guanxi dorain release

Tue, Nov 28, 2006

This is the Dorain release (Beinn Dorain), one of my favourite mountains in the Central Highlands. This release focuses on the SP with major enhancements to the web services and SSL. The release also contains an updated IdP and SP.

Full details are on the Guanxi Wiki

IdP

  • v1.3.0
  • Updated org.guanxi.idp.attributors.LDAPAttributor to fix bug if no GuanxiPrincipal was available and also to add support for eduPersonPrincipalName
  • Updated WEB-INF/web.xml to put tags in correct order
  • Updated org.guanxi.idp.Setup to use BOUNCY_CASTLE_PROVIDER_NAME defined in org.guanxi.common.definitions.Guanxi
  • Deleted org.guanxi.idp.Setup
  • Moved setup functionality to org.guanxi.idp.SSO.init()
  • org.guanxi.idp.SSO now loads on startup to remove manual setup
  • Updated org.guanxi.idp.AttributeAuthority to use XMLBeans. Added syphoning of attribute assertions being sent to SP
  • Updated org.guanxi.idp.SSO to use XMLBeans
  • Added jar versioning support to build.xml and build.properties

SP

  • v1.3.0
  • Updated org.guanxi.sp.engine.EngineSetup, added new comments and fixed bug where web service couldn’t be installed via ssl. Added new SSL layer probing support to remove need for truststore when setting up the internal web services.
  • Updated org.guanxi.sp.guard.GuardSetup, added new comments and fixed bug where web service couldn’t be installed via ssl. Added new SSL layer probing support to remove need for truststore when setting up the internal web services.
  • Updated resources/guanxi_sp/index.jsp to remove hard coded http
  • Updated org.guanxi.sp.engine.Engine to add the XMLBeans generated Engine config object to the servlet context to allow other parts of the system to use the sam config file
  • Updated WEB-INF/config/guanxi-sp-engine.xml, added new Keystore options for secure web services communications
  • Updated WEB-INF/guanxi_sp_guard/config/guanxi-sp-guard.xml, added web services trust options for keystore and truststore. Updated Cooke Age to be transient so it goes away when you close the browser.
  • Updated org.guanxi.sp.guard.Guard to use XMLBeans for configuration information.
  • Updated org.guanxi.sp.engine.Engine to use new Log directory information
  • Updated org.guanxi.sp.guard.AttributeConsumer to use new Log directory information
  • Updated org.guanxi.sp.engine.CA to use new Log directory information
  • Added WEB-INF/guanxi_sp_guard/logs
  • Added WEB-INF/guanxi_sp_guard/keystore/guard.jks
  • Added WEB-INF/guanxi_sp_guard/truststore/guard.jks
  • Updated org.guanxi.sp.guard.GuardHandler, tidied up unused stuff and converted to use XMLBeans for configuration.
  • Updated org.guanxi.sp.guard.Guard, refactored to use XMLBeans for configuration and to place the Guard XMLBeans object in the servlet context to share with other parts of the Guard.
  • Updated org.guanxi.sp.guard.Guard to transfer new parameters to GuardRequest to fix problems with spring based applications
  • Added testsrc/org.guanxi.sp.engine.GuanxiSSLLayerTest, JUnit tests for the SSL layer
  • Updated build.xml to not copy logs to WEB-INF for Guard
  • Updated org.guanxi.sp.guard.GuardRequest to add support for request attributes to fix problems with spring based applications
  • Updated org.guanxi.sp.engine.Engine to fail gracefully if no signature is found on an AuthenticationStatement from an IdP
  • Updated org.guanxi.sp.engine.Engine, removed getAttributes(), getGuardNativeMetadata()
  • Updated org.guanxi.sp.engine.Engine, init() now loads BouncyCastle security provider and destroy() unloads it. Now creates a self signed keystore if none exists. This is used for secure comms to Guards
  • Updated org.guanxi.sp.engine.Engine, modified loadGuardMetadata() to check whether each registered Guard is using HTTPS and if so, to probe it for it’s X509 certificate and add it to the Engine’s truststore.
  • Added org.guanxi.sp.engine.WAYFLocation REST service to replace Axis RPC call for getting the WAYF location
  • Updated org.guanxi.sp.engine.CA for new Engine metadata
  • Added org.guanxi.sp.guard.SessionVerifier REST service to replace Axis RPC call for verifying a Guard session
  • Added org.guanxi.sp.Util
  • Converted org.guanxi.sp.guard.Guard to use the Engine’s REST WAYFLocation service instead of Axis RPC
  • Updated org.guanxi.sp.engine.Engine, now creates it’s own keystore and supports secure communications to Guards
  • Updated web.xml for Engine and Guard to remove Axis
  • Removed org.guanxi.sp.metadata package as it has been superceded by XMLBeans. Also deleted org.guanxi.sp.engine.MetadataTest
  • Removed org.guanxi.sp.engine.EngineSetup, org.guanxi.sp.engine.EngineHandler, org.guanxi.sp.guard.GuardSetup, org.guanxi.sp.guard.GuardHandler as the Engine and Guard now communicate via REST and use auto setup
  • Updated org.guanxi.sp.engine.Engine, improved error handling when the trust layer doesn’t recognise entity certificates
  • Updated org.guanxi.sp.guard.Podder to redirect using scheme and hostname as it was redirecting to HTTPS if the Guard was using HTTPS
  • Updated org.guanxi.sp.guard.Guard to add request scheme and hostname to pod
  • Updated org.guanxi.sp.guard.AttributeConsumer to use XMLBeans instead of org.guanxi.common.SOAPUtils for working with SOAP messages
  • Added jar versioning support to build.xml and build.properties
  • Updated build.xml, added inheritall=“false” to buildDependencies task to fix bug where dependencies were inheriting SP settings
  • Updated org.guanxi.sp.guard.Guard to create a default keystore and truststore if they don’t exist
  • Updated org.guanxi.sp.engine.Engine to create a default keystore and truststore if they don’t exist
  • Updated org.guanxi.sp.engine.CA to get keystore info from xml config file instead of web.xml
  • Updated org.guanxi.sp.engine.CA::createSignedCertificateChain() as it was hardcoded to create RSA keys. Now gets key type from config file. Updated to support SHA224WITHECDSA encryption
  • Updated WEB-INF/config/guanxi-sp-engine.xml, added KeyType

Core

  • 1.0.3
  • Updated xsd/guanxi-sp.xsd, added Keystore, KeystorePassword and CertificateAlias elements to the Engine and Guard elements. Added TrustStore, TrustStorePassword to the Guard element This is to allow configuration of secure web services.
  • Updated xsd/guanxi-sp.xsd, pdated engineInfoType, replaced WAYFMethod with WAYFLocationService. Added KeyType to Engine.
  • Updated xsd/guanxi-idp.xsd, added optional Debug node for idp.xml with optional SypthonAttributeAssertions and SypthonAttributeQueries nodes

Common

  • v1.2.9
  • Added org.guanxi.common.security.ssl.GuanxiSocketFactory to provide custom keystore and truststore handling for secure web services communication
  • Updated org.guanxi.common.definitions.Guanxi, added AxisProperties definitions for secure web services communication. Added ENGINE_CONFIG_OBJECT, GUARD_CONFIG_OBJECT.
  • Updated org.guanxi.common.definitions.Logging to split log dirs into Engine and Guard versions as the Guard should log inside WEB-INF/guanxi_sp_guard
  • Updated org.guanxi.common.EntityConnection, added getServerCertificates(), disconnect() and javadocs. Added new boolean parameter to the constructor to allow for probing servers for their certificates. This tells EntityConnection to use a special Guanxi TrustManager that allows HTTPS connections in order to inspect the certificate.
  • Updated org.guanxi.common.security.ssl.SSL, added new boolean parameter to getTrustManagers(). If this is true then the method will return a special Guanxi TrustManager to allow for probing servers for their certificates.
  • Added org.guanxi.common.security.ssl.GuanxiX509ProbingTrustManager to allow probing for server certs via HTTPS.
  • Updated org.guanxi.common.AttributeMap to provide mapping to support eduPersonPrincipalName
  • Updated org.guanxi.common.Pod to fix bug when adding extra request parameters for non spring applications
  • Updated org.guanxi.common.EntityConnection, added getServerCertChain() and getServerCertificate()
  • Updated org.guanxi.common.definitions.Guanxi, added BOUNCY_CASTLE_PROVIDER_NAME
  • Updated org.guanxi.common.definitions.Guanxi, added new constants to support REST services
  • Updated org.guanxi.common.Errors, added GUARD_CERT_PROBE_FAILED and MISSING_PARAM
  • Updated org.guanxi.common.security.SecUtils, added createSelfSignedKeystore()
  • Updated org.guanxi.common.EntityConnection, PROBING_ON and PROBING_OFF moved from Engine. Added getServerCertChain(), getServerCertificate(), getContentLength(), getContentAsString()
  • Updated org.guanxi.common.Pod, added support for request scheme and hostname to fix HTTPS bug when Guard comms are using HTTPS
  • Updated org.guanxi.common.Utils, added createNCNameID()
  • Updated org.guanxi.common.definitions.Shibboleth, added more namespace and prefix definitions
  • Added org.guanxi.common.security.SecUtilsConfig as a configuration object for methods in SecUtils
  • Updated org.guanxi.common.security.SecUtils, modified sign() to use SecUtilsConfig
  • Added jar versioning support to build.xml and build.properties
  • Updated org.guanxi.common.security.SecUtils, added createTrustStore()

gx_lib

  • v1.3.4
  • Updated guanxibeans.jar with latest schemata
  • Added hsqldb v1.8.0.4 for IdP demoing and integration testing
  • Updated jsr173_1.0_api.jar and xbean.jar to XMLBeans 2.2.0

WAYF

  • v1.2.6
  • Updated build.xml to fix xalan bug. xalan-2.4.1.jar was renamed to xalan.jar in gx_lib but not here.
  • Updated build.xml to add log4.jar
  • Added jar versioning support to build.xml and build.properties

comments powered by Disqus