--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package opensaml
Dear Release Team,
To fix their latest security bug, Shibboleth upstream made a coordinated
patch release of the full stack, as usual. You already unblocked the
critical part of this (xmltooling and shibboleth-sp) and they even
reached testing, so we're good. OpenSAML, the middle component also
gained a small patch, and I'm asking you about that now. It isn't
critical at all, just a tuning down of a handful or error messages to
warn level. As upstream put it: "The goal of those changes was to reach
a state in which any ERROR in the log requires a necessary operational
response." I think eliminating this deviation would improve the
administration experience and the upstream support opportunities for the
users of buster, thus I ask you to consider accepting it.
The debdiff below does not convey properly how small this change really
is, because the current 3.0.0-2 package carries a forward ported
upstream patch CPPOST-110-Rebenchmark-tests-with-SHA256-disgest.patch,
which was released with 3.0.1 and thus removed from the Debian patch
queue. So the biggest part of this diff does not appear if you compare
the patched trees.
The result of dh_auto_test was ignored in 3.0.0-1 waiting for the above
patch, and that should have already been reverted in 3.0.0-2, because
all tests succeed again with the patch (I checked the buildd logs
manually now). So they're safe to reenable and have no effect on the
binary packages.
Finally, the path change in HTTPMetadataProvider.xml fixes a unit test
which requires network access and is skipped during the package build
anyway. (But also succeeds after the necessary URL configuration now.)
If you're fine with this, I'm ready to upload opensaml/3.0.1-1 to
unstable.
Thanks,
Feri.
diff -Nru opensaml-3.0.0/configure opensaml-3.0.1/configure
--- opensaml-3.0.0/configure 2018-07-10 03:09:31.000000000 +0200
+++ opensaml-3.0.1/configure 2019-03-08 16:01:45.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for opensaml 3.0.0.
+# Generated by GNU Autoconf 2.69 for opensaml 3.0.1.
#
# Report bugs to <https://issues.shibboleth.net/>.
#
@@ -590,8 +590,8 @@
# Identity of this package.
PACKAGE_NAME='opensaml'
PACKAGE_TARNAME='opensaml'
-PACKAGE_VERSION='3.0.0'
-PACKAGE_STRING='opensaml 3.0.0'
+PACKAGE_VERSION='3.0.1'
+PACKAGE_STRING='opensaml 3.0.1'
PACKAGE_BUGREPORT='https://issues.shibboleth.net/'
PACKAGE_URL=''
@@ -1430,7 +1430,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures opensaml 3.0.0 to adapt to many kinds of systems.
+\`configure' configures opensaml 3.0.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1500,7 +1500,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of opensaml 3.0.0:";;
+ short | recursive ) echo "Configuration of opensaml 3.0.1:";;
esac
cat <<\_ACEOF
@@ -1658,7 +1658,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-opensaml configure 3.0.0
+opensaml configure 3.0.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2202,7 +2202,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by opensaml $as_me 3.0.0, which was
+It was created by opensaml $as_me 3.0.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3067,7 +3067,7 @@
# Define the identity of the package.
PACKAGE='opensaml'
- VERSION='3.0.0'
+ VERSION='3.0.1'
cat >>confdefs.h <<_ACEOF
@@ -21436,7 +21436,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by opensaml $as_me 3.0.0, which was
+This file was extended by opensaml $as_me 3.0.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -21502,7 +21502,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-opensaml config.status 3.0.0
+opensaml config.status 3.0.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -Nru opensaml-3.0.0/configure.ac opensaml-3.0.1/configure.ac
--- opensaml-3.0.0/configure.ac 2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/configure.ac 2019-02-21 21:05:56.000000000 +0100
@@ -1,5 +1,5 @@
AC_PREREQ([2.50])
-AC_INIT([opensaml],[3.0.0],[https://issues.shibboleth.net/],[opensaml])
+AC_INIT([opensaml],[3.0.1],[https://issues.shibboleth.net/],[opensaml])
AC_CONFIG_SRCDIR(saml)
AC_CONFIG_AUX_DIR(build-aux)
AC_CONFIG_MACRO_DIR(m4)
diff -Nru opensaml-3.0.0/config_win32.h opensaml-3.0.1/config_win32.h
--- opensaml-3.0.0/config_win32.h 2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/config_win32.h 2019-02-21 21:06:18.000000000 +0100
@@ -81,13 +81,13 @@
#define PACKAGE_NAME "opensaml"
/* Define to the full name and version of this package. */
-#define PACKAGE_STRING "opensaml 3.0.0"
+#define PACKAGE_STRING "opensaml 3.0.1"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "opensaml"
/* Define to the version of this package. */
-#define PACKAGE_VERSION "3.0.0"
+#define PACKAGE_VERSION "3.0.1"
/* Define to the necessary symbol if this constant uses a non-standard name on
your system. */
@@ -100,7 +100,7 @@
/* #undef TM_IN_SYS_TIME */
/* Version number of package */
-#define VERSION "3.0.0"
+#define VERSION "3.0.1"
/* Define to empty if `const' does not conform to ANSI C. */
/* #undef const */
diff -Nru opensaml-3.0.0/debian/changelog opensaml-3.0.1/debian/changelog
--- opensaml-3.0.0/debian/changelog 2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/changelog 2019-03-16 20:36:55.000000000 +0100
@@ -1,3 +1,13 @@
+opensaml (3.0.1-1) unstable; urgency=medium
+
+ * [d1daef5] Revert "Temporarily ignore build test failures"
+ * [792ec83] New upstream release: 3.0.1
+ * [dd69be3] Delete released patch fixing the tests, refresh the rest
+ * [5ec41bf] Update Standards-Version to 4.3.0 (no changes required)
+ * [38ff832] Update library version number in Lintian override
+
+ -- Ferenc Wágner <wferi@debian.org> Sat, 16 Mar 2019 20:36:55 +0100
+
opensaml (3.0.0-2) unstable; urgency=medium
* [eb1b88f] New patch: CPPOST-110 Rebenchmark tests with SHA256 disgest.
diff -Nru opensaml-3.0.0/debian/control opensaml-3.0.1/debian/control
--- opensaml-3.0.0/debian/control 2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/control 2019-03-16 20:24:09.000000000 +0100
@@ -18,7 +18,7 @@
Build-Depends-Indep:
doxygen,
graphviz,
-Standards-Version: 4.2.1
+Standards-Version: 4.3.0
Homepage: https://wiki.shibboleth.net/confluence/display/OpenSAML/Home
Vcs-Git: https://salsa.debian.org/shib-team/opensaml2.git
Vcs-Browser: https://salsa.debian.org/shib-team/opensaml2
diff -Nru opensaml-3.0.0/debian/libsaml10.lintian-overrides opensaml-3.0.1/debian/libsaml10.lintian-overrides
--- opensaml-3.0.0/debian/libsaml10.lintian-overrides 2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/libsaml10.lintian-overrides 2019-03-16 20:36:41.000000000 +0100
@@ -1,4 +1,4 @@
# See https://wiki.debian.org/UsingSymbolsFiles and follow to
# https://www.eyrie.org/~eagle/journal/2012-02/001.html.
# In short: symbols files are not worth providing for Shibboleth.
-no-symbols-control-file usr/lib/x86_64-linux-gnu/libsaml.so.10.0.0
+no-symbols-control-file usr/lib/x86_64-linux-gnu/libsaml.so.10.0.1
diff -Nru opensaml-3.0.0/debian/patches/CPPOST-110-Rebenchmark-tests-with-SHA256-disgest.patch opensaml-3.0.1/debian/patches/CPPOST-110-Rebenchmark-tests-with-SHA256-disgest.patch
--- opensaml-3.0.0/debian/patches/CPPOST-110-Rebenchmark-tests-with-SHA256-disgest.patch 2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/patches/CPPOST-110-Rebenchmark-tests-with-SHA256-disgest.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,182 +0,0 @@
-From: Rod Widdowson <rdw@steadingsoftware.com>
-Date: Fri, 10 Aug 2018 14:32:50 +0100
-Subject: CPPOST-110 Rebenchmark tests with SHA256 disgest
-
-https://issues.shibboleth.net/jira/browse/CPPOST-110
----
- samltest/data/signature/SAML1Assertion.xml | 16 ++++++----------
- samltest/data/signature/SAML1Request.xml | 15 +++++++--------
- samltest/data/signature/SAML1Response.xml | 28 ++++++++++++----------------
- samltest/data/signature/SAML2Assertion.xml | 16 +++++++---------
- 4 files changed, 32 insertions(+), 43 deletions(-)
-
-diff --git a/samltest/data/signature/SAML1Assertion.xml b/samltest/data/signature/SAML1Assertion.xml
-index 8e9f950..87edf51 100644
---- a/samltest/data/signature/SAML1Assertion.xml
-+++ b/samltest/data/signature/SAML1Assertion.xml
-@@ -1,8 +1,4 @@
--<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="ident"
--IssueInstant="1970-01-02T01:01:02.100Z" Issuer="issuer"
--MajorVersion="1" MinorVersion="1"><saml:AuthenticationStatement AuthenticationInstant="1970-01-02T01:01:02.100Z"
--AuthenticationMethod="method"
--><saml:Subject><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-+<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="ident" IssueInstant="1970-01-02T01:01:02.100Z" Issuer="issuer" MajorVersion="1" MinorVersion="1"><saml:AuthenticationStatement AuthenticationInstant="1970-01-02T01:01:02.100Z" AuthenticationMethod="method"><saml:Subject><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:SignedInfo>
- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-@@ -11,13 +7,13 @@ AuthenticationMethod="method"
- <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
- <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- </ds:Transforms>
--<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
--<ds:DigestValue>j2GRm2UDOBvxwlzvX0fjXYeAGIA=</ds:DigestValue>
-+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-+<ds:DigestValue>wc8nsN/vydGVRrRESM4J9A/3wAy/oIWTmCaOtFJPk9c=</ds:DigestValue>
- </ds:Reference>
- </ds:SignedInfo>
--<ds:SignatureValue>AA5098JC4gfdAf2bvPQRZ9Ld/VehXAB3uhp0r4js4i6fMB3hGMs4VnE9iEJEsPDD
--0Kj4cfewxHij/kHrWcxpKMMqIgGlqKYZhuQHfFt8GzDeeFIgu1R675jcN4uCOoWl
--3aRVd9hgPRsXzf7/RkMiXHIsU/NjUPRKf7GjNt2jNT0=</ds:SignatureValue>
-+<ds:SignatureValue>S+dC36V+L4yYAOobK3LABIM8XmpCecuZx6xwmk4BMRinuUNCJpowt5YM7EGwY2lT
-+qpBp5A35/c60ShDSXlIthOP+0FvLp8uSMbw8QMnU2/wdLfFq/2imGYsjjt3IMw2s
-+A1BQ2l8hU8uPPNXXCOW6bO1MRPbwXM9Aaj6Jhr25e48=</ds:SignatureValue>
- <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
- BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
- b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
-diff --git a/samltest/data/signature/SAML1Request.xml b/samltest/data/signature/SAML1Request.xml
-index 86dfe43..09f4c25 100644
---- a/samltest/data/signature/SAML1Request.xml
-+++ b/samltest/data/signature/SAML1Request.xml
-@@ -1,5 +1,4 @@
--<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="1970-01-02T01:01:02.100Z"
--MajorVersion="1" MinorVersion="1" RequestID="ident"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-+<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="1970-01-02T01:01:02.100Z" MajorVersion="1" MinorVersion="1" RequestID="ident"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:SignedInfo>
- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-@@ -8,13 +7,13 @@ MajorVersion="1" MinorVersion="1" RequestID="ident"><ds:Signature xmlns:ds="http
- <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
- <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- </ds:Transforms>
--<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
--<ds:DigestValue>pqhIt8nUldh3KVL6IEewRxKXYhM=</ds:DigestValue>
-+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-+<ds:DigestValue>lPzigs+xAxljZ6FiItmyiMBZwBrFk9UM+FNk69PmrY0=</ds:DigestValue>
- </ds:Reference>
- </ds:SignedInfo>
--<ds:SignatureValue>UE5p832pLFYvMloRofN3y0rrFY7B8zOcF7+CHYyxFn6pqgPeEYGqkbUWlV15/tJ5
--wXJ3LiLQroYQI3XHPvKRSV4OtF9ZFm4QDK7RNd6gnUmHed6Zje//e6z2ekA0UzTl
--IeWCuD84mWemMJzRAhSFKcnqJDBHA61Krvg1kf/2c2E=</ds:SignatureValue>
-+<ds:SignatureValue>1VME3lZuPgLki6ly93Hg6x37dZJRI3jVOXTZPxbGWrlPeENHA+8E0hVUycQ2xJNv
-+TR/V+90WKaEv1LyF9o4oaLv7XLi8DwfXyQiDpCJ46oiSO9MxNcC4M8VaNmSkRVP6
-+otJ5PG+ac8Ydq7Ocru2nbJZ4p8XuzeFVeaWpzmzaq0k=</ds:SignatureValue>
- <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
- BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
- b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
-@@ -29,4 +28,4 @@ cGxlLm9yZ4IJAKk8t1hYcMkhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
- gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
- LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
- gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=
--</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:AuthenticationQuery AuthenticationMethod="method"><saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></samlp:AuthenticationQuery></samlp:Request>
-+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:AuthenticationQuery AuthenticationMethod="method"><saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></samlp:AuthenticationQuery></samlp:Request>
-\ No newline at end of file
-diff --git a/samltest/data/signature/SAML1Response.xml b/samltest/data/signature/SAML1Response.xml
-index 2ddcaa7..ff542b7 100644
---- a/samltest/data/signature/SAML1Response.xml
-+++ b/samltest/data/signature/SAML1Response.xml
-@@ -1,4 +1,4 @@
--<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:shib="urn:mace:shibboleth" IssueInstant="1970-01-02T01:01:02.100Z" MajorVersion="1" MinorVersion="1" ResponseID="rident"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="1970-01-02T01:01:02.100Z" MajorVersion="1" MinorVersion="1" ResponseID="rident" xmlns:shib="urn:mace:shibboleth"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:SignedInfo>
- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-@@ -9,13 +9,13 @@
- <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="shib"/>
- </ds:Transform>
- </ds:Transforms>
--<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
--<ds:DigestValue>9sBlLRUZWT199jgSaCfzqSRWMTc=</ds:DigestValue>
-+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-+<ds:DigestValue>/4Pgha71hsJVzrYT1Hy1x7l9m04kkQEnKhCyEMzwxUE=</ds:DigestValue>
- </ds:Reference>
- </ds:SignedInfo>
--<ds:SignatureValue>BpkmYve9GGRwMOUpRRnINKGhAK2mmZZSFFTImpxzD62++Kbzygg4+T6OP+5cs1BR
--wf/Ca+uuEHIeo/1MHpmqVASMfDPMY3L1M7JzZ+kAbmnywohhwtj7zMSQ8kOFRVDo
--mEbY9lFSfb7VRDMKWOGZPRAj7ezZdeXmGpdrHobrY5s=</ds:SignatureValue>
-+<ds:SignatureValue>Gt/2YBwmZY2J6Odf8VkYbRVlTwO3D+smn6zZ7YQMXtG2P1rEl+fQP+QSWaU6ZqA5
-+27Oad3MSe/T2BlMOHa7V90RNCkFTJHQa7fBK13+CPVkhmLfLuHhpy0sX89r22e0q
-+S7f1I27KSZq7BlHhzhBPDoFbXsdgNQFNjBG0RjVrqYU=</ds:SignatureValue>
- <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
- BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
- b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
-@@ -30,11 +30,7 @@ cGxlLm9yZ4IJAKk8t1hYcMkhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
- gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
- LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
- gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=
--</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode
--Value="samlp:Success"><samlp:StatusCode Value="shib:NoReally"/></samlp:StatusCode></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="aident"
--IssueInstant="1970-01-02T01:01:02.100Z" Issuer="issuer" MajorVersion="1" MinorVersion="1"><saml:AuthenticationStatement
--AuthenticationInstant="1970-01-02T01:01:02.100Z"
--AuthenticationMethod="method"><saml:Subject><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="samlp:Success"><samlp:StatusCode Value="shib:NoReally"/></samlp:StatusCode></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="aident" IssueInstant="1970-01-02T01:01:02.100Z" Issuer="issuer" MajorVersion="1" MinorVersion="1"><saml:AuthenticationStatement AuthenticationInstant="1970-01-02T01:01:02.100Z" AuthenticationMethod="method"><saml:Subject><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:SignedInfo>
- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-@@ -43,13 +39,13 @@ AuthenticationMethod="method"><saml:Subject><saml:NameIdentifier>John Doe</saml:
- <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
- <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- </ds:Transforms>
--<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
--<ds:DigestValue>/owFROXYYru5+/j0TpHEz+hjXqY=</ds:DigestValue>
-+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-+<ds:DigestValue>9NYMsHLRPcafmjoRnggkvUuzMnFE9mzlWdLHzJL/y7Y=</ds:DigestValue>
- </ds:Reference>
- </ds:SignedInfo>
--<ds:SignatureValue>d4SsRgDSjboTRA2YUD68TPp+17AqRmxbY/LrWJhueIC/JY+Ct7+Fd6bugUXliIeD
--NVRDACsEB7PqYWZ99+Ecf8XAmQYCw5elj8mWxPp0o+UVHtBZOR2bC+/YjNitSM+x
--G/F3JgZqfunUcg7mcj6WEAUt4pjKhjaTY8Z7QJltdKc=</ds:SignatureValue>
-+<ds:SignatureValue>Fk4s35idW+0Vm/XfMgH+a04XqcrX4jiCYZ0aRdkKEpZcO75EetZxtuLdg8c57yO3
-+tCPzkDFRaeFzI23/SciGlk+nhl+s+5iNysFY/iEG174tzgFHtBbcEjGjw3c6YUd8
-+GmcaJ7cuV+iv8rCUpLu0NxQ9jSEOCshX5ZIKglddiMI=</ds:SignatureValue>
- <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
- BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
- b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
-diff --git a/samltest/data/signature/SAML2Assertion.xml b/samltest/data/signature/SAML2Assertion.xml
-index 9f409c3..6e2d16a 100644
---- a/samltest/data/signature/SAML2Assertion.xml
-+++ b/samltest/data/signature/SAML2Assertion.xml
-@@ -1,5 +1,4 @@
--<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ident" IssueInstant="1970-01-02T01:01:02.100Z"
--Version="2.0"><saml:Issuer>issuer</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-+<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ident" IssueInstant="1970-01-02T01:01:02.100Z" Version="2.0"><saml:Issuer>issuer</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:SignedInfo>
- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-@@ -8,13 +7,13 @@ Version="2.0"><saml:Issuer>issuer</saml:Issuer><ds:Signature xmlns:ds="http://ww
- <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
- <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- </ds:Transforms>
--<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
--<ds:DigestValue>8DSEsWJl4wOiwY15f7fAurDWpbo=</ds:DigestValue>
-+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-+<ds:DigestValue>AQGLm1KiW4D78s+fxQ2UPZHwwXR7CPKDIvkgzNDFzbU=</ds:DigestValue>
- </ds:Reference>
- </ds:SignedInfo>
--<ds:SignatureValue>zgKU42nQKyB9m8RkDz1I2r7h0N9pc5ys9kve7oN9/Dugrn583/3bMgQBfk1rw4Pq
--BfztAZNcf2lstzvgpVB9fVTsTUuEDtT0mhc+f5t8kbCkABGu0SrfCnDjbYpmEeLC
--j8rJO4aSZIV4tN21aAkQyys28l4oB3KGTTDASjEPVgQ=</ds:SignatureValue>
-+<ds:SignatureValue>jLLZZQ6cty2FcjsGn/zuzfjXQqyMNMkbdw+wJXXTS1YmnKVYtE9H7skjU9bcj4Lo
-+MpRXQlJLtX1sIgpTQS2pSh4kkwE+Z7yO/SDaM5qcVawH5zI3C03s3ty0xGQx9SzW
-+1TTK4vgfWLOh5NQzDt2WhZPGSS3H1hpxS+MlbnflPTU=</ds:SignatureValue>
- <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
- BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
- b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
-@@ -29,5 +28,4 @@ cGxlLm9yZ4IJAKk8t1hYcMkhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
- gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
- LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
- gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=
--</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID>John Doe</saml:NameID></saml:Subject><saml:AuthnStatement
--AuthnInstant="1970-01-02T01:01:02.100Z"><saml:AuthnContext><saml:AuthnContextClassRef>method</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion>
-\ No newline at end of file
-+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID>John Doe</saml:NameID></saml:Subject><saml:AuthnStatement AuthnInstant="1970-01-02T01:01:02.100Z"><saml:AuthnContext><saml:AuthnContextClassRef>method</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion>
-\ No newline at end of file
diff -Nru opensaml-3.0.0/debian/patches/Current-AX_PTHREAD-knows-about-the-necessary-Solaris-defi.patch opensaml-3.0.1/debian/patches/Current-AX_PTHREAD-knows-about-the-necessary-Solaris-defi.patch
--- opensaml-3.0.0/debian/patches/Current-AX_PTHREAD-knows-about-the-necessary-Solaris-defi.patch 2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/patches/Current-AX_PTHREAD-knows-about-the-necessary-Solaris-defi.patch 2019-03-16 20:18:27.000000000 +0100
@@ -7,7 +7,7 @@
1 file changed, 3 deletions(-)
diff --git a/configure.ac b/configure.ac
-index 3031b8d..8d84fde 100644
+index fba976c..314f6ee 100644
--- a/configure.ac
+++ b/configure.ac
@@ -53,11 +53,8 @@ if test "$GCC" = "yes" ; then
diff -Nru opensaml-3.0.0/debian/patches/Don-t-change-the-C-XX-FLAGS-provided-by-the-user.patch opensaml-3.0.1/debian/patches/Don-t-change-the-C-XX-FLAGS-provided-by-the-user.patch
--- opensaml-3.0.0/debian/patches/Don-t-change-the-C-XX-FLAGS-provided-by-the-user.patch 2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/patches/Don-t-change-the-C-XX-FLAGS-provided-by-the-user.patch 2019-03-16 20:18:27.000000000 +0100
@@ -14,7 +14,7 @@
4 files changed, 11 insertions(+), 25 deletions(-)
diff --git a/configure.ac b/configure.ac
-index 08409f4..ed65267 100644
+index b804344..e311a4a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -19,15 +19,12 @@ DX_PS_FEATURE(OFF)
@@ -70,7 +70,7 @@
LT_INIT([disable-static])
diff --git a/saml/Makefile.am b/saml/Makefile.am
-index 09457db..68be1f4 100644
+index 88276be..f7aa95c 100644
--- a/saml/Makefile.am
+++ b/saml/Makefile.am
@@ -74,7 +74,7 @@ saml2bindinclude_HEADERS = \
@@ -82,7 +82,7 @@
saml2mdinclude_HEADERS = \
saml2/metadata/AbstractMetadataProvider.h \
saml2/metadata/DiscoverableMetadataProvider.h \
-@@ -183,6 +183,7 @@ libsaml_la_LDFLAGS = -version-info 10:0:0
+@@ -183,6 +183,7 @@ libsaml_la_LDFLAGS = -version-info 10:1:0
libsaml_la_CPPFLAGS = \
$(BOOST_CPPFLAGS)
libsaml_la_CXXFLAGS = \
diff -Nru opensaml-3.0.0/debian/patches/Initialize-Libtool-in-the-modern-way-and-after-the-compil.patch opensaml-3.0.1/debian/patches/Initialize-Libtool-in-the-modern-way-and-after-the-compil.patch
--- opensaml-3.0.0/debian/patches/Initialize-Libtool-in-the-modern-way-and-after-the-compil.patch 2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/patches/Initialize-Libtool-in-the-modern-way-and-after-the-compil.patch 2019-03-16 20:18:27.000000000 +0100
@@ -10,7 +10,7 @@
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
-index 8d84fde..08409f4 100644
+index 314f6ee..b804344 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,8 +4,6 @@ AC_CONFIG_SRCDIR(saml)
diff -Nru opensaml-3.0.0/debian/patches/Remove-.pl-extension-of-cxxtestgen.patch opensaml-3.0.1/debian/patches/Remove-.pl-extension-of-cxxtestgen.patch
--- opensaml-3.0.0/debian/patches/Remove-.pl-extension-of-cxxtestgen.patch 2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/patches/Remove-.pl-extension-of-cxxtestgen.patch 2019-03-16 20:18:27.000000000 +0100
@@ -7,7 +7,7 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index c3842ba..3031b8d 100644
+index f052688..fba976c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -101,7 +101,7 @@ AX_PKG_CHECK_MODULES([xmltooling],,[xmltooling >= 3])
diff -Nru opensaml-3.0.0/debian/patches/series opensaml-3.0.1/debian/patches/series
--- opensaml-3.0.0/debian/patches/series 2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/patches/series 2019-03-16 20:18:27.000000000 +0100
@@ -2,5 +2,4 @@
Current-AX_PTHREAD-knows-about-the-necessary-Solaris-defi.patch
Initialize-Libtool-in-the-modern-way-and-after-the-compil.patch
Don-t-change-the-C-XX-FLAGS-provided-by-the-user.patch
-CPPOST-110-Rebenchmark-tests-with-SHA256-disgest.patch
testBadSig-requires-fresh-InCommon-metadata.patch
diff -Nru opensaml-3.0.0/debian/rules opensaml-3.0.1/debian/rules
--- opensaml-3.0.0/debian/rules 2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/rules 2019-03-16 20:01:23.000000000 +0100
@@ -7,8 +7,7 @@
dh $@
override_dh_auto_test:
- # Test failures are expected in 3.0.0, see CPPOST-110
- -dh_auto_test -- SAMLTEST_SKIP_NETWORKED=1
+ dh_auto_test -- SAMLTEST_SKIP_NETWORKED=1
docdir = debian/tmp/usr/share/doc/opensaml-*
override_dh_install:
diff -Nru opensaml-3.0.0/Makefile.in opensaml-3.0.1/Makefile.in
--- opensaml-3.0.0/Makefile.in 2018-07-10 03:09:33.000000000 +0200
+++ opensaml-3.0.1/Makefile.in 2019-03-08 16:01:44.000000000 +0100
@@ -232,7 +232,7 @@
$(top_srcdir)/build-aux/install-sh \
$(top_srcdir)/build-aux/ltmain.sh \
$(top_srcdir)/build-aux/missing build-aux/compile \
- build-aux/config.guess build-aux/config.sub \
+ build-aux/config.guess build-aux/config.sub build-aux/depcomp \
build-aux/install-sh build-aux/ltmain.sh build-aux/missing
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
diff -Nru opensaml-3.0.0/opensaml.spec opensaml-3.0.1/opensaml.spec
--- opensaml-3.0.0/opensaml.spec 2018-07-10 03:10:00.000000000 +0200
+++ opensaml-3.0.1/opensaml.spec 2019-03-08 16:02:01.000000000 +0100
@@ -1,5 +1,5 @@
Name: opensaml
-Version: 3.0.0
+Version: 3.0.1
Release: 1
Summary: OpenSAML SAML library
Group: Development/Libraries/C and C++
diff -Nru opensaml-3.0.0/saml/binding/impl/ClientCertAuthRule.cpp opensaml-3.0.1/saml/binding/impl/ClientCertAuthRule.cpp
--- opensaml-3.0.0/saml/binding/impl/ClientCertAuthRule.cpp 2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/saml/binding/impl/ClientCertAuthRule.cpp 2019-02-21 20:50:27.000000000 +0100
@@ -103,7 +103,7 @@
if (!x509trust->validate(chain.front(), chain, *(policy.getMetadataProvider()), &cc)) {
if (m_errorFatal)
throw SecurityPolicyException("Client certificate supplied, but could not be verified.");
- log.error("unable to verify certificate chain with supplied trust engine");
+ log.warn("unable to verify certificate chain with supplied trust engine");
return false;
}
diff -Nru opensaml-3.0.0/saml/binding/impl/MessageFlowRule.cpp opensaml-3.0.1/saml/binding/impl/MessageFlowRule.cpp
--- opensaml-3.0.0/saml/binding/impl/MessageFlowRule.cpp 2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/saml/binding/impl/MessageFlowRule.cpp 2019-02-21 20:45:47.000000000 +0100
@@ -85,12 +85,12 @@
}
else {
if (issueInstant > now + skew) {
- log.errorStream() << "rejected not-yet-valid message, timestamp (" << issueInstant <<
+ log.warnStream() << "rejected not-yet-valid message, timestamp (" << issueInstant <<
"), newest allowed (" << now + skew << ")" << logging::eol;
throw SecurityPolicyException("Message rejected, was issued in the future.");
}
else if (issueInstant < now - skew - m_expires) {
- log.errorStream() << "rejected expired message, timestamp (" << issueInstant <<
+ log.warnStream() << "rejected expired message, timestamp (" << issueInstant <<
"), oldest allowed (" << (now - skew - m_expires) << ")" << logging::eol;
throw SecurityPolicyException("Message expired, was issued too long ago.");
}
diff -Nru opensaml-3.0.0/saml/binding/impl/SimpleSigningRule.cpp opensaml-3.0.1/saml/binding/impl/SimpleSigningRule.cpp
--- opensaml-3.0.0/saml/binding/impl/SimpleSigningRule.cpp 2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/saml/binding/impl/SimpleSigningRule.cpp 2019-02-21 20:50:57.000000000 +0100
@@ -123,7 +123,7 @@
const char* sigAlgorithm = request->getParameter("SigAlg");
if (!sigAlgorithm) {
- log.error("SigAlg parameter not found, no way to verify the signature");
+ log.warn("SigAlg parameter not found, no way to verify the signature");
return false;
}
@@ -214,7 +214,7 @@
cc.setXMLAlgorithm(alg.get());
if (!sigtrust->validate(alg.get(), signature, keyInfo, input.c_str(), input.length(), *(policy.getMetadataProvider()), &cc)) {
- log.error("unable to verify message signature with supplied trust engine");
+ log.warn("unable to verify message signature with supplied trust engine");
if (m_errorFatal)
throw SecurityPolicyException("Message was signed, but signature could not be verified.");
return false;
diff -Nru opensaml-3.0.0/saml/binding/impl/XMLSigningRule.cpp opensaml-3.0.1/saml/binding/impl/XMLSigningRule.cpp
--- opensaml-3.0.0/saml/binding/impl/XMLSigningRule.cpp 2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/saml/binding/impl/XMLSigningRule.cpp 2019-02-21 20:51:19.000000000 +0100
@@ -99,7 +99,7 @@
sigval.validateSignature(*(signable->getSignature()));
}
catch (ValidationException& ve) {
- log.error("signature profile failed to validate: %s", ve.what());
+ log.warn("signature profile failed to validate: %s", ve.what());
if (m_errorFatal)
throw;
return false;
@@ -109,7 +109,7 @@
MetadataCredentialCriteria cc(*(policy.getIssuerMetadata()));
if (!sigtrust->validate(*(signable->getSignature()), *(policy.getMetadataProvider()), &cc)) {
- log.error("unable to verify message signature with supplied trust engine");
+ log.warn("unable to verify message signature with supplied trust engine");
if (m_errorFatal)
throw SecurityPolicyException("Message was signed, but signature could not be verified.");
return false;
diff -Nru opensaml-3.0.0/saml/Makefile.am opensaml-3.0.1/saml/Makefile.am
--- opensaml-3.0.0/saml/Makefile.am 2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/saml/Makefile.am 2019-02-21 21:07:18.000000000 +0100
@@ -179,7 +179,7 @@
# this is different from the project version
# http://sources.redhat.com/autobook/autobook/autobook_91.html
-libsaml_la_LDFLAGS = -version-info 10:0:0
+libsaml_la_LDFLAGS = -version-info 10:1:0
libsaml_la_CPPFLAGS = \
$(BOOST_CPPFLAGS)
libsaml_la_CXXFLAGS = \
diff -Nru opensaml-3.0.0/saml/Makefile.in opensaml-3.0.1/saml/Makefile.in
--- opensaml-3.0.0/saml/Makefile.in 2018-07-10 03:09:33.000000000 +0200
+++ opensaml-3.0.1/saml/Makefile.in 2019-03-08 16:01:44.000000000 +0100
@@ -731,7 +731,7 @@
# this is different from the project version
# http://sources.redhat.com/autobook/autobook/autobook_91.html
-libsaml_la_LDFLAGS = -version-info 10:0:0
+libsaml_la_LDFLAGS = -version-info 10:1:0
libsaml_la_CPPFLAGS = \
$(BOOST_CPPFLAGS)
diff -Nru opensaml-3.0.0/saml/profile/impl/AudienceRestrictionRule.cpp opensaml-3.0.1/saml/profile/impl/AudienceRestrictionRule.cpp
--- opensaml-3.0.0/saml/profile/impl/AudienceRestrictionRule.cpp 2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/saml/profile/impl/AudienceRestrictionRule.cpp 2019-02-21 20:55:00.000000000 +0100
@@ -100,7 +100,7 @@
ostringstream os;
os << *ac2;
- Category::getInstance(SAML_LOGCAT ".SecurityPolicyRule.AudienceRestriction").error(
+ Category::getInstance(SAML_LOGCAT ".SecurityPolicyRule.AudienceRestriction").warn(
"unacceptable AudienceRestriction in assertion (%s)", os.str().c_str()
);
throw SecurityPolicyException("Assertion contains an unacceptable AudienceRestriction.");
@@ -129,7 +129,7 @@
ostringstream os;
os << *ac1;
- Category::getInstance(SAML_LOGCAT ".SecurityPolicyRule.AudienceRestriction").error(
+ Category::getInstance(SAML_LOGCAT ".SecurityPolicyRule.AudienceRestriction").warn(
"unacceptable AudienceRestrictionCondition in assertion (%s)", os.str().c_str()
);
throw SecurityPolicyException("Assertion contains an unacceptable AudienceRestrictionCondition.");
diff -Nru opensaml-3.0.0/saml/saml2/profile/impl/BearerConfirmationRule.cpp opensaml-3.0.1/saml/saml2/profile/impl/BearerConfirmationRule.cpp
--- opensaml-3.0.0/saml/saml2/profile/impl/BearerConfirmationRule.cpp 2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/saml/saml2/profile/impl/BearerConfirmationRule.cpp 2019-02-21 20:53:28.000000000 +0100
@@ -139,7 +139,7 @@
}
}
- log.error(msg ? msg : "no error message");
+ log.warn(msg ? msg : "no error message");
if (m_fatal)
throw SecurityPolicyException("Unable to locate satisfiable bearer SubjectConfirmation in assertion.");
return false;
diff -Nru opensaml-3.0.0/saml/saml.rc opensaml-3.0.1/saml/saml.rc
--- opensaml-3.0.0/saml/saml.rc 2018-07-12 00:28:04.000000000 +0200
+++ opensaml-3.0.1/saml/saml.rc 2019-02-21 21:06:52.000000000 +0100
@@ -28,8 +28,8 @@
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 3,0,0,1
- PRODUCTVERSION 3,0,0,0
+ FILEVERSION 3,0,1,0
+ PRODUCTVERSION 3,0,1,0
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -47,13 +47,13 @@
VALUE "Comments", "\0"
VALUE "CompanyName", "Shibboleth Consortium\0"
VALUE "FileDescription", "OpenSAML Library\0"
- VALUE "FileVersion", "3, 0, 0, 1\0"
+ VALUE "FileVersion", "3, 0, 1, 0\0"
#ifdef _DEBUG
VALUE "InternalName", "saml3_0D\0"
#else
VALUE "InternalName", "saml3_0\0"
#endif
- VALUE "LegalCopyright", "Copyright © 2018 UCAID\0"
+ VALUE "LegalCopyright", "Copyright � 2018 UCAID\0"
VALUE "LegalTrademarks", "\0"
#ifdef _DEBUG
VALUE "OriginalFilename", "saml3_0D.dll\0"
@@ -61,8 +61,8 @@
VALUE "OriginalFilename", "saml3_0.dll\0"
#endif
VALUE "PrivateBuild", "\0"
- VALUE "ProductName", "OpenSAML 3.0.0\0"
- VALUE "ProductVersion", "3, 0, 0, 0\0"
+ VALUE "ProductName", "OpenSAML 3.0.1\0"
+ VALUE "ProductVersion", "3, 0, 1, 0\0"
VALUE "SpecialBuild", "\0"
END
END
diff -Nru opensaml-3.0.0/saml/version.h opensaml-3.0.1/saml/version.h
--- opensaml-3.0.0/saml/version.h 2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/saml/version.h 2019-02-21 21:07:05.000000000 +0100
@@ -44,7 +44,7 @@
#define OPENSAML_VERSION_MAJOR 3
#define OPENSAML_VERSION_MINOR 0
-#define OPENSAML_VERSION_REVISION 0
+#define OPENSAML_VERSION_REVISION 1
/** DO NOT MODIFY BELOW THIS LINE */
diff -Nru opensaml-3.0.0/samlsign/samlsign.rc opensaml-3.0.1/samlsign/samlsign.rc
--- opensaml-3.0.0/samlsign/samlsign.rc 2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/samlsign/samlsign.rc 2019-02-21 21:08:26.000000000 +0100
@@ -28,8 +28,8 @@
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 2,7,0,0
- PRODUCTVERSION 2,7,0,0
+ FILEVERSION 3,0,1,0
+ PRODUCTVERSION 3,0,1,0
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -47,14 +47,14 @@
VALUE "Comments", "\0"
VALUE "CompanyName", "Shibboleth Consortium\0"
VALUE "FileDescription", "OpenSAML Signature Utility\0"
- VALUE "FileVersion", "2, 7, 0, 0\0"
+ VALUE "FileVersion", "3, 0, 1, 0\0"
VALUE "InternalName", "samlsign\0"
- VALUE "LegalCopyright", "Copyright © 2017 UCAID\0"
+ VALUE "LegalCopyright", "Copyright � 2018 UCAID\0"
VALUE "LegalTrademarks", "\0"
VALUE "OriginalFilename", "samlsign.exe\0"
VALUE "PrivateBuild", "\0"
- VALUE "ProductName", "OpenSAML 2.7.0\0"
- VALUE "ProductVersion", "2, 7, 0, 0\0"
+ VALUE "ProductName", "OpenSAML 3.0.1\0"
+ VALUE "ProductVersion", "3, 0, 1, 0\0"
VALUE "SpecialBuild", "\0"
END
END
diff -Nru opensaml-3.0.0/samltest/data/saml2/metadata/HTTPMetadataProvider.xml opensaml-3.0.1/samltest/data/saml2/metadata/HTTPMetadataProvider.xml
--- opensaml-3.0.0/samltest/data/saml2/metadata/HTTPMetadataProvider.xml 2018-07-10 03:09:10.000000000 +0200
+++ opensaml-3.0.1/samltest/data/saml2/metadata/HTTPMetadataProvider.xml 2018-11-01 15:09:08.000000000 +0100
@@ -1,4 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<MetadataProvider type="XML" url="http://URL.TO.EXAMPLE/ORG/InCommon-metadata.xml" backingFilePath="../samltest/data/saml2/metadata/InCommon-metadata.xml.bck" validate="0">
- <MetadataFilter type="Signature" certificate="../../../samltest/data/incommon.pem" />
+ <MetadataFilter type="Signature" certificate="../samltest/data/incommon.pem" />
</MetadataProvider>
diff -Nru opensaml-3.0.0/samltest/data/signature/SAML1Assertion.xml opensaml-3.0.1/samltest/data/signature/SAML1Assertion.xml
--- opensaml-3.0.0/samltest/data/signature/SAML1Assertion.xml 2018-07-10 03:09:10.000000000 +0200
+++ opensaml-3.0.1/samltest/data/signature/SAML1Assertion.xml 2018-11-01 15:09:08.000000000 +0100
@@ -1,8 +1,4 @@
-<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="ident"
-IssueInstant="1970-01-02T01:01:02.100Z" Issuer="issuer"
-MajorVersion="1" MinorVersion="1"><saml:AuthenticationStatement AuthenticationInstant="1970-01-02T01:01:02.100Z"
-AuthenticationMethod="method"
-><saml:Subject><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="ident" IssueInstant="1970-01-02T01:01:02.100Z" Issuer="issuer" MajorVersion="1" MinorVersion="1"><saml:AuthenticationStatement AuthenticationInstant="1970-01-02T01:01:02.100Z" AuthenticationMethod="method"><saml:Subject><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
@@ -11,13 +7,13 @@
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-<ds:DigestValue>j2GRm2UDOBvxwlzvX0fjXYeAGIA=</ds:DigestValue>
+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+<ds:DigestValue>wc8nsN/vydGVRrRESM4J9A/3wAy/oIWTmCaOtFJPk9c=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
-<ds:SignatureValue>AA5098JC4gfdAf2bvPQRZ9Ld/VehXAB3uhp0r4js4i6fMB3hGMs4VnE9iEJEsPDD
-0Kj4cfewxHij/kHrWcxpKMMqIgGlqKYZhuQHfFt8GzDeeFIgu1R675jcN4uCOoWl
-3aRVd9hgPRsXzf7/RkMiXHIsU/NjUPRKf7GjNt2jNT0=</ds:SignatureValue>
+<ds:SignatureValue>S+dC36V+L4yYAOobK3LABIM8XmpCecuZx6xwmk4BMRinuUNCJpowt5YM7EGwY2lT
+qpBp5A35/c60ShDSXlIthOP+0FvLp8uSMbw8QMnU2/wdLfFq/2imGYsjjt3IMw2s
+A1BQ2l8hU8uPPNXXCOW6bO1MRPbwXM9Aaj6Jhr25e48=</ds:SignatureValue>
<ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
diff -Nru opensaml-3.0.0/samltest/data/signature/SAML1Request.xml opensaml-3.0.1/samltest/data/signature/SAML1Request.xml
--- opensaml-3.0.0/samltest/data/signature/SAML1Request.xml 2018-07-10 03:09:10.000000000 +0200
+++ opensaml-3.0.1/samltest/data/signature/SAML1Request.xml 2018-11-01 15:09:08.000000000 +0100
@@ -1,5 +1,4 @@
-<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="1970-01-02T01:01:02.100Z"
-MajorVersion="1" MinorVersion="1" RequestID="ident"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="1970-01-02T01:01:02.100Z" MajorVersion="1" MinorVersion="1" RequestID="ident"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
@@ -8,13 +7,13 @@
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-<ds:DigestValue>pqhIt8nUldh3KVL6IEewRxKXYhM=</ds:DigestValue>
+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+<ds:DigestValue>lPzigs+xAxljZ6FiItmyiMBZwBrFk9UM+FNk69PmrY0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
-<ds:SignatureValue>UE5p832pLFYvMloRofN3y0rrFY7B8zOcF7+CHYyxFn6pqgPeEYGqkbUWlV15/tJ5
-wXJ3LiLQroYQI3XHPvKRSV4OtF9ZFm4QDK7RNd6gnUmHed6Zje//e6z2ekA0UzTl
-IeWCuD84mWemMJzRAhSFKcnqJDBHA61Krvg1kf/2c2E=</ds:SignatureValue>
+<ds:SignatureValue>1VME3lZuPgLki6ly93Hg6x37dZJRI3jVOXTZPxbGWrlPeENHA+8E0hVUycQ2xJNv
+TR/V+90WKaEv1LyF9o4oaLv7XLi8DwfXyQiDpCJ46oiSO9MxNcC4M8VaNmSkRVP6
+otJ5PG+ac8Ydq7Ocru2nbJZ4p8XuzeFVeaWpzmzaq0k=</ds:SignatureValue>
<ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
@@ -29,4 +28,4 @@
gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=
-</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:AuthenticationQuery AuthenticationMethod="method"><saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></samlp:AuthenticationQuery></samlp:Request>
+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:AuthenticationQuery AuthenticationMethod="method"><saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></samlp:AuthenticationQuery></samlp:Request>
\ No newline at end of file
diff -Nru opensaml-3.0.0/samltest/data/signature/SAML1Response.xml opensaml-3.0.1/samltest/data/signature/SAML1Response.xml
--- opensaml-3.0.0/samltest/data/signature/SAML1Response.xml 2018-07-10 03:09:10.000000000 +0200
+++ opensaml-3.0.1/samltest/data/signature/SAML1Response.xml 2018-11-01 15:09:08.000000000 +0100
@@ -1,4 +1,4 @@
-<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:shib="urn:mace:shibboleth" IssueInstant="1970-01-02T01:01:02.100Z" MajorVersion="1" MinorVersion="1" ResponseID="rident"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="1970-01-02T01:01:02.100Z" MajorVersion="1" MinorVersion="1" ResponseID="rident" xmlns:shib="urn:mace:shibboleth"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
@@ -9,13 +9,13 @@
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="shib"/>
</ds:Transform>
</ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-<ds:DigestValue>9sBlLRUZWT199jgSaCfzqSRWMTc=</ds:DigestValue>
+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+<ds:DigestValue>/4Pgha71hsJVzrYT1Hy1x7l9m04kkQEnKhCyEMzwxUE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
-<ds:SignatureValue>BpkmYve9GGRwMOUpRRnINKGhAK2mmZZSFFTImpxzD62++Kbzygg4+T6OP+5cs1BR
-wf/Ca+uuEHIeo/1MHpmqVASMfDPMY3L1M7JzZ+kAbmnywohhwtj7zMSQ8kOFRVDo
-mEbY9lFSfb7VRDMKWOGZPRAj7ezZdeXmGpdrHobrY5s=</ds:SignatureValue>
+<ds:SignatureValue>Gt/2YBwmZY2J6Odf8VkYbRVlTwO3D+smn6zZ7YQMXtG2P1rEl+fQP+QSWaU6ZqA5
+27Oad3MSe/T2BlMOHa7V90RNCkFTJHQa7fBK13+CPVkhmLfLuHhpy0sX89r22e0q
+S7f1I27KSZq7BlHhzhBPDoFbXsdgNQFNjBG0RjVrqYU=</ds:SignatureValue>
<ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
@@ -30,11 +30,7 @@
gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=
-</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode
-Value="samlp:Success"><samlp:StatusCode Value="shib:NoReally"/></samlp:StatusCode></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="aident"
-IssueInstant="1970-01-02T01:01:02.100Z" Issuer="issuer" MajorVersion="1" MinorVersion="1"><saml:AuthenticationStatement
-AuthenticationInstant="1970-01-02T01:01:02.100Z"
-AuthenticationMethod="method"><saml:Subject><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="samlp:Success"><samlp:StatusCode Value="shib:NoReally"/></samlp:StatusCode></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="aident" IssueInstant="1970-01-02T01:01:02.100Z" Issuer="issuer" MajorVersion="1" MinorVersion="1"><saml:AuthenticationStatement AuthenticationInstant="1970-01-02T01:01:02.100Z" AuthenticationMethod="method"><saml:Subject><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
@@ -43,13 +39,13 @@
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-<ds:DigestValue>/owFROXYYru5+/j0TpHEz+hjXqY=</ds:DigestValue>
+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+<ds:DigestValue>9NYMsHLRPcafmjoRnggkvUuzMnFE9mzlWdLHzJL/y7Y=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
-<ds:SignatureValue>d4SsRgDSjboTRA2YUD68TPp+17AqRmxbY/LrWJhueIC/JY+Ct7+Fd6bugUXliIeD
-NVRDACsEB7PqYWZ99+Ecf8XAmQYCw5elj8mWxPp0o+UVHtBZOR2bC+/YjNitSM+x
-G/F3JgZqfunUcg7mcj6WEAUt4pjKhjaTY8Z7QJltdKc=</ds:SignatureValue>
+<ds:SignatureValue>Fk4s35idW+0Vm/XfMgH+a04XqcrX4jiCYZ0aRdkKEpZcO75EetZxtuLdg8c57yO3
+tCPzkDFRaeFzI23/SciGlk+nhl+s+5iNysFY/iEG174tzgFHtBbcEjGjw3c6YUd8
+GmcaJ7cuV+iv8rCUpLu0NxQ9jSEOCshX5ZIKglddiMI=</ds:SignatureValue>
<ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
diff -Nru opensaml-3.0.0/samltest/data/signature/SAML2Assertion.xml opensaml-3.0.1/samltest/data/signature/SAML2Assertion.xml
--- opensaml-3.0.0/samltest/data/signature/SAML2Assertion.xml 2018-07-10 03:09:10.000000000 +0200
+++ opensaml-3.0.1/samltest/data/signature/SAML2Assertion.xml 2018-11-01 15:09:08.000000000 +0100
@@ -1,5 +1,4 @@
-<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ident" IssueInstant="1970-01-02T01:01:02.100Z"
-Version="2.0"><saml:Issuer>issuer</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ident" IssueInstant="1970-01-02T01:01:02.100Z" Version="2.0"><saml:Issuer>issuer</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
@@ -8,13 +7,13 @@
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-<ds:DigestValue>8DSEsWJl4wOiwY15f7fAurDWpbo=</ds:DigestValue>
+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+<ds:DigestValue>AQGLm1KiW4D78s+fxQ2UPZHwwXR7CPKDIvkgzNDFzbU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
-<ds:SignatureValue>zgKU42nQKyB9m8RkDz1I2r7h0N9pc5ys9kve7oN9/Dugrn583/3bMgQBfk1rw4Pq
-BfztAZNcf2lstzvgpVB9fVTsTUuEDtT0mhc+f5t8kbCkABGu0SrfCnDjbYpmEeLC
-j8rJO4aSZIV4tN21aAkQyys28l4oB3KGTTDASjEPVgQ=</ds:SignatureValue>
+<ds:SignatureValue>jLLZZQ6cty2FcjsGn/zuzfjXQqyMNMkbdw+wJXXTS1YmnKVYtE9H7skjU9bcj4Lo
+MpRXQlJLtX1sIgpTQS2pSh4kkwE+Z7yO/SDaM5qcVawH5zI3C03s3ty0xGQx9SzW
+1TTK4vgfWLOh5NQzDt2WhZPGSS3H1hpxS+MlbnflPTU=</ds:SignatureValue>
<ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
@@ -29,5 +28,4 @@
gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=
-</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID>John Doe</saml:NameID></saml:Subject><saml:AuthnStatement
-AuthnInstant="1970-01-02T01:01:02.100Z"><saml:AuthnContext><saml:AuthnContextClassRef>method</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion>
\ No newline at end of file
+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID>John Doe</saml:NameID></saml:Subject><saml:AuthnStatement AuthnInstant="1970-01-02T01:01:02.100Z"><saml:AuthnContext><saml:AuthnContextClassRef>method</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion>
\ No newline at end of file
unblock opensaml/3.0.1-1
--- End Message ---