From nobody Thu Sep 05 17:05:55 2024
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X05NN0GYnz5WQFC;
	Thu, 05 Sep 2024 17:05:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4X05NM6wSqz44kq;
	Thu,  5 Sep 2024 17:05:55 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1725555955;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2MO3L7LfS221uwYF2Xers8R8XfT9hILK5lMZk1i2C8g=;
	b=USqt859uS7oImYiOehtuQyVFSpnUt44TivO57m8Uq85X/wSxeSIgynfMVcjBJfI5FGHQAS
	HbAAMsPRQwnNteXfgKR+F4RO3bNaBN9liBByWIEnLzq7tu8VTclm21yteZIFzoOhSTbP8D
	ICxB/aUb7KJ6FZuGUYD3740FZqVcgyCC1SWq+jeNKpzcePrwGr6HRNY/uA7YQ8HmM3ee4u
	jsDCaVK8tq230cBdT4/0CGAPlbY/Qq+u6sAUM/al9GubKiwbJlR48R8G9Uoz0teuI9a/x9
	COov5z4AhbZWQk6Zm6tit9brcl/qpNWuJ+KMBUIvPSb/v+bIC4YBqTepj/aFOQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725555955; a=rsa-sha256; cv=none;
	b=aOrnqGbXU/LseI1ymO8m1j4DpL3/tcjPWwapfpyBNUXHhRQRTsPuNEAWmx4cQoR0yRilsX
	NiGKjBj7by21GbJWtJu8kYhdjZbDTOJwYLAYTmoOHvkJ90u4JLmEugNL+9h+xWVxr+nKdZ
	rRH4CgTbCV3hTIit9uSY5qVQP27PIs+CrCEtnFc4KKb5Y+wCSiMYgRr6A7Z+4hCqLhIq4m
	mhvDN83z2VI0vtZ3Ki1JN4dLqjufN5nBn3TMw4+z3kf+JCUzbfiok9AebbY53I2RkozH11
	KGe95ZwFSus3r2t3cpb5zM8ztITocyhu6kNMwjp38IlagfViHPLQko69GK/mcg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1725555955;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2MO3L7LfS221uwYF2Xers8R8XfT9hILK5lMZk1i2C8g=;
	b=sWML9/kP1GcvpREPkk+8hkzg00Na6zCEsr8GY1ObQQN3IfroINA+5cQufi27MkJUt/MjeS
	Qvrz5A469iny7ayUPIzgPq3eW/aQhGpUkTmG1qgOA8dOGoN32wed0H4ilPpQrtzX7Mi26T
	zKjAilGcBK0wwBxX46ZyU+TI7CCrHe7g/7O8nNRl43KRuEQ+Yc+UOBEpcjlPDm1LzpASdA
	EQDU7rZsUtvNH789nAEACyNlH0XZs44khKWhjUjHOJ03q3OQ8eBCPcMgj4Pf7FJJs8jiPf
	1gAHq6esFghYQsCeGDbw5O5gWF9G3LX7roQv33acB5oxtjIKOTNCCPiFg3q/lw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4X05NM5Z9XzH3S;
	Thu,  5 Sep 2024 17:05:55 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 485H5tK0006015;
	Thu, 5 Sep 2024 17:05:55 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 485H5tXU006012;
	Thu, 5 Sep 2024 17:05:55 GMT
	(envelope-from git)
Date: Thu, 5 Sep 2024 17:05:55 GMT
Message-Id: <202409051705.485H5tXU006012@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Ryan Steinmetz <zi@FreeBSD.org>
Subject: git: 88eaf4bfcefd - main - security/shibboleth-idp: Update
  to 5.1.3
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-main@freebsd.org
Sender: owner-dev-commits-ports-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: zi
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 88eaf4bfcefdd543ea4d2466935f8e97cfedfd33
Auto-Submitted: auto-generated

The branch main has been updated by zi:

URL: https://cgit.FreeBSD.org/ports/commit/?id=88eaf4bfcefdd543ea4d2466935f8e97cfedfd33

commit 88eaf4bfcefdd543ea4d2466935f8e97cfedfd33
Author:     Ryan Steinmetz <zi@FreeBSD.org>
AuthorDate: 2024-09-05 17:05:16 +0000
Commit:     Ryan Steinmetz <zi@FreeBSD.org>
CommitDate: 2024-09-05 17:05:42 +0000

    security/shibboleth-idp: Update to 5.1.3
---
 security/shibboleth-idp/Makefile                   |  12 +-
 security/shibboleth-idp/distinfo                   |  14 +-
 .../files/jetty-base/modules/idp-logging.mod       |   9 -
 .../files/jetty-base/modules/idp.mod               |  14 +-
 .../files/jetty-base/resources/logback-access.xml  |  13 -
 .../files/jetty-base/resources/logback.xml         |  16 +
 .../files/jetty-base/start.d/http.ini              |   4 -
 .../files/jetty-base/start.d/idp.ini               |   6 +-
 .../files/jetty-base/webapps/idp.xml               |   6 +-
 .../files/jetty-base/webapps/static.xml            |   8 +-
 security/shibboleth-idp/files/shibboleth-idp.in    |   9 +-
 security/shibboleth-idp/files/shibboleth-idp.sh    | 348 +++++++++++++++------
 security/shibboleth-idp/files/shibboleth.in        |   1 +
 security/shibboleth-idp/pkg-plist                  | 293 +++++++----------
 14 files changed, 416 insertions(+), 337 deletions(-)

diff --git a/security/shibboleth-idp/Makefile b/security/shibboleth-idp/Makefile
index 12bcdcb8c0c2..3a90e04f22e5 100644
--- a/security/shibboleth-idp/Makefile
+++ b/security/shibboleth-idp/Makefile
@@ -1,9 +1,8 @@
 PORTNAME=	shibboleth
-PORTVERSION=	4.3.3
-PORTREVISION=	1
+PORTVERSION=	5.1.3
 CATEGORIES=	security www
 MASTER_SITES=	http://shibboleth.net/downloads/identity-provider/${PORTVERSION}/ \
-		http://shibboleth.net/downloads/identity-provider/latest4/${PORTVERSION}/ \
+		http://shibboleth.net/downloads/identity-provider/latest5/${PORTVERSION}/ \
 		http://shibboleth.net/downloads/identity-provider/archive/${PORTVERSION}/ \
 		https://repo1.maven.org/maven2/ch/qos/logback/logback-core/${LOGBACKVER}/:logback_core \
 		https://repo1.maven.org/maven2/ch/qos/logback/logback-classic/${LOGBACKVER}/:logback_classic
@@ -19,9 +18,9 @@ WWW=		http://shibboleth.internet2.edu/
 
 LICENSE=	APACHE20
 
-BUILD_DEPENDS=	jetty10>=0:www/jetty10
+BUILD_DEPENDS=	jetty12>=0:www/jetty12
 RUN_DEPENDS=	bash:shells/bash \
-		jetty10>=0:www/jetty10
+		jetty12>=0:www/jetty12
 
 USE_RC_SUBR=	shibboleth-idp
 CPE_VENDOR=	shibboleth
@@ -30,7 +29,7 @@ WRKSRC=		${WRKDIR}/shibboleth-identity-provider-${PORTVERSION}
 NO_ARCH=	yes
 NO_BUILD=	yes
 
-LOGBACKVER=	1.4.0
+LOGBACKVER=	1.5.6
 SHIBUSER=	shibd
 SHIBGROUP=	shibd
 LOGDIR=		/var/log/${PORTNAME}
@@ -50,6 +49,7 @@ do-install:
 	@${MKDIR} ${STAGEDIR}${DATADIR} ${STAGEDIR}${ETCDIR}
 	@${MKDIR} ${STAGEDIR}${LOGDIR} ${STAGEDIR}${RUNDIR}
 	@${MKDIR} ${STAGEDIR}${WWWDIR}/lib/logging
+	@${MKDIR} ${STAGEDIR}${WWWDIR}/jsp
 	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
 .for dir in conf credentials etc modules resources start.d webapps/ROOT
 	@${MKDIR} ${STAGEDIR}${WWWDIR}/${dir}
diff --git a/security/shibboleth-idp/distinfo b/security/shibboleth-idp/distinfo
index 534ea430b4a2..6ba4a2165721 100644
--- a/security/shibboleth-idp/distinfo
+++ b/security/shibboleth-idp/distinfo
@@ -1,7 +1,7 @@
-TIMESTAMP = 1713232393
-SHA256 (shibboleth-identity-provider-4.3.3.tar.gz) = 815abe9c707c8741278eda8b9120be7d99f09238d2974ccc3a93b37d549cc149
-SIZE (shibboleth-identity-provider-4.3.3.tar.gz) = 60927078
-SHA256 (logback-classic-1.4.0.jar) = 9ce4cfee4834195753b5be5016ded641e8456d9e82995821838dc662e866e212
-SIZE (logback-classic-1.4.0.jar) = 262118
-SHA256 (logback-core-1.4.0.jar) = 14e09a7896bee6ef2e005b48fc5560fe2299a57a826bc4c1f1c6d43002f0512c
-SIZE (logback-core-1.4.0.jar) = 559203
+TIMESTAMP = 1725384814
+SHA256 (shibboleth-identity-provider-5.1.3.tar.gz) = cc72f0b15fda49b43bdd38cef3bdc62cbe01684b59c3d024b5de1ffdba42206e
+SIZE (shibboleth-identity-provider-5.1.3.tar.gz) = 44250595
+SHA256 (logback-classic-1.5.6.jar) = 6115c6cac5ed1d9db810d14f2f7f4dd6a9f21f0acbba8016e4daaca2ba0f5eb8
+SIZE (logback-classic-1.5.6.jar) = 293697
+SHA256 (logback-core-1.5.6.jar) = 898c7d120199f37e1acc8118d97ab15a4d02b0e72e27ba9f05843cb374e160c6
+SIZE (logback-core-1.5.6.jar) = 609942
diff --git a/security/shibboleth-idp/files/jetty-base/modules/idp-logging.mod b/security/shibboleth-idp/files/jetty-base/modules/idp-logging.mod
deleted file mode 100644
index dccc34ae12b7..000000000000
--- a/security/shibboleth-idp/files/jetty-base/modules/idp-logging.mod
+++ /dev/null
@@ -1,9 +0,0 @@
-[description]
-Shibboleth IdP Logging
-
-[depend]
-console-capture
-logback-access
-
-[files]
-/var/log/shibboleth/
diff --git a/security/shibboleth-idp/files/jetty-base/modules/idp.mod b/security/shibboleth-idp/files/jetty-base/modules/idp.mod
index 57a601105222..51fb66e4945d 100644
--- a/security/shibboleth-idp/files/jetty-base/modules/idp.mod
+++ b/security/shibboleth-idp/files/jetty-base/modules/idp.mod
@@ -2,16 +2,18 @@
 Shibboleth IdP
 
 [depend]
-annotations
-deploy
+ee9-annotations
+ee9-deploy
 ext
+ee9-webapp
+http
 #https
-jsp
-jstl
-plus
+ee9-jsp
+ee9-jstl
+ee9-plus
 resources
 server
-servlets
+ee9-servlets
 #ssl
 
 [files]
diff --git a/security/shibboleth-idp/files/jetty-base/resources/logback-access.xml b/security/shibboleth-idp/files/jetty-base/resources/logback-access.xml
deleted file mode 100644
index cec9236337fa..000000000000
--- a/security/shibboleth-idp/files/jetty-base/resources/logback-access.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<configuration>
-  <statusListener class="ch.qos.logback.core.status.OnConsoleStatusListener" />
-  <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
-      <file>/var/log/shibboleth/access.log</file>
-    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-	<fileNamePattern>/var/log/shibboleth/access-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
-    </rollingPolicy>
-    <encoder>
-      <pattern>combined</pattern>
-    </encoder>
-  </appender>
-  <appender-ref ref="FILE" />
-</configuration>
diff --git a/security/shibboleth-idp/files/jetty-base/resources/logback.xml b/security/shibboleth-idp/files/jetty-base/resources/logback.xml
index 9a530677c4a9..5d973afeecf3 100644
--- a/security/shibboleth-idp/files/jetty-base/resources/logback.xml
+++ b/security/shibboleth-idp/files/jetty-base/resources/logback.xml
@@ -10,9 +10,25 @@
       <Pattern>%date{ISO8601} - %level [%logger:%line] - %msg%n</Pattern>
     </encoder>
   </appender>
+
+  <appender name="jetty-access" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>/var/log/shibboleth/access.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>/var/log/shibboleth/access-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
+    </rollingPolicy>
+    <encoder>
+      <pattern>%msg%n</pattern>
+    </encoder>
+  </appender>
+
   <root level="INFO">
     <appender-ref ref="jetty" />
   </root>
+
+  <logger name="org.eclipse.jetty.server.RequestLog" level="INFO" additivity="false">
+    <appender-ref ref="jetty-access" />
+  </logger>
+
   <logger name="org.springframework" level="OFF" />
   <logger name="ch.qos.logback" level="WARN" />
 </configuration>
diff --git a/security/shibboleth-idp/files/jetty-base/start.d/http.ini b/security/shibboleth-idp/files/jetty-base/start.d/http.ini
index fd91753eb783..3369d64a4a18 100644
--- a/security/shibboleth-idp/files/jetty-base/start.d/http.ini
+++ b/security/shibboleth-idp/files/jetty-base/start.d/http.ini
@@ -6,9 +6,5 @@
 --module=http
 --module=http-forwarded
 
-# Allows use of default IdP command line tools.
-jetty.http.host=127.0.0.1
-jetty.http.port=8080
-
 # Hide server version
 jetty.httpConfig.sendServerVersion=false
diff --git a/security/shibboleth-idp/files/jetty-base/start.d/idp.ini b/security/shibboleth-idp/files/jetty-base/start.d/idp.ini
index e87aa186019d..33b3a39fb8df 100644
--- a/security/shibboleth-idp/files/jetty-base/start.d/idp.ini
+++ b/security/shibboleth-idp/files/jetty-base/start.d/idp.ini
@@ -31,5 +31,9 @@ jetty.ssl.host=127.0.0.1
 ## Connector port to listen on
 jetty.ssl.port=443
 
-# logging
+## Route request logging through standard logging API
 etc/jetty-requestlog.xml
+
+# Allows use of default IdP command line tools.
+jetty.http.host=127.0.0.1
+jetty.http.port=8080
diff --git a/security/shibboleth-idp/files/jetty-base/webapps/idp.xml b/security/shibboleth-idp/files/jetty-base/webapps/idp.xml
index f5ba928e0b73..08676d1e3c26 100644
--- a/security/shibboleth-idp/files/jetty-base/webapps/idp.xml
+++ b/security/shibboleth-idp/files/jetty-base/webapps/idp.xml
@@ -1,10 +1,10 @@
 <?xml version="1.0"?>
-<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://www.eclipse.org/jetty/configure_10_0.dtd">
 <!-- =============================================================== -->
 <!-- Configure the Shibboleth IdP webapp                             -->
 <!-- =============================================================== -->
-<Configure class="org.eclipse.jetty.webapp.WebAppContext">
-  <Set name="war"><SystemProperty name="idp.war.path" default="war/idp.war" /></Set>
+<Configure class="org.eclipse.jetty.ee9.webapp.WebAppContext">
+  <Set name="war"><SystemProperty name="idp.home" default="/usr/local/www/shibboleth" />/war/idp.war</Set>
   <Set name="contextPath"><SystemProperty name="idp.context.path" default="/idp" /></Set>
   <Set name="extractWAR">false</Set>
   <Set name="copyWebDir">false</Set>
diff --git a/security/shibboleth-idp/files/jetty-base/webapps/static.xml b/security/shibboleth-idp/files/jetty-base/webapps/static.xml
index 3c53036abb35..f4f90fcb1ee3 100644
--- a/security/shibboleth-idp/files/jetty-base/webapps/static.xml
+++ b/security/shibboleth-idp/files/jetty-base/webapps/static.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0"?>
-<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://www.eclipse.org/jetty/configure_10_0.dtd">
 <!-- =============================================================== -->
 <!-- Configure static content delivery                               -->
 <!-- =============================================================== -->
@@ -7,10 +7,10 @@
   <Set name="contextPath">/</Set>
   <Set name="handler">
     <New class="org.eclipse.jetty.server.handler.ResourceHandler">
-      <Set name="resourceBase">
-        <Property name="jetty.base"/>/<Property name="jetty.static.data.path" default="../static"/>
+      <Set name="baseResourceAsString">
+        <SystemProperty name="jetty.base"/>/<Property name="jetty.static.data.path" default="static"/>
       </Set>
-      <Set name="directoriesListed">false</Set>
+      <Set name="dirAllowed">false</Set>
     </New>
   </Set>
 </Configure>
diff --git a/security/shibboleth-idp/files/shibboleth-idp.in b/security/shibboleth-idp/files/shibboleth-idp.in
index c8904167e00c..e0b425e5eeb4 100644
--- a/security/shibboleth-idp/files/shibboleth-idp.in
+++ b/security/shibboleth-idp/files/shibboleth-idp.in
@@ -80,8 +80,13 @@ shibboleth_idp_initupgrade() {
     /bin/rm -f %%WWWDIR%%/idp.ini.bak
 
     PATH="${PATH}:%%LOCALBASE%%/bin"
-    %%DATADIR%%/bin/install.sh -Didp.keysize=${shibboleth_idp_keysize} -Didp.target.dir=%%WWWDIR%% -Didp.src.dir=%%DATADIR%% -Didp.conf.credentials.group=%%SHIBUSER%% -Didp.conf.credentials.filemode=640 -Didp.keystore.password=${KEYSTORE} -Didp.sealer.password=${COOKIE} -Didp.host.name=${shibboleth_idp_hostname} -Didp.scope=${shibboleth_idp_scope} -Didp.entityID=${shibboleth_idp_entityid} -Didp.noprompt
-    /usr/bin/sed -i'.bak' -e "s|:8443||g" %%WWWDIR%%/metadata/idp-metadata.xml
+    printf "idp.target.dir=%%WWWDIR%%\nidp.keysize=${shibboleth_idp_keysize}\nidp.src.dir=%%DATADIR%%\nidp.conf.credentials.group=%%SHIBUSER%%\nidp.conf.credentials.filemode=640\nidp.scope=${shibboleth_idp_scope}\nidp.host.name=${shibboleth_idp_hostname}\nidp.entityID=${shibboleth_idp_entityid}\n\n# EOF\n" > %%WWWDIR%%/install.properties
+    if [ ! -f %%WWWDIR%%/credentials/secrets.properties ]; then
+        install -o root -g ${shibboleth_idp_group} -m 440 /dev/null %%WWWDIR%%/credentials/secrets.properties
+        printf "idp.keystore.password=${KEYSTORE}\nidp.sealer.password=${COOKIE}\n">%%WWWDIR%%/credentials/secrets.properties
+    fi
+    %%DATADIR%%/bin/install.sh --propertyFile %%WWWDIR%%/install.properties --propertyFiles %%WWWDIR%%/credentials/secrets.properties
+    /usr/bin/sed -i'.bak' -e "s|idp.scope = example.org|idp.scope=${shibboleth_idp_scope}|g" %%WWWDIR%%/conf/idp.properties
 }
 
 run_rc_command "$1"
diff --git a/security/shibboleth-idp/files/shibboleth-idp.sh b/security/shibboleth-idp/files/shibboleth-idp.sh
index 13a08d5c8f18..71341ffa127f 100755
--- a/security/shibboleth-idp/files/shibboleth-idp.sh
+++ b/security/shibboleth-idp/files/shibboleth-idp.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/usr/local/bin/bash
 
 # LSB Tags
 ### BEGIN INIT INFO
@@ -118,35 +118,143 @@ findDirectory()
   done
 }
 
+# test if process specified in PID file is still running
 running()
 {
-  if [ -f "$1" ]
-  then
-    local PID=$(cat "$1" 2>/dev/null) || return 1
-    kill -0 "$PID" 2>/dev/null
-    return
+  local PIDFILE=$1
+  if [ -r "$PIDFILE" ] ; then
+    local PID=$(tail -1 "$PIDFILE")
+    if kill -0 "$PID" 2>/dev/null ; then
+      return 0
+    fi
   fi
-  rm -f "$1"
   return 1
 }
 
+# Test state file (after timeout) for started state
 started()
 {
-  # wait for 60s to see "STARTED" in PID file, needs jetty-started.xml as argument
-  for ((T = 0; T < $(($3 / 4)); T++))
+  local STATEFILE=$1
+  local PIDFILE=$2
+  local STARTTIMEOUT=$3
+
+  if (( DEBUG )) ; then
+    echo "Looking for $STATEFILE"
+    echo -n "State Parent Directory: "
+    ls -lad $(dirname $STATEFILE)
+  fi
+
+  # wait till timeout to see "STARTED" in state file, needs --module=state as argument
+  for ((T = 0; T < $STARTTIMEOUT; T++))
   do
-    sleep 4
-    [ -z "$(tail -1 $1 | grep STARTED 2>/dev/null)" ] || return 0
-    [ -z "$(tail -1 $1 | grep STOPPED 2>/dev/null)" ] || return 1
-    [ -z "$(tail -1 $1 | grep FAILED 2>/dev/null)" ] || return 1
-    local PID=$(cat "$2" 2>/dev/null) || return 1
-    kill -0 "$PID" 2>/dev/null || return 1
-    echo -n ". "
+    echo -n "."
+    sleep 1
+    if [ -r $STATEFILE ] ; then
+      STATENOW=$(tail -1 $STATEFILE)
+      (( DEBUG )) && echo "State (now): $STATENOW"
+      case "$STATENOW" in
+        STARTED*)
+          echo " started"
+          return 0;;
+        STOPPED*)
+          echo " stopped"
+          return 1;;
+        FAILED*)
+          echo " failed"
+          return 1;;
+      esac
+    else
+      (( DEBUG )) && echo "Unable to read State File: $STATEFILE"
+    fi
   done
-
+  (( DEBUG )) && echo "Timeout $STARTTIMEOUT expired waiting for start state from $STATEFILE"
+  echo " timeout"
+  if running "$PIDFILE" ; then
+    echo "INFO: Server process is running"
+  else
+    echo "** ERROR: Server process is NOT running"
+  fi
   return 1;
 }
 
+pidKill()
+{
+  local PIDFILE=$1
+  local TIMEOUT=$2
+
+  if [ -r $PIDFILE ] ; then
+    local PID=$(tail -1 "$PIDFILE")
+    if [ -z "$PID" ] ; then
+      echo "** ERROR: no pid found in $PIDFILE"
+      return 1
+    fi
+
+    # Try default kill first
+    if kill -0 "$PID" 2>/dev/null ; then
+      (( DEBUG )) && echo "PID=$PID is running, sending kill"
+      kill "$PID" 2>/dev/null
+    else
+      rm -f $PIDFILE 2> /dev/null
+      return 0
+    fi
+
+    # Perform harsh kill next
+    while kill -0 "$PID" 2>/dev/null
+    do
+      if (( TIMEOUT-- == 0 )) ; then
+        (( DEBUG )) && echo "PID=$PID is running, sending kill signal=KILL (TIMEOUT=$TIMEOUT)"
+        kill -KILL "$PID" 2>/dev/null
+      fi
+      echo -n "."
+      sleep 1
+    done
+    echo "Killed $PID"
+    return 0
+  else
+    (( DEBUG )) && echo "Unable to read PID File: $PIDFILE"
+    return 1
+  fi
+}
+
+testFileSystemPermissions()
+{
+  # Don't test file system permissions if user is root
+  if [ $UID -eq 0 ] ; then
+    (( DEBUG )) && echo "Not testing file system permissions: uid is 0"
+    return 0
+  fi
+
+  # Don't test if JETTY_USER is specified
+  # as the Jetty process will switch to a different user id on startup
+  if [ -n "$JETTY_USER" ] ; then
+    (( DEBUG )) && echo "Not testing file system permissions: JETTY_USER=$JETTY_USER"
+    return 0
+  fi
+
+  # Don't test if setuid is specified
+  # as the Jetty process will switch to a different user id on startup
+  if expr -- "${JETTY_ARGS[*]}" : '.*setuid.*' >/dev/null
+  then
+    (( DEBUG )) && echo "Not testing file system permissions: setuid in use"
+    return 0
+  fi
+
+  # Test if PID can be written from this userid
+  if ! touch "$JETTY_PID"
+  then
+    echo "** ERROR: Unable to touch file: $JETTY_PID"
+    echo "          Correct issues preventing use of \$JETTY_PID and try again."
+    exit 1
+  fi
+
+  # Test if STATE can be written from this userid
+  if ! touch "$JETTY_STATE"
+  then
+    echo "** ERROR: Unable to touch file: $JETTY_STATE"
+    echo "          Correct issues preventing use of \$JETTY_STATE and try again."
+    exit 1
+  fi
+}
 
 readConfig()
 {
@@ -156,31 +264,36 @@ readConfig()
 
 dumpEnv()
 {
-    echo "JAVA                  =  $JAVA"
-    echo "JAVA_OPTIONS          =  ${JAVA_OPTIONS[*]}"
-    echo "JETTY_HOME            =  $JETTY_HOME"
-    echo "JETTY_BASE            =  $JETTY_BASE"
-    echo "START_D               =  $START_D"
-    echo "START_INI             =  $START_INI"
-    echo "JETTY_START           =  $JETTY_START"
-    echo "JETTY_CONF            =  $JETTY_CONF"
-    echo "JETTY_ARGS            =  ${JETTY_ARGS[*]}"
-    echo "JETTY_RUN             =  $JETTY_RUN"
-    echo "JETTY_PID             =  $JETTY_PID"
-    echo "JETTY_START_LOG       =  $JETTY_START_LOG"
-    echo "JETTY_STATE           =  $JETTY_STATE"
-    echo "JETTY_START_TIMEOUT   =  $JETTY_START_TIMEOUT"
-    echo "RUN_CMD               =  ${RUN_CMD[*]}"
+  echo "JAVA                  =  $JAVA"
+  echo "JAVA_OPTIONS          =  ${JAVA_OPTIONS[*]}"
+  echo "JETTY_HOME            =  $JETTY_HOME"
+  echo "JETTY_BASE            =  $JETTY_BASE"
+  echo "START_D               =  $START_D"
+  echo "START_INI             =  $START_INI"
+  echo "JETTY_START           =  $JETTY_START"
+  echo "JETTY_CONF            =  $JETTY_CONF"
+  echo "JETTY_ARGS            =  ${JETTY_ARGS[*]}"
+  echo "JETTY_RUN             =  $JETTY_RUN"
+  echo "JETTY_PID             =  $JETTY_PID"
+  echo "JETTY_START_LOG       =  $JETTY_START_LOG"
+  echo "JETTY_STATE           =  $JETTY_STATE"
+  echo "JETTY_START_TIMEOUT   =  $JETTY_START_TIMEOUT"
+  echo "JETTY_SYS_PROPS       =  $JETTY_SYS_PROPS"
+  echo "RUN_ARGS              =  ${RUN_ARGS[*]}"
+  echo "ID                    =  $(id)"
+  echo "JETTY_USER            =  $JETTY_USER"
+  echo "USE_START_STOP_DAEMON =  $USE_START_STOP_DAEMON"
+  echo "START_STOP_DAEMON     =  $START_STOP_DAEMON_AVAILABLE"
 }
 
 
-
 ##################################################
 # Get the action & configs
 ##################################################
 CONFIGS=()
 NO_START=0
 DEBUG=0
+USE_START_STOP_DAEMON=1
 
 while [[ $1 = -* ]]; do
   case $1 in
@@ -300,7 +413,15 @@ fi
 if [ -z "$JETTY_RUN" ]
 then
   JETTY_RUN=$(findDirectory -w /var/run /usr/var/run $JETTY_BASE /tmp)/jetty
-  [ -d "$JETTY_RUN" ] || mkdir $JETTY_RUN
+fi
+
+if [ ! -d "$JETTY_RUN" ] ; then
+  if ! mkdir $JETTY_RUN
+  then
+    echo "** ERROR: Unable to create directory: $JETTY_RUN"
+    echo "          Correct issues preventing the creation of \$JETTY_RUN and try again."
+    exit 1
+  fi
 fi
 
 #####################################################
@@ -328,14 +449,14 @@ case "`uname`" in
 CYGWIN*) JETTY_STATE="`cygpath -w $JETTY_STATE`";;
 esac
 
-
-JETTY_ARGS=(${JETTY_ARGS[*]} "jetty.state=$JETTY_STATE")
+JETTY_ARGS=(${JETTY_ARGS[*]} "jetty.state=$JETTY_STATE" "jetty.pid=$JETTY_PID")
 
 ##################################################
 # Get the list of config.xml files from jetty.conf
 ##################################################
 if [ -f "$JETTY_CONF" ] && [ -r "$JETTY_CONF" ]
 then
+  (( DEBUG )) && echo "$JETTY_CONF: (begin read) JETTY_ARGS.length=${#JETTY_ARGS[@]}"
   while read -r CONF
   do
     if expr -- "$CONF" : '#' >/dev/null ; then
@@ -351,16 +472,17 @@ then
       do
         if [ -r "$XMLFILE" ] && [ -f "$XMLFILE" ]
         then
-          JETTY_ARGS=(${JETTY_ARGS[*]} "$XMLFILE")
+          JETTY_ARGS[${#JETTY_ARGS[@]}]=$XMLFILE
         else
           echo "** WARNING: Cannot read '$XMLFILE' specified in '$JETTY_CONF'"
         fi
       done
     else
       # assume it's a command line parameter (let start.jar deal with its validity)
-      JETTY_ARGS=(${JETTY_ARGS[*]} "$CONF")
+      JETTY_ARGS[${#JETTY_ARGS[@]}]=$CONF
     fi
   done < "$JETTY_CONF"
+  (( DEBUG )) && echo "$JETTY_CONF: (finished read) JETTY_ARGS.length=${#JETTY_ARGS[@]}"
 fi
 
 ##################################################
@@ -414,9 +536,6 @@ TMPDIR="`cygpath -w $TMPDIR`"
 ;;
 esac
 
-BASE_JETTY_SYS_PROPS=$(echo -ne "-Djetty.home=$JETTY_HOME" "-Djetty.base=$JETTY_BASE" "-Djava.io.tmpdir=$TMPDIR")
-JETTY_SYS_PROPS=(${JETTY_SYS_PROPS[*]} $BASE_JETTY_SYS_PROPS)
-
 #####################################################
 # This is how the Jetty server will be started
 #####################################################
@@ -434,15 +553,31 @@ case "`uname`" in
 CYGWIN*) JETTY_START="`cygpath -w $JETTY_START`";;
 esac
 
-RUN_ARGS=$("$JAVA" -jar "$JETTY_START" --dry-run=opts,path,main,args ${JETTY_ARGS[*]} ${JAVA_OPTIONS[*]})
-RUN_CMD=("$JAVA" $JETTY_SYS_PROPS ${RUN_ARGS[@]})
+# Determine if we can use start-stop-daemon or not
+START_STOP_DAEMON_AVAILABLE=0
+
+if (( USE_START_STOP_DAEMON ))
+then
+  # only if root user is executing jetty.sh, and the start-stop-daemon exists
+  if [ $UID -eq 0 ] && type start-stop-daemon > /dev/null 2>&1
+  then
+    START_STOP_DAEMON_AVAILABLE=1
+  else
+    USE_START_STOP_DAEMON=0
+  fi
+fi
+
+# Collect the dry-run (of opts,path,main,args) from the jetty.base configuration
+JETTY_DRY_RUN=$(echo "${JETTY_ARGS[*]} ${JAVA_OPTIONS[*]}" | xargs "$JAVA" -jar "$JETTY_START" --dry-run=opts,path,main,args,envs)
+RUN_ARGS=($JETTY_SYS_PROPS ${JETTY_DRY_RUN[@]})
 
-#####################################################
-# Comment these out after you're happy with what
-# the script is doing.
-#####################################################
 if (( DEBUG ))
 then
+  if expr -- "${RUN_ARGS[*]}" : '.*/etc/console-capture.xml.*' > /dev/null
+  then
+    echo "WARNING: Disable console-capture module for best DEBUG results"
+  fi
+  echo "IDs are $(id)"
   dumpEnv
 fi
 
@@ -451,14 +586,29 @@ fi
 ##################################################
 case "$ACTION" in
   start)
-    echo -n "Starting Jetty: "
-
     if (( NO_START )); then
       echo "Not starting ${NAME} - NO_START=1";
       exit
     fi
 
-    if [ $UID -eq 0 ] && type start-stop-daemon > /dev/null 2>&1
+    testFileSystemPermissions
+
+    if running $JETTY_PID
+    then
+      echo "Already Running $(cat $JETTY_PID)!"
+      exit 1
+    fi
+
+    # remove any lingering state file
+    if [ -f $JETTY_STATE ]
+    then
+      rm $JETTY_STATE
+    fi
+
+    echo -n "Starting Jetty: "
+
+    # Startup from a service file
+    if (( USE_START_STOP_DAEMON ))
     then
       unset CH_USER
       if [ -n "$JETTY_USER" ]
@@ -466,22 +616,19 @@ case "$ACTION" in
         CH_USER="--chuid $JETTY_USER"
       fi
 
-      start-stop-daemon --start $CH_USER \
-       --pidfile "$JETTY_PID" \
+      # use of --pidfile /dev/null disables internal pidfile
+      # management of the start-stop-daemon (see man page)
+      echo ${RUN_ARGS[@]} | xargs start-stop-daemon \
+       --start $CH_USER \
+       --pidfile /dev/null \
        --chdir "$JETTY_BASE" \
        --background \
-       --make-pidfile \
+       --output "${JETTY_RUN}/start-stop.log" \
        --startas "$JAVA" \
-       -- ${RUN_ARGS[@]} start-log-file="$JETTY_START_LOG"
-
+       --
+      (( DEBUG )) && echo "Starting: start-stop-daemon"
     else
-
-      if running $JETTY_PID
-      then
-        echo "Already Running $(cat $JETTY_PID)!"
-        exit 1
-      fi
-
+      # Startup if switching users (not as a service, or from root)
       if [ -n "$JETTY_USER" ] && [ `whoami` != "$JETTY_USER" ]
       then
         unset SU_SHELL
@@ -490,29 +637,30 @@ case "$ACTION" in
           SU_SHELL="-s $JETTY_SHELL"
         fi
 
-        touch "$JETTY_PID"
         chown "$JETTY_USER" "$JETTY_PID"
-        # FIXME: Broken solution: wordsplitting, pathname expansion, arbitrary command execution, etc.
         su - "$JETTY_USER" $SU_SHELL -c "
           cd \"$JETTY_BASE\"
-          exec ${RUN_CMD[*]} start-log-file=\"$JETTY_START_LOG\" > /dev/null &
-          disown \$!
-          echo \$! > \"$JETTY_PID\""
+          echo ${RUN_ARGS[*]} | xargs ${JAVA} > /dev/null &
+          PID=\$!
+          disown \$PID"
+        (( DEBUG )) && echo "Starting: su shell (w/user $JETTY_USER) on PID $PID"
       else
-        "${RUN_CMD[@]}" > /dev/null &
-        disown $!
-        echo $! > "$JETTY_PID"
+        # Startup if not switching users
+        echo ${RUN_ARGS[*]} | xargs ${JAVA} > /dev/null &
+        PID=$!
+        disown $PID
+        (( DEBUG )) && echo "Starting: java command on PID $PID"
       fi
-
     fi
 
-    if expr "${JETTY_ARGS[*]}" : '.*jetty-started.xml.*' >/dev/null
+    if expr -- "${JETTY_ARGS[*]}" : '.*jetty\.state=.*' >/dev/null
     then
       if started "$JETTY_STATE" "$JETTY_PID" "$JETTY_START_TIMEOUT"
       then
         echo "OK `date`"
       else
         echo "FAILED `date`"
+        pidKill $JETTY_PID 30
         exit 1
       fi
     else
@@ -523,38 +671,42 @@ case "$ACTION" in
 
   stop)
     echo -n "Stopping Jetty: "
-    if [ $UID -eq 0 ] && type start-stop-daemon > /dev/null 2>&1; then
-      start-stop-daemon -K -p"$JETTY_PID" -d"$JETTY_HOME" -a "$JAVA" -s HUP
-
-      TIMEOUT=30
-      while running "$JETTY_PID"; do
-        if (( TIMEOUT-- == 0 )); then
-          start-stop-daemon -K -p"$JETTY_PID" -d"$JETTY_HOME" -a "$JAVA" -s KILL
-        fi
+    if [ ! -r "$JETTY_PID" ] ; then
+      echo "** ERROR: no pid found at $JETTY_PID"
+      exit 1
+    fi
 
-        sleep 1
-      done
-    else
-      if [ ! -f "$JETTY_PID" ] ; then
-        echo "ERROR: no pid found at $JETTY_PID"
-        exit 1
-      fi
+    PID=$(tail -1 "$JETTY_PID")
+    if [ -z "$PID" ] ; then
+      echo "** ERROR: no pid found in $JETTY_PID"
+      exit 1
+    fi
 
-      PID=$(cat "$JETTY_PID" 2>/dev/null)
-      if [ -z "$PID" ] ; then
-        echo "ERROR: no pid id found in $JETTY_PID"
-        exit 1
-      fi
-      kill "$PID" 2>/dev/null
+    # Stopping service started with start-stop-daemon
+    if (( USE_START_STOP_DAEMON )) ; then
+      (( DEBUG )) && echo "Issuing HUP to $PID"
+      start-stop-daemon --stop \
+         --pid "$PID" \
+         --chdir "$JETTY_BASE" \
+         --startas "$JAVA" \
+         --signal HUP
 
       TIMEOUT=30
-      while running $JETTY_PID; do
+      while running "$JETTY_PID"; do
+        (( DEBUG )) && echo "Issuing KILL to $PID"
         if (( TIMEOUT-- == 0 )); then
-          kill -KILL "$PID" 2>/dev/null
+          start-stop-daemon --stop \
+            --pid "$PID" \
+            --chdir "$JETTY_BASE" \
+            --startas "$JAVA" \
+            --signal KILL
         fi
 
         sleep 1
       done
+    else
+      # Stopping from non-service start
+      pidKill "$JETTY_PID" 30
     fi
 
     rm -f "$JETTY_PID"
@@ -565,7 +717,7 @@ case "$ACTION" in
 
   restart)
     JETTY_SH=$0
-    > "$JETTY_STATE"
+    echo "restart" >> "$JETTY_STATE"
     if [ ! -f $JETTY_SH ]; then
       if [ ! -f $JETTY_HOME/bin/jetty.sh ]; then
         echo "$JETTY_HOME/bin/jetty.sh does not exist."
@@ -584,7 +736,7 @@ case "$ACTION" in
     # Under control of daemontools supervise monitor which
     # handles restarts and shutdowns via the svc program.
     #
-    exec "${RUN_CMD[@]}"
+    echo ${RUN_ARGS[*]} | xargs ${JAVA} > /dev/null &
 
     ;;
 
@@ -597,7 +749,7 @@ case "$ACTION" in
       exit 1
     fi
 
-    exec "${RUN_CMD[@]}"
+    echo ${RUN_ARGS[*]} | xargs ${JAVA} > /dev/null &
     ;;
 
   check|status)
diff --git a/security/shibboleth-idp/files/shibboleth.in b/security/shibboleth-idp/files/shibboleth.in
index e63c0b1c1b98..424e30b7296e 100644
--- a/security/shibboleth-idp/files/shibboleth.in
+++ b/security/shibboleth-idp/files/shibboleth.in
@@ -4,6 +4,7 @@
 # JAVA
 #   Command to invoke Java. If not set, java (from the PATH) will be used.
 #
+JAVA=%%LOCALBASE%%/bin/java
 
 # JAVA_OPTIONS
 #   Extra options to pass to the JVM
diff --git a/security/shibboleth-idp/pkg-plist b/security/shibboleth-idp/pkg-plist
index ed38e20aef23..e45c1c7549ee 100644
--- a/security/shibboleth-idp/pkg-plist
+++ b/security/shibboleth-idp/pkg-plist
@@ -1,80 +1,19 @@
+%%ETCDIR%%/shibboleth-idp
+sbin/shibboleth-idp.sh
 %%DATADIR%%/LICENSE.txt
-%%DATADIR%%/bin/aacli.bat
-%%DATADIR%%/bin/aacli.sh
-%%DATADIR%%/bin/ant-jetty.xml
-%%DATADIR%%/bin/ant.bat
-%%DATADIR%%/bin/ant.sh
-%%DATADIR%%/bin/build.bat
-%%DATADIR%%/bin/build.sh
-%%DATADIR%%/bin/build.xml
-%%DATADIR%%/bin/install-log.xml
 %%DATADIR%%/bin/install.bat
 %%DATADIR%%/bin/install.sh
-%%DATADIR%%/bin/keygen.bat
-%%DATADIR%%/bin/keygen.sh
 @comment %%DATADIR%%/bin/lib/.gitkeep
 %%DATADIR%%/bin/lib/ant-1.10.14.jar
 %%DATADIR%%/bin/lib/ant-launcher-1.10.14.jar
-%%DATADIR%%/bin/lib/bcpg-jdk18on-1.72.2.jar
-%%DATADIR%%/bin/lib/commons-compress-1.26.1.jar
+%%DATADIR%%/bin/lib/bcpg-jdk18on-1.77.jar
+%%DATADIR%%/bin/lib/commons-compress-1.26.2.jar
 %%DATADIR%%/bin/lib/commons-io-2.15.1.jar
+%%DATADIR%%/bin/lib/idp-cli-%%PORTVERSION%%.jar
 %%DATADIR%%/bin/lib/idp-installer-%%PORTVERSION%%.jar
 %%DATADIR%%/bin/lib/jcommander-1.81.jar
-%%DATADIR%%/bin/mdquery.bat
-%%DATADIR%%/bin/mdquery.sh
-%%DATADIR%%/bin/module.bat
-%%DATADIR%%/bin/module.sh
-%%DATADIR%%/bin/plugin.bat
-%%DATADIR%%/bin/plugin.sh
-%%DATADIR%%/bin/reload-metadata.bat
-%%DATADIR%%/bin/reload-metadata.sh
-%%DATADIR%%/bin/reload-service.bat
-%%DATADIR%%/bin/reload-service.sh
-%%DATADIR%%/bin/runclass.bat
-%%DATADIR%%/bin/runclass.sh
-%%DATADIR%%/bin/sealer.bat
-%%DATADIR%%/bin/sealer.sh
-%%DATADIR%%/bin/seckeygen.bat
-%%DATADIR%%/bin/seckeygen.sh
-%%DATADIR%%/bin/status.bat
-%%DATADIR%%/bin/status.sh
-%%DATADIR%%/bin/version.bat
-%%DATADIR%%/bin/version.sh
-%%DATADIR%%/conf/access-control.xml
-%%DATADIR%%/conf/admin/admin.properties
-%%DATADIR%%/conf/admin/metrics.xml
-%%DATADIR%%/conf/attribute-filter.xml
-%%DATADIR%%/conf/attribute-registry.xml
-%%DATADIR%%/conf/attribute-resolver.xml
-%%DATADIR%%/conf/attributes/custom/README
-%%DATADIR%%/conf/attributes/default-rules.xml
-%%DATADIR%%/conf/attributes/eduCourse.xml
-%%DATADIR%%/conf/attributes/eduPerson.xml
-%%DATADIR%%/conf/attributes/inetOrgPerson.xml
-%%DATADIR%%/conf/attributes/samlSubject.xml
-%%DATADIR%%/conf/attributes/schac.xml
-%%DATADIR%%/conf/audit.xml
-%%DATADIR%%/conf/authn/authn-comparison.xml
-%%DATADIR%%/conf/authn/authn-events-flow.xml
-%%DATADIR%%/conf/authn/authn.properties
-%%DATADIR%%/conf/c14n/subject-c14n-events-flow.xml
-%%DATADIR%%/conf/c14n/subject-c14n.properties
-%%DATADIR%%/conf/c14n/subject-c14n.xml
-%%DATADIR%%/conf/credentials.xml
-%%DATADIR%%/conf/errors.xml
-%%DATADIR%%/conf/examples/attribute-resolver-ldap.xml
-%%DATADIR%%/conf/global.xml
-%%DATADIR%%/conf/idp.properties
-%%DATADIR%%/conf/intercept/intercept-events-flow.xml
-%%DATADIR%%/conf/ldap.properties
-%%DATADIR%%/conf/logback.xml
-%%DATADIR%%/conf/metadata-providers.xml
-%%DATADIR%%/conf/relying-party.xml
-%%DATADIR%%/conf/saml-nameid.properties
-%%DATADIR%%/conf/saml-nameid.xml
-%%DATADIR%%/conf/services.properties
-%%DATADIR%%/conf/services.xml
-%%DATADIR%%/credentials/.gitkeep
+%%DATADIR%%/bin/lib/shib-cli-9.1.3.jar
+@comment %%DATADIR%%/credentials/.gitkeep
 %%DATADIR%%/doc/BC-LICENSE.txt
 %%DATADIR%%/doc/CREDITS.txt
 %%DATADIR%%/doc/DUO-LICENSE.txt
@@ -82,66 +21,31 @@
 %%DATADIR%%/doc/README.txt
 %%DATADIR%%/doc/RELEASE-NOTES.txt
 %%DATADIR%%/doc/SPYMEMCACHED-LICENSE.txt
-%%DATADIR%%/flows/authn/conditions/account-locked/account-locked-flow.xml
-%%DATADIR%%/flows/authn/conditions/conditions-flow.xml
-%%DATADIR%%/flows/authn/conditions/expired-password/expired-password-flow.xml
-%%DATADIR%%/flows/authn/conditions/expiring-password/expiring-password-flow.xml
-%%DATADIR%%/flows/user/prefs/prefs-flow.xml
 @comment %%DATADIR%%/logs/.gitkeep
-%%DATADIR%%/messages/messages.properties
-%%DATADIR%%/system/DONOTTOUCH
-%%DATADIR%%/system/conf/global-system.xml
-%%DATADIR%%/system/conf/mvc-beans.xml
-%%DATADIR%%/system/conf/webflow-config.xml
-%%DATADIR%%/views/client-storage/client-storage-read.vm
-%%DATADIR%%/views/client-storage/client-storage-write.vm
-%%DATADIR%%/views/error.vm
-%%DATADIR%%/views/logout-complete.vm
-%%DATADIR%%/views/logout-propagate.vm
-%%DATADIR%%/views/logout.vm
-%%DATADIR%%/views/user-prefs.js
-%%DATADIR%%/views/user-prefs.vm
 %%DATADIR%%/webapp/META-INF/MANIFEST.MF
 %%DATADIR%%/webapp/WEB-INF/idpui.tld
 %%DATADIR%%/webapp/WEB-INF/jsp/metadata.jsp
 %%DATADIR%%/webapp/WEB-INF/jsp/status.jsp
-%%DATADIR%%/webapp/WEB-INF/lib/DuoWeb-1.3.jar
-%%DATADIR%%/webapp/WEB-INF/lib/UserAgentUtils-1.21.jar
 %%DATADIR%%/webapp/WEB-INF/lib/annotations-17.0.0.jar
-%%DATADIR%%/webapp/WEB-INF/lib/antlr-2.7.7.jar
-%%DATADIR%%/webapp/WEB-INF/lib/bcpkix-jdk18on-1.72.jar
-%%DATADIR%%/webapp/WEB-INF/lib/bcprov-jdk18on-1.72.jar
-%%DATADIR%%/webapp/WEB-INF/lib/bcutil-jdk18on-1.72.jar
-%%DATADIR%%/webapp/WEB-INF/lib/byte-buddy-1.10.21.jar
-%%DATADIR%%/webapp/WEB-INF/lib/checker-qual-3.12.0.jar
-%%DATADIR%%/webapp/WEB-INF/lib/classmate-1.5.1.jar
-%%DATADIR%%/webapp/WEB-INF/lib/commons-cli-1.4.jar
-%%DATADIR%%/webapp/WEB-INF/lib/commons-codec-1.15.jar
+%%DATADIR%%/webapp/WEB-INF/lib/bcpkix-jdk18on-1.77.jar
+%%DATADIR%%/webapp/WEB-INF/lib/bcprov-jdk18on-1.77.jar
+%%DATADIR%%/webapp/WEB-INF/lib/bcutil-jdk18on-1.77.jar
+%%DATADIR%%/webapp/WEB-INF/lib/checker-qual-3.41.0.jar
+%%DATADIR%%/webapp/WEB-INF/lib/commons-codec-1.16.1.jar
 %%DATADIR%%/webapp/WEB-INF/lib/commons-compiler-3.1.12.jar
 %%DATADIR%%/webapp/WEB-INF/lib/commons-dbcp2-2.9.0.jar
-%%DATADIR%%/webapp/WEB-INF/lib/commons-lang-2.6.jar
-%%DATADIR%%/webapp/WEB-INF/lib/commons-lang3-3.11.jar
+%%DATADIR%%/webapp/WEB-INF/lib/commons-lang3-3.14.0.jar
 %%DATADIR%%/webapp/WEB-INF/lib/commons-pool2-2.10.0.jar
-%%DATADIR%%/webapp/WEB-INF/lib/cryptacular-1.2.5.jar
-%%DATADIR%%/webapp/WEB-INF/lib/dom4j-2.1.3.jar
-%%DATADIR%%/webapp/WEB-INF/lib/error_prone_annotations-2.11.0.jar
-%%DATADIR%%/webapp/WEB-INF/lib/failureaccess-1.0.1.jar
-%%DATADIR%%/webapp/WEB-INF/lib/guava-31.1-jre.jar
-%%DATADIR%%/webapp/WEB-INF/lib/hibernate-commons-annotations-5.1.2.Final.jar
-%%DATADIR%%/webapp/WEB-INF/lib/hibernate-core-5.4.30.Final.jar
-%%DATADIR%%/webapp/WEB-INF/lib/httpclient-4.5.14.jar
-%%DATADIR%%/webapp/WEB-INF/lib/httpclient-cache-4.5.14.jar
-%%DATADIR%%/webapp/WEB-INF/lib/httpcore-4.4.16.jar
+%%DATADIR%%/webapp/WEB-INF/lib/cryptacular-1.2.6.jar
+%%DATADIR%%/webapp/WEB-INF/lib/error_prone_annotations-2.23.0.jar
+%%DATADIR%%/webapp/WEB-INF/lib/failureaccess-1.0.2.jar
+%%DATADIR%%/webapp/WEB-INF/lib/guava-33.0.0-jre.jar
+%%DATADIR%%/webapp/WEB-INF/lib/httpclient5-5.3.1.jar
+%%DATADIR%%/webapp/WEB-INF/lib/httpclient5-cache-5.3.1.jar
+%%DATADIR%%/webapp/WEB-INF/lib/httpcore5-5.2.5.jar
+%%DATADIR%%/webapp/WEB-INF/lib/httpcore5-h2-5.2.5.jar
 %%DATADIR%%/webapp/WEB-INF/lib/idp-admin-api-%%PORTVERSION%%.jar
 %%DATADIR%%/webapp/WEB-INF/lib/idp-admin-impl-%%PORTVERSION%%.jar
-%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-api-%%PORTVERSION%%.jar
-%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-filter-api-%%PORTVERSION%%.jar
-%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-filter-impl-%%PORTVERSION%%.jar
-%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-filter-spring-%%PORTVERSION%%.jar
-%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-impl-%%PORTVERSION%%.jar
-%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-resolver-api-%%PORTVERSION%%.jar
-%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-resolver-impl-%%PORTVERSION%%.jar
-%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-resolver-spring-%%PORTVERSION%%.jar
 %%DATADIR%%/webapp/WEB-INF/lib/idp-authn-api-%%PORTVERSION%%.jar
 %%DATADIR%%/webapp/WEB-INF/lib/idp-authn-impl-%%PORTVERSION%%.jar
 %%DATADIR%%/webapp/WEB-INF/lib/idp-cas-api-%%PORTVERSION%%.jar
*** 194 LINES SKIPPED ***