GuardRequest. Added setGuardCookieName
  • Added org.guanxi.sp.guard.GuardBase
  • Updated org.guanxi.sp.guard.GuardBase. Added getLogoutPage, checkSkipFilter, preSuccessFilterChain, postProcessGetGuardId. Updated initEngineComms to use postProcessGetGuardId. Updated gotoWAYF to use postProcessGetGuardId. Updated passthru to use checkSkipFilter (targetconnect)
  • Added org.guanxi.sp.guard.Profile
  • Updated org.guanxi.sp.guard.GuardRequest. Added headersContain (targetconnect)
  • Updated org.guanxi.sp.guard.Logout. Added logging. Added postProcessGetGuardId, getLogoutMessageAttributeName, getLogoutSuccessMessage, getLogoutErrorMessage, getLogoutResource (targetconnect)
  • Updated org.guanxi.sp.guard.Podder. Added postProcessGetGuardId. process() now lets the Guard ID be handled dynamically (targetconnect)
  • Updated org.guanxi.sp.guard.SessionVerifier. Added processExtendedVerificationAttributes. Updated process() to allow extended attributes (targetconnect)
  • Added src/main/webapp/free/index.html
  • Added src/main/webapp/s2wbsso/headers.jsp
  • Added src/main/webapp/s2wbsso-redirect/headers.jsp
  • Updated src/main/resources/log4j.properties. Fixed bug with Podder configuration.
  • Updated src/main/webapp/protected/headers.jsp. Changed logout URLs to https
  • Updated src/main/webapp/WEB-INF/guanxi_sp_guard/config/guanxi-sp-guard.xml. Added EngineInfo/SAML2WBSSOService. Added Profiles. Added KeyType.
  • Updated src/main/webapp/WEB-INF/web.xml. Guanxi Resource Guard now hooks all URLs.

Guanxi IdP 2.1.1 released 4/12/09

Common

  • v2.0.5
  • Updated org.guanxi.common.trust.impl.ShibbolethTrustEngineImpl to use updated embedded key validation
  • Updated org.guanxi.common.trust.TrustUtils, removed validateWithEmbeddedCert(), added validateEmbeddedCert() to fully implement public key comparison for checking message/tls keys with metadata keys. Added hostname to the metadata validating process to support virtual KeyName validation.
  • Updated org.guanxi.common.trust.TrustUtils::validateClientCert to use validateEmbeddedCert for explicit key validation.
  • Updated org.guanxi.common.trust.TrustUtils::validateX509WithKeyName to use the hostname as a “virtual” KeyName as per the Shibboleth spec.
  • Updated org.guanxi.common.trust.TrustUtils::validateCertPath to full PKIX path validation.
  • Updated org.guanxi.common.metadata.Metadata to store the hostname of a validation session
  • Updated org.guanxi.common.metadata.impl.GuanxiSAML2MetadataImpl for the new hostname methods

IdP

  • v2.1.1
  • Updated org.guanxi.idp.farm.attributors.SimpleAttributor, added arp(), map() and added config file loading to init(). Added abstract getAttributes()
  • Updated org.guanxi.idp.farm.attributors.JDBCAttributor, to use base class arp() and map() methods
  • Updated org.guanxi.idp.farm.attributors.JDBCAttributor::getAttributes to not throw GuanxiException as it breaks the attribute flow
  • Updated org.guanxi.idp.farm.attributors.FlatFileAttributor, to use base class arp() and map() methods
  • Updated org.guanxi.idp.farm.attributors.LDAPAttributor, to use base class arp() and map() methods
  • Updated org.guanxi.idp.trust.impl.IdPTrustEngineImpl to pass the hostname to the trust engine for virtual KeyName validation

Guanxi IdP 2.1.0 released 17/11/09

Common

  • v2.0.4
  • Updated org.guanxi.common.definitions.Guanxi, added REQUEST_PARAMETER_SAML_ATTRIBUTES

IdP

  • v2.1.0
  • Updated WEB-INF/guanxi_idp/config/spring/farm/var-engine.xml with varFile path to vars.xml
  • Updated org.guanxi.idp.service.shibboleth.AttributeAuthority to fix NullPointerException on Tomcat 6 in the check for signing an attribute response
  • Updated org.guanxi.idp.service.AuthHandler::preHandle() to add improved logging
  • Added org.guanxi.idp.farm.attributors.JDBCAttributor
  • Updated WEB-INF/guanxi_idp/config/spring/farm/attributors, added dbAttributor
  • Added org.guanxi.idp.attribute.DBAttributeTest
  • Updated org.guanxi.idp.attribute.AttributeTest, added DBAttributeTest support
  • Updated org.guanxi.idp.IdPTest, added DBAttributeTest support
  • Updated test/resources/contextroot.WEB-INF.guanxi_idp.config/spring/farm/attributors.xml, added dbAttributor for embedded Derby database
  • Updated WEB-INF/classes/log4j.properties, added JDBCAttributor

Guanxi SP Engine 2.0.2 released 11/6/09

Engine

  • v2.0.2
  • WEB-INF/config/spring/application/entity.xml, updated spEntityFarm, local-metadata is now handled by spLocalSAML2EntityManager
  • Updated org.guanxi.sp.engine.job.SAML2MetadataParser to improve refreshing metadata, eliminating periods of no metadata while parsing new entities
  • Updated WEB-INF/guanxi_sp_engine/jsp/process.jsp to use fmt tags instead of loading ResourceBundle using Accept-Language header
  • Updated WEB-INF/guanxi_sp_engine/config, removed guard_template.zip as it’s no longer used.

Guanxi IdP 2.0.3 released 1/6/09

Beans

  • v1.4.1
  • Updated xsd/guanxi-idp.xsd, added vars element
  • Updated pom.xml, Added sourceGenerationDirectory src

Common

  • v2.0.3
  • Updated org.guanxi.common.filters.ProperFilterWriter, improved error handling
  • Added unit tests
  • Updated org.guanxi.common.job.ShibbolethSAML2MetadataParser::loadCAListFromMetadata to return false if no CA list is found in the metadata

IdP

  • v2.0.3
  • Added WEB-INF/guanxi_idp/config/shared/vars.xml
  • Added org.guanxi.idp.util.VarEngine
  • Updated tests to isolate the test config from the main application config
  • Updated org.guanxi.idp.job.SAML2MetadataParser. No longer stops if no CA list found in metadata to allow local SAML2 metadata
  • Added org.guanxi.idp.trust.impl.IdPLocalTrustEngineImpl to allow local SAML2 metadata
  • Updated org.guanxi.idp.util.AttributeMap to allow referencing the value of another attribute when mapping
  • Updated org.guanxi.idp.farm.attributors.LDAPAttributor to pass all attributes to the mapper to allow for cross attribute mapping and referencing
  • Updated org.guanxi.idp.farm.attributors.FlatFileAttributor to pass all attributes to the mapper to allow for cross attribute mapping and referencing
  • Updated org.guanxi.idp.service.shibboleth.AttributeAuthority to fix bug where eduPersonPrincipalName was having a Scope attribute added. The scope is part of the value
  • Updated WEB-INF/guanxi_idp/config/shared/vars.xml, added ePPN.attribute definition
  • Updated WEB-INF/guanxi_idp/config/shared/custom-maps/protectedapp-maps.xml, added groupMembershipMap to illustrate referencing the value of another attribute by preceding the mappedValue with a “#”

Guanxi IdP 2.0.2 released 4/2/09

Common

  • v2.0.2
  • Added org.guanxi.common.trust.SAMLNamespaceContext to support XPath
  • Updated org.guanxi.common.trust.TrustUtils. Modified verifySignature() to support ID attribute ResponseID
  • Updated org.guanxi.common.metadata.SPMetadata. Changed getAssertionConsumerServiceURL() to getAssertionConsumerServiceURLs()
  • Updated org.guanxi.common.metadata.impl.GuanxiSAML2MetadataImpl to implement getAssertionConsumerServiceURLs()
  • Updated org.guanxi.common.EduPerson, added EDUPERSON_NO_SCOPE_DEFINED
  • Updated org.guanxi.common.entity.EntityManager. Changed removeMetadata to removeAllMetadata and added removeMetadata
  • Updated org.guanxi.common.entity.impl.GuanxiEntityManagerImpl for new interface methods
  • Updated org.guanxi.common.job.ShibbolethSAML2MetadataParser, added loadEntityManager
  • Updated org.guanxi.common.trust.TrustUtils::compareX509SubjectWithKeyName to support EMAILADDRESS as first entry in DN instead of CN

IdP

  • v2.0.2
  • Updated org.guanxi.idp.trust.impl.IdPTrustEngineImpl. Changed trustEntity() to use new getAssertionConsumerServiceURLs() method. This fixes a bug where shire validation fails if more than one AssertionConsumerService with a binding of urn:oasis:names:tc:SAML:1.0:profiles:browser-post is present
  • Updated org.guanxi.idp.metadata.SPMetadataTest for new metadata method
  • Updated org.guanxi.idp.util.AttributeMap::loadMaps to fix bug where including var nodes in the map file caused the maps not to be loaded
  • Updated org.guanxi.idp.service.shibboleth.AttributeAuthority::addAttributesFromFarm to fix bug where a missing scope on a scoped attribute caused a crash
  • Updated org.guanxi.idp.job.SAML2MetadataParser to improve refreshing metadata, eliminating periods of no metadata while parsing new entities
  • Updated org.guanxi.idp.util.AttributeMap::map to support interpolation of providerId in an attribute map
  • Updated org.guanxi.idp.util.AttributeMap::map to fix bug where unique attribute values are the same for all users.
  • Updated WEB-INF/guanxi_idp/config/spring/farm/persistence.xml, added autoReconnect=true to JDBCPersistenceEngine::connectionString
  • Updated org.guanxi.idp.service.AuthHandler::preHandle to log missing parameters

Guanxi 2.0.1 modules released 19/12/08

Core

  • v2.0.1
  • messages/idp.properties, Added text for browser_post_response.jsp
  • messages/sp.properties, Added messages for the new threaded processing of attributes

Common

  • v2.0.1
  • org.guanxi.common.Utils, added public static byte[] read(InputStream in) throws GuanxiException
  • org.guanxi.common.Utils, Updated writeSAML2MetadataToDisk() to remove unused StringWriter
  • org.guanxi.common.entity.impl.GuanxiEntityManagerImpl, optimised Optimised handlesEntity()
  • org.guanxi.common.security.Cert, Updated getCertificate() to close stream
  • org.guanxi.common.security.SecUtils, Updated to close all streams
  • org.guanxi.common.EntityConnection, Now only has a single connection object and it makes a lot of the methods a lot more compact. It also references the Utils.read method
  • org.guanxi.common.trust.TrustUtils, Updated to handle trust via the back channel connection to an AA. In this case, the cert comes from the connection and not signed SAML.
  • org.guanxi.common.trust.impl.ShibbolethTrustEngineImpl, Updated trustEntity() to handle back channel AA connections

IdP:

  • v2.0.1
  • org.guanxi.idp.farm.attributors.FlatFileAttributor, Fixed bug with debug message
  • WEB-INF/guanxi_idp/jsp/shibboleth/ists/browser_post_response.jsp, Added Guanxi styling and localised message
  • Added readme.txt to WEB-INF/guanxi_idp/logs to stop it being removed by CVS
  • WEB-INF/guanxi_idp/config/spring/application/bootstrap.xml, Updated to idpBootstrap id to allow coexistence with Engine

Engine

  • v2.0.1
  • org.guanxi.sp.engine.Config, Updated init() to distinguish between relative and absolute paths
  • WEB-INF/guanxi_sp_engine/config/spring/services/shibboleth/auth-consumer-service.xml, Added errorViewSimpleVar
  • WEB-INF/guanxi_sp_engine/config/spring/profiles/shibboleth/shibboleth.xml, Added mapping for /shibb/process
  • WEB-INF/guanxi_sp_engine/jsp/process.jsp, added page for the attribute consumer service thread to display status on attribute exchange between IdP, Engine and Guard
  • WEB-INF/guanxi_sp_engine/jsp/message.jsp, Added <c:out value="${nice}" />
  • WEB-INF/guanxi_sp_engine/config/spring/services/shibboleth/auth-consumer-service.xml, Added messageSource
  • org.guanxi.sp.engine.service.shibboleth.AuthConsumerService, Refactored to use a separate thread to process attributes from the AA and send them to the Guard. Supplied by matthew
  • org.guanxi.sp.engine.service.shibboleth.AuthConsumerServiceThread, added as a thread that can be used to perform the ACS process in the background. Supplied by matthew
  • org.guanxi.sp.engine.service.shibboleth.AuthConsumerService, Updated acs() to pass entity and trust info to the thread
  • org.guanxi.sp.engine.service.shibboleth.AuthConsumerServiceThread, Updated processAAConnection() to trust the AA
  • Added readme.txt to WEB-INF/guanxi_sp_engine/logs to stop it being removed by CVS
  • WEB-INF/guanxi_sp_engine/config/spring/application/bootstrap.xml, Updated to engineBootstrap id to allow coexistence with IdP

Guard

  • v2.0.1
  • Added readme.txt to WEB-INF/guanxi_sp_guard/logs to stop it being removed by CVS

Guanxi 2 released 26/11/08

Major upgrade to Spring, Maven and Quartz. Engine and Guard now separate modules.

Codename "haggis" 23/1/08

IdP

  • v1.4.4
  • Updated org.guanxi.idp.SSO::doAuthenticator to allow different authenticator pages for different service providers.
  • Updated WEB-INF/guanxi_idp/config/idp.xml. Added authenticator-pages with default authenticator page.
  • Updated WEB-INF/web.xml. Removed authenticator-url init-param as the customised auth pages now come from idp.xml
  • Updated WEB-INF/guanxi_idp/jsp/shibboleth/ists/browser_post_response.jsp to remove the “target” query parameter from the shire URL. This was causing problems interoperating with the I2 Shibboleth 2.0 SP. The Guanxi SP should use the TARGET parameter in the form.
  • Updated org.guanxi.idp.attributors.FlatFileAttributor and org.guanxi.idp.attributors.LDAPAttributor to use the new AttributeMap.
  • Updated WEB-INF/guanxi_idp/config/shared/custom-arps/arp-bags.xml with new flat file attribute maps
  • Updated WEB-INF/guanxi_idp/config/shared/custom-maps/map-providers.xml with new flat file attribute maps
  • Updated WEB-INF/guanxi_idp/config/shared/custom-maps/protectedapp-maps.xml with new flat file attribute maps
  • Updated org.guanxi.idp.AA addAttributesFromFarm() to group AttributeValue nodes under their owner Attribute node.

SP

  • v1.3.5
  • Updated org.guanxi.sp.engine.Engine to first read the SOAP returned from a Guard’s Attribute Consumer Service before trying to parse it to SOAP. If a parse error occurs, the original response text from the ACS is available in the log.
  • Added contrib/php/guard. This is the PHP implementation of a Guard.
  • Added contrib/php/guard/elgg/gx.php. This is the Guanxi Guard for Elgg.

Common

  • v1.3.5
  • Updated org.guanxi.common.EntityConnection. Changed getContentAsString() to use a BufferedInputStream as relying on an InputStream and content length does not work in some situations.
  • Updated org.guanxi.common.AttributeMap to support mapping the same attribute multiple times.
  • Updated org.guanxi.common.defintions.Guanxi, added CONTEXT_ATTR_X509_CHAIN
  • Added a maven2 build

Core

  • v1.0.7
  • Updated xmlbeans/build.properties::version to 1.3.4
  • Updated xsd/guanxi_idp.xsd. Added authPageType and authenticatorPagesType.
  • Updated xsd/guanxi.xsdconfig. Added authenticatorPagesType and authPageType mappings.
  • Updated messages/errors.properties. Corrected spelling mistake.
  • Added messages/authenticator-athens.properties and messages/authenticator-athens_gd.properties.
  • Added messages/sp.properties, idp.properties, common.properties ready for Spring migration
  • Added root maven2 build file for other modules to reference
  • Added a maven2 build to xmlbeans

gx_lib

  • v1.3.9
  • Removed guanxi-beans-1.3.3.jar
  • Added guanxi-beans-1.3.4.jar
  • Added Spring2 jars

Codename "samhradh" 31/5/07

IdP

  • v1.4.3
  • Updated org.guanxi.idp.SSO to add filter support.
  • Added org.guanxi.idp.filters.GuanxiFilterFarm
  • Added org.guanxi.idp.filters.IdPFilter
  • Added org.guanxi.idp.filters.UserAccountabilityFilter. This is to support User Accountability when used in the UK federation.
  • Added WEB-INF/guanxi_idp/config/filters/filters.xml
  • Added guanxi_idp/register.jsp
  • Added Register servlet for updating idp.xml
  • Updated org.guanxi.idp.ARPEngine to allow paths relative to WEB-INF to be used for ARPs
  • Updated org.guanxi.idp.attributors.FlatFileAttributor to pass ServletContext to ARPEngine and AttributeMap for relative path resolution
  • Updated org.guanxi.idp.attributors.LDAPAttributor to pass ServletContext to ARPEngine and AttributeMap for relative path resolution
  • Updated org.guanxi.idp.attributors.BodingtonAttributor to pass ServletContext to ARPEngine for relative path resolution

SP

  • v1.3.4
  • Updated org.guanxi.sp.engine.WAYFLocation to fix bug where Guard and Engine context attributes for SSL probing were clashing
  • Updated org.guanxi.sp.engine.AttributeConsumer.process() with bug fix for an attribute with no value.
  • Updated org.guanxi.sp.engine.Engine to use Utils.SLASH
  • Updated org.guanxi.sp.engine.Engine to automatically fill in paths in the config file
  • Updated WEB-INF/config/guanxi-sp-engine.xml to use __ENGINE_APP_ROOT__ marker for paths to allow automatic config of these options
  • Updated org.guanxi.sp.engine.CA to use Utils.SLASH
  • Updated org.guanxi.sp.guard.Guard to use Utils.SLASH
  • Updated org.guanxi.sp.guard.Guard to automatically fill in truststore and keystore paths in the config file
  • Updated WEB-INF/guanxi_sp_guard/config/guanxi-sp-guard.xml to use __GUARD_APP_ROOT__ marker for truststore and keystore to allow automatic config of these options
  • Added guanxi_sp/register_idp.jsp
  • Added Register servlet
  • Updated org.guanxi.sp.engine.X509Chain to provide protected static access to loadX509CertsFromMetadata() to allow dynamic IdP registration

Common

  • v1.3.3
  • Updated org.guanxi.common.Utils to add SLASH and LINE_ENDING constants
  • Updated org.guanxi.common.definitions.Guanxi, added DEFAULT_FILTERS_CONFIG_DIR
  • Updated org.guanxi.common.AttributeMap to allow paths relative to WEB-INF to be used for Maps

Core

  • v1.0.6
  • Added xmlbeans/guanxi-filters.xsd
  • Updated xmlbeans/guanxi.xsdconfig to add filter schema support

gx_lib

  • v1.3.8
  • Updated beans to guanxi/guanxi-beans-1.3.3.jar

Guanxi IdP release 16/2/07

IdP

  • v1.4.2
  • Updated org.guanxi.idp.Logout to fix bug with non passive logout

Codename "earrach" 14/2/07

IdP

  • v1.4.1
  • Updated org.guanxi.idp.authcookiehandlers.BodingtonCookieHandler::authenticate to fix intermittent NullPointerException when authenticating via a Bodington cookie.
  • Updated WEB-INF/guanxi_idp/config/idp.xml, added ID and Cookie.
  • Updated org.guanxi.idp.SSO. Modified setup() to parse and modify existing idp.xml instead of creating new one.
  • Upadated WEB-INF/web.xml, added logout servlet.
  • Added WEB-INF/jsp/logout.jsp.
  • Added org.guanxi.idp.Logout.
  • Updated org.guanxi.idp.SSO. Now stores the GuanxiPrincipal in the servlet context and referenced via a cookie. Added logout functionality.
  • Added Logout filter.

SP

  • v1.3.3
  • Updated WEB-INF/resources/protected/headers.jsp. Added logout of SP and IdP links.
  • Updated WEB-INF/_xml/guard/guard-servlet-mapping.xml. Added Logout.
  • Updated WEB-INF/_xml/guard/guard-servlet.xml. Added Logout.
  • Added org.guanxi.sp.guard.Logout.
  • Added WEB-INF/guanxi_sp_guard/jsp/logout.jsp.
  • Updated org.guanxi.sp.guard.Guard to add guard.guanxiGuardlogout to list of pass through URLs.
  • Updated org.guanxi.sp.engine.Engine to add SAML Response from the IdP to the headers of the SOAP message sent to the Guard.

Common

  • v1.3.2
  • Updated org.guanxi.common.definitions. Added CONTEXT_ATTR_IDP_COOKIE_PREFIX, CONTEXT_ATTR_IDP_ID and CONTEXT_ATTR_IDP_COOKIE_NAME.
  • Updated org.guanxi.common.GuanxiPrincipal. Added support for storing ServletContext for logout functionality.

Core

  • v1.0.5
  • Updated xsd/guanxi_idp.xsd, added ssoCookieAgeUnitsType, ssoCookieAgeType, ssoCookieType and added ID and Cookie to idp.
  • Updated xmlbeans/guanxi.xsdconfig. Added mappings for SSOCookieAgeUnits, SSOCookieAge, SSOCookie.

gx_lib

  • v1.3.7
  • Updated with guanxi-beans-1.3.2.jar

Codename "lomond" 31/1/07

IdP

  • v1.4.0
  • Updated org.guanxi.idp.AttributeAuthority::doPost() to parse attribute query from a String instead of the InputStream to get round XMLBeans parsing bug
  • Added org.guanxi.idp.authenticators.FlatFileAuthenticator and org.guanxi.idp.attributors.FlatFileAttributor
  • Added WEB-INF/guanxi_idp/config/ff.xml for the flat file modules
  • Updated WEB-INF/guanxi_idp/config/attributors/attributors.xml, added FlatFileAttributor as default.
  • Updated WEB-INF/guanxi_idp/config/attributors/BodingtonAttributor.xml. Root node changed from plugin to BodingtonAttributor. Removed all nodes except urn and shib_urn.
  • Updated WEB-INF/guanxi_idp/config/authenticators/authenticators.xml, added FlatFileAuthenticator as default.
  • Deleted WEB-INF/guanxi_idp/config/xsl.
  • Added WEB-INF/guanxi_idp/config/shared. This contains config files shared between authenticators and attributors. It also contains shared system configs such as the ARP and attribute map file.
  • Removed WEB-INF/guanxi_idp/config/attributors/BodingtonAttributorARP.xml, LDAPAttributor.xml, LDAPAttributorARP.xml, LDAPAttributorMap.xml. These are all replaced by system and shared files in config/shared.
  • Removed WEB-INF/guanxi_idp/config/authenticators/BodingtonAuthenticator.xml (not used now) and LDAPAuthenticator.xml which is replaced by config/shared/ldap.xml.
  • Removed WEB-INF/guanxi_idp/config/cookies/BodingtonCookieHandler.xml as it’s not used now.
  • Updated org.guanxi.idp.attributors.BodingtonAttributor to use system ARP and XMLBeans for config and attribute gathering.
  • Updated org.guanxi.idp.attributors.GuanxiAttrFarm::getAttributes() to be namespace aware as the attributors are now producing namespace aware xml
  • Updated org.guanxi.idp.attributors.LDAPAttributor to use system ARP and map files and XMLBeans for config and attribute gathering. Updated for latest version of LDAPConnection.bind(int, String, byte[]).
  • Updated org.guanxi.idp.authcookiehandlers.BodingtonCookieHandler, config file too much hassle, cookie name now hard coded as it won’t change before Tetra comes out!
  • Updated org.guanxi.idp.authenticators.BodingtonAuthenticator as config file too much hassle, authenticator key now hard coded as it won’t change before Tetra comes out!
  • Updated org.guanxi.idp.authenticators.LDAPAuthenticator to use XMLBeans for config and the shared ldap.xml in config/shared. Updated for latest version of LDAPConnection.bind(int, String, byte[]).
  • Updated org.guanxi.idp.authcookiehandlers.GuanxiAuthCookieHandlerFarm, fixed bug where cookie names weren’t registered properly
  • Updated org.guanxi.idp.authcookiehandlers.BodingtonCookieHandler::authenticate, added 3 second delay before using Bodington session to solve NPE while Bodington does it’s internal stuff.
  • Updated org.guanxi.idp.attributors.GuanxiAttrFarm to use XMLBeans for it’s config.
  • Updated org.guanxi.idp.authenticators.GuanxiAuthFarm to use XMLBeans for it’s config.
  • Updated org.guanxi.idp.authcookiehandlers.GuanxiAuthCookieHandlerFarm to use XMLBeans for it’s config.
  • Updated build.xml to remove unused jars and remove dependency on SAMUEL.
  • Updated org.guanxi.idp.SSO to fix deprecation errors after gx_lib upgrade. createSelfSignedKeystore() now imports org.bouncycastle.x509.X509V3CertificateGenerator instead of org.bouncycastle.jce.X509V3CertificateGenerator and uses latest version of X509V3CertificateGenerator.generate(key, “BC”). X509Name now uses Vector of ordered objects.
  • Updated WEB-INF/guanxi_idp/config/shared/map.xml to use ‘name’ attribute instead of ‘info’
  • Updated org.guanxi.idp.SSO to use SAML definitions in Common instead of SAMUEL.
  • Updated org.guanxi.idp.ARPEngine to use XMLBeans. Added support for chaining ARPs.
  • Updated org.guanxi.idp.attributors.FlatFileAttributor to pass ARP file path and name to new ARPEngine and only map an attribute if the original cannot be released.
  • Updated org.guanxi.idp.attributors.LDAPAttributor to pass ARP file path and name to new ARPEngine and only map an attribute if the original cannot be released.
  • Updated org.guanxi.idp.attributors.BodingtonAttributor to pass ARP file path and name to new ARPEngine only map an attribute if the original cannot be released.
  • Updated org.guanxi.idp.AttributeAuthority::addAttributesFromFarm() to remove dependency on DOM3
  • Updated config/shared/ldap.xml, added domain for scoped attributes.

SP

  • v1.3.2
  • Updated org.guanxi.sp.engine.Engine::doPost() to parse attribute response from a String instead of the InputStream to get round XMLBeans parsing bug. Updated doPost() to use Utils.createNCNameID(). Engine does not need SAMUEL now.
  • Updated org.guanxi.sp.guard.Guard to make use of config object instead of individual params in context. Moved all cookie processing to org.guanxi.sp.guard.Podder.
  • Updated org.guanxi.sp.guard.Podder to make use of config object instead of individual params in context. Now handles all cookie processing. Now gets cookie prefix from config.
  • Updated WEB-INF/_xml/guard/guard-servlet.txt to add load-on-startup for each servlet
  • Updated WEB-INF/_xml/guard/guard-filter.txt to remove attributePrefix init-param - now gets it from config file
  • Updated WEB-INF/config/guanxi-sp-guard/guanxi_sp_guard.xml, added AttributePrefix to GuardInfo. Added Prefix to Cookie.
  • Updated org.guanxi.sp.engine.Engine to use config object in servlet context
  • Updated org.guanxi.sp.engine.WAYFLocation to use config object in servlet context
  • Updated WEB-INF/_xml/engine/engine-servlet.txt to remove guardTemplateFile and metadataDirectory init-params - now gets them from config file
  • Updated WEB-INF/config/guanxi_sp_engine.xml, added WAYFLocationsFile and GuardTemplateFile. Added ID.
  • Updated org.guanxi.sp.engine.WAYFLocation to make use of config object instead of individual params in context
  • Updated org.guanxi.sp.engine.Engine to make use of config object instead of individual params in context
  • Updated org.guanxi.sp.engine.CA to get it’s init-params from the config file instead. Fixed bug in URL generation on Windows. Fixed bug when creating more than one Guard without a restart. Now dynamically loads new Guards. Added scheme and port.
  • Updated org.guanxi.sp.guard.Guard, removed verify() method. All session verification requests from an Engine are now handled by the SessionVerifier service.
  • Updated org.guanxi.sp.guard.GuardRequest to use new Pod bag methods. Updated javadoc.
  • Updated org.guanxi.sp.guard.AttributeConsumer. Now parses SOAP and SAML Response instead of the Bag. Now adds attributes as convenience objects to the Bag. Now stores raw SAML in the Bag. Updated javadoc. Fixed bug in process() that threw NPE if no attributes were coming from IdP.
  • Updated build.xml webapp target to remove unused jars.
  • Modified org.guanxi.sp.engine.CA::createSignedCert() to use latest BouncyCastle library with X509V3CertificateGenerator::generate(key, “BC”)
  • Updated org.guanxi.so.guard.Guard. Now puts it’s identity info (ID, cookie prefix, cookie name) into the servlet context for use by webapps it protects. Now gets the cookie prefix from the config. Stores servlet context in Pod. Added static method deactivatePod()
  • Updated request_guard.jsp to include scheme and port.
  • Updated org.guanxi.sp.engine.Engine to use the ID from the config file as the CN of it’s certificate.

Common

  • v1.3.1
  • Removed org.guanxi.common.security.ssl.GuanxiSocketFactory as we no longer use Axis
  • Removed org.guanxi.common.WSDL
  • Removed org.guanxi.common.SOAPUtils
  • Updated org.guanxi.common.security.SecUtils, fixed bug where it synchronising on SOAPUtils
  • Updated org.guanxi.common.definitions.Guani, removed a load of context attribute definitions as modules now use config object
  • Updated org.guanxi.common.Pod. Changed get/setAttributes() to get/setBag(). Updated javadoc. Added ServletContext storing.
  • Updated org.guanxi.common.Bag. Rewritten to remove SAX parsing of raw SOAP message from Engine. Now stores original SAML Response as a String.
  • Updated org.guanxi.common.definitions.Guani, added DEFAULT_ARP_FILE, DEFAULT_MAP_FILE, DEFAULT_SHARED_CONFIG_DIR, CONTEXT_ATTR_GUARD_COOKIE_PREFIX, CONTEXT_ATTR_GUARD_ID, CONTEXT_ATTR_GUARD_COOKIE_NAME
  • Updated org.guanxi.common.AttributeMap to use XMLBeans. Added support for chaining rules. Added support for chaining map files. Now based on provderId groupings of mapping rules.
  • Updated build.xml and build.properties to remove SAMUEL
  • Added org.guanxi.common.definitions.SAML
  • Updated org.guanxi.common.security.SecUtils::createSelfSignedKeystore() for latest BouncyCastle
  • Updated org.guanxi.common.definitions.Shibboleth::SAMLP_SUCCESS to solve namespace problems in IdP.
  • Added org.guanxi.common.definitions.EduPerson

Core

  • v1.0.4
  • Updated xsd/guanxi-sp.xsd, added AttributePrefix to guardInfoType. Added WAYFLocationsFile and GuardTemplateFile to Engine. Added Prefix to cookieType. Added ID to Engine.
  • Updated xsd/guanxi-idp.xsd, partitioned sections to be more readable, removed plugin, renamed ldap-authenticator to ldap, added BodingtonAttributor, added FlatFile* config schema types. Added userAttributes type for attributor bean usage. Changed ‘info’ to ‘name’ under ‘mapType’. Added mapIncludeType. Added domain to ldap.
  • Updated xsd/guanxi.xsdconfig, added ffUserAttributeType, ffUserType and attributorAttributeType mappings.
  • guanxibeans.jar now has version info in the filename (guanxi-beans-1.3.0.jar)

WAYF

  • v1.2.7
  • Updated org.guanxi.wayf.WAYF to use XMLBeans
  • Removed SAMUEL from build.properties and build.xml
  • Updated build.propeties and build.xml, added Java version information for compiling.

gx_lib

  • v1.3.6
  • Updated guanxibeans.jar with latest schema
  • Cleaned out, overhauled and updated to latest versions of all jars

Codename "dorain" 27/11/06

IdP

  • v1.3.0
  • Updated org.guanxi.idp.attributors.LDAPAttributor to fix bug if no GuanxiPrincipal was available and also to add support for eduPersonPrincipalName
  • Updated WEB-INF/web.xml to put tags in correct order
  • Updated org.guanxi.idp.Setup to use BOUNCY_CASTLE_PROVIDER_NAME defined in org.guanxi.common.definitions.Guanxi
  • Deleted org.guanxi.idp.Setup
  • Moved setup functionality to org.guanxi.idp.SSO.init()
  • org.guanxi.idp.SSO now loads on startup to remove manual setup
  • Updated org.guanxi.idp.AttributeAuthority to use XMLBeans. Added syphoning of attribute assertions being sent to SP
  • Updated org.guanxi.idp.SSO to use XMLBeans
  • Added jar versioning support to build.xml and build.properties

SP

  • v1.3.0
  • Updated org.guanxi.sp.engine.EngineSetup, added new comments and fixed bug where web service couldn’t be installed via ssl. Added new SSL layer probing support to remove need for truststore when setting up the internal web services.
  • Updated org.guanxi.sp.guard.GuardSetup, added new comments and fixed bug where web service couldn’t be installed via ssl. Added new SSL layer probing support to remove need for truststore when setting up the internal web services.
  • Updated resources/guanxi_sp/index.jsp to remove hard coded http
  • Updated org.guanxi.sp.engine.Engine to add the XMLBeans generated Engine config object to the servlet context to allow other parts of the system to use the sam config file
  • Updated WEB-INF/config/guanxi-sp-engine.xml, added new Keystore options for secure web services communications
  • Updated WEB-INF/guanxi_sp_guard/config/guanxi-sp-guard.xml, added web services trust options for keystore and truststore. Updated Cooke Age to be transient so it goes away when you close the browser.
  • Updated org.guanxi.sp.guard.Guard to use XMLBeans for configuration information.
  • Updated org.guanxi.sp.engine.Engine to use new Log directory information
  • Updated org.guanxi.sp.guard.AttributeConsumer to use new Log directory information
  • Updated org.guanxi.sp.engine.CA to use new Log directory information
  • Added WEB-INF/guanxi_sp_guard/logs
  • Added WEB-INF/guanxi_sp_guard/keystore/guard.jks
  • Added WEB-INF/guanxi_sp_guard/truststore/guard.jks
  • Updated org.guanxi.sp.guard.GuardHandler, tidied up unused stuff and converted to use XMLBeans for configuration.
  • Updated org.guanxi.sp.guard.Guard, refactored to use XMLBeans for configuration and to place the Guard XMLBeans object in the servlet context to share with other parts of the Guard.
  • Updated org.guanxi.sp.guard.Guard to transfer new parameters to GuardRequest to fix problems with spring based applications
  • Added testsrc/org.guanxi.sp.engine.GuanxiSSLLayerTest, JUnit tests for the SSL layer
  • Updated build.xml to not copy logs to WEB-INF for Guard
  • Updated org.guanxi.sp.guard.GuardRequest to add support for request attributes to fix problems with spring based applications
  • Updated org.guanxi.sp.engine.Engine to fail gracefully if no signature is found on an AuthenticationStatement from an IdP
  • Updated org.guanxi.sp.engine.Engine, removed getAttributes(), getGuardNativeMetadata()
  • Updated org.guanxi.sp.engine.Engine, init() now loads BouncyCastle security provider and destroy() unloads it. Now creates a self signed keystore if none exists. This is used for secure comms to Guards
  • Updated org.guanxi.sp.engine.Engine, modified loadGuardMetadata() to check whether each registered Guard is using HTTPS and if so, to probe it for it’s X509 certificate and add it to the Engine’s truststore.
  • Added org.guanxi.sp.engine.WAYFLocation REST service to replace Axis RPC call for getting the WAYF location
  • Updated org.guanxi.sp.engine.CA for new Engine metadata
  • Added org.guanxi.sp.guard.SessionVerifier REST service to replace Axis RPC call for verifying a Guard session
  • Added org.guanxi.sp.Util
  • Converted org.guanxi.sp.guard.Guard to use the Engine’s REST WAYFLocation service instead of Axis RPC
  • Updated org.guanxi.sp.engine.Engine, now creates it’s own keystore and supports secure communications to Guards
  • Updated web.xml for Engine and Guard to remove Axis
  • Removed org.guanxi.sp.metadata package as it has been superceded by XMLBeans. Also deleted org.guanxi.sp.engine.MetadataTest
  • Removed org.guanxi.sp.engine.EngineSetup, org.guanxi.sp.engine.EngineHandler, org.guanxi.sp.guard.GuardSetup, org.guanxi.sp.guard.GuardHandler as the Engine and Guard now communicate via REST and use auto setup
  • Updated org.guanxi.sp.engine.Engine, improved error handling when the trust layer doesn’t recognise entity certificates
  • Updated org.guanxi.sp.guard.Podder to redirect using scheme and hostname as it was redirecting to HTTPS if the Guard was using HTTPS
  • Updated org.guanxi.sp.guard.Guard to add request scheme and hostname to pod
  • Updated org.guanxi.sp.guard.AttributeConsumer to use XMLBeans instead of org.guanxi.common.SOAPUtils for working with SOAP messages
  • Added jar versioning support to build.xml and build.properties
  • Updated build.xml, added inheritall=”false” to buildDependencies task to fix bug where dependencies were inheriting SP settings
  • Updated org.guanxi.sp.guard.Guard to create a default keystore and truststore if they don’t exist
  • Updated org.guanxi.sp.engine.Engine to create a default keystore and truststore if they don’t exist
  • Updated org.guanxi.sp.engine.CA to get keystore info from xml config file instead of web.xml
  • Updated org.guanxi.sp.engine.CA::createSignedCertificateChain() as it was hardcoded to create RSA keys. Now gets key type from config file. Updated to support SHA224WITHECDSA encryption
  • Updated WEB-INF/config/guanxi-sp-engine.xml, added KeyType

Core

  • 1.0.3
  • Updated xsd/guanxi-sp.xsd, added Keystore, KeystorePassword and CertificateAlias elements to the Engine and Guard elements. Added TrustStore, TrustStorePassword to the Guard element This is to allow configuration of secure web services.
  • Updated xsd/guanxi-sp.xsd, pdated engineInfoType, replaced WAYFMethod with WAYFLocationService. Added KeyType to Engine.
  • Updated xsd/guanxi-idp.xsd, added optional Debug node for idp.xml with optional SypthonAttributeAssertions and SypthonAttributeQueries nodes

Common

  • v1.2.9
  • Added org.guanxi.common.security.ssl.GuanxiSocketFactory to provide custom keystore and truststore handling for secure web services communication
  • Updated org.guanxi.common.definitions.Guanxi, added AxisProperties definitions for secure web services communication. Added ENGINE_CONFIG_OBJECT, GUARD_CONFIG_OBJECT.
  • Updated org.guanxi.common.definitions.Logging to split log dirs into Engine and Guard versions as the Guard should log inside WEB-INF/guanxi_sp_guard
  • Updated org.guanxi.common.EntityConnection, added getServerCertificates(), disconnect() and javadocs. Added new boolean parameter to the constructor to allow for probing servers for their certificates. This tells EntityConnection to use a special Guanxi TrustManager that allows HTTPS connections in order to inspect the certificate.
  • Updated org.guanxi.common.security.ssl.SSL, added new boolean parameter to getTrustManagers(). If this is true then the method will return a special Guanxi TrustManager to allow for probing servers for their certificates.
  • Added org.guanxi.common.security.ssl.GuanxiX509ProbingTrustManager to allow probing for server certs via HTTPS.
  • Updated org.guanxi.common.AttributeMap to provide mapping to support eduPersonPrincipalName
  • Updated org.guanxi.common.Pod to fix bug when adding extra request parameters for non spring applications
  • Updated org.guanxi.common.EntityConnection, added getServerCertChain() and getServerCertificate()
  • Updated org.guanxi.common.definitions.Guanxi, added BOUNCY_CASTLE_PROVIDER_NAME
  • Updated org.guanxi.common.definitions.Guanxi, added new constants to support REST services
  • Updated org.guanxi.common.Errors, added GUARD_CERT_PROBE_FAILED and MISSING_PARAM
  • Updated org.guanxi.common.security.SecUtils, added createSelfSignedKeystore()
  • Updated org.guanxi.common.EntityConnection, PROBING_ON and PROBING_OFF moved from Engine. Added getServerCertChain(), getServerCertificate(), getContentLength(), getContentAsString()
  • Updated org.guanxi.common.Pod, added support for request scheme and hostname to fix HTTPS bug when Guard comms are using HTTPS
  • Updated org.guanxi.common.Utils, added createNCNameID()
  • Updated org.guanxi.common.definitions.Shibboleth, added more namespace and prefix definitions
  • Added org.guanxi.common.security.SecUtilsConfig as a configuration object for methods in SecUtils
  • Updated org.guanxi.common.security.SecUtils, modified sign() to use SecUtilsConfig
  • Added jar versioning support to build.xml and build.properties
  • Updated org.guanxi.common.security.SecUtils, added createTrustStore()

gx_lib

  • v1.3.4
  • Updated guanxibeans.jar with latest schemata
  • Added hsqldb v1.8.0.4 for IdP demoing and integration testing
  • Updated jsr173_1.0_api.jar and xbean.jar to XMLBeans 2.2.0

WAYF

  • v1.2.6
  • Updated build.xml to fix xalan bug. xalan-2.4.1.jar was renamed to xalan.jar in gx_lib but not here.
  • Updated build.xml to add log4.jar
  • Added jar versioning support to build.xml and build.properties

Codename "midgie" 2/6/06

IdP

  • v1.2.8
  • Updated org.guanxi.idp.attributors.BodingtonAttributor to standardise attribute namespaces
  • Updated WEB-INF/config/attributors/BodingtonAttributor.xml - Bodington attributes now issued under urn:bodington:org. Attribute namespaces end in : in the config file now

Common

  • v1.2.8
  • Updated org.guanxi.common.EntityConnection - added setRequestProperty(String, String)
  • Updated org.guanxi.common.Pod - now stores the original request parameters

gx_lib

  • v1.3.3
  • Updated guanxibeans.jar for new guanxi-sp.xsd

Core

  • v1.0.2
  • Updated xsd/guanxi-sp.xsd - added NameQualifier, TrustStore, TrustStorePassword, GuardsMetadataDirectory and IdPMetadataDirectory elements to Engine
  • Updated xsd/guanxi-sp.xsd - added GuardWAYFLocationsType and WAYFLocation

SP

  • v1.2.0
  • Added xalan.jar to build.xml
  • Updated org.guanxi.sp.engine.Engine to take account of target parameter from an IdP being either upper or lower case
  • Updated org.guanxi.sp.engine.Engine to put Request IssueInstant in correct format, i.e. yyyy-mm-ddThh:mm:ssZ
  • Updated org.guanxi.sp.engine.Engine to remove hard coded "guanxi" NameIdentifier in AA calls. Now gets it from it's config file
  • Updated org.guanxi.sp.engine.Engine to set the Content-type of the AA connection to "text/xml"
  • Updated org.guanxi.sp.engine.Engine - Rationalised the configuration to get all info from the config file. Only the config file is specified in web.xml now. Also tells X509Chain to load it's certs from the IdP metadata directory instead of the certs directory.
  • Updated org.guanxi.sp.guard.GuardRequest - Now gets the original request parameters from the Pod
  • Updated org.guanxi.sp.guard.GuardRequest - Updated getHeader() to look for the header name as is before trying all lowercase as the SAML attributes can be mixed case.
  • Updated org.guanxi.sp.engine.Engine - The Resource attribute of the AttributeQuery sent to the AA is now set to the entityID of the Guard.
  • Updated org.guanxi.sp.engine.Engine - Modified to parse the correctly formatted Guard metadata files that CA creates.
  • Updated WEB-INF/config/guanxi-sp-engine.xml - updated WAYF example and added NameQualifer, TrustStore, TrustStorePassword, GuardsMetadataDirectory and IdPMetadataDirectory example
  • Updated WEB-INF/config/metadata/guards/ExampleGuard/ExanpleGuard.xml - added <Keystore> and <KeystorePassword> elements to GuanxiGuardService
  • Updated org.guanxi.sp.engine.X509Chain - removed loadX509Certs() and X509CertFileFilter. Added loadX509CertsFromMetadata() and MetadataFileFilter. The class now verifies certificates directly from metadata rather than separate certs dir
  • Updated org.guanxi.sp.guard.Guard - Fixed bug where transient cookies couldn't be set
  • Updated org.guanxi.sp.guard.GuardRequest - Fixed bug where header names were case sensitive. The servlet spec says they should be case insensitive
  • Updated web.xml - added wayfFile as init parameter to Engine servlet
  • Removed WAYF from WEB-INF/config/guanxi-sp-engine.xml
  • Added WEB-INF/config/wayf.xml - WAYF locations are now specified in this file to allow Guards to have their own WAYF locations
  • Updated org.guanxi.sp.engine.CA - Now creates Guard metadata files with correct namespaces.
  • Updated org.guanxi.sp.engine.CA - Fixed bug where the Guard certificates were being generated with server authentication extended usage instead of client authentication

Codename "bigyin" 5/5/06

IdP

  • v1.2.7
  • org.guanxi.idp.attributors.LDAPAttributor - Added more debug logging info on attribute values and providerId.
  • WEB-INF/web.xml - Removed leading / from log-dir param to fix bug running under Windows.
  • Updated org.guanxi.idp.attributors.BodingtonAttributor to get all the groups of a user.
  • Updated WEB-INF/guanxi_idp/jsp/shibboleth/ists/browser_post_response.jsp to return target parameter.
  • Updated org.guanxi.idp.Setup to use XMLBeans to create the config file idp.xml
  • Updated build.xml to copy guanxibeans.jar, xbeans.jar and jsr173_1.0_api.jar

SAMUEL

  • v1.3.2
  • Updated org.guanxi.samuel.utils.SUtils.addAttributeAssertions() to handle eduPersonScopedAffiliation.
  • Updated org.guanxi.samuel.saml.AttributeValue to hack round the Internet2 Shibboleth SP 1.2.x bug. This is the equivalent of schemaHack.

SP

  • v1.1.0
  • Updated org.guanxi.sp.guard.Guard to add the query string to the protected URL.
  • Updated org.guanxi.sp.guard.Guard to pass session ID in the target parameter to WAYF/IdP to fix metadata problems at IdP.
  • Updated org.guanxi.sp.engine.Engine to get Guard session ID from the target parameter coming from IdP.
  • Updated guanxi_idp/sp_error.jsp to fox images not displaying problem.
  • Added guanxi_idp/stylesheet/guanxi_sp.css
  • Added guanxi_idp/request_guard.jsp
  • Added org.guanxi.sp.engine.CA for creating signed certificates and keystores for Guards.
  • Updated WEB-INF/_xml/engine-servlet.xml to add CA servlet.
  • Updated WEB-INF/_xml/engine-servlet-mapping.xml to add CA servlet mapping.
  • Updated build.xml to copy bouncycastle.jar to support CA.
  • Updated org.guanxi.sp.engine.Engine to use new guanxibeans.jar
  • Updated org.guanxi.sp.engine.X509Chain to use new guanxibeans.jar
  • Added the attributePrefix init param to the Guard filter
  • Updated org.guanxi.sp.guard.GuardRequest to prepend the init param defined attributePrefix to attributes
  • Updated org.guanxi.sp.guard.GuardRequest to not put non standard attributes in the headers
  • Updated org.guanxi.sp.guard.Guard to only add query string if it's present
  • Changed the way org.guanxi.sp.engine.Engine to loads Guard metadata. Each Guard now has it's own directory which contains it's XML metadata file and a ZIP archive of it's installation at the remote site
  • Updated org.guanxi.sp.Engine to build SOAP messages using XMLBeans instead of javax.xml.soap
  • Updated org.guanxi.sp.engine.Engine to use XMLBeans for all Guard and IdP metadata
  • Updated org.guanxi.sp.engine.Engine to use XMLBeans for all SAML processing
  • Updated org.guanxi.sp.engine.X509Chain to use new guanxibeans pacakge structure
  • Updated org.guanxi.sp.guard.GuardRequest to prefix attributes with configurable prefix string
  • Updated org.guanxi.sp.guard.Guard to prefix attributes with configurable prefix string. Fixed bug where it was adding null query string if one didn't exist. Now sends it's session ID in target parameter

Core

  • v1.0.1
  • Updated messages/errors.properties - added ID_NEED_ALL_PARAMETERS, ID_GUARD_ID_TAKEN, ID_IDP_CERT_VERIFY_FAILED, ID_IDP_AUTH_PARSE_FAILURE.
  • Added messages/sp_request_guard_en.properties
  • Added xmlbeans directory with config and build scripts. Now builds guanxibeans.jar direct to gx_lib
  • Added Keystore and KeystorePassword to guardRoleDescriptorExtensionsType in xsd/guanxi-saml-ext.xsd

Common

  • v1.2.7
  • Updated org.guanxi.common.AttributeMap to allow passthrough of mapped attribute's original value if no value rules are specified.
  • Added org.guanxi.common.Utils.zipDirectory()
  • Added org.guanxi.comm.security.ssl package
  • Added org.guanxi.comm.security.ssl.SSL for identity masquerading in the SP
  • Added org.guanxi.comm.security.ssl.GuanxiHostVerifier for identity masquerading in the SP
  • Added org.guanxi.comm.security.ssl.GuanxiX509KeyManager for identity masquerading in the SP
  • Added org.guanxi.common.EntityConnection to wrap secure and non secure HTTP connections

gx_lib

  • v1.3.2.
  • Removed saml-1.1.jar
  • Added guanxibeans.jar - built from Core/xmlbeans

Codename "Rabbie" 31/1/06

Coming so near Burn's Night, the next release of Guanxi, codename Rabbie, has been released on the sourceforge site

Core

  • v1.0.0
  • New Core module added to control building of the main application modules. This means each component of the Guanxi system is a separate module in CVS, allowing each to be tagged separately
  • Core/releases directory added. This is the Guanxi release system. Repeatable releases based on CVS tags can be made from this directory using the build files

Common

  • v1.2.6
  • Added AttributeMap class to handle transforming attributes from one form/value to another
  • Bag and WSDL now make use of the SAMUEL ParserPool configuration for controlling schema validation
  • definitions.Logging updated for separate SP Engine and Guard log directories

IdP

  • v1.2.6
  • Fixed bug in org.guanxi.idp.SSO where it was only ever loading the first service-provider node from the config file
  • Added support for attribute transforming to LDAPAttributor
  • Added LDAPAttributorMap.xml to support Athens permission set IDs
  • Added the AttributeMap config schema to guanxi-idp.xsd
  • Added an Athens sample to LDAPAttributorARP.xml
  • Modified idp.xml to use a new format where signing credentials and identity are separate from the service-provider definition
  • Modified SSO and AttributeAuthority to use new idp.xml format
  • idp.xml split into top level <service-provider> nodes with lists of <identity> and <creds> nodes to make it easier to handle multiple feds
  • Setup modified to create new idp config file format. Also uses XSLT to pretty print the file now
  • SP now has separate log4j config file
  • Removed the log4j config file option from web.xml
  • Updated the logging in SSO
  • Added session support to allow single sign-on across multiple SPs
  • Added documentation

SP

  • v1.0.0
  • First release of the Guanxi Service Provider

WAYF

  • v1.2.5
  • Updated the example config file

SAMUEL

  • v1.3.1
  • Modified org.guanxi.samuel.utils.ParserPool to call parse(InputSource) from parse(File)
  • Modified org.guanxi.samuel.exception.ParserPoolException to call Exception
  • Added Exception constructor to org.guanxi.samuel.exception.SAMUELException
  • org.guanxi.samuel.utils.ParseErrorHandler methods now throws SAXException
  • Added Guanxi SP and SAML resolvers to org.guanxi.samuel.utils.Resolver. Also now ignores non Guanxi and SAML entities
  • Added org.guanxi.samuel.saml.metadata package
  • Added org.guanxi.samuel.saml.metadata.EntityDescriptor as a base for parsing EntityDescriptor elements in SAML2 Metadata. Extensions are handled by subclassing this class
  • Added Metadata classes Organization, ContactType, RoleDescriptor
  • Added external schema definitions to org.guanxi.samuel.utils.ParserPool
  • Added support for SOAP schema to org.guanxi.samuel.utils.Resolver
  • Added org.guanxi.samuel.utils.XUtils.getNodeValue(Node, String)
  • Fixed bug in org.guanxi.samuel.saml.AttributeQuery where it was putting itself in the saml assertion namespace instead of saml protocol
  • ParserPool now controlled by parser.properties to turn schema validation on or off

gx_lib

  • v1.3.1
  • Added junit.jar
  • Added jsr173_1.0_api.jar
  • Added xbean.jar
  • Added saml-1.1.jar
Retrieved from "http://www.guanxi.uhi.ac.uk/index.php/Releases"
Personal tools