Merge pull request #34 from silinternational/develop

Release 4.0.0 2-Step Verification

Author: fillup

.gitignore

@@ -3,3 +3,4 @@ vendor/
 composer.lock
 nbproject/
 .vagrant/
+local.env

Makefile

@@ -1,10 +1,14 @@
 start:
+	docker-compose pull
 	docker-compose up -d
 
 errors:
 	docker-compose exec hub cat /var/log/apache2/error.log
 	docker-compose exec idp1 cat /var/log/apache2/error.log
 	docker-compose exec idp2 cat /var/log/apache2/error.log
+	docker-compose exec idp4 cat /var/log/apache2/error.log
+	docker-compose exec hub2 cat /var/log/apache2/error.log
+	docker-compose exec idp3 cat /var/log/apache2/error.log
 
 clean:
 	docker-compose kill

README.md

@@ -24,7 +24,7 @@ username/password page may require the user prove his/her humanity.
 Update `/simplesamlphp/config/config.php`:
 
 ```
-'theme.color-scheme' => ['indigo-purple'|'blue_grey-teal'|'red-teal'|'orange-light_blue']
+'theme.color-scheme' => ['indigo-purple'|'blue_grey-teal'|'red-teal'|'orange-light_blue'|'brown-orange']
 ```
 
 The login page looks for `/simplesamlphp/www/logo.png` which is **NOT** provided by default.
@@ -56,86 +56,153 @@ If configured, an alert will be shown to the user filled with the content of tha
 
 ### Setup 
 
-1. Setup `localhost` (or `192.168.62.54`, if using Vagrant) aliases for `ssp-hub.local`, `ssp-hub2.local`, `ssp-hub-idp1.local`, and `ssp-hub-idp2.local`.  This is typically done in `/etc/hosts`.
-2. Start test environment, e.g., `make` from the command line.
+1. Setup `localhost` (or `192.168.62.54`, if using Vagrant) aliases for `ssp-hub.local`, `ssp-hub2.local`, `ssp-idp1.local`, `ssp-idp2.local`, `ssp-idp3.local` and `ssp-idp4.local`.  This is typically done in `/etc/hosts`.
+2. Start test environment, i.e., `make` from the command line.
 
 ### Hub page
 1. Goto [http://ssp-hub.local](http://ssp-hub.local)
-2. Login as hub administrator, e.g., username=admin & password=abc123
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
 3. Click **Authentication** tab
 4. Click **Test configured authentication sources**
 5. Click **hub-discovery**
 
 ### Error page
 1. Goto [http://ssp-hub.local](http://ssp-hub.local)
-2. Login as hub administrator, e.g., username=admin & password=abc123
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
 3. Click **Federation** tab
 4. Click either **Show metadata** link
 
 ### Logout page
 1. Goto [http://ssp-hub.local](http://ssp-hub.local)
-2. Login as hub administrator, e.g., username=admin & password=abc123
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
 3. Click **Authentication** tab
 4. Click **Test configured authentication sources**
 5. Click **admin**
 6. Click **Logout**
 
 ### Login page
 1. Goto [http://ssp-hub.local](http://ssp-hub.local)
-2. Login as hub administrator, e.g., username=admin & password=abc123
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
 3. Click **Authentication** tab
 4. Click **Test configured authentication sources**
 5. Click **hub-discovery**
-6. Click **Login with idp1** (NOTE: login page should NOT have material design)
-7. Login as idp1 administrator, e.g., username=admin & password=a
-8. Click **Logout**
-9. Goto [http://ssp-hub.local](http://ssp-hub.local)
-10. Click **Authentication** tab
-11. Click **Test configured authentication sources**
-12. Click **hub-discovery**
-13. Click **Login with idp2** (NOTE: login page should have material design)
-14. Login as an idp2 user, e.g., username=distant_future & password=a
-15. Click **Logout**
+6. Click **idp1**
+7. NOTE: login page should NOT have material design
+8. Login as idp1 administrator: `username=`**admin** `password=`**a**
+9. Click **Logout**
+10. Goto [http://ssp-hub.local](http://ssp-hub.local)
+11. Click **Authentication** tab
+12. Click **Test configured authentication sources**
+13. Click **hub-discovery**
+14. Click **idp2**
+15. NOTE: login page should have material design
+16. Login as an idp2 user: `username=`**distant_future** `password=`**a**
+17. Click **Logout**
 
 ### Forgot password functionality
 1. Goto [http://ssp-hub.local](http://ssp-hub.local)
-2. Login as hub administrator, e.g., username=admin & password=abc123
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
 3. Click **Authentication** tab
 4. Click **Test configured authentication sources**
 5. Click **hub-discovery**
-6. Click **Login with idp2**
+6. Click **idp2**
 7. Forgot password link should be visible
 
 ### Expiry functionality
 #### About to expire page
 1. Goto [http://ssp-hub.local](http://ssp-hub.local)
-2. Login as hub administrator, e.g., username=admin & password=abc123
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
 3. Click **Authentication** tab
 4. Click **Test configured authentication sources**
 5. Click **hub-discovery**
-6. Click **Login with idp2**
-7. Login as an an "about to expire" user, e.g., username=near_future & password=b
+6. Click **idp2**
+7. Login as an "about to expire" user: `username=`**near_future** `password=`**a**
 8. Click **Later**
 9. Click **Logout**
 
 #### Expired page
 1. Goto [http://ssp-hub.local](http://ssp-hub.local)
-2. Login as hub administrator, e.g., username=admin & password=abc123
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **hub-discovery**
+6. Click **idp2**
+7. Login as an "expired" user: `username=`**already_past** `password=`**a**
+
+### Multi-factor authentication (MFA) functionality
+#### Nag about missing MFA setup
+1. Goto [http://ssp-hub.local](http://ssp-hub.local)
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **hub-discovery**
+6. Click **idp4**
+7. Login as an "unprotected" user: `username=`**nag_for_mfa** `password=`**a**
+8. The "learn more" link should be visible if configured via env var `MFA_LEARN_MORE_URL`.
+
+#### Force MFA setup
+1. Goto [http://ssp-hub.local](http://ssp-hub.local)
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **hub-discovery**
+6. Click **idp4**
+7. Login as an "unsafe" user: `username=`**must_set_up_mfa** `password=`**a**
+8. The "learn more" link should be visible if configured via env var `MFA_LEARN_MORE_URL`.
+
+#### Backup code
+1. Goto [http://ssp-hub.local](http://ssp-hub.local)
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **hub-discovery**
+6. Click **idp4**
+7. Login as a "backup code" user: `username=`**has_backupcode** `password=`**a**
+8. Enter one fo the following codes to verify (`94923279, 82743523, 77802769, 01970541, 37771076, 39178450, 01813404, 00416843, 90068701, 35775442, 94923279, 82743523, 77802769, 01970541, 37771076, 39178450, 01813404, 00416843, 90068701, 35775442`)
+9. Click **Logout**
+
+#### TOTP code
+1. Goto [http://ssp-hub.local](http://ssp-hub.local)
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **hub-discovery**
+6. Click **idp4**
+7. Login as a "totp" user: `username=`**has_totp** `password=`**a**
+8. Set up an app using this secret, `GFDHSMZ6EVBFGRB4` **OR** `QR Code (paste in browser) data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAALQAAAC0CAYAAAA9zQYyAAAAAklEQVR4AewaftIAAAdTSURBVO3BQQ4bOxbAQFLw/a/MyVIrAY22M/nCq7I/GOMSizEushjjIosxLrIY4yKLMS6yGOMiizEushjjIosxLrIY4yKLMS6yGOMiizEushjjIosxLvLhJZW/qWKnclLxhspJxYnKrmKnsqvYqewqdipvVJyo/E0VbyzGuMhijIssxrjIhy+r+CaVJyp2KruKncquYlfxRsVO5UTlROWkYqeyq9ip7CpOKr5J5ZsWY1xkMcZFFmNc5MOPqTxR8UTFTmVX8YTKExVPVOxUdhVvqPxNKk9U/NJijIssxrjIYoyLfPiPUzlR2VXsKr5JZVexU3lCZVfxTRU3WYxxkcUYF1mMcZEP/3EVO5UnVJ6o2Km8UbFTOVF5Q+Wk4r9sMcZFFmNcZDHGRT78WMW/RGVXcaKyU9lVvKFyUnGisqvYqewqvqniX7IY4yKLMS6yGOMiH75M5W9S2VXsVHYVO5VdxUnFTmVXsVPZVexUdhU7lV3FN6nsKk5U/mWLMS6yGOMiizEu8uGlin9ZxS9V7FROVE5UdhUnFTuVE5UnKv5LFmNcZDHGRRZjXMT+4AWVXcVO5aRip/JExYnKruIJlScqTlROKn5JZVdxorKrOFHZVexUTireWIxxkcUYF1mMcZEPP1ZxorKr+KaKncquYqfySxUnKruKN1R2FScqT6icqJxUfNNijIssxrjIYoyL2B98kcquYqdyUrFTOanYqXxTxU5lV7FTOal4QmVX8YbKruJEZVdxorKr+JsWY1xkMcZFFmNc5MOXVexU3qjYqZxUPKGyq3ijYqeyU9lVPKHyRMWJyi+p7Cp+aTHGRRZjXGQxxkU+vKTyRMWJyhMq36RyUrFTOan4pYqdyk7lpOJE5URlV3GiclLxxmKMiyzGuMhijIt8+LKKncpOZVdxUnGisqvYqZxU7FTeqNipnFScVJyo7CpOVE5U/ssWY1xkMcZFFmNc5MNLFScVO5UnVE4qdiq7ijcqTip2Kk+o7Cp2KruKE5WTip3KruJE5QmVXcVO5ZsWY1xkMcZFFmNc5MOXqbxR8YTKEyonFTuVXcUbFTuVnco3VexUdhU7lV3FrmKnclJxUvFNizEushjjIosxLvLhJZUnKp5QeUNlV7FTOanYqfxSxYnKrmKnslPZVexUfkllV/FLizEushjjIosxLmJ/8EUqb1Q8ofJGxRsqu4oTlScqnlD5mypOVJ6oeGMxxkUWY1xkMcZFPnxZxYnKicpJxRMVO5Wdyv9TxYnKrmKnsqt4Q2VXcaKyq/h/WoxxkcUYF1mMcZEPL6n8UsUTFd9U8YTKruKbVHYVJyonFbuKncquYlexUzmp2Kl802KMiyzGuMhijIvYH3yRyq7iROWNip3KruIJlZOKncpJxRMqu4pvUtlV7FR2FScqJxU7lZOKNxZjXGQxxkUWY1zkw0squ4qdyhMV36Syq9ipPKFyUnGiclKxUzmpeKJip/JGxU7l/2kxxkUWY1xkMcZF7A++SGVXsVPZVexUnqg4UdlVnKjsKk5UTiqeUHmiYqdyUvFNKicVO5VdxTctxrjIYoyLLMa4yIeXVHYVO5VdxRMVJyq7im9SOak4UdlVvFHxRMU3qTyhcqKyq3hjMcZFFmNcZDHGRT58mcqu4kTlROWkYqeyqzhReaLim1SeUHlD5aTiiYoTlV3FLy3GuMhijIssxrjIh5cqdio7lV3FrmKnsqt4Q2VXcVKxUzlR2VW8UXGisqvYqTxRcaKyqzhROVE5qXhjMcZFFmNcZDHGRT78Yyp2KruKk4qdyknFTmVXsVN5Q+WNiidUnlDZVZyo7Cp2KicV37QY4yKLMS6yGOMiH15S2VXsVJ5Q2VWcqJxUfFPFTuWk4gmVXcVO5aRip/JExU7lCZUnVHYVbyzGuMhijIssxriI/cEPqfxSxRMqu4qdyhsVb6icVJyo/MsqfmkxxkUWY1xkMcZFPvxYxS+p7CqeUDmpeEJlV3Gisqs4UTmp2Kk8UfGEyr9kMcZFFmNcZDHGRT68pPI3VZyonFScqPw/qewqdhU7lZOKE5UTlV3FScUTKruKNxZjXGQxxkUWY1zkw5dVfJPKGxVvqJxU7CpOVHYVJyq7il3FicobFU+o7Cp2KruKb1qMcZHFGBdZjHGRDz+m8kTFExU7lZ3KScWu4ptUdhVvqDxRcaKyU/kvW4xxkcUYF1mMcZEP/3Equ4onVN6oeEPliYqdyq5ip7KreKNip3Kisqv4pcUYF1mMcZHFGBf5cDmVXcVJxRMqJxU7lZOKJypOKnYqb6icVOxUdiq7im9ajHGRxRgXWYxxkQ8/VvFLFTuVE5VdxU5lV/FNFTuVE5U3Kk4qTlROKnYqu4q/aTHGRRZjXGQxxkU+fJnK36TyRMUbKruKE5U3Kp5QeULlb1I5qXhjMcZFFmNcZDHGRewPxrjEYoyLLMa4yGKMiyzGuMhijIssxrjIYoyLLMa4yGKMiyzGuMhijIssxrjIYoyLLMa4yGKMi/wPXRyfsu/8YKUAAAAASUVORK5CYII=`
+9. Enter code from app to verify
+10. Click **Logout**
+
+#### Key (U2F)
+1. Goto [http://ssp-hub.local](http://ssp-hub.local)
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **hub-discovery**
+6. Click **idp4**
+7. Login as a "u2f" user: `username=`**has_u2f** `password=`**a**
+8. Insert key and press
+9. Click **Logout**
+
+#### Multiple options
+1. Goto [http://ssp-hub.local](http://ssp-hub.local)
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
 3. Click **Authentication** tab
 4. Click **Test configured authentication sources**
 5. Click **hub-discovery**
-6. Click **Login with idp2**
-7. Login as an an "expired" user, e.g., username=already_past & password=c
+6. Click **idp4**
+7. Login as a "multiple option" user: `username=`**has_all** `password=`**a**
+8. Click **MORE OPTIONS**
 
 ### Announcements functionality
 1. Goto [http://ssp-hub2.local:8081](http://ssp-hub2.local:8081)
 2. The announcement should be displayed
-3. Login as hub2 administrator, e.g., username=admin & password=abc123
+3. Login as hub2 administrator: `username=`**admin** `password=`**abc123**
 4. Click **Authentication** tab
 5. Click **Test configured authentication sources**
 6. Click **hub-discovery**
 7. The announcement should be displayed
-8. Click **Login with idp3**
+8. Click **idp3**
 9. The announcement should be displayed
 
 ## i18n support

development/hub/saml20-idp-remote.php

@@ -1,24 +1,35 @@
 <?php
-$metadata['http://ssp-hub-idp1.local:8085'] = [
+$metadata['http://ssp-idp1.local:8085'] = [
     'enabled' => true,
     'metadata-set' => 'saml20-idp-remote',
-    'entityid' => 'http://ssp-hub-idp1.local:8085',
+    'entityid' => 'http://ssp-idp1.local:8085',
     'name' => [
         'en' => 'IdP 1'
     ],
-    'SingleSignOnService'  => 'http://ssp-hub-idp1.local:8085/saml2/idp/SSOService.php',
-    'SingleLogoutService'  => 'http://ssp-hub-idp1.local:8085/saml2/idp/SingleLogoutService.php',
+    'SingleSignOnService'  => 'http://ssp-idp1.local:8085/saml2/idp/SSOService.php',
+    'SingleLogoutService'  => 'http://ssp-idp1.local:8085/saml2/idp/SingleLogoutService.php',
     'certData' => 'MIIDzzCCAregAwIBAgIJAPlZYTAQSIbHMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEPMA0GA1UEBwwGV2F4aGF3MQwwCgYDVQQKDANTSUwxDTALBgNVBAsMBEdUSVMxDjAMBgNVBAMMBVN0ZXZlMSQwIgYJKoZIhvcNAQkBFhVzdGV2ZV9iYWd3ZWxsQHNpbC5vcmcwHhcNMTYxMDE3MTIzMTQ1WhcNMjYxMDE3MTIzMTQ1WjB+MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMxDzANBgNVBAcMBldheGhhdzEMMAoGA1UECgwDU0lMMQ0wCwYDVQQLDARHVElTMQ4wDAYDVQQDDAVTdGV2ZTEkMCIGCSqGSIb3DQEJARYVc3RldmVfYmFnd2VsbEBzaWwub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArssOaeKbdOQFpN6bBolwSJ/6QFBXA73Sotg60anx9v6aYdUTmi+b7SVtvOmHDgsD5X8pN/6Z11QCZfTYg2nW3ZevGZsj8W/R6C8lRLHzWUr7e7DXKfj8GKZptHlUs68kn0ndNVt9r/+irJe9KBdZ+4kAihykomNdeZg06bvkklxVcvpkOfLTQzEqJAmISPPIeOXes6hXORdqLuRNTuIKarcZ9rstLnpgAs2TE4XDOrSuUg3XFnM05eDpFQpUb0RXWcD16mLCPWw+CPrGoCfoftD5ZGfll+W2wZ7d0kQ4TbCpNyxQH35q65RPVyVNPgSNSsFFkmdcqP9DsFqjJ8YC6wIDAQABo1AwTjAdBgNVHQ4EFgQUD6oyJKOPPhvLQpDCC3027QcuQwUwHwYDVR0jBBgwFoAUD6oyJKOPPhvLQpDCC3027QcuQwUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAA6tCLHJQGfXGdFerQ3J0wUu8YDSLb0WJqPtGdIuyeiywR5ooJf8G/jjYMPgZArepLQSSi6t8/cjEdkYWejGnjMG323drQ9M1sKMUhOJF4po9R3t7IyvGAL3fSqjXA8JXH5MuGuGtChWxaqhduA0dBJhFAtAXQ61IuIQF7vSFxhTwCvJnaWdWD49sG5OqjCfgIQdY/mw70e45rLnR/bpfoigL67sTJxy+Kx2ogbvMR6lITByOEQFMt7BYpMtXrwvKUM7k9NOo1jREmJacC8PTx//jRhCWwzUj1RsfIri24BuITrawwqMsYl8DZiiwMpjUf9m4NPaf4E7+QRpzo+MCcg==',
 ];
-$metadata['http://ssp-hub-idp2.local:8086'] = [
+$metadata['http://ssp-idp2.local:8086'] = [
     'enabled' => true,
     'metadata-set' => 'saml20-idp-remote',
-    'entityid' => 'http://ssp-hub-idp2.local:8086',
+    'entityid' => 'http://ssp-idp2.local:8086',
     'name' => [
         'en' => 'IdP 2'
     ],
-    'SingleSignOnService'  => 'http://ssp-hub-idp2.local:8086/saml2/idp/SSOService.php',
-    'SingleLogoutService'  => 'http://ssp-hub-idp2.local:8086/saml2/idp/SingleLogoutService.php',
+    'SingleSignOnService'  => 'http://ssp-idp2.local:8086/saml2/idp/SSOService.php',
+    'SingleLogoutService'  => 'http://ssp-idp2.local:8086/saml2/idp/SingleLogoutService.php',
+    'certData' => 'MIIDzzCCAregAwIBAgIJALBaUrvz1X5DMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEPMA0GA1UEBwwGV2F4aGF3MQwwCgYDVQQKDANTSUwxDTALBgNVBAsMBEdUSVMxDjAMBgNVBAMMBVN0ZXZlMSQwIgYJKoZIhvcNAQkBFhVzdGV2ZV9iYWd3ZWxsQHNpbC5vcmcwHhcNMTYxMDE4MTQwMDUxWhcNMjYxMDE4MTQwMDUxWjB+MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMxDzANBgNVBAcMBldheGhhdzEMMAoGA1UECgwDU0lMMQ0wCwYDVQQLDARHVElTMQ4wDAYDVQQDDAVTdGV2ZTEkMCIGCSqGSIb3DQEJARYVc3RldmVfYmFnd2VsbEBzaWwub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5mZNwjEnakJho+5etuFyx+2g9rs96iLX/LDC24aBAsdNxTNuIc1jJ7pxBxGrepEND4LkietLNBlOr1q50nq2+ddTrCfmoJB+9BqBOxcm9qWeqWbp8/arUjaxPzK3DfZrxJxIVFjzqFF7gI91y9yvEW/fqLRMhvnH1ns+N1ne59zr1y6h9mmHfBffGr1YXAfyEAuV1ich4AfTfjqhdwFwxhFLLCVnxA0bDbNw/0eGCSiA13N7a013xTurLeJu0AQaZYssMqvc/17UphH4gWDMEZAwy0EfRSBOsDOYCxeNxVajnWX1834VDpBDfpnZj996Gh8tzRQxQgT9/plHKhGiwIDAQABo1AwTjAdBgNVHQ4EFgQUApxlUQg26GrG3eH8lEG3SkqbH/swHwYDVR0jBBgwFoAUApxlUQg26GrG3eH8lEG3SkqbH/swDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEANhbm8WgIqBDlF7DIRVUbq04TEA9nOJG8wdjJYdoKrPX9f/E9slkFuD2StcK99RTcowa8Z2OmW7tksa+onyH611Lq21QXh4aHzQUAm2HbsmPQRZnkByeYoCJ/1tuEho+x+VGanaUICSBVWYiebAQVKHR6miFypRElibNBizm2nqp6Q9B87V8COzyDVngR1DlWDduxYaNOBgvht3Rk9Y2pVHqym42dIfN+pprcsB1PGBkY/BngIuS/aqTENbmoC737vcb06e8uzBsbCpHtqUBjPpL2psQZVJ2Y84JmHafC3B7nFQrjdZBbc9eMHfPo240Rh+pDLwxdxPqRAZdeLaUkCQ==',
+];
+$metadata['http://ssp-idp4.local:8088'] = [
+    'enabled' => true,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'http://ssp-idp4.local:8088',
+    'name' => [
+        'en' => 'IdP 4'
+    ],
+    'SingleSignOnService'  => 'http://ssp-idp4.local:8088/saml2/idp/SSOService.php',
+    'SingleLogoutService'  => 'http://ssp-idp4.local:8088/saml2/idp/SingleLogoutService.php',
     'certData' => 'MIIDzzCCAregAwIBAgIJALBaUrvz1X5DMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEPMA0GA1UEBwwGV2F4aGF3MQwwCgYDVQQKDANTSUwxDTALBgNVBAsMBEdUSVMxDjAMBgNVBAMMBVN0ZXZlMSQwIgYJKoZIhvcNAQkBFhVzdGV2ZV9iYWd3ZWxsQHNpbC5vcmcwHhcNMTYxMDE4MTQwMDUxWhcNMjYxMDE4MTQwMDUxWjB+MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMxDzANBgNVBAcMBldheGhhdzEMMAoGA1UECgwDU0lMMQ0wCwYDVQQLDARHVElTMQ4wDAYDVQQDDAVTdGV2ZTEkMCIGCSqGSIb3DQEJARYVc3RldmVfYmFnd2VsbEBzaWwub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5mZNwjEnakJho+5etuFyx+2g9rs96iLX/LDC24aBAsdNxTNuIc1jJ7pxBxGrepEND4LkietLNBlOr1q50nq2+ddTrCfmoJB+9BqBOxcm9qWeqWbp8/arUjaxPzK3DfZrxJxIVFjzqFF7gI91y9yvEW/fqLRMhvnH1ns+N1ne59zr1y6h9mmHfBffGr1YXAfyEAuV1ich4AfTfjqhdwFwxhFLLCVnxA0bDbNw/0eGCSiA13N7a013xTurLeJu0AQaZYssMqvc/17UphH4gWDMEZAwy0EfRSBOsDOYCxeNxVajnWX1834VDpBDfpnZj996Gh8tzRQxQgT9/plHKhGiwIDAQABo1AwTjAdBgNVHQ4EFgQUApxlUQg26GrG3eH8lEG3SkqbH/swHwYDVR0jBBgwFoAUApxlUQg26GrG3eH8lEG3SkqbH/swDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEANhbm8WgIqBDlF7DIRVUbq04TEA9nOJG8wdjJYdoKrPX9f/E9slkFuD2StcK99RTcowa8Z2OmW7tksa+onyH611Lq21QXh4aHzQUAm2HbsmPQRZnkByeYoCJ/1tuEho+x+VGanaUICSBVWYiebAQVKHR6miFypRElibNBizm2nqp6Q9B87V8COzyDVngR1DlWDduxYaNOBgvht3Rk9Y2pVHqym42dIfN+pprcsB1PGBkY/BngIuS/aqTENbmoC737vcb06e8uzBsbCpHtqUBjPpL2psQZVJ2Y84JmHafC3B7nFQrjdZBbc9eMHfPo240Rh+pDLwxdxPqRAZdeLaUkCQ==',
 ];
 $metadata['jaars-idp'] = [

development/hub2/saml20-idp-remote.php

@@ -1,13 +1,13 @@
 <?php
-$metadata['http://ssp-hub-idp3.local:8087'] = [
+$metadata['http://ssp-idp3.local:8087'] = [
     'enabled' => true,
     'metadata-set' => 'saml20-idp-remote',
-    'entityid' => 'http://ssp-hub-idp3.local:8087',
+    'entityid' => 'http://ssp-idp3.local:8087',
     'name' => [
         'en' => 'IdP 3'
     ],
-    'SingleSignOnService'  => 'http://ssp-hub-idp3.local:8087/saml2/idp/SSOService.php',
-    'SingleLogoutService'  => 'http://ssp-hub-idp3.local:8087/saml2/idp/SingleLogoutService.php',
+    'SingleSignOnService'  => 'http://ssp-idp3.local:8087/saml2/idp/SSOService.php',
+    'SingleLogoutService'  => 'http://ssp-idp3.local:8087/saml2/idp/SingleLogoutService.php',
     'certData' => 'MIIDzzCCAregAwIBAgIJAPlZYTAQSIbHMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEPMA0GA1UEBwwGV2F4aGF3MQwwCgYDVQQKDANTSUwxDTALBgNVBAsMBEdUSVMxDjAMBgNVBAMMBVN0ZXZlMSQwIgYJKoZIhvcNAQkBFhVzdGV2ZV9iYWd3ZWxsQHNpbC5vcmcwHhcNMTYxMDE3MTIzMTQ1WhcNMjYxMDE3MTIzMTQ1WjB+MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMxDzANBgNVBAcMBldheGhhdzEMMAoGA1UECgwDU0lMMQ0wCwYDVQQLDARHVElTMQ4wDAYDVQQDDAVTdGV2ZTEkMCIGCSqGSIb3DQEJARYVc3RldmVfYmFnd2VsbEBzaWwub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArssOaeKbdOQFpN6bBolwSJ/6QFBXA73Sotg60anx9v6aYdUTmi+b7SVtvOmHDgsD5X8pN/6Z11QCZfTYg2nW3ZevGZsj8W/R6C8lRLHzWUr7e7DXKfj8GKZptHlUs68kn0ndNVt9r/+irJe9KBdZ+4kAihykomNdeZg06bvkklxVcvpkOfLTQzEqJAmISPPIeOXes6hXORdqLuRNTuIKarcZ9rstLnpgAs2TE4XDOrSuUg3XFnM05eDpFQpUb0RXWcD16mLCPWw+CPrGoCfoftD5ZGfll+W2wZ7d0kQ4TbCpNyxQH35q65RPVyVNPgSNSsFFkmdcqP9DsFqjJ8YC6wIDAQABo1AwTjAdBgNVHQ4EFgQUD6oyJKOPPhvLQpDCC3027QcuQwUwHwYDVR0jBBgwFoAUD6oyJKOPPhvLQpDCC3027QcuQwUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAA6tCLHJQGfXGdFerQ3J0wUu8YDSLb0WJqPtGdIuyeiywR5ooJf8G/jjYMPgZArepLQSSi6t8/cjEdkYWejGnjMG323drQ9M1sKMUhOJF4po9R3t7IyvGAL3fSqjXA8JXH5MuGuGtChWxaqhduA0dBJhFAtAXQ61IuIQF7vSFxhTwCvJnaWdWD49sG5OqjCfgIQdY/mw70e45rLnR/bpfoigL67sTJxy+Kx2ogbvMR6lITByOEQFMt7BYpMtXrwvKUM7k9NOo1jREmJacC8PTx//jRhCWwzUj1RsfIri24BuITrawwqMsYl8DZiiwMpjUf9m4NPaf4E7+QRpzo+MCcg==',
 ];
 $metadata['jaars-idp'] = [

development/idp1/cert/ssp-hub-idp1.pem development/idp1/cert/ssp-idp1.pemdevelopment/idp1/cert/ssp-hub-idp1.pem renamed to development/idp1/cert/ssp-idp1.pem

@@ -1,6 +1,6 @@
 <?php
-$metadata['http://ssp-hub-idp1.local:8085'] = [
+$metadata['http://ssp-idp1.local:8085'] = [
 	'host' => '__DEFAULT__',
-	'privatekey' => 'ssp-hub-idp1.pem',
+	'privatekey' => 'ssp-idp1.pem',
 	'auth' => 'admin',
 ];