diff --git a/security/shibboleth-idp/Makefile b/security/shibboleth-idp/Makefile index 12bcdcb8c0c2..3a90e04f22e5 100644 --- a/security/shibboleth-idp/Makefile +++ b/security/shibboleth-idp/Makefile @@ -1,68 +1,68 @@ PORTNAME= shibboleth -PORTVERSION= 4.3.3 -PORTREVISION= 1 +PORTVERSION= 5.1.3 CATEGORIES= security www MASTER_SITES= http://shibboleth.net/downloads/identity-provider/${PORTVERSION}/ \ - http://shibboleth.net/downloads/identity-provider/latest4/${PORTVERSION}/ \ + http://shibboleth.net/downloads/identity-provider/latest5/${PORTVERSION}/ \ http://shibboleth.net/downloads/identity-provider/archive/${PORTVERSION}/ \ https://repo1.maven.org/maven2/ch/qos/logback/logback-core/${LOGBACKVER}/:logback_core \ https://repo1.maven.org/maven2/ch/qos/logback/logback-classic/${LOGBACKVER}/:logback_classic PKGNAMESUFFIX= -idp DISTFILES= shibboleth-identity-provider-${PORTVERSION}.tar.gz \ logback-classic-${LOGBACKVER}.jar:logback_classic \ logback-core-${LOGBACKVER}.jar:logback_core EXTRACT_ONLY= shibboleth-identity-provider-${PORTVERSION}.tar.gz MAINTAINER= zi@FreeBSD.org COMMENT= Shibboleth Identity Provider (Internet2) WWW= http://shibboleth.internet2.edu/ LICENSE= APACHE20 -BUILD_DEPENDS= jetty10>=0:www/jetty10 +BUILD_DEPENDS= jetty12>=0:www/jetty12 RUN_DEPENDS= bash:shells/bash \ - jetty10>=0:www/jetty10 + jetty12>=0:www/jetty12 USE_RC_SUBR= shibboleth-idp CPE_VENDOR= shibboleth WRKSRC= ${WRKDIR}/shibboleth-identity-provider-${PORTVERSION} NO_ARCH= yes NO_BUILD= yes -LOGBACKVER= 1.4.0 +LOGBACKVER= 1.5.6 SHIBUSER= shibd SHIBGROUP= shibd LOGDIR= /var/log/${PORTNAME} RUNDIR= /var/run/${PORTNAME} USERS= ${SHIBUSER} GROUPS= ${SHIBGROUP} SUB_FILES= shibboleth jetty-pid.xml SUB_LIST+= SHIBUSER=${SHIBUSER} SHIBGROUP=${SHIBGROUP} \ RUNDIR=${RUNDIR} LOGDIR=${LOGDIR} PLIST_SUB+= SHIBUSER=${SHIBUSER} SHIBGROUP=${SHIBGROUP} \ RUNDIR=${RUNDIR} LOGDIR=${LOGDIR} \ LOGBACKVER=${LOGBACKVER} PORTVERSION=${PORTVERSION} do-install: @${MKDIR} ${STAGEDIR}${DATADIR} ${STAGEDIR}${ETCDIR} @${MKDIR} ${STAGEDIR}${LOGDIR} ${STAGEDIR}${RUNDIR} @${MKDIR} ${STAGEDIR}${WWWDIR}/lib/logging + @${MKDIR} ${STAGEDIR}${WWWDIR}/jsp @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} .for dir in conf credentials etc modules resources start.d webapps/ROOT @${MKDIR} ${STAGEDIR}${WWWDIR}/${dir} .endfor (cd ${WRKSRC} && ${COPYTREE_SHARE} . ${STAGEDIR}${DATADIR}) (cd ${FILESDIR}/jetty-base && ${COPYTREE_SHARE} . ${STAGEDIR}${EXAMPLESDIR}) @${FIND} ${STAGEDIR}${DATADIR} -type f -name '*.sh' -exec ${CHMOD} +x {} \; .for jar in logback-classic-${LOGBACKVER}.jar logback-core-${LOGBACKVER}.jar ${INSTALL_DATA} ${DISTDIR}/${jar} ${STAGEDIR}${WWWDIR}/lib/logging .endfor ${INSTALL_DATA} ${WRKDIR}/jetty-pid.xml ${STAGEDIR}${WWWDIR}/etc ${INSTALL_DATA} ${WRKDIR}/shibboleth ${STAGEDIR}${ETCDIR}/shibboleth-idp ${INSTALL_DATA} ${FILESDIR}/index.html ${STAGEDIR}${EXAMPLESDIR}/index.html ${INSTALL_SCRIPT} ${FILESDIR}/shibboleth-idp.sh ${STAGEDIR}${PREFIX}/sbin .include diff --git a/security/shibboleth-idp/distinfo b/security/shibboleth-idp/distinfo index 534ea430b4a2..6ba4a2165721 100644 --- a/security/shibboleth-idp/distinfo +++ b/security/shibboleth-idp/distinfo @@ -1,7 +1,7 @@ -TIMESTAMP = 1713232393 -SHA256 (shibboleth-identity-provider-4.3.3.tar.gz) = 815abe9c707c8741278eda8b9120be7d99f09238d2974ccc3a93b37d549cc149 -SIZE (shibboleth-identity-provider-4.3.3.tar.gz) = 60927078 -SHA256 (logback-classic-1.4.0.jar) = 9ce4cfee4834195753b5be5016ded641e8456d9e82995821838dc662e866e212 -SIZE (logback-classic-1.4.0.jar) = 262118 -SHA256 (logback-core-1.4.0.jar) = 14e09a7896bee6ef2e005b48fc5560fe2299a57a826bc4c1f1c6d43002f0512c -SIZE (logback-core-1.4.0.jar) = 559203 +TIMESTAMP = 1725384814 +SHA256 (shibboleth-identity-provider-5.1.3.tar.gz) = cc72f0b15fda49b43bdd38cef3bdc62cbe01684b59c3d024b5de1ffdba42206e +SIZE (shibboleth-identity-provider-5.1.3.tar.gz) = 44250595 +SHA256 (logback-classic-1.5.6.jar) = 6115c6cac5ed1d9db810d14f2f7f4dd6a9f21f0acbba8016e4daaca2ba0f5eb8 +SIZE (logback-classic-1.5.6.jar) = 293697 +SHA256 (logback-core-1.5.6.jar) = 898c7d120199f37e1acc8118d97ab15a4d02b0e72e27ba9f05843cb374e160c6 +SIZE (logback-core-1.5.6.jar) = 609942 diff --git a/security/shibboleth-idp/files/jetty-base/modules/idp-logging.mod b/security/shibboleth-idp/files/jetty-base/modules/idp-logging.mod deleted file mode 100644 index dccc34ae12b7..000000000000 --- a/security/shibboleth-idp/files/jetty-base/modules/idp-logging.mod +++ /dev/null @@ -1,9 +0,0 @@ -[description] -Shibboleth IdP Logging - -[depend] -console-capture -logback-access - -[files] -/var/log/shibboleth/ diff --git a/security/shibboleth-idp/files/jetty-base/modules/idp.mod b/security/shibboleth-idp/files/jetty-base/modules/idp.mod index 57a601105222..51fb66e4945d 100644 --- a/security/shibboleth-idp/files/jetty-base/modules/idp.mod +++ b/security/shibboleth-idp/files/jetty-base/modules/idp.mod @@ -1,18 +1,20 @@ [description] Shibboleth IdP [depend] -annotations -deploy +ee9-annotations +ee9-deploy ext +ee9-webapp +http #https -jsp -jstl -plus +ee9-jsp +ee9-jstl +ee9-plus resources server -servlets +ee9-servlets #ssl [files] tmp/ diff --git a/security/shibboleth-idp/files/jetty-base/resources/logback-access.xml b/security/shibboleth-idp/files/jetty-base/resources/logback-access.xml deleted file mode 100644 index cec9236337fa..000000000000 --- a/security/shibboleth-idp/files/jetty-base/resources/logback-access.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - /var/log/shibboleth/access.log - - /var/log/shibboleth/access-%d{yyyy-MM-dd}.log.gz - - - combined - - - - diff --git a/security/shibboleth-idp/files/jetty-base/resources/logback.xml b/security/shibboleth-idp/files/jetty-base/resources/logback.xml index 9a530677c4a9..5d973afeecf3 100644 --- a/security/shibboleth-idp/files/jetty-base/resources/logback.xml +++ b/security/shibboleth-idp/files/jetty-base/resources/logback.xml @@ -1,18 +1,34 @@ /var/log/shibboleth/jetty.log /var/log/shibboleth/jetty-%d{yyyy-MM-dd}.log.gz UTF-8 %date{ISO8601} - %level [%logger:%line] - %msg%n + + + /var/log/shibboleth/access.log + + /var/log/shibboleth/access-%d{yyyy-MM-dd}.log.gz + + + %msg%n + + + + + + + + diff --git a/security/shibboleth-idp/files/jetty-base/start.d/http.ini b/security/shibboleth-idp/files/jetty-base/start.d/http.ini index fd91753eb783..3369d64a4a18 100644 --- a/security/shibboleth-idp/files/jetty-base/start.d/http.ini +++ b/security/shibboleth-idp/files/jetty-base/start.d/http.ini @@ -1,14 +1,10 @@ # --------------------------------------- # Module: http # Shibboleth IdP # --------------------------------------- --module=http --module=http-forwarded -# Allows use of default IdP command line tools. -jetty.http.host=127.0.0.1 -jetty.http.port=8080 - # Hide server version jetty.httpConfig.sendServerVersion=false diff --git a/security/shibboleth-idp/files/jetty-base/start.d/idp.ini b/security/shibboleth-idp/files/jetty-base/start.d/idp.ini index e87aa186019d..33b3a39fb8df 100644 --- a/security/shibboleth-idp/files/jetty-base/start.d/idp.ini +++ b/security/shibboleth-idp/files/jetty-base/start.d/idp.ini @@ -1,35 +1,39 @@ # --------------------------------------- # Module: idp # Shibboleth IdP # --------------------------------------- --module=logging-logback --module=idp ## Keystore file path (relative to $jetty.base) jetty.sslContext.keyStorePath=credentials/idp-userfacing.p12 ## Truststore file path (relative to $jetty.base) jetty.sslContext.trustStorePath=credentials/idp-userfacing.p12 ## Keystore type jetty.sslContext.keyStoreType=PKCS12 ## Truststore type and provider jetty.sslContext.trustStoreType=PKCS12 ## Keystore password jetty.sslContext.keyStorePassword=%%KEYSTORE%% ## Truststore password jetty.sslContext.trustStorePassword=%%KEYSTORE%% ## KeyManager password jetty.sslContext.keyManagerPassword=%%KEYSTORE%% ## Deny SSL renegotiation jetty.sslContext.renegotiationAllowed=false ## Connector host/address to bind to jetty.ssl.host=127.0.0.1 ## Connector port to listen on jetty.ssl.port=443 -# logging +## Route request logging through standard logging API etc/jetty-requestlog.xml + +# Allows use of default IdP command line tools. +jetty.http.host=127.0.0.1 +jetty.http.port=8080 diff --git a/security/shibboleth-idp/files/jetty-base/webapps/idp.xml b/security/shibboleth-idp/files/jetty-base/webapps/idp.xml index f5ba928e0b73..08676d1e3c26 100644 --- a/security/shibboleth-idp/files/jetty-base/webapps/idp.xml +++ b/security/shibboleth-idp/files/jetty-base/webapps/idp.xml @@ -1,12 +1,12 @@ - + - - + + /war/idp.war false false true diff --git a/security/shibboleth-idp/files/jetty-base/webapps/static.xml b/security/shibboleth-idp/files/jetty-base/webapps/static.xml index 3c53036abb35..f4f90fcb1ee3 100644 --- a/security/shibboleth-idp/files/jetty-base/webapps/static.xml +++ b/security/shibboleth-idp/files/jetty-base/webapps/static.xml @@ -1,16 +1,16 @@ - + / - - / + + / - false + false diff --git a/security/shibboleth-idp/files/shibboleth-idp.in b/security/shibboleth-idp/files/shibboleth-idp.in index c8904167e00c..e0b425e5eeb4 100644 --- a/security/shibboleth-idp/files/shibboleth-idp.in +++ b/security/shibboleth-idp/files/shibboleth-idp.in @@ -1,87 +1,92 @@ #!/bin/sh # PROVIDE: shibboleth-idp # REQUIRE: NETWORKING SERVERS # KEYWORD: shutdown # # Add the following line to /etc/rc.conf to enable shibboleth_idp: # # shibboleth_idp_enable="YES" # . /etc/rc.subr name=shibboleth_idp rcvar=shibboleth_idp_enable command="%%PREFIX%%/sbin/shibboleth-idp.sh" command_args="start" extra_commands="idpstatus initupgrade" start_precmd="shibboleth_idp_start_precmd" initupgrade_cmd="shibboleth_idp_initupgrade" # set defaults shibboleth_idp_enable=${shibboleth_idp_enable:-"NO"} shibboleth_idp_entityid=${shibboleth_idp_entityid:-""} shibboleth_idp_hostname=${shibboleth_idp_hostname:-""} shibboleth_idp_keysize=${shibboleth_idp_keysize:-"3072"} shibboleth_idp_scope=${shibboleth_idp_scope:-""} shibboleth_idp_user=${shibboleth_idp_user:-"%%SHIBUSER%%"} shibboleth_idp_group=${shibboleth_idp_group:-"%%SHIBGROUP%%"} load_rc_config ${name} if test -n "${shibboleth_idp_java_version}" ; then JAVA_HOME=$(JAVA_VERSION="${shibboleth_idp_java_version}" JAVAVM_DRYRUN=1 %%LOCALBASE%%/bin/java | grep JAVA_HOME | cut -d= -f2) procname=$(JAVA_VERSION="${shibboleth_idp_java_version}" JAVAVM_DRYRUN=1 %%LOCALBASE%%/bin/java | grep JAVAVM_PROG | cut -d= -f2) else JAVA_HOME=$(JAVAVM_DRYRUN=1 %%LOCALBASE%%/bin/java | grep JAVA_HOME | cut -d= -f2) procname=$(JAVAVM_DRYRUN=1 %%LOCALBASE%%/bin/java | grep JAVAVM_PROG | cut -d= -f2) fi export JAVA_HOME shibboleth_idp_precmd() { if [ -z ${shibboleth_idp_scope} ]; then echo "$0: WARNING: shibboleth_idp_scope is not defined in rc.conf." echo "$0: Example: sysrc shibboleth_idp_scope=\"example.com\"" exit 1 fi if [ -z ${shibboleth_idp_entityid} ]; then echo "$0: WARNING: shibboleth_idp_entityid is not defined in rc.conf." echo "$0: Example: sysrc shibboleth_idp_entityid=\"https://shib.example.com/idp/shibboleth\"" exit 1 fi if [ -z ${shibboleth_idp_hostname} ]; then echo "$0: WARNING: shibboleth_idp_hostname is not defined in rc.conf." echo "$0: Example: sysrc shibboleth_idp_hostname=\"shibboleth.example.com\"" exit 1 fi } shibboleth_idp_start_precmd() { shibboleth_idp_precmd if [ ! -r "%%WWWDIR%%/war/idp.war" ]; then echo "$0: WARNING: /usr/local/www/shibboleth/war/idp.war is not readable." echo "$0: You must run: service $(basename $0) initupgrade first" exit 1 fi } shibboleth_idp_initupgrade() { shibboleth_idp_precmd KEYSTORE=`/usr/bin/openssl rand -base64 32` COOKIE=`/usr/bin/openssl rand -base64 32` /usr/bin/sed -i'.bak' -e "s|%%KEYSTORE%%|${KEYSTORE}|g" -e "s|%%KEYMANAGER%%|${KEYMANAGER}|g" %%WWWDIR%%/start.d/idp.ini /bin/rm -f %%WWWDIR%%/idp.ini.bak PATH="${PATH}:%%LOCALBASE%%/bin" - %%DATADIR%%/bin/install.sh -Didp.keysize=${shibboleth_idp_keysize} -Didp.target.dir=%%WWWDIR%% -Didp.src.dir=%%DATADIR%% -Didp.conf.credentials.group=%%SHIBUSER%% -Didp.conf.credentials.filemode=640 -Didp.keystore.password=${KEYSTORE} -Didp.sealer.password=${COOKIE} -Didp.host.name=${shibboleth_idp_hostname} -Didp.scope=${shibboleth_idp_scope} -Didp.entityID=${shibboleth_idp_entityid} -Didp.noprompt - /usr/bin/sed -i'.bak' -e "s|:8443||g" %%WWWDIR%%/metadata/idp-metadata.xml + printf "idp.target.dir=%%WWWDIR%%\nidp.keysize=${shibboleth_idp_keysize}\nidp.src.dir=%%DATADIR%%\nidp.conf.credentials.group=%%SHIBUSER%%\nidp.conf.credentials.filemode=640\nidp.scope=${shibboleth_idp_scope}\nidp.host.name=${shibboleth_idp_hostname}\nidp.entityID=${shibboleth_idp_entityid}\n\n# EOF\n" > %%WWWDIR%%/install.properties + if [ ! -f %%WWWDIR%%/credentials/secrets.properties ]; then + install -o root -g ${shibboleth_idp_group} -m 440 /dev/null %%WWWDIR%%/credentials/secrets.properties + printf "idp.keystore.password=${KEYSTORE}\nidp.sealer.password=${COOKIE}\n">%%WWWDIR%%/credentials/secrets.properties + fi + %%DATADIR%%/bin/install.sh --propertyFile %%WWWDIR%%/install.properties --propertyFiles %%WWWDIR%%/credentials/secrets.properties + /usr/bin/sed -i'.bak' -e "s|idp.scope = example.org|idp.scope=${shibboleth_idp_scope}|g" %%WWWDIR%%/conf/idp.properties } run_rc_command "$1" diff --git a/security/shibboleth-idp/files/shibboleth-idp.sh b/security/shibboleth-idp/files/shibboleth-idp.sh index 13a08d5c8f18..71341ffa127f 100755 --- a/security/shibboleth-idp/files/shibboleth-idp.sh +++ b/security/shibboleth-idp/files/shibboleth-idp.sh @@ -1,628 +1,780 @@ -#!/usr/bin/env bash +#!/usr/local/bin/bash # LSB Tags ### BEGIN INIT INFO # Provides: jetty # Required-Start: $local_fs $network # Required-Stop: $local_fs $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Jetty start script. # Description: Start Jetty web server. ### END INIT INFO # Startup script for jetty under *nix systems (it works under NT/cygwin too). ################################################## # Set the name which is used by other variables. # Defaults to the file name without extension. ################################################## NAME=$(echo $(basename $0) | sed -e 's/^[SK][0-9]*//' -e 's/\.sh$//') # To get the service to restart correctly on reboot, uncomment below (3 lines): # ======================== # chkconfig: 3 99 99 # description: Jetty 9 webserver # processname: jetty # ======================== # Configuration files # # /etc/default/$NAME # If it exists, this is read at the start of script. It may perform any # sequence of shell commands, like setting relevant environment variables. # # $HOME/.$NAMErc (e.g. $HOME/.jettyrc) # If it exists, this is read at the start of script. It may perform any # sequence of shell commands, like setting relevant environment variables. # # /etc/$NAME.conf # If found, and no configurations were given on the command line, # the file will be used as this script's configuration. # Each line in the file may contain: # - A comment denoted by the pound (#) sign as first non-blank character. # - The path to a regular file, which will be passed to jetty as a # config.xml file. # - The path to a directory. Each *.xml file in the directory will be # passed to jetty as a config.xml file. # - All other lines will be passed, as-is to the start.jar # # The files will be checked for existence before being passed to jetty. # # Configuration variables # # JAVA # Command to invoke Java. If not set, java (from the PATH) will be used. # # JAVA_OPTIONS # Extra options to pass to the JVM # # JETTY_HOME # Where Jetty is installed. If not set, the script will try go # guess it by looking at the invocation path for the script # The java system property "jetty.home" will be # set to this value for use by configure.xml files, f.e.: # # /webapps/jetty.war # # JETTY_BASE # Where your Jetty base directory is. If not set, then the currently # directory is checked, otherwise the value from # $JETTY_HOME will be used. # # JETTY_RUN # Where the $NAME.pid file should be stored. It defaults to the # first available of /var/run, /usr/var/run, JETTY_BASE and /tmp # if not set. # # JETTY_PID # The Jetty PID file, defaults to $JETTY_RUN/$NAME.pid # # JETTY_ARGS # The default arguments to pass to jetty. # For example # JETTY_ARGS=jetty.http.port=8080 jetty.ssl.port=8443 # # JETTY_USER # if set, then used as a username to run the server as # # JETTY_SHELL # If set, then used as the shell by su when starting the server. Will have # no effect if start-stop-daemon exists. Useful when JETTY_USER does not # have shell access, e.g. /bin/false # # JETTY_START_TIMEOUT # Time spent waiting to see if startup was successful/failed. Defaults to 60 seconds # usage() { echo "Usage: ${0##*/} [-d] {start|stop|run|restart|check|supervise} [ CONFIGS ... ] " exit 1 } [ $# -gt 0 ] || usage ################################################## # Some utility functions ################################################## findDirectory() { local L OP=$1 shift for L in "$@"; do [ "$OP" "$L" ] || continue printf %s "$L" break done } +# test if process specified in PID file is still running running() { - if [ -f "$1" ] - then - local PID=$(cat "$1" 2>/dev/null) || return 1 - kill -0 "$PID" 2>/dev/null - return + local PIDFILE=$1 + if [ -r "$PIDFILE" ] ; then + local PID=$(tail -1 "$PIDFILE") + if kill -0 "$PID" 2>/dev/null ; then + return 0 + fi fi - rm -f "$1" return 1 } +# Test state file (after timeout) for started state started() { - # wait for 60s to see "STARTED" in PID file, needs jetty-started.xml as argument - for ((T = 0; T < $(($3 / 4)); T++)) + local STATEFILE=$1 + local PIDFILE=$2 + local STARTTIMEOUT=$3 + + if (( DEBUG )) ; then + echo "Looking for $STATEFILE" + echo -n "State Parent Directory: " + ls -lad $(dirname $STATEFILE) + fi + + # wait till timeout to see "STARTED" in state file, needs --module=state as argument + for ((T = 0; T < $STARTTIMEOUT; T++)) do - sleep 4 - [ -z "$(tail -1 $1 | grep STARTED 2>/dev/null)" ] || return 0 - [ -z "$(tail -1 $1 | grep STOPPED 2>/dev/null)" ] || return 1 - [ -z "$(tail -1 $1 | grep FAILED 2>/dev/null)" ] || return 1 - local PID=$(cat "$2" 2>/dev/null) || return 1 - kill -0 "$PID" 2>/dev/null || return 1 - echo -n ". " + echo -n "." + sleep 1 + if [ -r $STATEFILE ] ; then + STATENOW=$(tail -1 $STATEFILE) + (( DEBUG )) && echo "State (now): $STATENOW" + case "$STATENOW" in + STARTED*) + echo " started" + return 0;; + STOPPED*) + echo " stopped" + return 1;; + FAILED*) + echo " failed" + return 1;; + esac + else + (( DEBUG )) && echo "Unable to read State File: $STATEFILE" + fi done - + (( DEBUG )) && echo "Timeout $STARTTIMEOUT expired waiting for start state from $STATEFILE" + echo " timeout" + if running "$PIDFILE" ; then + echo "INFO: Server process is running" + else + echo "** ERROR: Server process is NOT running" + fi return 1; } +pidKill() +{ + local PIDFILE=$1 + local TIMEOUT=$2 + + if [ -r $PIDFILE ] ; then + local PID=$(tail -1 "$PIDFILE") + if [ -z "$PID" ] ; then + echo "** ERROR: no pid found in $PIDFILE" + return 1 + fi + + # Try default kill first + if kill -0 "$PID" 2>/dev/null ; then + (( DEBUG )) && echo "PID=$PID is running, sending kill" + kill "$PID" 2>/dev/null + else + rm -f $PIDFILE 2> /dev/null + return 0 + fi + + # Perform harsh kill next + while kill -0 "$PID" 2>/dev/null + do + if (( TIMEOUT-- == 0 )) ; then + (( DEBUG )) && echo "PID=$PID is running, sending kill signal=KILL (TIMEOUT=$TIMEOUT)" + kill -KILL "$PID" 2>/dev/null + fi + echo -n "." + sleep 1 + done + echo "Killed $PID" + return 0 + else + (( DEBUG )) && echo "Unable to read PID File: $PIDFILE" + return 1 + fi +} + +testFileSystemPermissions() +{ + # Don't test file system permissions if user is root + if [ $UID -eq 0 ] ; then + (( DEBUG )) && echo "Not testing file system permissions: uid is 0" + return 0 + fi + + # Don't test if JETTY_USER is specified + # as the Jetty process will switch to a different user id on startup + if [ -n "$JETTY_USER" ] ; then + (( DEBUG )) && echo "Not testing file system permissions: JETTY_USER=$JETTY_USER" + return 0 + fi + + # Don't test if setuid is specified + # as the Jetty process will switch to a different user id on startup + if expr -- "${JETTY_ARGS[*]}" : '.*setuid.*' >/dev/null + then + (( DEBUG )) && echo "Not testing file system permissions: setuid in use" + return 0 + fi + + # Test if PID can be written from this userid + if ! touch "$JETTY_PID" + then + echo "** ERROR: Unable to touch file: $JETTY_PID" + echo " Correct issues preventing use of \$JETTY_PID and try again." + exit 1 + fi + + # Test if STATE can be written from this userid + if ! touch "$JETTY_STATE" + then + echo "** ERROR: Unable to touch file: $JETTY_STATE" + echo " Correct issues preventing use of \$JETTY_STATE and try again." + exit 1 + fi +} readConfig() { (( DEBUG )) && echo "Reading $1.." source "$1" } dumpEnv() { - echo "JAVA = $JAVA" - echo "JAVA_OPTIONS = ${JAVA_OPTIONS[*]}" - echo "JETTY_HOME = $JETTY_HOME" - echo "JETTY_BASE = $JETTY_BASE" - echo "START_D = $START_D" - echo "START_INI = $START_INI" - echo "JETTY_START = $JETTY_START" - echo "JETTY_CONF = $JETTY_CONF" - echo "JETTY_ARGS = ${JETTY_ARGS[*]}" - echo "JETTY_RUN = $JETTY_RUN" - echo "JETTY_PID = $JETTY_PID" - echo "JETTY_START_LOG = $JETTY_START_LOG" - echo "JETTY_STATE = $JETTY_STATE" - echo "JETTY_START_TIMEOUT = $JETTY_START_TIMEOUT" - echo "RUN_CMD = ${RUN_CMD[*]}" + echo "JAVA = $JAVA" + echo "JAVA_OPTIONS = ${JAVA_OPTIONS[*]}" + echo "JETTY_HOME = $JETTY_HOME" + echo "JETTY_BASE = $JETTY_BASE" + echo "START_D = $START_D" + echo "START_INI = $START_INI" + echo "JETTY_START = $JETTY_START" + echo "JETTY_CONF = $JETTY_CONF" + echo "JETTY_ARGS = ${JETTY_ARGS[*]}" + echo "JETTY_RUN = $JETTY_RUN" + echo "JETTY_PID = $JETTY_PID" + echo "JETTY_START_LOG = $JETTY_START_LOG" + echo "JETTY_STATE = $JETTY_STATE" + echo "JETTY_START_TIMEOUT = $JETTY_START_TIMEOUT" + echo "JETTY_SYS_PROPS = $JETTY_SYS_PROPS" + echo "RUN_ARGS = ${RUN_ARGS[*]}" + echo "ID = $(id)" + echo "JETTY_USER = $JETTY_USER" + echo "USE_START_STOP_DAEMON = $USE_START_STOP_DAEMON" + echo "START_STOP_DAEMON = $START_STOP_DAEMON_AVAILABLE" } - ################################################## # Get the action & configs ################################################## CONFIGS=() NO_START=0 DEBUG=0 +USE_START_STOP_DAEMON=1 while [[ $1 = -* ]]; do case $1 in -d) DEBUG=1 ;; esac shift done ACTION=$1 shift ################################################## # Read any configuration files ################################################## ETC=/etc if [ $UID != 0 ] then ETC=$HOME/etc fi for CONFIG in {/etc,~/etc}/default/${NAME}{,9} $HOME/.${NAME}rc /usr/local/etc/shibboleth/${NAME}{,9}; do if [ -f "$CONFIG" ] ; then readConfig "$CONFIG" fi done ################################################## # Set tmp if not already set. ################################################## TMPDIR=${TMPDIR:-/tmp} ################################################## # Jetty's hallmark ################################################## JETTY_INSTALL_TRACE_FILE="start.jar" ################################################## # Try to determine JETTY_HOME if not set ################################################## if [ -z "$JETTY_HOME" ] then JETTY_SH=$0 case "$JETTY_SH" in /*) JETTY_HOME=${JETTY_SH%/*/*} ;; ./*/*) JETTY_HOME=${JETTY_SH%/*/*} ;; ./*) JETTY_HOME=.. ;; */*/*) JETTY_HOME=./${JETTY_SH%/*/*} ;; */*) JETTY_HOME=. ;; *) JETTY_HOME=.. ;; esac if [ ! -f "$JETTY_HOME/$JETTY_INSTALL_TRACE_FILE" ] then JETTY_HOME= fi fi ################################################## # No JETTY_HOME yet? We're out of luck! ################################################## if [ -z "$JETTY_HOME" ]; then echo "** ERROR: JETTY_HOME not set, you need to set it or install in a standard location" exit 1 fi RUN_DIR=$(pwd) cd "$JETTY_HOME" JETTY_HOME=$(pwd) ################################################## # Set JETTY_BASE ################################################## export JETTY_BASE if [ -z "$JETTY_BASE" ]; then if [ -d "$RUN_DIR/start.d" -o -f "$RUN_DIR/start.ini" ]; then JETTY_BASE=$RUN_DIR else JETTY_BASE=$JETTY_HOME fi fi cd "$JETTY_BASE" JETTY_BASE=$(pwd) ##################################################### # Check that jetty is where we think it is ##################################################### if [ ! -r "$JETTY_HOME/$JETTY_INSTALL_TRACE_FILE" ] then echo "** ERROR: Oops! Jetty doesn't appear to be installed in $JETTY_HOME" echo "** ERROR: $JETTY_HOME/$JETTY_INSTALL_TRACE_FILE is not readable!" exit 1 fi ################################################## # Try to find this script's configuration file, # but only if no configurations were given on the # command line. ################################################## if [ -z "$JETTY_CONF" ] then if [ -f $ETC/${NAME}.conf ] then JETTY_CONF=$ETC/${NAME}.conf elif [ -f "$JETTY_BASE/etc/jetty.conf" ] then JETTY_CONF=$JETTY_BASE/etc/jetty.conf elif [ -f "$JETTY_HOME/etc/jetty.conf" ] then JETTY_CONF=$JETTY_HOME/etc/jetty.conf fi fi ##################################################### # Find a location for the pid file ##################################################### if [ -z "$JETTY_RUN" ] then JETTY_RUN=$(findDirectory -w /var/run /usr/var/run $JETTY_BASE /tmp)/jetty - [ -d "$JETTY_RUN" ] || mkdir $JETTY_RUN +fi + +if [ ! -d "$JETTY_RUN" ] ; then + if ! mkdir $JETTY_RUN + then + echo "** ERROR: Unable to create directory: $JETTY_RUN" + echo " Correct issues preventing the creation of \$JETTY_RUN and try again." + exit 1 + fi fi ##################################################### # define start log location ##################################################### if [ -z "$JETTY_START_LOG" ] then JETTY_START_LOG="$JETTY_RUN/$NAME-start.log" fi ##################################################### # Find a pid and state file ##################################################### if [ -z "$JETTY_PID" ] then JETTY_PID="$JETTY_RUN/${NAME}.pid" fi if [ -z "$JETTY_STATE" ] then JETTY_STATE=$JETTY_BASE/${NAME}.state fi case "`uname`" in CYGWIN*) JETTY_STATE="`cygpath -w $JETTY_STATE`";; esac - -JETTY_ARGS=(${JETTY_ARGS[*]} "jetty.state=$JETTY_STATE") +JETTY_ARGS=(${JETTY_ARGS[*]} "jetty.state=$JETTY_STATE" "jetty.pid=$JETTY_PID") ################################################## # Get the list of config.xml files from jetty.conf ################################################## if [ -f "$JETTY_CONF" ] && [ -r "$JETTY_CONF" ] then + (( DEBUG )) && echo "$JETTY_CONF: (begin read) JETTY_ARGS.length=${#JETTY_ARGS[@]}" while read -r CONF do if expr -- "$CONF" : '#' >/dev/null ; then continue fi if [ -d "$CONF" ] then # assume it's a directory with configure.xml files # for example: /etc/jetty.d/ # sort the files before adding them to the list of JETTY_ARGS for XMLFILE in "$CONF/"*.xml do if [ -r "$XMLFILE" ] && [ -f "$XMLFILE" ] then - JETTY_ARGS=(${JETTY_ARGS[*]} "$XMLFILE") + JETTY_ARGS[${#JETTY_ARGS[@]}]=$XMLFILE else echo "** WARNING: Cannot read '$XMLFILE' specified in '$JETTY_CONF'" fi done else # assume it's a command line parameter (let start.jar deal with its validity) - JETTY_ARGS=(${JETTY_ARGS[*]} "$CONF") + JETTY_ARGS[${#JETTY_ARGS[@]}]=$CONF fi done < "$JETTY_CONF" + (( DEBUG )) && echo "$JETTY_CONF: (finished read) JETTY_ARGS.length=${#JETTY_ARGS[@]}" fi ################################################## # Setup JAVA if unset ################################################## if [ -z "$JAVA" ] then JAVA=$(which java) fi if [ -z "$JAVA" ] then echo "Cannot find a Java JDK. Please set either set JAVA or put java (>=1.5) in your PATH." >&2 exit 1 fi ##################################################### # See if Deprecated JETTY_LOGS is defined ##################################################### if [ "$JETTY_LOGS" ] then echo "** WARNING: JETTY_LOGS is Deprecated. Please configure logging within the jetty base." >&2 fi ##################################################### # Set STARTED timeout ##################################################### if [ -z "$JETTY_START_TIMEOUT" ] then JETTY_START_TIMEOUT=60 fi ##################################################### # Are we running on Windows? Could be, with Cygwin/NT. ##################################################### case "`uname`" in CYGWIN*) PATH_SEPARATOR=";";; *) PATH_SEPARATOR=":";; esac ##################################################### # Add jetty properties to Java VM options. ##################################################### case "`uname`" in CYGWIN*) JETTY_HOME="`cygpath -w $JETTY_HOME`" JETTY_BASE="`cygpath -w $JETTY_BASE`" TMPDIR="`cygpath -w $TMPDIR`" ;; esac -BASE_JETTY_SYS_PROPS=$(echo -ne "-Djetty.home=$JETTY_HOME" "-Djetty.base=$JETTY_BASE" "-Djava.io.tmpdir=$TMPDIR") -JETTY_SYS_PROPS=(${JETTY_SYS_PROPS[*]} $BASE_JETTY_SYS_PROPS) - ##################################################### # This is how the Jetty server will be started ##################################################### JETTY_START=$JETTY_HOME/start.jar START_INI=$JETTY_BASE/start.ini START_D=$JETTY_BASE/start.d if [ ! -f "$START_INI" -a ! -d "$START_D" ] then echo "Cannot find a start.ini file or a start.d directory in your JETTY_BASE directory: $JETTY_BASE" >&2 exit 1 fi case "`uname`" in CYGWIN*) JETTY_START="`cygpath -w $JETTY_START`";; esac -RUN_ARGS=$("$JAVA" -jar "$JETTY_START" --dry-run=opts,path,main,args ${JETTY_ARGS[*]} ${JAVA_OPTIONS[*]}) -RUN_CMD=("$JAVA" $JETTY_SYS_PROPS ${RUN_ARGS[@]}) +# Determine if we can use start-stop-daemon or not +START_STOP_DAEMON_AVAILABLE=0 + +if (( USE_START_STOP_DAEMON )) +then + # only if root user is executing jetty.sh, and the start-stop-daemon exists + if [ $UID -eq 0 ] && type start-stop-daemon > /dev/null 2>&1 + then + START_STOP_DAEMON_AVAILABLE=1 + else + USE_START_STOP_DAEMON=0 + fi +fi + +# Collect the dry-run (of opts,path,main,args) from the jetty.base configuration +JETTY_DRY_RUN=$(echo "${JETTY_ARGS[*]} ${JAVA_OPTIONS[*]}" | xargs "$JAVA" -jar "$JETTY_START" --dry-run=opts,path,main,args,envs) +RUN_ARGS=($JETTY_SYS_PROPS ${JETTY_DRY_RUN[@]}) -##################################################### -# Comment these out after you're happy with what -# the script is doing. -##################################################### if (( DEBUG )) then + if expr -- "${RUN_ARGS[*]}" : '.*/etc/console-capture.xml.*' > /dev/null + then + echo "WARNING: Disable console-capture module for best DEBUG results" + fi + echo "IDs are $(id)" dumpEnv fi ################################################## # Do the action ################################################## case "$ACTION" in start) - echo -n "Starting Jetty: " - if (( NO_START )); then echo "Not starting ${NAME} - NO_START=1"; exit fi - if [ $UID -eq 0 ] && type start-stop-daemon > /dev/null 2>&1 + testFileSystemPermissions + + if running $JETTY_PID + then + echo "Already Running $(cat $JETTY_PID)!" + exit 1 + fi + + # remove any lingering state file + if [ -f $JETTY_STATE ] + then + rm $JETTY_STATE + fi + + echo -n "Starting Jetty: " + + # Startup from a service file + if (( USE_START_STOP_DAEMON )) then unset CH_USER if [ -n "$JETTY_USER" ] then CH_USER="--chuid $JETTY_USER" fi - start-stop-daemon --start $CH_USER \ - --pidfile "$JETTY_PID" \ + # use of --pidfile /dev/null disables internal pidfile + # management of the start-stop-daemon (see man page) + echo ${RUN_ARGS[@]} | xargs start-stop-daemon \ + --start $CH_USER \ + --pidfile /dev/null \ --chdir "$JETTY_BASE" \ --background \ - --make-pidfile \ + --output "${JETTY_RUN}/start-stop.log" \ --startas "$JAVA" \ - -- ${RUN_ARGS[@]} start-log-file="$JETTY_START_LOG" - + -- + (( DEBUG )) && echo "Starting: start-stop-daemon" else - - if running $JETTY_PID - then - echo "Already Running $(cat $JETTY_PID)!" - exit 1 - fi - + # Startup if switching users (not as a service, or from root) if [ -n "$JETTY_USER" ] && [ `whoami` != "$JETTY_USER" ] then unset SU_SHELL if [ "$JETTY_SHELL" ] then SU_SHELL="-s $JETTY_SHELL" fi - touch "$JETTY_PID" chown "$JETTY_USER" "$JETTY_PID" - # FIXME: Broken solution: wordsplitting, pathname expansion, arbitrary command execution, etc. su - "$JETTY_USER" $SU_SHELL -c " cd \"$JETTY_BASE\" - exec ${RUN_CMD[*]} start-log-file=\"$JETTY_START_LOG\" > /dev/null & - disown \$! - echo \$! > \"$JETTY_PID\"" + echo ${RUN_ARGS[*]} | xargs ${JAVA} > /dev/null & + PID=\$! + disown \$PID" + (( DEBUG )) && echo "Starting: su shell (w/user $JETTY_USER) on PID $PID" else - "${RUN_CMD[@]}" > /dev/null & - disown $! - echo $! > "$JETTY_PID" + # Startup if not switching users + echo ${RUN_ARGS[*]} | xargs ${JAVA} > /dev/null & + PID=$! + disown $PID + (( DEBUG )) && echo "Starting: java command on PID $PID" fi - fi - if expr "${JETTY_ARGS[*]}" : '.*jetty-started.xml.*' >/dev/null + if expr -- "${JETTY_ARGS[*]}" : '.*jetty\.state=.*' >/dev/null then if started "$JETTY_STATE" "$JETTY_PID" "$JETTY_START_TIMEOUT" then echo "OK `date`" else echo "FAILED `date`" + pidKill $JETTY_PID 30 exit 1 fi else echo "ok `date`" fi ;; stop) echo -n "Stopping Jetty: " - if [ $UID -eq 0 ] && type start-stop-daemon > /dev/null 2>&1; then - start-stop-daemon -K -p"$JETTY_PID" -d"$JETTY_HOME" -a "$JAVA" -s HUP - - TIMEOUT=30 - while running "$JETTY_PID"; do - if (( TIMEOUT-- == 0 )); then - start-stop-daemon -K -p"$JETTY_PID" -d"$JETTY_HOME" -a "$JAVA" -s KILL - fi + if [ ! -r "$JETTY_PID" ] ; then + echo "** ERROR: no pid found at $JETTY_PID" + exit 1 + fi - sleep 1 - done - else - if [ ! -f "$JETTY_PID" ] ; then - echo "ERROR: no pid found at $JETTY_PID" - exit 1 - fi + PID=$(tail -1 "$JETTY_PID") + if [ -z "$PID" ] ; then + echo "** ERROR: no pid found in $JETTY_PID" + exit 1 + fi - PID=$(cat "$JETTY_PID" 2>/dev/null) - if [ -z "$PID" ] ; then - echo "ERROR: no pid id found in $JETTY_PID" - exit 1 - fi - kill "$PID" 2>/dev/null + # Stopping service started with start-stop-daemon + if (( USE_START_STOP_DAEMON )) ; then + (( DEBUG )) && echo "Issuing HUP to $PID" + start-stop-daemon --stop \ + --pid "$PID" \ + --chdir "$JETTY_BASE" \ + --startas "$JAVA" \ + --signal HUP TIMEOUT=30 - while running $JETTY_PID; do + while running "$JETTY_PID"; do + (( DEBUG )) && echo "Issuing KILL to $PID" if (( TIMEOUT-- == 0 )); then - kill -KILL "$PID" 2>/dev/null + start-stop-daemon --stop \ + --pid "$PID" \ + --chdir "$JETTY_BASE" \ + --startas "$JAVA" \ + --signal KILL fi sleep 1 done + else + # Stopping from non-service start + pidKill "$JETTY_PID" 30 fi rm -f "$JETTY_PID" rm -f "$JETTY_STATE" echo OK ;; restart) JETTY_SH=$0 - > "$JETTY_STATE" + echo "restart" >> "$JETTY_STATE" if [ ! -f $JETTY_SH ]; then if [ ! -f $JETTY_HOME/bin/jetty.sh ]; then echo "$JETTY_HOME/bin/jetty.sh does not exist." exit 1 fi JETTY_SH=$JETTY_HOME/bin/jetty.sh fi "$JETTY_SH" stop "$@" "$JETTY_SH" start "$@" ;; supervise) # # Under control of daemontools supervise monitor which # handles restarts and shutdowns via the svc program. # - exec "${RUN_CMD[@]}" + echo ${RUN_ARGS[*]} | xargs ${JAVA} > /dev/null & ;; run|demo) echo "Running Jetty: " if running "$JETTY_PID" then echo Already Running $(cat "$JETTY_PID")! exit 1 fi - exec "${RUN_CMD[@]}" + echo ${RUN_ARGS[*]} | xargs ${JAVA} > /dev/null & ;; check|status) if running "$JETTY_PID" then echo "Jetty running pid=$(< "$JETTY_PID")" else echo "Jetty NOT running" fi echo dumpEnv echo if running "$JETTY_PID" then exit 0 fi exit 1 ;; *) usage ;; esac exit 0 diff --git a/security/shibboleth-idp/files/shibboleth.in b/security/shibboleth-idp/files/shibboleth.in index e63c0b1c1b98..424e30b7296e 100644 --- a/security/shibboleth-idp/files/shibboleth.in +++ b/security/shibboleth-idp/files/shibboleth.in @@ -1,64 +1,65 @@ # # Sample Configuration File # # JAVA # Command to invoke Java. If not set, java (from the PATH) will be used. # +JAVA=%%LOCALBASE%%/bin/java # JAVA_OPTIONS # Extra options to pass to the JVM # # JETTY_HOME # Where Jetty is installed. If not set, the script will try go # guess it by looking at the invocation path for the script # The java system property "jetty.home" will be # set to this value for use by configure.xml files, f.e.: # # /webapps/jetty.war # JETTY_HOME=/usr/local/jetty # # JETTY_BASE # Where your Jetty base directory is. If not set, the value from # $JETTY_HOME will be used. # # IT IS STRONGLY RECOMMENDED THAT YOU MODIFY THIS VARIABLE TO POINT # TO THE INSTALLATION OF YOUR WEB APPLICATION, KEEPING YOUR WEB # APPLICATION SEPARATE FROM THE JETTY HOME LOCATION. # # MORE INFORMATION HERE: # # http://www.eclipse.org/jetty/documentation/current/startup-base-and-home.html # JETTY_BASE=%%WWWDIR%% # JETTY_RUN # Where the $NAME.pid file should be stored. It defaults to the # first available of /var/run, /usr/var/run, JETTY_BASE and /tmp # if not set. # # JETTY_PID # The Jetty PID file, defaults to $JETTY_RUN/$NAME.pid # JETTY_PID=%%RUNDIR%%/shibboleth.pid # JETTY_ARGS # The default arguments to pass to jetty. # For example # JETTY_ARGS=jetty.http.port=8080 jetty.ssl.port=8443 # JETTY_ARGS=jetty.logging.dir=%%LOGDIR%% # JETTY_USER # if set, then used as a username to run the server as # JETTY_STATE=%%RUNDIR%%/shibboleth.state # JETTY_SHELL # If set, then used as the shell by su when starting the server. Will have # no effect if start-stop-daemon exists. Useful when JETTY_USER does not # diff --git a/security/shibboleth-idp/pkg-plist b/security/shibboleth-idp/pkg-plist index ed38e20aef23..e45c1c7549ee 100644 --- a/security/shibboleth-idp/pkg-plist +++ b/security/shibboleth-idp/pkg-plist @@ -1,272 +1,197 @@ +%%ETCDIR%%/shibboleth-idp +sbin/shibboleth-idp.sh %%DATADIR%%/LICENSE.txt -%%DATADIR%%/bin/aacli.bat -%%DATADIR%%/bin/aacli.sh -%%DATADIR%%/bin/ant-jetty.xml -%%DATADIR%%/bin/ant.bat -%%DATADIR%%/bin/ant.sh -%%DATADIR%%/bin/build.bat -%%DATADIR%%/bin/build.sh -%%DATADIR%%/bin/build.xml -%%DATADIR%%/bin/install-log.xml %%DATADIR%%/bin/install.bat %%DATADIR%%/bin/install.sh -%%DATADIR%%/bin/keygen.bat -%%DATADIR%%/bin/keygen.sh @comment %%DATADIR%%/bin/lib/.gitkeep %%DATADIR%%/bin/lib/ant-1.10.14.jar %%DATADIR%%/bin/lib/ant-launcher-1.10.14.jar -%%DATADIR%%/bin/lib/bcpg-jdk18on-1.72.2.jar -%%DATADIR%%/bin/lib/commons-compress-1.26.1.jar +%%DATADIR%%/bin/lib/bcpg-jdk18on-1.77.jar +%%DATADIR%%/bin/lib/commons-compress-1.26.2.jar %%DATADIR%%/bin/lib/commons-io-2.15.1.jar +%%DATADIR%%/bin/lib/idp-cli-%%PORTVERSION%%.jar %%DATADIR%%/bin/lib/idp-installer-%%PORTVERSION%%.jar %%DATADIR%%/bin/lib/jcommander-1.81.jar -%%DATADIR%%/bin/mdquery.bat -%%DATADIR%%/bin/mdquery.sh -%%DATADIR%%/bin/module.bat -%%DATADIR%%/bin/module.sh -%%DATADIR%%/bin/plugin.bat -%%DATADIR%%/bin/plugin.sh -%%DATADIR%%/bin/reload-metadata.bat -%%DATADIR%%/bin/reload-metadata.sh -%%DATADIR%%/bin/reload-service.bat -%%DATADIR%%/bin/reload-service.sh -%%DATADIR%%/bin/runclass.bat -%%DATADIR%%/bin/runclass.sh -%%DATADIR%%/bin/sealer.bat -%%DATADIR%%/bin/sealer.sh -%%DATADIR%%/bin/seckeygen.bat -%%DATADIR%%/bin/seckeygen.sh -%%DATADIR%%/bin/status.bat -%%DATADIR%%/bin/status.sh -%%DATADIR%%/bin/version.bat -%%DATADIR%%/bin/version.sh -%%DATADIR%%/conf/access-control.xml -%%DATADIR%%/conf/admin/admin.properties -%%DATADIR%%/conf/admin/metrics.xml -%%DATADIR%%/conf/attribute-filter.xml -%%DATADIR%%/conf/attribute-registry.xml -%%DATADIR%%/conf/attribute-resolver.xml -%%DATADIR%%/conf/attributes/custom/README -%%DATADIR%%/conf/attributes/default-rules.xml -%%DATADIR%%/conf/attributes/eduCourse.xml -%%DATADIR%%/conf/attributes/eduPerson.xml -%%DATADIR%%/conf/attributes/inetOrgPerson.xml -%%DATADIR%%/conf/attributes/samlSubject.xml -%%DATADIR%%/conf/attributes/schac.xml -%%DATADIR%%/conf/audit.xml -%%DATADIR%%/conf/authn/authn-comparison.xml -%%DATADIR%%/conf/authn/authn-events-flow.xml -%%DATADIR%%/conf/authn/authn.properties -%%DATADIR%%/conf/c14n/subject-c14n-events-flow.xml -%%DATADIR%%/conf/c14n/subject-c14n.properties -%%DATADIR%%/conf/c14n/subject-c14n.xml -%%DATADIR%%/conf/credentials.xml -%%DATADIR%%/conf/errors.xml -%%DATADIR%%/conf/examples/attribute-resolver-ldap.xml -%%DATADIR%%/conf/global.xml -%%DATADIR%%/conf/idp.properties -%%DATADIR%%/conf/intercept/intercept-events-flow.xml -%%DATADIR%%/conf/ldap.properties -%%DATADIR%%/conf/logback.xml -%%DATADIR%%/conf/metadata-providers.xml -%%DATADIR%%/conf/relying-party.xml -%%DATADIR%%/conf/saml-nameid.properties -%%DATADIR%%/conf/saml-nameid.xml -%%DATADIR%%/conf/services.properties -%%DATADIR%%/conf/services.xml -%%DATADIR%%/credentials/.gitkeep +%%DATADIR%%/bin/lib/shib-cli-9.1.3.jar +@comment %%DATADIR%%/credentials/.gitkeep %%DATADIR%%/doc/BC-LICENSE.txt %%DATADIR%%/doc/CREDITS.txt %%DATADIR%%/doc/DUO-LICENSE.txt %%DATADIR%%/doc/JQUERY-LICENSE.txt %%DATADIR%%/doc/README.txt %%DATADIR%%/doc/RELEASE-NOTES.txt %%DATADIR%%/doc/SPYMEMCACHED-LICENSE.txt -%%DATADIR%%/flows/authn/conditions/account-locked/account-locked-flow.xml -%%DATADIR%%/flows/authn/conditions/conditions-flow.xml -%%DATADIR%%/flows/authn/conditions/expired-password/expired-password-flow.xml -%%DATADIR%%/flows/authn/conditions/expiring-password/expiring-password-flow.xml -%%DATADIR%%/flows/user/prefs/prefs-flow.xml @comment %%DATADIR%%/logs/.gitkeep -%%DATADIR%%/messages/messages.properties -%%DATADIR%%/system/DONOTTOUCH -%%DATADIR%%/system/conf/global-system.xml -%%DATADIR%%/system/conf/mvc-beans.xml -%%DATADIR%%/system/conf/webflow-config.xml -%%DATADIR%%/views/client-storage/client-storage-read.vm -%%DATADIR%%/views/client-storage/client-storage-write.vm -%%DATADIR%%/views/error.vm -%%DATADIR%%/views/logout-complete.vm -%%DATADIR%%/views/logout-propagate.vm -%%DATADIR%%/views/logout.vm -%%DATADIR%%/views/user-prefs.js -%%DATADIR%%/views/user-prefs.vm %%DATADIR%%/webapp/META-INF/MANIFEST.MF %%DATADIR%%/webapp/WEB-INF/idpui.tld %%DATADIR%%/webapp/WEB-INF/jsp/metadata.jsp %%DATADIR%%/webapp/WEB-INF/jsp/status.jsp -%%DATADIR%%/webapp/WEB-INF/lib/DuoWeb-1.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/UserAgentUtils-1.21.jar %%DATADIR%%/webapp/WEB-INF/lib/annotations-17.0.0.jar -%%DATADIR%%/webapp/WEB-INF/lib/antlr-2.7.7.jar -%%DATADIR%%/webapp/WEB-INF/lib/bcpkix-jdk18on-1.72.jar -%%DATADIR%%/webapp/WEB-INF/lib/bcprov-jdk18on-1.72.jar -%%DATADIR%%/webapp/WEB-INF/lib/bcutil-jdk18on-1.72.jar -%%DATADIR%%/webapp/WEB-INF/lib/byte-buddy-1.10.21.jar -%%DATADIR%%/webapp/WEB-INF/lib/checker-qual-3.12.0.jar -%%DATADIR%%/webapp/WEB-INF/lib/classmate-1.5.1.jar -%%DATADIR%%/webapp/WEB-INF/lib/commons-cli-1.4.jar -%%DATADIR%%/webapp/WEB-INF/lib/commons-codec-1.15.jar +%%DATADIR%%/webapp/WEB-INF/lib/bcpkix-jdk18on-1.77.jar +%%DATADIR%%/webapp/WEB-INF/lib/bcprov-jdk18on-1.77.jar +%%DATADIR%%/webapp/WEB-INF/lib/bcutil-jdk18on-1.77.jar +%%DATADIR%%/webapp/WEB-INF/lib/checker-qual-3.41.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/commons-codec-1.16.1.jar %%DATADIR%%/webapp/WEB-INF/lib/commons-compiler-3.1.12.jar %%DATADIR%%/webapp/WEB-INF/lib/commons-dbcp2-2.9.0.jar -%%DATADIR%%/webapp/WEB-INF/lib/commons-lang-2.6.jar -%%DATADIR%%/webapp/WEB-INF/lib/commons-lang3-3.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/commons-lang3-3.14.0.jar %%DATADIR%%/webapp/WEB-INF/lib/commons-pool2-2.10.0.jar -%%DATADIR%%/webapp/WEB-INF/lib/cryptacular-1.2.5.jar -%%DATADIR%%/webapp/WEB-INF/lib/dom4j-2.1.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/error_prone_annotations-2.11.0.jar -%%DATADIR%%/webapp/WEB-INF/lib/failureaccess-1.0.1.jar -%%DATADIR%%/webapp/WEB-INF/lib/guava-31.1-jre.jar -%%DATADIR%%/webapp/WEB-INF/lib/hibernate-commons-annotations-5.1.2.Final.jar -%%DATADIR%%/webapp/WEB-INF/lib/hibernate-core-5.4.30.Final.jar -%%DATADIR%%/webapp/WEB-INF/lib/httpclient-4.5.14.jar -%%DATADIR%%/webapp/WEB-INF/lib/httpclient-cache-4.5.14.jar -%%DATADIR%%/webapp/WEB-INF/lib/httpcore-4.4.16.jar +%%DATADIR%%/webapp/WEB-INF/lib/cryptacular-1.2.6.jar +%%DATADIR%%/webapp/WEB-INF/lib/error_prone_annotations-2.23.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/failureaccess-1.0.2.jar +%%DATADIR%%/webapp/WEB-INF/lib/guava-33.0.0-jre.jar +%%DATADIR%%/webapp/WEB-INF/lib/httpclient5-5.3.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/httpclient5-cache-5.3.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/httpcore5-5.2.5.jar +%%DATADIR%%/webapp/WEB-INF/lib/httpcore5-h2-5.2.5.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-admin-api-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-admin-impl-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-api-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-filter-api-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-filter-impl-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-filter-spring-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-impl-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-resolver-api-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-resolver-impl-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-resolver-spring-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-authn-api-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-authn-impl-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-cas-api-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-cas-impl-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-conf-impl-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-consent-api-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-consent-impl-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-core-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-profile-api-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-profile-impl-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-profile-spring-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-saml-api-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-saml-impl-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-schema-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-session-api-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-session-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-spring-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-ui-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idwsfconsumer-2.1.0.jar -%%DATADIR%%/webapp/WEB-INF/lib/istack-commons-runtime-3.0.12.jar -%%DATADIR%%/webapp/WEB-INF/lib/j2objc-annotations-1.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/jackson-annotations-2.14.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/jackson-core-2.14.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/jackson-databind-2.14.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/jackson-datatype-jsr310-2.14.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/jakarta.activation-1.2.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/jakarta.json-1.1.6.jar -%%DATADIR%%/webapp/WEB-INF/lib/jakarta.mail-1.6.7.jar -%%DATADIR%%/webapp/WEB-INF/lib/jakarta.xml.bind-api-2.3.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/jandex-2.2.3.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/j2objc-annotations-2.8.jar +%%DATADIR%%/webapp/WEB-INF/lib/jackson-annotations-2.16.2.jar +%%DATADIR%%/webapp/WEB-INF/lib/jackson-core-2.16.2.jar +%%DATADIR%%/webapp/WEB-INF/lib/jackson-databind-2.16.2.jar +%%DATADIR%%/webapp/WEB-INF/lib/jackson-datatype-jsr310-2.16.2.jar +%%DATADIR%%/webapp/WEB-INF/lib/jakarta.activation-2.0.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/jakarta.json-2.0.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/jakarta.mail-2.0.1.jar %%DATADIR%%/webapp/WEB-INF/lib/janino-3.1.12.jar -%%DATADIR%%/webapp/WEB-INF/lib/java-support-8.4.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/javassist-3.27.0-GA.jar -%%DATADIR%%/webapp/WEB-INF/lib/javax.persistence-api-2.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/jaxb-runtime-2.3.9.jar -%%DATADIR%%/webapp/WEB-INF/lib/jboss-logging-3.4.1.Final.jar -%%DATADIR%%/webapp/WEB-INF/lib/jboss-transaction-api_1.2_spec-1.1.1.Final.jar -%%DATADIR%%/webapp/WEB-INF/lib/joda-time-2.12.7.jar -%%DATADIR%%/webapp/WEB-INF/lib/jsonapi-converter-0.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/jsonapi-converter-0.13.jar %%DATADIR%%/webapp/WEB-INF/lib/jsr305-3.0.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/jul-to-slf4j-2.0.12.jar -%%DATADIR%%/webapp/WEB-INF/lib/ldaptive-1.3.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/jul-to-slf4j-2.0.13.jar +%%DATADIR%%/webapp/WEB-INF/lib/ldaptive-2.3.2.jar %%DATADIR%%/webapp/WEB-INF/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar -%%DATADIR%%/webapp/WEB-INF/lib/log4j-over-slf4j-2.0.12.jar -%%DATADIR%%/webapp/WEB-INF/lib/logback-classic-1.3.14.jar -%%DATADIR%%/webapp/WEB-INF/lib/logback-core-1.3.14.jar -%%DATADIR%%/webapp/WEB-INF/lib/metrics-core-4.2.25.jar -%%DATADIR%%/webapp/WEB-INF/lib/metrics-json-4.2.25.jar -%%DATADIR%%/webapp/WEB-INF/lib/metrics-jvm-4.2.25.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-core-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-messaging-api-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-messaging-impl-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-profile-api-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-profile-impl-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-saml-api-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-saml-impl-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-security-api-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-security-impl-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-soap-api-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-soap-impl-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-storage-api-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-storage-impl-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-xmlsec-api-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-xmlsec-impl-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/slf4j-api-2.0.12.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-aop-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-beans-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-binding-2.5.1.RELEASE.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-context-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-core-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-expression-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-extensions-6.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-jcl-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-jdbc-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-orm-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-tx-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-web-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-webflow-2.5.1.RELEASE.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-webmvc-5.3.34.jar +%%DATADIR%%/webapp/WEB-INF/lib/log4j-over-slf4j-2.0.13.jar +%%DATADIR%%/webapp/WEB-INF/lib/logback-classic-%%LOGBACKVER%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/logback-core-%%LOGBACKVER%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/metrics-core-4.2.26.jar +%%DATADIR%%/webapp/WEB-INF/lib/metrics-json-4.2.26.jar +%%DATADIR%%/webapp/WEB-INF/lib/metrics-jvm-4.2.26.jar +%%DATADIR%%/webapp/WEB-INF/lib/micrometer-commons-1.12.8.jar +%%DATADIR%%/webapp/WEB-INF/lib/micrometer-observation-1.12.8.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-buffer-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-codec-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-common-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-handler-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-resolver-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-transport-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-transport-classes-epoll-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-transport-classes-kqueue-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-transport-native-epoll-4.1.108.Final-linux-aarch_64.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-transport-native-epoll-4.1.108.Final-linux-x86_64.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-transport-native-kqueue-4.1.108.Final-osx-aarch_64.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-transport-native-kqueue-4.1.108.Final-osx-x86_64.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-transport-native-unix-common-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-core-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-core-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-messaging-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-messaging-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-profile-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-profile-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-saml-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-saml-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-security-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-security-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-soap-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-soap-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-spring-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-storage-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-storage-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-xmlsec-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-xmlsec-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-attribute-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-attribute-filter-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-attribute-filter-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-attribute-filter-spring-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-attribute-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-attribute-resolver-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-attribute-resolver-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-attribute-resolver-spring-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-metadata-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-metadata-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-metadata-spring-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-networking-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-networking-spring-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-profile-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-profile-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-saml-attribute-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-saml-attribute-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-saml-profile-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-security-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-security-spring-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-service-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-spring-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-support-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-velocity-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-velocity-spring-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/slf4j-api-2.0.13.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-aop-6.1.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-beans-6.1.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-binding-3.0.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-context-6.1.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-core-6.1.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-expression-6.1.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-jcl-6.1.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-web-6.1.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-webflow-3.0.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-webmvc-6.1.11.jar %%DATADIR%%/webapp/WEB-INF/lib/spymemcached-2.12.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/txw2-2.3.9.jar -%%DATADIR%%/webapp/WEB-INF/lib/unboundid-ldapsdk-4.0.14.jar %%DATADIR%%/webapp/WEB-INF/lib/velocity-engine-core-2.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/xmlsec-2.3.4.jar +%%DATADIR%%/webapp/WEB-INF/lib/xmlsec-3.0.3.jar %%DATADIR%%/webapp/WEB-INF/spring.tld %%DATADIR%%/webapp/WEB-INF/web.xml %%DATADIR%%/webapp/css/logout.css %%DATADIR%%/webapp/css/placeholder.css %%DATADIR%%/webapp/images/failure-32x32.png %%DATADIR%%/webapp/images/placeholder-logo.png %%DATADIR%%/webapp/images/success-32x32.png %%DATADIR%%/webapp/index.jsp -%%DATADIR%%/webapp/js/Duo-Web-v2.js -%%DATADIR%%/webapp/js/Duo-Web-v2.min.js %%DATADIR%%/webapp/js/jquery-3.6.0.min.js -@dir(%%SHIBUSER%%,%%SHIBGROUP%%,755) %%DATADIR%%/metadata @dir %%DATADIR%%/webapp/WEB-INF/classes -%%ETCDIR%%/shibboleth-idp @dir %%ETCDIR%% @sample %%EXAMPLESDIR%%/etc/jetty-requestlog.xml %%WWWDIR%%/etc/jetty-requestlog.xml @sample %%EXAMPLESDIR%%/index.html %%WWWDIR%%/webapps/ROOT/index.html @sample %%EXAMPLESDIR%%/modules/idp-logging.mod %%WWWDIR%%/modules/idp-logging.mod @sample %%EXAMPLESDIR%%/modules/idp.mod %%WWWDIR%%/modules/idp.mod @sample %%EXAMPLESDIR%%/resources/logback-access.xml %%WWWDIR%%/resources/logback-access.xml @sample %%EXAMPLESDIR%%/resources/logback.xml %%WWWDIR%%/resources/logback.xml @sample %%EXAMPLESDIR%%/start.d/http.ini %%WWWDIR%%/start.d/http.ini @mode 640 @group %%SHIBGROUP%% @sample %%EXAMPLESDIR%%/start.d/idp.ini %%WWWDIR%%/start.d/idp.ini @mode @group @sample %%EXAMPLESDIR%%/start.d/start.ini %%WWWDIR%%/start.d/start.ini @sample %%EXAMPLESDIR%%/webapps/idp.xml %%WWWDIR%%/webapps/idp.xml @sample %%EXAMPLESDIR%%/webapps/static.xml %%WWWDIR%%/webapps/static.xml %%WWWDIR%%/etc/jetty-pid.xml %%WWWDIR%%/lib/logging/logback-classic-%%LOGBACKVER%%.jar %%WWWDIR%%/lib/logging/logback-core-%%LOGBACKVER%%.jar @dir %%WWWDIR%%/conf @dir %%WWWDIR%%/credentials @dir %%WWWDIR%%/etc +@dir(%%SHIBUSER%%,%%SHIBGROUP%%,755) %%WWWDIR%%/jsp @dir %%WWWDIR%%/modules @dir %%WWWDIR%%/resources @dir %%WWWDIR%%/start.d @dir %%WWWDIR%%/webapps/ROOT @dir %%WWWDIR%%/webapps @dir %%WWWDIR%% -sbin/shibboleth-idp.sh @dir(%%SHIBUSER%%,%%SHIBGROUP%%,755) %%RUNDIR%% @dir(%%SHIBUSER%%,%%SHIBGROUP%%,755) %%LOGDIR%%