From bf02c6584e340e2fdfc50ff599cb42807a52f900 Mon Sep 17 00:00:00 2001
From: Longze Chen <cslzchen@gmail.com>
Date: Thu, 18 Sep 2025 11:49:22 -0400
Subject: [PATCH 1/2] Update shib and cas config (repo copy) for harvard SSO
 update

---
 etc/cas/config/instn-authn-prod.xsl           |  2 +-
 etc/cas/config/shibboleth2-prod.xml           |  9 ++++++++-
 etc/cas/saml/{ => idp/metadata}/.gitkeep      |  0
 .../idp/public-cert/harvard-prod-idp.cert     | 19 +++++++++++++++++++
 4 files changed, 28 insertions(+), 2 deletions(-)
 rename etc/cas/saml/{ => idp/metadata}/.gitkeep (100%)
 create mode 100644 etc/cas/saml/idp/public-cert/harvard-prod-idp.cert

diff --git a/etc/cas/config/instn-authn-prod.xsl b/etc/cas/config/instn-authn-prod.xsl
index 4c509f76..f1a2140d 100644
--- a/etc/cas/config/instn-authn-prod.xsl
+++ b/etc/cas/config/instn-authn-prod.xsl
@@ -250,7 +250,7 @@
                         </user>
                     </xsl:when>
                     <!-- Harvard University (HARVARD) -->
-                    <xsl:when test="$idp='https://fed.huit.harvard.edu/idp/shibboleth'">
+                    <xsl:when test="$idp='http://www.okta.com/exk1xrjz6q65XDb2J1d8 '">
                         <id>harvard</id>
                         <user>
                             <username><xsl:value-of select="//attribute[@name='mail']/@value"/></username>
diff --git a/etc/cas/config/shibboleth2-prod.xml b/etc/cas/config/shibboleth2-prod.xml
index c547c16b..f64c2987 100644
--- a/etc/cas/config/shibboleth2-prod.xml
+++ b/etc/cas/config/shibboleth2-prod.xml
@@ -55,6 +55,14 @@
             <MetadataFilter type="Signature" certificate="ecu-prod-idp-cert.cer" />
         </MetadataProvider>
 
+        <!-- Harvard University -->
+        <MetadataProvider type="XML"
+                          uri="https://login.harvard.edu/app/exk1xrjz6q65XDb2J1d8/sso/saml/metadata"
+                          backingFilePath="harvard-prod-idp-metadata.xml"
+                          reloadInterval="180000">
+            <MetadataFilter type="Signature" certificate="harvard-prod-idp.cert" />
+        </MetadataProvider>
+
         <!-- Macquarie University (MQ) -->
         <MetadataProvider type="XML"
                           uri="https://mq.okta.com/app/exk2dzwun7KebsDIV2p7/sso/saml/metadata"
@@ -107,7 +115,6 @@
         <!-- George Mason University -->
         <!-- George Washington University -->
         <!-- Georgia Institute of Technology -->
-        <!-- Harvard University -->
         <!-- James Madison University -->
         <!-- KU Leuven -->
         <!-- Massachusetts Institute of Technology -->
diff --git a/etc/cas/saml/.gitkeep b/etc/cas/saml/idp/metadata/.gitkeep
similarity index 100%
rename from etc/cas/saml/.gitkeep
rename to etc/cas/saml/idp/metadata/.gitkeep
diff --git a/etc/cas/saml/idp/public-cert/harvard-prod-idp.cert b/etc/cas/saml/idp/public-cert/harvard-prod-idp.cert
new file mode 100644
index 00000000..7e8f8ec5
--- /dev/null
+++ b/etc/cas/saml/idp/public-cert/harvard-prod-idp.cert
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIGAZj3qNEoMA0GCSqGSIb3DQEBCwUAMIGPMQswCQYDVQQGEwJVUzETMBEG
+A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
+MBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB2hhcnZhcmQxHDAaBgkqhkiG9w0BCQEWDWlu
+Zm9Ab2t0YS5jb20wHhcNMjUwODI5MjEwNzEyWhcNMzUwODI5MjEwODEyWjCBjzELMAkGA1UEBhMC
+VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM
+BE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdoYXJ2YXJkMRwwGgYJKoZIhvcN
+AQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2acGWMl
+Du1ON36LsozXn5k95HFtx/vnYgo+uhclZ9wlwU1uaE+/Se6P8qPwUdeF6fGMdNyuFBWb6DOqMfW6
+cLre1V2jS33YNDdat80VuI1FWpfLIr3Rax38H9DMwuMnb6pPT1al1MP1i1qr79YMl46rYvgpIfnL
+nvUF4tQXR0MlOjCuPaOACShKYzcK71eQl8EhqzSOEbypYt4rS4oZ4+IghnSjZgflQ+2LBAL8vwyt
+KIieOT/0ejiaAYppy+Z43d5bRNwNSh22Q7a5/cjeoKC29JdTDzUtGIdqoGFT6VMiLFyvDwJycBmS
+5x2SWeifglEPpq67HdDNg1I5afJPhwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA3obVfcvrrQ4sQ
+mLaLBuRFM/LR4IgVEBMqPeJ4YlRXhyEdUYgesXlxZxA7RjroSnMB/QtXc7NtaI+/BpDKK8/ntEkK
+lLtX+pcYl6RomM5wXxV3dfcC5FG4Gw0e+wOB7F1KE6g/zZbJWQpiMOrGadaBd2kJR0obcVHW8KmN
+KlhyNokndv17sfOyAbBmshXWB1zJMUQSN/3gpIELZec4BhTCN7dbptiKghrc4QO9fBymIf93QBLq
+TwMFgM3i4YsVoPuLWcI6tpokI3UEfpK7OCaMhkK3iNbYhIQ73I5jNB6tMmco0tr4tYaCDoU4eLcJ
+efPYtn/6XYEVujoZtTZkcvth
+-----END CERTIFICATE-----

From fb9a234653db08d16e5f6ba520aea8ab4e9e1332 Mon Sep 17 00:00:00 2001
From: Longze Chen <cslzchen@gmail.com>
Date: Tue, 30 Sep 2025 15:10:18 -0400
Subject: [PATCH 2/2] Revert unnecessary changes

---
 etc/cas/config/shibboleth2-prod.xml           |  1 -
 etc/cas/saml/{idp/metadata => }/.gitkeep      |  0
 .../idp/public-cert/harvard-prod-idp.cert     | 19 -------------------
 3 files changed, 20 deletions(-)
 rename etc/cas/saml/{idp/metadata => }/.gitkeep (100%)
 delete mode 100644 etc/cas/saml/idp/public-cert/harvard-prod-idp.cert

diff --git a/etc/cas/config/shibboleth2-prod.xml b/etc/cas/config/shibboleth2-prod.xml
index f64c2987..ffcd05cd 100644
--- a/etc/cas/config/shibboleth2-prod.xml
+++ b/etc/cas/config/shibboleth2-prod.xml
@@ -60,7 +60,6 @@
                           uri="https://login.harvard.edu/app/exk1xrjz6q65XDb2J1d8/sso/saml/metadata"
                           backingFilePath="harvard-prod-idp-metadata.xml"
                           reloadInterval="180000">
-            <MetadataFilter type="Signature" certificate="harvard-prod-idp.cert" />
         </MetadataProvider>
 
         <!-- Macquarie University (MQ) -->
diff --git a/etc/cas/saml/idp/metadata/.gitkeep b/etc/cas/saml/.gitkeep
similarity index 100%
rename from etc/cas/saml/idp/metadata/.gitkeep
rename to etc/cas/saml/.gitkeep
diff --git a/etc/cas/saml/idp/public-cert/harvard-prod-idp.cert b/etc/cas/saml/idp/public-cert/harvard-prod-idp.cert
deleted file mode 100644
index 7e8f8ec5..00000000
--- a/etc/cas/saml/idp/public-cert/harvard-prod-idp.cert
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDnjCCAoagAwIBAgIGAZj3qNEoMA0GCSqGSIb3DQEBCwUAMIGPMQswCQYDVQQGEwJVUzETMBEG
-A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
-MBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB2hhcnZhcmQxHDAaBgkqhkiG9w0BCQEWDWlu
-Zm9Ab2t0YS5jb20wHhcNMjUwODI5MjEwNzEyWhcNMzUwODI5MjEwODEyWjCBjzELMAkGA1UEBhMC
-VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM
-BE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdoYXJ2YXJkMRwwGgYJKoZIhvcN
-AQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2acGWMl
-Du1ON36LsozXn5k95HFtx/vnYgo+uhclZ9wlwU1uaE+/Se6P8qPwUdeF6fGMdNyuFBWb6DOqMfW6
-cLre1V2jS33YNDdat80VuI1FWpfLIr3Rax38H9DMwuMnb6pPT1al1MP1i1qr79YMl46rYvgpIfnL
-nvUF4tQXR0MlOjCuPaOACShKYzcK71eQl8EhqzSOEbypYt4rS4oZ4+IghnSjZgflQ+2LBAL8vwyt
-KIieOT/0ejiaAYppy+Z43d5bRNwNSh22Q7a5/cjeoKC29JdTDzUtGIdqoGFT6VMiLFyvDwJycBmS
-5x2SWeifglEPpq67HdDNg1I5afJPhwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA3obVfcvrrQ4sQ
-mLaLBuRFM/LR4IgVEBMqPeJ4YlRXhyEdUYgesXlxZxA7RjroSnMB/QtXc7NtaI+/BpDKK8/ntEkK
-lLtX+pcYl6RomM5wXxV3dfcC5FG4Gw0e+wOB7F1KE6g/zZbJWQpiMOrGadaBd2kJR0obcVHW8KmN
-KlhyNokndv17sfOyAbBmshXWB1zJMUQSN/3gpIELZec4BhTCN7dbptiKghrc4QO9fBymIf93QBLq
-TwMFgM3i4YsVoPuLWcI6tpokI3UEfpK7OCaMhkK3iNbYhIQ73I5jNB6tMmco0tr4tYaCDoU4eLcJ
-efPYtn/6XYEVujoZtTZkcvth
------END CERTIFICATE-----