[SIDP-493] can not create /profile/Status Created: 19/Sep/11  Updated: 19/Sep/11

Status: Open
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: xing chun yan Assignee: Tom Barton
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Jetty 7

 Description   
idp-process.log
16:24:37.850 - INFO [edu.internet2.middleware.shibboleth.common.config.profile.JSPErrorHandlerBeanDefinitionParser:45] - Parsing configuration for JSP error handler.
16:24:37.852 - INFO [edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:42] - Parsing configuration for profile handler: Status
16:24:37.853 - INFO [edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:42] - Parsing configuration for profile handler: SAMLMetadata
16:24:37.859 - INFO [edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:42] - Parsing configuration for profile handler: ShibbolethSSO
16:24:37.878 - INFO [edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:42] - Parsing configuration for profile handler: SAML1AttributeQuery
16:24:37.880 - INFO [edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:42] - Parsing configuration for profile handler: SAML1ArtifactResolution
16:24:37.885 - INFO [edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:42] - Parsing configuration for profile handler: SAML2SSO





[SIDP-492] bin/version causes exception Created: 22/May/11  Updated: 22/May/11

Status: Open
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.3.0
Fix Version/s: None

Type: Bug Priority: Trivial
Reporter: Peter Schober Assignee: Chad La Joie
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Description   
{noformat}
[shibboleth-idp]# bin/version.sh
Exception in thread "main" java.lang.ExceptionInInitializerError
Caused by: java.lang.ArrayIndexOutOfBoundsException: 0
        at edu.internet2.middleware.shibboleth.idp.Version.<clinit>(Version.java:101)
Could not find the main class: edu.internet2.middleware.shibboleth.idp.Version. Program will exit.
{noformat}




[SIDP-491] Stylesheet link in login.jsp is not inside the head tag Created: 20/May/11  Updated: 20/May/11

Status: Open
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Trivial
Reporter: Daniel J. Lauk Assignee: Chad La Joie
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File shib-idp-2.3-login.jsp.patch    
Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Description   
The HTML element '<link rel="stylesheet" ... />' belongs inside the '<head>' section of an (X)HTML document.

 Comments   
Comment by Daniel J. Lauk [ 20/May/11 ]
The attached patch file 'shib-idp-2.3-login.jsp.patch' fixes the issue.




[SIDP-489] Typos in the idpui.tld Created: 07/May/11  Updated: 12/May/11  Resolved: 12/May/11

Status: Resolved
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Rod Widdowson Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
This file appears to have had a bad case of "search and replace gone bad". I fixed on in idp-485, but there are some more.

 Comments   
Comment by Rod Widdowson [ 12/May/11 ]
Fixed likewise in Version 3027




[SIDP-488] PeerEntityId property not set on SAML queries Created: 06/May/11  Updated: 17/May/11  Resolved: 06/May/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: SAML 1, SAML 2
Affects Version/s: 2.2.0, 2.2.1
Fix Version/s: 2.3.0

Type: Bug Priority: Major
Reporter: Scott Cantor Assignee: Scott Cantor
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Jetty 7

 Description   
For SAML attribute queries, the requestContext object is missing a value for getPeerEntityId. It does have a value for getInboundMessageIssuer, which is why the filtering engine works.

 Comments   
Comment by Scott Cantor [ 06/May/11 ]
Fixed in svn.




[SIDP-487] More login.jsp changes Created: 05/May/11  Updated: 17/May/11  Resolved: 12/May/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.3.0
Fix Version/s: 2.3.0

Type: Improvement Priority: Minor
Reporter: Rod Widdowson Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
From Ian:
> A couple of quick observations about the example user/password login page, which I had to customise from scratch:
>
> 1) It seems to have DOS line endings now; I don't think that used to be the case.
>
> 2) It has a documentation link to a page on spaces.internet2.edu which no longer exists.
>
> 3) The sentence starting "The web site described to the right" should end with a '.'

(2) is SIDP-486
(1) also applies to login.css



 Comments   
Comment by Rod Widdowson [ 12/May/11 ]
Why did I not close this off when I checked in Version3024? Never mind...




[SIDP-486] login.jsp page contains this helper text "This login page is an example and should be customized. Refer to the documentation." The link on the word documentation takes the user to the spaces wiki. Created: 04/May/11  Updated: 04/May/11  Resolved: 04/May/11

Status: Resolved
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.3.0
Fix Version/s: None

Type: Bug Priority: Trivial
Reporter: Steven Carmody Assignee: Scott Cantor
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Comments   
Comment by Scott Cantor [ 04/May/11 ]
Fixed in rev 3022. I'll resolve once I sweep the projects for any other links.
Comment by Scott Cantor [ 04/May/11 ]
Found remaining links in major spots.




[SIDP-485] idpui tags for images do not create the "alt" attribute. Created: 04/May/11  Updated: 17/May/11  Resolved: 05/May/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.3.0
Fix Version/s: 2.3.0

Type: Bug Priority: Minor
Reporter: Rod Widdowson Assignee: Rod Widdowson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Jetty 7

 Description   
three options to fix :
1) add a required alt text parameter
2) or supply it from the same code that creates the entityName.
3) or supply it, but have it overridable.

Do we need this for 2.3?

 Comments   
Comment by Chad La Joie [ 04/May/11 ]
Do option #3. And yeah, it would probably be nice to have this for v2.3 if you have a few minutes to do it.
Comment by Rod Widdowson [ 05/May/11 ]
Checkin 3023




[SIDP-484] Login stops at AuthnEngine with an empty page Created: 28/Apr/11  Updated: 12/May/11  Resolved: 11/May/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Authentication
Affects Version/s: 2.2.1
Fix Version/s: 2.3.0

Type: Bug Priority: Major
Reporter: Thomas Lenggenhager Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Description   
We observed repeatedly that a login at our IdP stops at AuthnEngine with an empty page in the browser, the redirect to the Login Handler does not take place. The first retry is mostly successful. However, yesterday it happend to me three times in a row when trtying to access wiki.shibboleth.net.

Up to now, we can not reproduce it yet, but by chance we captured such an incident yesterday evening while DEBUG was turned on for another reason.

Here the relevant logfile entries.
The user confirmed that he made this access with no old session cookies, since he restarted the browser just before it hapened and no cookies were blocked. A retry thereafter using the same browser config was successful.

2011-04-27 19:23:22,564 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:198] - Creating login context and transferring control to authentication engine
2011-04-27 19:23:22,572 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:166] - Storing LoginContext to StorageService partition loginContexts, key df3694a5-7acf-4416-82dc-018f57bc3cd6
2011-04-27 19:23:22,573 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:210] - Redirecting user to authentication engine at https://aai-logon.switch.ch:443/idp/AuthnEngine
2011-04-27 19:23:22,599 - DEBUG [edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:156] - No session associated with session ID OWZhMGRlODJkZDI1NzNkYzZjYTRlYmIyNzhiMDZiMDFlMGVmMDhmMzQwYTdiMjQ4ZjQwOTYxNmMyODQ0NmNlMw== - session must have timed out
2011-04-27 19:23:22,600 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:316] - LoginContext key cookie was not present in request
2011-04-27 19:23:22,600 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:201] - Processing incoming request
2011-04-27 19:23:22,600 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:316] - LoginContext key cookie was not present in request
2011-04-27 19:23:22,600 - ERROR [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:209] - Incoming request does not have attached login context
2011-04-27 19:23:22,601 - ERROR [ch.SWITCH.aai.uApprove.idpplugin.Plugin:124] - uApprove error: Error dispatching to IdP: Incoming request does not have attached login context


 Comments   
Comment by Chad La Joie [ 28/Apr/11 ]
Well, the error is what it says then. The IdP did not get the login context key cookie. I'm not sure why it would work after the initial attempt but the IdP has no control over whether and how cookies are received, it's either present or it's not. You'll need to look at your deployment environment for other causes of such a problem.
Comment by Scott Cantor [ 28/Apr/11 ]
Usually blank pages are from a null pointer exception, though it doesn't seem to be logging that.

You might want to turn on cookie logging at the web server end, you might spot something useful and it's not that invasive to other traffic.
Comment by Kaspar Brand [ 04/May/11 ]
Ok, I'm now able to reproduce (cookie logging was indeed helpful, though it took me some time to realize *why* the cookies didn't come back from the client).

One method to trigger this behavior is to disable cookies (or deny them from the IdP, specifically)... the IdP login then just stops with a blank /idp/AuthnEngine page.

I would suggest to improve the error handling, though. Currently, we have this code in AuthenticationEngine.java (in the "service" method):

   207 LoginContext loginContext = HttpServletHelper.getLoginContext(storageService, getServletContext(), httpRequest);
   208 if (loginContext == null) {
   209 LOG.error("Incoming request does not have attached login context");
   210 throw new ServletException("Incoming request does not have attached login context");
   211 }

At other places (returnToAuthenticationEngine and returnToProfileHandler), the error is handled like this:

   144 LoginContext loginContext = HttpServletHelper.getLoginContext(storageService, context, httpRequest);
   145 if (loginContext == null) {
   146 LOG.warn("No login context available, unable to return to authentication engine");
   147 forwardRequest("/error.jsp", httpRequest, httpResponse);
   148 } else {

   161 LoginContext loginContext = HttpServletHelper.getLoginContext(storageService, context, httpRequest);
   162 if (loginContext == null) {
   163 LOG.warn("No login context available, unable to return to profile handler");
   164 forwardRequest("/error.jsp", httpRequest, httpResponse);
   165 }

Can the "does not have attached login context" error be handled in the same way? IMO, displaying error.jsp is the proper thing to do in such a case - it will tell the user that Shib requires cookies.
Comment by Chad La Joie [ 11/May/11 ]
Re-opening since there is now a way to reproduce the issue.
Comment by Chad La Joie [ 11/May/11 ]
fixed in rev 3028
Comment by Kaspar Brand [ 12/May/11 ]
Disclaimer: IANAJP, but as the "service" method is defined like this

    protected void service(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws ServletException,
            IOException {

shouldn't it still throw an exception if it fails to retrieve the login context? Otherwise, I'm seeing uApprove log entries such as

ERROR [ch.SWITCH.aai.uApprove.idpplugin.Plugin:124] - uApprove error: Error dispatching to IdP: null

(Re-adding a "throw new ServletException(..." line after the forwardRequest line works fine for me, as I just confirmed with a local build.)
Comment by Chad La Joie [ 12/May/11 ]
Actually, the correct behavior should be to have a return statement after the forward, not an exception. Can you please try that out in your test environment. I don't have anything running uApprove.
Comment by Chad La Joie [ 12/May/11 ]
So, testing on my side, without uApprove, shows having the return statement in there does the right thing (display the error page and stop processing).
Comment by Kaspar Brand [ 12/May/11 ]
Yes, I can confirm. With uApprove, it's fine as well, with the benefit that there's no longer an ERROR log entry.
Comment by Chad La Joie [ 12/May/11 ]
Yeah, I dropped the log message down to a warning.
Comment by Kaspar Brand [ 12/May/11 ]
I was referring to the log entry from uApprove, to be precise ("Error dispatching to IdP..."). That one goes away when the return statement is added.




[SIDP-483] Log Completed, Unencrypted SAML Assertion Created: 13/Apr/11  Updated: 15/Apr/11  Resolved: 15/Apr/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: SAML 2
Affects Version/s: 2.2.1
Fix Version/s: 2.3.0

Type: New Feature Priority: Minor
Reporter: Nate Klingenstein Assignee: Brent Putman
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
Currently, if a deployer wants to see the complete SAML assertion that is being sent to an SP, it is difficult to do so. The PROTOCOL_MESSAGE logger will log only an encrypted assertion(assuming encryption for transport), and the fully serialized assertion is not AFAIK logged at any point prior to encryption.

This would be useful for debugging transactions, especially with non-Shibboleth SP's.

 Comments   
Comment by Brent Putman [ 15/Apr/11 ]
Added in r3016.




[SIDP-482] JSP pages should HTML-encode any strings they handle Created: 12/Apr/11  Updated: 17/May/11  Resolved: 12/Apr/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: None
Fix Version/s: 2.3.0

Type: Improvement Priority: Minor
Reporter: Scott Cantor Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SC-150 HTML-ize unsafe characters rather tha... Closed

 Description   
The error templates currently assume the IdP has made any strings they get safe for insertion, but we want to ensure that gets done directly by the templates.

 Comments   
Comment by Scott Cantor [ 12/Apr/11 ]
Fixed in rev 3013.




[SIDP-480] Update POM to add plugin versions, use / publish to Shib.net Repo, and attach generated source and Javadocs Created: 07/Apr/11  Updated: 08/Apr/11  Resolved: 08/Apr/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Build
Affects Version/s: None
Fix Version/s: 2.3.0

Type: Task Priority: Major
Reporter: Chad La Joie Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
Update POM to add plugin versions, use / publish to Shib.net Repo, and attach generated source and Javadocs

 Comments   
Comment by Chad La Joie [ 08/Apr/11 ]
done in rev 3010




[SIDP-478] ECP profile support Created: 06/Apr/11  Updated: 26/Apr/11  Resolved: 26/Apr/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: SAML 2
Affects Version/s: None
Fix Version/s: 2.3.0

Type: New Feature Priority: Major
Reporter: Scott Cantor Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
Merge in a modified version of Jim Fox' ECP profile support. This version will rely on new handler-aware SOAP binding classes in OpenSAML, and inherit more effectively from the SAML 2 SSO handler.

Authentication via REMOTE_USER is implemented using a decoder handler rather than inside the profile handler.

 Comments   
Comment by Scott Cantor [ 06/Apr/11 ]
Lightly tested version checked in with rev. 3006. Need to test further and examine error handling more closely.




[SIDP-477] Need to move references to the i2 spaces wiki to be to the shibbolet.net one Created: 05/Apr/11  Updated: 17/May/11  Resolved: 06/Apr/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: None
Fix Version/s: 2.3.0

Type: Bug Priority: Major
Reporter: Rod Widdowson Assignee: Rod Widdowson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Apache Tomcat 7.0

 Description   
A quick grep shows that login.jsp (which I was aware of) and login.config and README.TXT need changed.

 Comments   
Comment by Rod Widdowson [ 06/Apr/11 ]
Checkin 3008




[SIDP-476] NullPointerException when mapping null values returned from RDBMS query Created: 30/Mar/11  Updated: 11/Apr/11  Resolved: 11/Apr/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Attribute Resolution
Affects Version/s: 2.1.5
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: Russell Beall Assignee: Chad La Joie
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Description   
Multiple rows returned by RDBMS query on non-normalized database. Some values are returned as null. When mapping these values, the Null values are considered to be actual values for the column by the mapper and it tries to run a regex match on the null value. This error is printed in the logs:

17:21:57.358 DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.ValueMap:98] - Performing regular expression based comparison
17:21:57.384 ERROR [edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet:88] - Error occured while processing request
java.lang.NullPointerException: null
       at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.MappedAttributeDefinition.doResolve(MappedAttributeDefinition.java:68)
       at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.BaseAttributeDefinition.resolve(BaseAttributeDefinition.java:107)


 Comments   
Comment by Russell Beall [ 31/Mar/11 ]
I should perhaps comment that this occurred with the Oracle connector:
oracle.jdbc.OracleDriver

It is possible that Null values may be handled differently when returned from the MySQL driver.

---

Upon further investigation I am having a heck of a time reproducing this error on a subset of the table I used originally. The mapper appears to be working fine on a similarly constructed table with only a few data elements involved, even though the supposedly problematic null value is still present.
Comment by Russell Beall [ 31/Mar/11 ]
Ahh... And the issue reveals itself further.

The errant attribute definition was of type "ad:Mapped". When I change it to "ad:Simple" and remove the value mappings, the data is resolved no problem.

So the problem is narrowed to simply this type of definition:
        <AttributeDefinition id="eduPersonEntitlement" xsi:type="ad:Mapped">
Comment by Chad La Joie [ 11/Apr/11 ]
Duplicate of SC-132




[SIDP-475] Better login page for IdP Created: 29/Mar/11  Updated: 17/May/11  Resolved: 29/Mar/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: None
Fix Version/s: 2.3.0

Type: Task Priority: Minor
Reporter: Rod Widdowson Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
Despite lots of help, people still deploy the default login page.

Now that we have taglib assists we can make this look more like the standard page we are aiming for (login left, SP right).


 Comments   
Comment by Rod Widdowson [ 29/Mar/11 ]
Checkin 3004.

- New CSS file.
- login.jsp has the two pane login
- error.jsp references the SP's support contact (if possible).
Comment by kevin foote [ 05/Apr/11 ]
Rod can you add one quick jpg of the stock login.jsp / error.jsp w/out any branding etc..
Might be good to have here for reference.
Comment by Rod Widdowson [ 05/Apr/11 ]
Kevin. Not sure I get you. Do you mean in this case, or added to https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPassLoginPage?




[SIDP-474] NPE in taglib processing Created: 29/Mar/11  Updated: 17/May/11  Resolved: 29/Mar/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.3.0
Fix Version/s: 2.3.0

Type: Bug Priority: Minor
Reporter: Rod Widdowson Assignee: Rod Widdowson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Jetty 7

 Description   
Caused by: java.lang.NullPointerException: null
at edu.internet2.middleware.shibboleth.idp.ui.ServiceTagSupport.getSPEntityDescriptor(ServiceTagSupport.java:133)

 Comments   
Comment by Rod Widdowson [ 29/Mar/11 ]
(I had to corrupt the cookie to get that one!)
Comment by Rod Widdowson [ 29/Mar/11 ]
Checkin 3003




[SIDP-473] Sample login page should exploit the MDUI tags Created: 24/Mar/11  Updated: 17/May/11  Resolved: 12/Apr/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: None
Fix Version/s: 2.3.0

Type: Task Priority: Minor
Reporter: Rod Widdowson Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
What it says.

We will probably go for the "two box" approach, with login on the LHS and SP details (if any) on the RHS.

This does present a few issues for layout since I don't see an way to have two same sized boxes without ending up with absolute sizes. Fortunately you can cascade the taglibs which means you can say "If there is a (logo > size) then use that but clip it, otherwise just use the logo" which means that big logos get scaled down but small ones do not get bloated.

 Comments   
Comment by Rod Widdowson [ 12/Apr/11 ]
Checkins 3011, 3007, 3004. See this all done




[SIDP-471] Taglibs appear to be caching SP information... Created: 18/Mar/11  Updated: 18/Mar/11  Resolved: 18/Mar/11

Status: Resolved
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Blocker
Reporter: Rod Widdowson Assignee: Rod Widdowson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Description   
(I view this a a blocker to 2.3 delivery - we can fix it by removing the atg support but I'd rather not).

As part of final test of this code I deployed this into a live IdP. It appears that I only ever see one SP's logo - no matter which SP I approach this from.

More diagnosis needed, But I wanted to get this is ASAP


 Comments   
Comment by Rod Widdowson [ 18/Mar/11 ]
<expletive deleted> There is but one bean for request. It makes is inadvisable therefore to use bean-local storage. I guess that was obvious had I thought about how it was built rather than how it would be used...
Comment by Rod Widdowson [ 18/Mar/11 ]
Checkin 2997.
No documentation (or in fact release notes) needed.
Comment by Rod Widdowson [ 18/Mar/11 ]
Also 2999 (flushed by further testing)




[SIDP-470] Uptime in ms is demoralizing Created: 14/Mar/11  Updated: 14/Mar/11  Resolved: 14/Mar/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: SAML 2
Affects Version/s: 2.2.1
Fix Version/s: None

Type: Improvement Priority: Trivial
Reporter: Nate Klingenstein Assignee: Chad La Joie
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
The uptime on https://server.name/idp/status is displayed in ms. This may cause demoralization and trepidation in new deployers.

 Comments   
Comment by Nate Klingenstein [ 14/Mar/11 ]
This actually came up at the Amherst, MA installfest, and I just had to file it.
Comment by Chad La Joie [ 14/Mar/11 ]
Currently, I believe, everything in the logs is given in ms. I plan on keeping it that way. The only other format I'd even remotely consider at this point is the ISO8601 duration notation. I don't like that option, however, because it's hard for scripts to parse (and there are a lot of people who parse the status page within scripts).
Comment by Nate Klingenstein [ 14/Mar/11 ]
This is acknowledgment that we are real people, with real problems. It's good enough. For now.




[SIDP-469] eduPersonTargetedID Could Be Separately Commented Created: 14/Mar/11  Updated: 15/Mar/11  Resolved: 15/Mar/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Attribute Resolution
Affects Version/s: 2.2.1
Fix Version/s: 2.3.0

Type: Improvement Priority: Trivial
Reporter: Nate Klingenstein Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
A lot of early deployers like to uncomment large piles of attributes. In the process, they often uncomment eduPersonTargetedID, which is dependent on the computedID data connector, which isn't generally uncommented. Installfests would be marginally smoother if these were commented independently.

<!--
    <resolver:AttributeDefinition xsi:type="ad:Scoped" id="eduPersonTargetedID.old" scope="$IDP_SCOPE$" sourceAttributeID="computedID">
        <resolver:Dependency ref="computedID" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonTargetedID" />
    </resolver:AttributeDefinition>

    <resolver:AttributeDefinition xsi:type="ad:SAML2NameID" id="eduPersonTargetedID"
                                  nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" sourceAttributeID="computedID">
        <resolver:Dependency ref="computedID" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" friendlyName="eduPersonTargetedID" />
    </resolver:AttributeDefinition>
    -->


 Comments   
Comment by Chad La Joie [ 15/Mar/11 ]
Fixed in rev 2996




[SIDP-468] Supply taglibs with IdP 2.3 to allow easier access to display informatiomn gleaned from the metadata Created: 28/Feb/11  Updated: 17/May/11  Resolved: 14/Apr/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: None
Fix Version/s: 2.3.0

Type: New Feature Priority: Minor
Reporter: Rod Widdowson Assignee: Rod Widdowson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
This can all be found by traversing the metadata, but it seems best to keep this compexity from the GUI.

The kinds of information we want to supply is
- ServiceName (taken from <mdui:UIInfo> or <AssertionConsumerService> of the host name from the entityID
- ServiceDescription
- ServiceLogo (with some sort of size "parameterization")
- ServiceContact
- ServicePrivacyURL
- Service InformationURL
- IdPContact


 Comments   
Comment by Rod Widdowson [ 13/Mar/11 ]
Checkin 2992/2993
Also documentation updated at https://spaces.internet2.edu/display/SHIB2/IdPAuthUserPassLoginPage
Comment by Rod Widdowson [ 13/Apr/11 ]
I'm going to reopen this pending sorting out all the ESAPI issues...
Comment by Rod Widdowson [ 14/Apr/11 ]
Closing (again 3015)




[SIDP-466] IdP22Upgrade documentation in unclear regarding "Changes in Principal Name Returned from Authentication" Created: 21/Feb/11  Updated: 20/Mar/11  Resolved: 20/Mar/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Documentation Priority: Minor
Reporter: Olivier Salaün Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
The Upgrade instructions from https://spaces.internet2.edu/display/SHIB2/IdP22Upgrade#IdP22Upgrade-ChangesinPrincipalNameReturnedfromAuthentication states that "If you were properly pulling in the value from the principal name set by class name then you should see no change in behavior."

I'm afraid I don't understand what "pulling in the value from the principal name set by class name" mean.

Could you please complete this (very usefull documentation) with more precised instructions?

Thanks.

 Comments   
Comment by Chad La Joie [ 20/Mar/11 ]
Added to documentation




[SIDP-465] A FailoverDataConnector for the Stored ID Data Connector Created: 15/Feb/11  Updated: 15/Feb/11  Resolved: 15/Feb/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Attribute Resolution
Affects Version/s: 2.1.5
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: naveed Assignee: Chad La Joie
Resolution: Invalid Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
Unlike the Relational Database Data Connector, there is no FailoverDataConnector for the Stored ID Data Connector. I'm sure this could prove a useful feature.

 Comments   
Comment by Chad La Joie [ 15/Feb/11 ]
All data connectors have support for failover on errors.
Comment by naveed [ 15/Feb/11 ]
I tried adding a FailoverDataConnector, the idp failed to start ...

ERROR [edu.internet2.middleware.shibboleth.common.config.BaseService:187] - Configuration was not loaded for shibboleth.AttributeResolver service, error creating components. The root cause of this error was: org.xml.sax.SAXParseException: cvc-complex-type.2.4.d: Invalid content was found starting with element 'resolver:FailoverDataConnector'. No child element is expected at this point.

No child element is expected at this point?

attribute-resolver.xml :-

    <resolver:DataConnector xsi:type="StoredId" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
id="myStoredId"
        generatedAttributeID="persistentID"
        sourceAttributeID="uid"
        salt="ThisIsRandomText">

        <resolver:Dependency ref="directory" />
        <ApplicationManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
jdbcURL="jdbc:oracle:thin:@...."
jdbcUserName="???"
jdbcPassword="????" />

<resolver:FailoverDataConnector ref="myStoredId2" />

</resolver:DataConnector>

    <!-- Fail over -->
<resolver:DataConnector xsi:type="StoredId" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
id="myStoredId2"
        generatedAttributeID="persistentID"
        sourceAttributeID="uid"
        salt="ThisIsRandomText">

        <resolver:Dependency ref="directory" />
        <ApplicationManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
jdbcURL="jdbc:oracle:thin:@???"
jdbcUserName="shib"
jdbcPassword="" />

</resolver:DataConnector>

Could be a mis-config? any help appreciated.

Naveed




[SIDP-464] An SPNameQualifier in NameIDPolicy always treated as an affiliation Created: 11/Feb/11  Updated: 14/Mar/11  Resolved: 11/Feb/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: SAML 2
Affects Version/s: 2.2.0, 2.2.1
Fix Version/s: 2.3.0

Type: Bug Priority: Minor
Reporter: Scott Cantor Assignee: Scott Cantor
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Jetty 7

 Description   
If you set SPNameQualifier to the SP's entityID, it should be a no-op/default result, but instead the code treats it as an affiliation and checks the metadata, resulting in an Invalid SPNameQualifier error.

 Comments   
Comment by Scott Cantor [ 11/Feb/11 ]
Fixed in rev. 2990.
Comment by Scott Cantor [ 11/Feb/11 ]
Added an outbound check for a mismatch in rev. 2991.

As of 2.3.0, you can set SPNameQualifier in an AttributeValue-bound NameID (which doesn't get checked against NameIDPolicy), but not in a Subject-bound NameID. If that ever changes, this check will ensure we never send out a NameID in the Subject that conflicts with a requested SPNameQualifier.




[SIDP-463] Adjustments to the default format for idp-process.log entries Created: 08/Feb/11  Updated: 14/Feb/11  Resolved: 10/Feb/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.2.1
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Kaspar Brand Assignee: Chad La Joie
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
I'd like to suggest the changes appended below to the default format for the idp-process.log:

1) add the full date to each message - while it's true that the YYYY-MM-DD is also "encoded" in the file name (after rotation), this information can sometimes get lost (when extracts are copied etc). Having it "inline" as well seems preferrable to me.

2) only output exceptions in the short format, by default. (%ex{short} "prints the first line of the stack trace", otherwise the Logback default applies - the "PatternLayout will automatically add it as the last conversion word" if it's not explicitly specified - http://logback.qos.ch/manual/layouts.html)

Thanks for considering these for 2.3.


Index: REL_2/src/installer/resources/conf-tmpl/logging.xml
===================================================================
--- REL_2/src/installer/resources/conf-tmpl/logging.xml (revision 2988)
+++ REL_2/src/installer/resources/conf-tmpl/logging.xml (working copy)
@@ -63,7 +63,7 @@
 
         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
             <charset>UTF-8</charset>
- <Pattern>%date{HH:mm:ss.SSS} - %level [%logger:%line] - %msg%n</Pattern>
+ <Pattern>%date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short}</Pattern>
         </encoder>
     </appender>


 Comments   
Comment by Chad La Joie [ 10/Feb/11 ]
People can make this change to their logging format if they want, but changing things like the date/time representation would likely break any of the existing log parsers that people have that work with the process log.
Comment by Kaspar Brand [ 14/Feb/11 ]
Well, this is about setting sensible defaults which best suit the needs of the majority of the IdP admins. The only argument for not adapting the format seems to be the backward-compatibility for the - probably very small number of - people who are apparently considering idp-process.log a machine parsable log (I thought that's what idp-access.log and idp-audit.log are for, at least https://spaces.internet2.edu/display/SHIB2/IdPLogging seems to indicate so).

Even if someone is parsing idp-process.log, I can't follow the reasoning for not ever adapting the default format - consequently, the format would have to be considered as cast into stone from now on. For the very few people who are indeed machine-parsing this log, I consider it acceptable that *they* tune their logging.xml, actually.

Changing to %date{ISO8601} and adding %ex{short} is of benefit to the large majority of the user base - it gives them (date-)complete and more manageable log entries. [Having an 8-line stack in idp-process.log, starting at java.util.TimerThread.run, only to tell me that the FilesystemMetadataProvider can't find a metadata file seems pretty useless to me. One line is completely sufficient for normal operations.]




[SIDP-462] Add a separate (non install) "Keygen" capability to IdP Created: 04/Feb/11  Updated: 04/Feb/11  Resolved: 04/Feb/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Build
Affects Version/s: 2.2.1
Fix Version/s: None

Type: New Feature Priority: Minor
Reporter: Rod Widdowson Assignee: Chad La Joie
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
I got a strong steer for the UK Fed support guys that it would be nice to be able to generate the self-signed .key/.cert/.jks which the IdP installation does as a separate beast from the instalation. II'm not sure why it important to them. I suspect that its (a) to allow easier documentation (since the SP and (b) because in the UK more IdPs have to have non self signed certs because of legacy software considerations.

Either way I it feels like a good idea to align the IdPs capabilities with the SP and I can see good reasons to want to be able to do this easily.

I just took a look at build.xml and it looks as though this might be possible with very little effort. If it's less than a day (and it's hard to see how it could be more) I'll happily do the work for this as part of 2.3, otherwise can we move this to 3.x?

 Comments   
Comment by Chad La Joie [ 04/Feb/11 ]
Duplicate of SIDP-272




[SIDP-461] Add legacy Shib SSO protocol as binding for IdP-initiated SSO for SAML 2.0 Created: 03/Feb/11  Updated: 14/Mar/11  Resolved: 09/Feb/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: SAML 2
Affects Version/s: None
Fix Version/s: 2.3.0

Type: New Feature Priority: Major
Reporter: Scott Cantor Assignee: Scott Cantor
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File unsolicited.patch    

 Description   
After much gnashing of teeth, we've agreed to support IdP-initiated SSO by using the legacy Shibboleth protocol (a simple query string) to signal this on the SAML 2.0 SSO endpoint.

We need to reuse or adapt the MessageDecoder from the original protocol support for SAML 1 and bind it to the SAML 2.0 endpoint. We may even be able to reuse the binding URN, because there's no reason to add this to metadata (it's intended to be internal to the IdP deployment, not public).

We will not try and support both SAML versions on one endpoint, so if the shire parameter matches a SAML 1 ACS, it will be treated as an error when the SAML 2 endpoint is used.

Finally, the whole point of this exercise is to signal that the IdP should omit InResponseTo. We can't do this by the absence of a messageID, because the replay support we added to 2.2.1 mocks up a messageID for legacy protocol requests. Chad suggested using a profile handler option, but I would rather that deployers didn't have to turn this off for all responses from the profile handler, mainly because the SP at some point might start enforcing the InResponseTo check.

So I think we have a couple of options:

- create a second version of the profile handler to represent IdP-initiated SSO, and add that to the relying-party set, and to handler.xml bound to only the legacy MessageDecoder (they would obviously share 99.9% code)

- implement a brute force check of the inbound binding to suppress InResponseTo automatically when the legacy binding is used (reusing the existing profile handler)


 Comments   
Comment by Scott Cantor [ 03/Feb/11 ]
I started working on this by examining the profile handler and SAML2LoginContext classes and cleaning up any code where the AuthnRequest was assumed to exist (as opposed to being null). It seems likely we could use that as a signal for the InResponseTo suppression as well.

However, the code that selects the response endpoint uses the AuthnResponseEndpointSelector helper class inside of opensaml that is SAML 2-specific, and assumes a non-null AuthnRequest as input to the selector. The helper class doesn't know how to deal with an explicit ACS URL to match against, so we'd probably have to inline some special logic copied from the SAML 1 handler, or go with a "mock up" approach and create a dummy AuthnRequest to stand-in for the lack of one. That would probably be cleaner and avoid the need to scour for more null checks.
Comment by Brent Putman [ 03/Feb/11 ]
Before you get too far into this, recall that I did something along these lines for Georgetown for a couple of vendor IdP-initiated cases. See:

https://svn.middleware.georgetown.edu/putmanb/java-idp-saml2-idp-initiated-sso/

It's primarily:

1) an unsolicited SAML 2 SSO profile handler, which does 2 main things: a) omits the InResponseTo b) ensures that errors don't result in an unsolicited error to the SP. This can be used with a JSP or CGI script that generates an AuthnRequest, or can be combined with the decoder below.

2) a decoder which takes query params and constructs an AuthnRequest for the inbound message context. The current params supported allow for a significant subset of what can go into a SAML 2 AuthnRequest. That's probably more than what we wanted here, but could of course be pared down. The param names don't align exactly with the Shib SSO protocol, but could be adapted, etc. It's even unit tested.

Like I think you are seeing, I think the "mock up" approach is probably the easiest and fastest way to implement this, otherwise we really have to adjust a lot of other code.

Comment by Scott Cantor [ 03/Feb/11 ]
I don't think we should support anything new here protocol-wise, because that means standardizing it, and I'm not interested in doing that kind of work, I just want to reuse what's defined already.

If mocking up a request is necessary, I was thinking of doing that inside the profile handler where the decoder is run, just to avoid duplicating the decoder, but I'll take a look at it.

I wasn't that keen on creating a second profile handler, but as long as it's mostly just inheriting from the original, I guess it's not too bad.
Comment by Brent Putman [ 03/Feb/11 ]
That's fine, I wasn't suggesting a new protocol, I know you were opposed to that. Only suggesting reuse the code. On the params, do:

entityID -> providerId
acsURL -> shire
relayState -> target

and remove the others, I think that does it. Oh, I guess there's the optional 'time' param, but that's easily added.

I think doing anything significant to the profile handler along the lines of mocking up the request is probably a pita, and introduces all kinds of special case logic in that part of the handler. I thought it was better and cleaner to just isolate it all in the decoder. And I think it's technically more correct design-wise: the decoder should decode the inbound request and produce the structure that will be processed by the profile handler. At least that's how we've generally viewed it.

Actually, I only created a separate profile handler b/c this was an extension. If we collapse this into the IdP, it makes sense to put that part in the SAML 2 SSO profile handler. I had envisioned, and I think Chad and I discussed briefly back then, that we might carry a new boolean 'isUnsolicited' or something on the profile request context. That would then trigger the logic that is currently in the profile handler subclass to omit the InResponseTo and change the error handling. That code is actually pretty simple and could be moved to the existing profile handler pretty easily. As far as what sets the boolean: I suppose it could either be the message decoder (although I suppose that tightly couples the decoder to the profile handler impl, since it will have to cast it), or perhaps the profile handler would set early on, possibly based on the request URI or something like that. Or perhaps a better way will present itself, haven't thought it all the way through.
Comment by Scott Cantor [ 03/Feb/11 ]
Mocking up the request seemed likely to be confined to the existing function calling decode(), and by putting it there, I figured we'd avoid the need for a duplicate MessageDecoder that would have to be maintained in sync with the other one (not that we change it much, but I did in fact just enhance it in 2.2.1). In terms of design, the mocking up alone bothers me, and I didn't really see it as something the decoder should have to do. It's really a code hack to make the profile handler keep working, so I thought it made sense to put the hack there so that if it were fixed, the hack would be removed.

As far as how to combine the handlers, I don't like the idea of a boolean config option, but if it's a request context option, that's not too ugly. That's another reason I prefer to mock the request in the handler, since I could set that option at the same time, I think. Good point about combining them though. I wasn't sure the error handling change would be that clean to merge back in, but I didn't look at it closely yet.
Comment by Scott Cantor [ 03/Feb/11 ]
Never mind, I see that the decoders are tied to SAML 1 and SAML 2 specific request context classes for capturing e.g. the ACS URL from the shire parameter and so forth. I thought those were abstracted more, but reusing the decoder isn't going to work anyway, so I'll just copy what you did.

We should clean all this up in v3.
Comment by Brent Putman [ 03/Feb/11 ]
Yeah, right, as I was walking to the office just now I realized that you were thinking of reusing the Shib 1 protocol decoder, and I was pretty sure that wasn't going to work, for exactly the reason you mention. That's why you have to have a different decoder anyway, so may as well do the mock up there, and avoid making lots of invasive changes to the profile handler, at least IMHO.
Comment by Scott Cantor [ 03/Feb/11 ]
It also means we can go ahead and put the unsolicited flag on SSORequestContext, because the decoder is tied to the context class type anyway.
Comment by Scott Cantor [ 06/Feb/11 ]
A working patch is attached. Before I check it in, I wanted to make sure my changes were acceptable. To make this work, I had to extend the Saml2LoginContext class with a flag to track the unsolicited option so that it would be recreated in the request context on the "completeAuthentication" end of the profile run.

The decoder is responsible here for initially setting the flag on the SSORequestContext, which means other decoders could be plugged in (so Brent could continue to support the protocol he created in his extension, and drop out the rest of his profile changes).

The protocol I implemented is:
providerId (required)
shire, target, time (optional)
Comment by Brent Putman [ 07/Feb/11 ]
Looks good to me. It's pretty much what I had imagined it would look like. I hadn't thought about the wrinkle of needing to carry the flag across the 2 legs of the request. Replicating it into the login context seems like the best solution.
Comment by Scott Cantor [ 09/Feb/11 ]
Checked in rev 2989.

This is enabled by default in the config, since we don't require signed requests in general anyway, but we can revisit before release.

Brent, if you have time to try using your custom decoder with the changed core classes, that might be a good test.




[SIDP-460] Add AuthenticatingAuthority support to login context API Created: 31/Jan/11  Updated: 10/Feb/11  Resolved: 10/Feb/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Authentication
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Scott Cantor Assignee: Scott Cantor
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
Some people are building IdP proxies that populate the AuthenticatingAuthority element. We should add support for setting that via custom login handlers and honor that in the SAML 2 SSO profile handler.

 Comments   
Comment by Scott Cantor [ 03/Feb/11 ]
To implement this, we'd have to extend the AuthenticationMethodInformation interface and impl that gets stored within the session. I'm not sure this is possible without breaking compatibility, need to check with Chad. I suppose we could add an AuthenticationMethodInformationEx interface as an extension, but that's a bit far to go, could just wait for 3.0.
Comment by Chad La Joie [ 10/Feb/11 ]
This issue will not be addressed in the IdP v2 series.




[SIDP-457] would be nice to include displayName in default attribute resolver Created: 04/Jan/11  Updated: 04/Jan/11  Resolved: 04/Jan/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Attribute Resolution
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Improvement Priority: Minor
Reporter: Ian Young Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
The default attribute-resolver.xml does not include the displayName attribute from inetOrgPerson (RFC 2798 section 2.3) although this attribute is in use in some popular SP deployments including the shibboleth.net wiki.

Something like this could be added to the default file:

    <resolver:AttributeDefinition xsi:type="ad:Simple" id="displayName" sourceAttributeID="displayName">
        <resolver:Dependency ref="myLDAP" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:displayName" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.16.840.1.113730.3.1.241" friendlyName="displayName" />
    </resolver:AttributeDefinition>


 Comments   
Comment by Chad La Joie [ 04/Jan/11 ]
add in rev 2975




[SIDP-456] Specifying the metadata refresh interval Created: 03/Jan/11  Updated: 03/Jan/11  Resolved: 03/Jan/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.1.5
Fix Version/s: None

Type: Documentation Priority: Minor
Reporter: Tom Scavo (Inactive) Assignee: Chad La Joie
Resolution: Invalid Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
In versions prior to v2.2, how do you explicitly configure the IdP to refresh metadata, say, every 8 hrs?

 Comments   
Comment by Chad La Joie [ 03/Jan/11 ]
Support questions need to be sent to the user's list.




[SIDP-455] Better error message in case of ACS mismatch (metadata vs shire parameter) Created: 03/Jan/11  Updated: 05/Jan/11  Resolved: 03/Jan/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.1.5
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Olivier Salaün Assignee: Chad La Joie
Resolution: Invalid Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
That's a very common mistake and it always takes me some time to fix it, mainly because of the error messages. Therefore I thought it was worth sumitting a suggestion.

This happens whenever an SP admin publishes an ACS URL that differs from the one configured in his shibboleth2.xml.

The end user gets an error message that makes him think it's a web client configuration issue because the error message refers to cookies: "An error occurred while processing your request. Please contact your helpdesk or user ID office for assistance. This service requires cookies. Please ensure that they are enabled and try your going back to your desired resource and trying to login again. Use of your browser's back button may cause specific errors that can be resolved by going back to your desired resource and trying to login again." Since it's not a web client configuration issue, this error message should be changed.

I had a look at the idp-process log and here is here is the corresponding error message: "ERROR [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:397] - No return endpoint available for relying party https://conf-ng.jres.org"

This error message does not help that much to find out that there is a mismatch between the published ACS URL and the one provided via the shire parameter, along with the SAML request. I'd suggest fixing the error message and providing the value of the shire parameter in the error message.

BTW: why does the SP request includes a shire parameter if, in the end, the relyable information about the ACS is in the metadata?

Thanks.


 Comments   
Comment by Chad La Joie [ 03/Jan/11 ]
You're using the example error page. If you want different wording on it then change it. It's just an example (and should be changed anyways so that it looks like your site not a shibboleth page).

As to why the SP sends the ACS URL, in the spec it was meant to allow the SP to specifically say which endpoint it wanted the response sent to. For example, maybe the SP is aware that it is being load balanced and wants the response sent to the same SP instance that created the request. The IdP simply checks to make sure that the URL given by the SP is in the metadata (since that's the trusted source of information).
Comment by Olivier Salaün [ 03/Jan/11 ]
Thank you for detailing the rationale for passing the ACS URL to the IdP.

Regarding my suggestions:
 - it seems that you missed my second suggestion that is to improve the error message in the IdP log file
 - I know that I can customize error pages however, as a national federation operator, I hope to have this fixed upstream to prevent similar issues for IdP admins


Thank you
Comment by Olivier Salaün [ 05/Jan/11 ]
Given my last comment, could you please reopen this improvement ticket?

Thank you Chad.
Comment by Chad La Joie [ 05/Jan/11 ]
No. The error message says the right thing. If you want more details about why that's the case then you need to turn on debug logging. There are a number of reasons why you might get that error message, not just ACS URL mismatches.
Comment by Olivier Salaün [ 05/Jan/11 ]
It seems to me that you overestimate the skills of the IdP administrators: given this error message ("No return endpoint available for relying party"), it's hard to understand that the SP admin declared the wrong ACS URL.

Please consider adding another error message, whenever there is a mismatch between the ACS URL submitted and the one published in the metadata.
Comment by Scott Cantor [ 05/Jan/11 ]
The most critical issue is whether the specific cause is clear from the log (and not on DEBUG, that shouldn't be required for production use).

Users are not meant to be diagnosing errors, so what's on the actual page is immaterial. IdPs can easily catch that error message and tailor the response, since it always indicates a configuration or metadata condition that will require intervention to deal with.
Comment by Olivier Salaün [ 05/Jan/11 ]
I don't mean to make Shibboleth IdP understandable by end users, but this error messages insists on web browser configuration prerequisites (compared to other more technical error message). In the end, the end user may think that the issue is on her site, i mean some sort of cookies configuration.

In the curcomstances I refer to, I'd suggest either removing the "This service requires cookies..." part of the message or make it more clear that the end user needs to contact someone at his university.

Thank you.




[SIDP-453] Session inactivity timeout being treated as a hard expiration time Created: 21/Dec/10  Updated: 21/Dec/10  Resolved: 21/Dec/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Authentication
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Bug Priority: Minor
Reporter: Chad La Joie Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.5
Servlet Container: Jetty 7

 Description   
The IdP SessionManager and sweeper thread are improperly identifying when a session is expired. Currently they the expiration time is being determined via the formula creationDate + inactivityTimeout when it should be lastActivity + inactivityTimeout

 Comments   
Comment by Chad La Joie [ 21/Dec/10 ]
Fixed in rev 2972




[SIDP-452] Facilitate replay detection to Shibboleth SSO Created: 20/Dec/10  Updated: 11/Jan/11  Resolved: 11/Jan/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: SAML 1
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Improvement Priority: Minor
Reporter: Scott Cantor Assignee: Chad La Joie
Resolution: Completed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File decoder.patch    

 Description   
I have an improved ShibbolethSSODecoder that supports replay detection by "mocking" up a message ID by combining the time parameter with the Java container session ID (if any). If there's no session ID, it just behaves as before. The session isn't actually used as a session, but it's usually (always?) there, and it's a simple way to make the timestamp tracking unique by client without adding cookies. That would probably work, but this is simpler and avoids cookie hassles.

In conjunction with this, you also add:
    <security:Rule xsi:type="samlsec:Replay" required="false"/>
to the ShibbolethSSOSecurityPolicy rule set in relying-party.xml


 Comments   
Comment by Scott Cantor [ 20/Dec/10 ]
Updated patch, corrected comment.
Comment by Chad La Joie [ 11/Jan/11 ]
Added in rev 2979




[SIDP-450] NPE with AttributeQueryProfile when there are errors resolving attributes Created: 16/Dec/10  Updated: 21/Dec/10  Resolved: 21/Dec/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Attribute Resolution
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Bug Priority: Minor
Reporter: Bradley Schwoerer Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File AttributeQueryHandler.patch.txt    
Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Description   
When doing a /profile/SAMLX/SOAP/AttributeQuery for a user which results in an attributeresolver error it causes an NPE. It is an easy fix using the same logic flow as the SSOProfileHandler.


22:14:50.905 - [144.92.104.210|51ABCF58EC84F6684103D3E7FA6668DD] - ERROR [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:350] - Received the
following error from data connector udsLDAPfailover, no failover data connector available
edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException: No LDAP entry found for buckybadger
        at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector.resolve(LdapDataConnector.java:319) ~[shibboleth-common-1.2.1-WISC.jar:na]
        at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector.resolve(LdapDataConnector.java:49) ~[shibboleth-common-1.2.1-WISC.jar:na]
        at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.ContextualDataConnector.resolve(ContextualDataConnector.java:76) ~[shibboleth-common-1.2.1-WISC.j
ar:na]
        at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.ContextualDataConnector.resolve(ContextualDataConnector.java:30) ~[shibboleth-common-1.2.1-WISC.j
ar:na]
        at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.resolveDataConnector(ShibbolethAttributeResolver.java:345) [shibboleth-common-1.2.1
-WISC.jar:na]
        at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.resolveDataConnector(ShibbolethAttributeResolver.java:358) [shibboleth-common-1.2.1
-WISC.jar:na]
        at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.resolveDependencies(ShibbolethAttributeResolver.java:381) [shibboleth-common-1.2.1-
WISC.jar:na]
        at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.resolveAttribute(ShibbolethAttributeResolver.java:303) [shibboleth-common-1.2.1-WIS
C.jar:na]
        at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.resolveAttributes(ShibbolethAttributeResolver.java:257) [shibboleth-common-1.2.1-WI
SC.jar:na]
        at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.resolveAttributes(ShibbolethAttributeResolver.java:130) [shibboleth-common-1.2.1-WI
SC.jar:na]
        at edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority.getAttributes(ShibbolethSAML2AttributeAuthority.java:173) [shibboleth-common-1.2.1-WIS
C.jar:na]
        at edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority.getAttributes(ShibbolethSAML2AttributeAuthority.java:57) [shibboleth-common-1.2.1-WISC
.jar:na]
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler.resolveAttributes(AbstractSAML2ProfileHandler.java:460) [shibboleth-identityprovider-2.2.1-SNAPSHOT.
jar:na]
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.AttributeQueryProfileHandler.processRequest(AttributeQueryProfileHandler.java:115) [shibboleth-identityprovider-2.2.1-SNAPSHOT.j
ar:na]
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.AttributeQueryProfileHandler.processRequest(AttributeQueryProfileHandler.java:51) [shibboleth-identityprovider-2.2.1-SNAPSHOT.ja
r:na]
        at edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet.service(ProfileRequestDispatcherServlet.java:83) [shibboleth-common-1.2.1-WISC.jar:na]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) [servlet-api.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina.jar:6.0.29]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.29]
        at edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:81) [shibboleth-identityprovider-2.2.1-SNAPSHOT.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [catalina.jar:6.0.29]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.29]
        at edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:51) [shibboleth-common-1.2.1-WISC.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [catalina.jar:6.0.29]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.29]
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [catalina.jar:6.0.29]
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [catalina.jar:6.0.29]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [catalina.jar:6.0.29]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [catalina.jar:6.0.29]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [catalina.jar:6.0.29]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) [catalina.jar:6.0.29]
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) [tomcat-coyote.jar:6.0.29]
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291) [tomcat-coyote.jar:6.0.29]
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:774) [tomcat-coyote.jar:6.0.29]
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) [catalina.jar:6.0.29]
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) [tomcat-coyote.jar:6.0.29]
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291) [tomcat-coyote.jar:6.0.29]
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:774) [tomcat-coyote.jar:6.0.29]
        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703) [tomcat-coyote.jar:6.0.29]
        at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:896) [tomcat-coyote.jar:6.0.29]
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) [tomcat-coyote.jar:6.0.29]
        at java.lang.Thread.run(Thread.java:662) [na:1.6.0_22]
22:14:50.939 - [144.92.104.210|51ABCF58EC84F6684103D3E7FA6668DD] - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:464] - Error resolving attributes for principal 'buckybadger'. No name identifier or attribute statement will be included in response
22:14:50.941 - [144.92.104.210|51ABCF58EC84F6684103D3E7FA6668DD] - ERROR [edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet:88] - Error occurred while processing request
java.lang.NullPointerException: null
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.AttributeQueryProfileHandler.processRequest(AttributeQueryProfileHandler.java:116) ~[shibboleth-identityprovider-2.2.1-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.AttributeQueryProfileHandler.processRequest(AttributeQueryProfileHandler.java:51) ~[shibboleth-identityprovider-2.2.1-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet.service(ProfileRequestDispatcherServlet.java:83) ~[shibboleth-common-1.2.1-WISC.jar:na]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) [servlet-api.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina.jar:6.0.29]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.29]
        at edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:81) [shibboleth-identityprovider-2.2.1-SNAPSHOT.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [catalina.jar:6.0.29]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.29]
        at edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:51) [shibboleth-common-1.2.1-WISC.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [catalina.jar:6.0.29]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.29]
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [catalina.jar:6.0.29]
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [catalina.jar:6.0.29]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [catalina.jar:6.0.29]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [catalina.jar:6.0.29]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [catalina.jar:6.0.29]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) [catalina.jar:6.0.29]
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) [tomcat-coyote.jar:6.0.29]
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291) [tomcat-coyote.jar:6.0.29]
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:774) [tomcat-coyote.jar:6.0.29]
        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703) [tomcat-coyote.jar:6.0.29]
        at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:896) [tomcat-coyote.jar:6.0.29]
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) [tomcat-coyote.jar:6.0.29]
        at java.lang.Thread.run(Thread.java:662) [na:1.6.0_22]


 Comments   
Comment by Chad La Joie [ 21/Dec/10 ]
Fix in rev 2971




[SIDP-449] AttributeFilterPolicy AttributeRule for scoped Attribute not working Created: 15/Dec/10  Updated: 31/Jan/11  Resolved: 15/Dec/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Bug Priority: Major
Reporter: Robert Schlacher Assignee: Chad La Joie
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
Java Version: IBM 1.6
Servlet Container: Apache Tomcat 6.0

 Description   
After Upgrading my test environment from IDP verison 2.1.5 to 2.2.0, the following Filter rule isn't working anymore.
No Value for eduPersonScopedAffiliation is included in the Assertion.
The rule which is working in my production environment (2.1.5) and not in 2.2.0 is:

         <AttributeRule attributeID="eduPersonScopedAffiliation">
            <PermitValueRule xsi:type="basic:OR">
                <basic:Rule xsi:type="basic:AttributeValueString" value="student" ignoreCase="true" />
                <basic:Rule xsi:type="basic:AttributeValueString" value="staff" ignoreCase="true" />
                <basic:Rule xsi:type="basic:AttributeValueString" value="member" ignoreCase="true" />
                <basic:Rule xsi:type="basic:AttributeValueString" value="alum" ignoreCase="true"/>
            </PermitValueRule>
        </AttributeRule>

If i replace the PermitValueRule with
            <PermitValueRule xsi:type="basic:ANY" />
the attribute is in the Assertion.

The resolver definiton for eduPersonScopedAffiliation is:

    <resolver:AttributeDefinition id="eduPersonScopedAffiliation" xsi:type="Scoped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
        scope="tugraz.at" sourceAttributeID="eduPersonAffiliation">
        <resolver:Dependency ref="eduPersonAffiliation" />

        <resolver:AttributeEncoder xsi:type="SAML1ScopedString" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" />

        <resolver:AttributeEncoder xsi:type="SAML2ScopedString" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" />
    </resolver:AttributeDefinition>


 Comments   
Comment by Scott Cantor [ 31/Jan/11 ]
Closing resolved issues.




[SIDP-448] Create a login handler that provides authn "state" data to an external authentication system and has that system authenticate the user. Created: 15/Dec/10  Updated: 01/May/11  Resolved: 01/May/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Authentication
Affects Version/s: 2.2.1
Fix Version/s: 2.3.0

Type: Improvement Priority: Minor
Reporter: Bradley Schwoerer Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File SIDP-448.patch    

 Description   
The use case is to be able to support two additional things with RemoteUser authentication. The first is to allow for Relying Party specific extensions and the second is to support force authentication. IMHO, both can be supported by appending information onto the end of the request string. To support force authentication it would be to append something like /ForceAuthN at the end of the url, to look like https://login.wisc.edu/idp/Authn/RemoteUser/ForceAuthN. Likewise for Relying Party specific support it would be to append the Base64 url encoded string to the end like
https://login.wisc.edu/idp/Authn/RemoteUser/bXkud2lzY29uc2luLmVkdS9zaGliYm9sZXRo. In the situation that the relying party asked for force re-auth in the SAML token it would then result in https://login.wisc.edu/idp/Authn/RemoteUser/ForceAuthN/bXkud2lzY29uc2luLmVkdS9zaGliYm9sZXRo.

 Comments   
Comment by Bradley Schwoerer [ 15/Dec/10 ]
Configuration is something like ...
    <LoginHandler xsi:type="RemoteUser" protectedServletPath="/Authn/RemoteUser"
                  forceAuthenticationPath="/ForceAuthN" appendRelyingPartyId="true"
                  authenticationDuration="PT1M">
        <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod>
        <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</AuthenticationMethod>
    </LoginHandler>
Comment by Chad La Joie [ 15/Mar/11 ]
I think the approach I'm going to take here is to actually create a new login handler specifically meant to work with external authentication system. The login handler will redirect to a different URL.

The URL may be either absolute (so starting with 'http' or relative to the IdP context) and will append the following items as query params:
 - isPassive - no value, presence indicates this is a passive authentication request
 - forceAuthn - no value, presence indicates forced authentication is required
 - relyingParty - entity ID of the relying party
 - authnMethod - URI identifying the select authentication method
 - return - URL to which the external authentication system needs to return the user

The authentication system will then need to return the user principal's name and the authentication method used to authenticate the user.
Comment by Chad La Joie [ 20/Mar/11 ]
Added in rev 3002
Comment by Chad La Joie [ 26/Apr/11 ]
forgot to open Spring config elements for this
Comment by Chad La Joie [ 01/May/11 ]
finished in rev 3020

Change the login handler slightly to use HTTP request attributes instead of query params so that user's can't maliciously change them.




[SIDP-447] Fix for SIDP-417 missed RemoteUserLoginHandler Created: 15/Dec/10  Updated: 21/Dec/10  Resolved: 21/Dec/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Bug Priority: Minor
Reporter: Bradley Schwoerer Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File RemoteUserLoginHandler.patch    
Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Description   
The fix for SIDP-417 (rev 2966) missed the RemoteUserLoginHandler.

 Comments   
Comment by Chad La Joie [ 21/Dec/10 ]
Fixed in rev 2967




[SIDP-446] cuncurrent multi tab login Created: 13/Dec/10  Updated: 10/Feb/11  Resolved: 10/Feb/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Authentication
Affects Version/s: 2.2.0
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Petra Berg Assignee: Chad La Joie
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File alt-SIDP-446.patch     Text File alt-SIDP-446.v2.patch     File idp-2.2.0-multi_tab-patch.diff    

 Description   
Logging in from multiple browser tabs at same time fail.

Since the passing from one IdP module to the other is done by HTTP
redirect and the loginContextKey is stored in a cookie, for all requests
in the same session the cookie will be overwritten. One solution for
this problem could be passing the loginContextKey as parameter through
the modules including the login jsp page.
If done this way every login page, displayed in it's own browser tab has
it's own loginContextKey.

Next thing is refreshing a login-page, where the authentication finished
already in an other browser tab. In this case the loginContext need to
be reseted and the 'PreviousSession'- Handler need to be uses instead.

 Comments   
Comment by Petra Berg [ 13/Dec/10 ]
a patch resolving this problem in IdP 2.2.0 (java-idp tags/2.2.0) for UsernamePasswordLoginHandler
Comment by Bradley Schwoerer [ 15/Dec/10 ]
An alternate to the proposed fix that has been adjusted for 2.2.1-SNAPSHOT, but it does NOT include the new functionality proposed for reseting the flow.

So it just addresses moving the loginContextKey to a query parameter. UW-Madison is currently using this patch in production and it is working well.
Comment by Bradley Schwoerer [ 09/Jan/11 ]
fixed one line.

Fixed the issue that the loginContexKey is not always an attribute, like after a failed authentication attempt. It should always be a parameter though.
Comment by Chad La Joie [ 10/Feb/11 ]
This will not be addressed in the 2.x series. v3's method for handling per-"conversation" state will address this issue.




[SIDP-444] default attribute definitions for some attributes are missing the namespace qualifier in their xsi:type Created: 06/Dec/10  Updated: 21/Dec/10  Resolved: 21/Dec/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Attribute Resolution
Affects Version/s: 2.2.0
Fix Version/s: None

Type: Bug Priority: Trivial
Reporter: Vladimir Mencl Assignee: Chad La Joie
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File attribute-resolver-xsi-types.diff     File attribute-resolver-xsi-types-eptid.diff    
Java Version: Sun 1.6
Servlet Container: Apache Tomcat 5.5

 Description   
Hi,

This is just a trivial thing - I started installing a Shibboleth 2.2.0 IdP and as I was uncommenting the attribute definitions in attribute-resolver.xml, I got some XML parse errors for attributes that have not yet been converted to the new naming syntax: eduPersonScopedAffiliation, eduPersonAssirance and eduPersonTargetedId (plus the encoders for eduPersonAssurance). Looks like someone overlooked a block of text when manually converting the attribute definitions.

The following patch fixes the issue in the attribute resolver configuration file template:
{noformat}
--- ./shibboleth-identityprovider-2.2.0/src/installer/resources/conf-tmpl/attribute-resolver.xml.orig 2010-12-07 12:24:00.000000000 +1300
+++ ./shibboleth-identityprovider-2.2.0/src/installer/resources/conf-tmpl/attribute-resolver.xml 2010-12-07 12:25:54.000000000 +1300
@@ -232,19 +232,19 @@
         <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" />
     </resolver:AttributeDefinition>
 
- <resolver:AttributeDefinition xsi:type="Scoped" id="eduPersonScopedAffiliation" scope="$IDP_SCOPE$" sourceAttributeID="eduPersonAffiliation">
+ <resolver:AttributeDefinition xsi:type="ad:Scoped" id="eduPersonScopedAffiliation" scope="$IDP_SCOPE$" sourceAttributeID="eduPersonAffiliation">
         <resolver:Dependency ref="myLDAP" />
         <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" />
         <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" />
     </resolver:AttributeDefinition>
     
- <resolver:AttributeDefinition xsi:type="Simple" id="eduPersonAssurance" sourceAttributeID="eduPersonAssurance">
+ <resolver:AttributeDefinition xsi:type="ad:Simple" id="eduPersonAssurance" sourceAttributeID="eduPersonAssurance">
         <resolver:Dependency ref="myLDAP" />
- <resolver:AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonAssurance" />
- <resolver:AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" friendlyName="eduPersonAssurance" />
+ <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:eduPersonAssurance" />
+ <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" friendlyName="eduPersonAssurance" />
     </resolver:AttributeDefinition>
         
- <resolver:AttributeDefinition xsi:type="Scoped" id="eduPersonTargetedID.old" scope="$IDP_SCOPE$" sourceAttributeID="computedID">
+ <resolver:AttributeDefinition xsi:type="ad:Scoped" id="eduPersonTargetedID.old" scope="$IDP_SCOPE$" sourceAttributeID="computedID">
         <resolver:Dependency ref="computedID" />
         <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonTargetedID" />
     </resolver:AttributeDefinition>
{noformat}

This can also be easily found by searching for the following regexp: xsi:type="[A-Z]
.... unqualified types start with an uppercase letter, qualified types start with a lowercase letter.


Hope this helps - and can be fixed in next release.

Cheers,
Vladimir

--
Vladimir Mencl, Ph.D.
E-Research Services and Systems Consultant
BlueFern Computing Services
University of Canterbury
Private Bag 4800
Christchurch 8140
New Zealand

http://www.bluefern.canterbury.ac.nz
mailto:vladimir.mencl@canterbury.ac.nz
Phone: +64 3 364 3012
Mobile: +64 21 997 352



 Comments   
Comment by Vladimir Mencl [ 06/Dec/10 ]
The patch as an attachment - in case Confluence munches up the syntax.
Comment by Vladimir Mencl [ 07/Dec/10 ]
Hi,

Found one more copy-editing error in the default attribute-resolver template: the xsi:type for eduPersonTargetedId AttributeDefinition was: "enc:SAML2NameID" but should have been "ad:SAML2NameID"

Cheers,
Vladimir

{noformat}
--- ./shibboleth-identityprovider-2.2.0/src/installer/resources/conf-tmpl/attribute-resolver.xml.orig2 2010-12-07 13:02:09.000000000 +1300
+++ ./shibboleth-identityprovider-2.2.0/src/installer/resources/conf-tmpl/attribute-resolver.xml 2010-12-07 13:02:19.000000000 +1300
@@ -249,7 +249,7 @@
         <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonTargetedID" />
     </resolver:AttributeDefinition>
 
- <resolver:AttributeDefinition xsi:type="enc:SAML2NameID" id="eduPersonTargetedID"
+ <resolver:AttributeDefinition xsi:type="ad:SAML2NameID" id="eduPersonTargetedID"
                                   nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" sourceAttributeID="computedID">
         <resolver:Dependency ref="computedID" />
         <resolver:AttributeEncoder xsi:type="enc:SAML1XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" />
{noformat}
Comment by Chad La Joie [ 21/Dec/10 ]
Thanks for submitting this but Nate beat you to it. :)




[SIDP-443] Profile handlers override encoder nameQualifier setting Created: 06/Dec/10  Updated: 31/Jan/11  Resolved: 22/Dec/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: SAML 1, SAML 2
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Bug Priority: Minor
Reporter: Scott Cantor Assignee: Scott Cantor
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Jetty 7

 Description   
The string-based NameID encoders have a nameQualifier setting to override/control the NameQualifier attribute, but the abstract profile handler bases explicitly set that to the IdP name regardless of whether it's set by the encoder already. We could check for null in the profile handler bases to fix it.


 Comments   
Comment by Scott Cantor [ 22/Dec/10 ]
Fixed in rev 2974.
Comment by Scott Cantor [ 31/Jan/11 ]
Closing resolved issues.




[SIDP-442] IdPSession expiration during requests Created: 06/Dec/10  Updated: 21/Dec/10  Resolved: 21/Dec/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.2.0
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Bradley Schwoerer Assignee: Chad La Joie
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File IdPSessionBug.txt    
Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Description   
We are getting errors for users when their IdP sessions expire in the middle processing requests. Our IdP session timeout is set to 60 seconds. When they start an incoming request before the expiration and don't finish before the expiration we are getting errors in the attribute resolution or other places, mainly in the attribute resolution. It reports the principal as 'null'. Attached you will find an example of this where the the session was created around 22:07:02.221, and they returned for a new request at 22:08:01.540. At 22:08:02.533 when they are redirected to the profile handler they IdP session is expired and they no longer have a principal associated with this session.


 Comments   
Comment by Bradley Schwoerer [ 06/Dec/10 ]
We are using a modified version of 2.2.1-SNAPSHOT so the line numbers don't match. If you need me to reproduce with a vanilla version of 2.2.1-SNAPSHOT, I can do so.
Comment by Chad La Joie [ 21/Dec/10 ]
There isn't really anything that can be done if you set your session timeout lower than the length of time it takes to complete a transaction.




[SIDP-441] Add JSESSIONID and ClientIP to MDC Created: 06/Dec/10  Updated: 14/Mar/11  Resolved: 14/Mar/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.2.0
Fix Version/s: 2.3.0

Type: Improvement Priority: Trivial
Reporter: Bradley Schwoerer Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File sidp-441.patch.txt    

 Description   
Please add JSESSIONID and ClientIP to MDC to make it easier to correlate log lines.

 Comments   
Comment by Chad La Joie [ 14/Mar/11 ]
fixed in rev 2995




[SIDP-440] servlet-api-2.4.jar not installed when upgrading to 2.2.0 / aacli testing errors. Created: 29/Nov/10  Updated: 29/Nov/10  Resolved: 29/Nov/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Build
Affects Version/s: 2.2.0
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: Benji Wakely Assignee: Chad La Joie
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.5
Servlet Container: Apache Tomcat 6.0

 Description   
I have run across a bug, the same as detailed at:
http://comments.gmane.org/gmane.comp.web.shibboleth.user/14878

...There didn't seem to be a bug filed yet, so I've filed this.

I had an installed version of the shibboleth IdP, version 2.1.5.
Upgraded to 2.2.0 using the source at
http://shibboleth.internet2.edu/downloads/shibboleth/idp/2.2.0/shibboleth-identityprovider-2.2.0-bin.zip

Testing retrieval of attributes using aacli.sh failed with error:
Exception in thread "main" org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.HandlerManager': Initialization of bean failed; nested exception is java.lang.NoClassDefFoundError: javax/servlet/ServletRequest

As per Chad La Joie's suggestion, the workaround to this is to simply place servlet-api.2.4.jar into the /opt/shibboleth-idp/lib directory

--Benji Wakely
Unix Systems Administrator,
La Trobe University, Melbourne, Australia

 Comments   
Comment by Chad La Joie [ 29/Nov/10 ]
Duplicate of SIDP-422




[SIDP-438] Improve user experience when switching versions of SAML Created: 23/Nov/10  Updated: 11/Jan/11  Resolved: 11/Jan/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: SAML 1, SAML 2
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Improvement Priority: Minor
Reporter: Karsten Huneycutt Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File classcast.diff    

 Description   
When a user begins an authentication transaction but abandons it without completing it and starts another authentication transaction using the same version of SAML, the second authentication transaction can be completed successfully. However, when the second transaction is using a different version of SAML, the user gets an error page and is not allowed to log in. The logs show a ClassCastException, because the profile handlers are assuming that the LoginContext returned will always be of the type appropriate for that version of SAML and are not checking before casting. This is a regression in user experience from previous versions of the IdP (at least from version 2.1.2).

We have users who set Shibboleth-protected sites (the actual end site) as their browser's homepage, and they experience this when they attempt to start a new window/tab and log into a site that uses a different version of SAML.

I've attached a patch to revert the behavior of the IdP by checking (using instanceof) the LoginContext returned.

 Comments   
Comment by Chad La Joie [ 11/Jan/11 ]
fixed in rev 2980




[SIDP-437] NPE when loading metadata via HTTPS Created: 19/Nov/10  Updated: 19/Nov/10  Resolved: 19/Nov/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.2.0
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: Paul Engle Assignee: Chad La Joie
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File idp-process.log    
Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Description   

I have the following metadata provider defined in relying-party.xml

<metadata:MetadataProvider id="LearnFedMD" xsi:type="metadata:FileBackedHTTPMetadataProvider"
metadataURL="https://eco.tx-learn.net/downloads/LEARNfed-metadata.xml"
backingFile="/usr/site/shibboleth_idp/metadata/LEARNfed-metadata.xml" />

As is, the configuration generates a null pointer exception. I'll attach the full, trace-level idp-process.log.
I have a relatively easy workaround by just putting disregardSslCertificate="true" in the definition, but I thought you'd want a report of the NPE nonetheless. The certificate provided is perfectly kosher, and the same definition caused no problems under 2.1.5 using the same container & JRE.

 Comments   
Comment by Paul Engle [ 19/Nov/10 ]
Here's the full log with stack trace.
Comment by Chad La Joie [ 19/Nov/10 ]
Duplicate of SC-120




[SIDP-436] Null AuthnContextClassRef causes NPE Created: 17/Nov/10  Updated: 21/Dec/10  Resolved: 21/Dec/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: SAML 2
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Bug Priority: Minor
Reporter: James Bardin Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.5
Servlet Container: Apache Tomcat 5.0

 Description   
A NullPointerException is thrown after receiving a message with a RequestedAuthnContext containing an empty AuthnContextClassRef (from a misconfigured SAML2 SP).

<?xml version="1.0" encoding="UTF-8"?><saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://example.com/navpage.do" ForceAuthn="false"
 ID="5B428E390A0A3CAA013029B7E66B58D4" IsPassive="false" IssueInstant="2010-11-17T19:14:37.263Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ProviderName="undefined" Version="2.0">
   <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://example.com&lt;/saml2:Issuer>
   <saml2p:NameIDPolicy AllowCreate="true"/>
   <saml2p:RequestedAuthnContext Comparison="exact">
      <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"/>
   </saml2p:RequestedAuthnContext>
</saml2p:AuthnRequest>


This may have contributed to tomcat crashing from an out of memory error (only time that happened was after many of these requests).

 Comments   
Comment by Scott Cantor [ 17/Nov/10 ]
You should also report the bug to whoever's SP that is, since that's invalid SAML (which is why it's crashing the IdP).
Comment by Chad La Joie [ 21/Dec/10 ]
Fix in rev 2970




[SIDP-435] Different principal used for index into session storage and transient ID Created: 16/Nov/10  Updated: 08/Jan/11  Resolved: 08/Jan/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Attribute Resolution, Authentication
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Bug Priority: Minor
Reporter: Karsten Huneycutt Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: JBoss 5.0 Tomcat

 Description   
At authentication time, the IdP AuthnEngine inserts a second pointer from the user's principal name to the user's session object. It does this based on: authnMethodInfo.getAuthenticationPrincipal().getName(). Everywhere else in the IdP, however, the Session's getPrincipalName() (or RequestContext's, which is set from the Session) method is used, which can return a different name (and does in our environment).

This will cause any AttributeQuery profiles to fail.

A simple fix is to index using the Session getPrincipalName() method:


--- src/main/java/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java (revision 2966)
+++ src/main/java/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java (working copy)
@@ -698,7 +698,7 @@
 
         loginContext.setAuthenticationMethodInformation(authnMethodInfo);
         idpSession.getAuthenticationMethods().put(authnMethodInfo.getAuthenticationMethod(), authnMethodInfo);
- sessionManager.indexSession(idpSession, authnMethodInfo.getAuthenticationPrincipal().getName());
+ sessionManager.indexSession(idpSession, idpSession.getPrincipalName());
 
         ServiceInformation serviceInfo = new ServiceInformationImpl(loginContext.getRelyingPartyId(), new DateTime(),
                 authnMethodInfo);


 Comments   
Comment by Chad La Joie [ 08/Jan/11 ]
Fixed in rev 2976




[SIDP-434] More Typos in Default attribute-resolver.xml Created: 09/Nov/10  Updated: 10/Nov/10  Resolved: 10/Nov/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Attribute Resolution
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Bug Priority: Minor
Reporter: Nate Klingenstein Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Description   
More errors in default java-idp/tags/2.2.0/src/installer/resources/conf-tmpl/attribute-resolver.xml:

eduPersonScopeAffiliation, eduPersonAssurance, and eduPersonTargetedID.old's xsi:type have no namespace declared; should be ad:.
eduPersonAssurance's AttributeEncoders' xsi:type have no namespace defined; should be enc:.

    <resolver:AttributeDefinition xsi:type="Scoped" id="eduPersonScopedAffiliation" scope="$IDP_SCOPE$" sourceAttributeID="eduPersonAffiliation">
        <resolver:Dependency ref="myLDAP" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" />
    </resolver:AttributeDefinition>
    
    <resolver:AttributeDefinition xsi:type="Simple" id="eduPersonAssurance" sourceAttributeID="eduPersonAssurance">
        <resolver:Dependency ref="myLDAP" />
        <resolver:AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonAssurance" />
        <resolver:AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" friendlyName="eduPersonAssurance" />
    </resolver:AttributeDefinition>
        
    <resolver:AttributeDefinition xsi:type="Scoped" id="eduPersonTargetedID.old" scope="$IDP_SCOPE$" sourceAttributeID="computedID">
        <resolver:Dependency ref="computedID" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonTargetedID" />
    </resolver:AttributeDefinition>

20:14:08.856 - ERROR [edu.internet2.middleware.shibboleth.common.config.BaseService:187] - Configuration was not loaded for shibboleth.AttributeResolver service, error creating components. The root cause of this error was: org.xml.sax.SAXParseException: cvc-elt.4.2: Cannot resolve 'enc:SAML2NameID' to a type definition for element 'resolver:AttributeDefinition'.

enc:SAML2NameID should be ad:SAML2NameID

    <resolver:AttributeDefinition xsi:type="enc:SAML2NameID" id="eduPersonTargetedID"
                                  nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" sourceAttributeID="computedID">
        <resolver:Dependency ref="computedID" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" friendlyName="eduPersonTargetedID" />
    </resolver:AttributeDefinition>

 Comments   
Comment by Chad La Joie [ 10/Nov/10 ]
fixed in rev 2964




[SIDP-433] Update libs for 2.2.1 Created: 09/Nov/10  Updated: 08/Jan/11  Resolved: 08/Jan/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Build
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Task Priority: Minor
Reporter: Chad La Joie Assignee: Chad La Joie
Resolution: Completed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
shib-common 1.2.0 -> 1.2.1




[SIDP-432] Set explicit caching headers on redirects Created: 09/Nov/10  Updated: 21/Dec/10  Resolved: 21/Dec/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Authentication
Affects Version/s: 2.1.3
Fix Version/s: 2.2.1

Type: Improvement Priority: Minor
Reporter: Christopher Bongaarts Assignee: Chad La Joie
Resolution: Completed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
We have had a user complain that he got "Shibboleth Error - An error has occurred while processing your request. - Please login through the original link if you are attempting to use a bookmark." when using Opera 10.

IdP logs showed this error:
[edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:148] - No login context available, unable to return to authentication engine

We are using the RemoteUser LoginHandler. My suspicion is that this is running afoul of Opera 10's aggressive redirect caching (see http://stevesouders.com/tests/redirects/results.php for a table) causing the user's login session to get dropped (perhaps by not getting the _idp_authn_lc_key cookie set during the redirect from the SSO endpoint).

If my understanding of the problem is correct, the IdP could work around the problem by setting Expires: or Cache-Control: headers on the HTTP response containing the redirect to /idp/Authn/RemoteUser.


 Comments   
Comment by Christopher Bongaarts [ 09/Nov/10 ]
Forgot to mention that the user said it was "working fine yesterday", hence the idea that the redirect caching is the culprit - the first login works fine; it is only later on when Opera begins relying on the cached redirect instead of actually requesting the SSO endpoint from the IdP.
Comment by Chad La Joie [ 21/Dec/10 ]
Add in rev 2968




[SIDP-431] Typo in default attribute-resolver.xml Created: 09/Nov/10  Updated: 09/Nov/10  Resolved: 09/Nov/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Attribute Resolution
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Bug Priority: Major
Reporter: Nate Klingenstein Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Description   
http://svn.middleware.georgetown.edu/view/java-idp/tags/2.2.0/src/installer/resources/conf-tmpl/attribute-resolver.xml?view=markup

        <resolver:AttributeEncoder xsi:type="enc:SAML2String"name="urn:oid:0.9.2342.19200300.100.1.20" friendlyName="homePhone" />


 Comments   
Comment by Chad La Joie [ 09/Nov/10 ]
Fixed in rev 2961

Next time, please actually state the typo.




[SIDP-429] Limit metadata SP credential resolution for encryption to RSA keys only Created: 02/Nov/10  Updated: 17/May/11  Resolved: 15/Apr/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: SAML 2
Affects Version/s: 2.2.0
Fix Version/s: 2.3.0

Type: Bug Priority: Minor
Reporter: Brent Putman Assignee: Brent Putman
Resolution: Completed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Jetty 7

 Description   
An SP's entity descriptor may for example have an EC key or (erroneously) a DSA key flagged for effective use = "encryption". Currently the IdP picks the "first" encryption key and doesn't filter these out. Should add an additional credential criteria to require only RSA keys to be resolved, since that is realistically the only algorithm supported. (This will be replaced by the more general algorithm whitelist/blacklist mechanism in 3.x).

 Comments   
Comment by Brent Putman [ 03/Feb/11 ]
Fixed in r2985. I'll leave open pending testing confirmation that it doesn't break something.
Comment by Brent Putman [ 15/Apr/11 ]
I've tested against an IdP snapshot and confirmed that this doesn't seem to break anything. Resolving.




[SIDP-428] Address lifecycle issues around use of MetadataCredentialResolverFactory Created: 21/Oct/10  Updated: 25/Oct/10  Resolved: 25/Oct/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: SAML 1, SAML 2
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Bug Priority: Minor
Reporter: Brent Putman Assignee: Brent Putman
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.5
Servlet Container: Jetty 7

 Description   
There are issues to consider around use of the factory and the lifecycle of the output instances of the factory (MetadataCredentialResolver). These are related to the use of WeakReferences in the factory impl to avoid memory leaks. These issues are documented in the superclass of the factory:

http://svn.middleware.georgetown.edu/view/java-xmltooling/branches/REL_1/src/main/java/org/opensaml/xml/util/AbstractWrappedSingletonFactory.java?revision=564&view=markup

We should probably either:
1) cache a long-lived reference to the obtained resolver instance (i.e. a strong reference) inside the profile handler (easiest)
2) implement the explicit release mechanism, perhaps by using a finalize() method in the profile handlers

 Comments   
Comment by Brent Putman [ 25/Oct/10 ]
Fixed in r2960.




[SIDP-427] Incorrect handling of returned authn error in SSO profile handlers Created: 19/Oct/10  Updated: 10/Nov/10  Resolved: 10/Nov/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: SAML 1, SAML 2
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Bug Priority: Major
Reporter: Scott Cantor Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Jetty 7

 Description   
I think there's a bug in the conditionals that run in the processRequest method in the SAML 1 and 2 SSO profile handlers. They use the LoginContext.isPrincipalAuthenticated() method to determine whether to treat the request as the "first" or "second" leg, but this breaks if the LoginHandler returns to the profile handler with an error rather than authenticating the user.

The code in both the protocol versions looks like this:

        if (loginContext == null) {
            log.debug("Incoming request does not contain a login context, processing as first leg of request");
            performAuthentication(inTransport, outTransport);
        }else if(!loginContext.isPrincipalAuthenticated()){
            log.debug("Incoming request contained a login context but principal was not authenticated, processing as first leg of request");
            performAuthentication(inTransport, outTransport);
        } else {
            log.debug("Incoming request contains a login context, processing as second leg of request");
            HttpServletHelper.unbindLoginContext(getStorageService(), servletContext, httpRequest, httpResponse);
            completeAuthenticationRequest(loginContext, inTransport, outTransport);
        }

When there's a failure in the LoginHandler, it returns control to the profile handler, but with a login context in place, and the middle branch runs instead of the last branch. That fails because the request URL no longer has the SAML request content. It's supposed to fall into the last branch where it would look for a login error inside completeAuthenticationRequest, but it never gets a chance.

I'm not 100% certain what the fix is yet. Maybe the presence of a login context is sufficient to send it to the second leg? Or it needs to check for the error case explicitly as well as using isPrincipalAuthenticated().

 Comments   
Comment by Scott Cantor [ 19/Oct/10 ]
Likely fix: change the middle condition to:

} else if (!loginContext.isPrincipalAuthenticated() && loginContext.getAuthenticationFailure() == null) {

When I do that, it correctly propagates the SAML failure status back to the SP.
Comment by Chad La Joie [ 10/Nov/10 ]
Fixed in rev 2965




[SIDP-426] Forced authentication does not reset the AuthnInstant Created: 09/Oct/10  Updated: 31/Jan/11  Resolved: 22/Dec/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Authentication
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Bug Priority: Minor
Reporter: Scott Cantor Assignee: Scott Cantor
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File patch.txt    
Java Version: Sun 1.6
Servlet Container: Jetty 7

 Description   
The time of authentication is tracked by an Info structure that's only created when an existing Info structure for a given method isn't already present in a user's session. So if forceAuthn is used before the previous authentication has expired, the time won't get reset.


 Comments   
Comment by Scott Cantor [ 09/Oct/10 ]
The patch fixes the issue by passing a new timestamp into the method that creates the Info structure when forceAuthn is used, and ensures that a new structure gets created if the timestamp is supplied.

It includes a separate trivial enhancement to let the LoginHandler override the AuthnInstant along with the method.
Comment by Scott Cantor [ 22/Dec/10 ]
Fixed in rev 2973.
Comment by Scott Cantor [ 31/Jan/11 ]
Closing resolved issues.




[SIDP-425] TCNonPortableObjectError when artifacts are used Created: 08/Oct/10  Updated: 08/Jan/11  Resolved: 08/Jan/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Adam Lantos Assignee: Chad La Joie
Resolution: Invalid Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File 0001-Convert-logger-to-local-variable.patch     File 0001-Fix-NonPortableObjectError-in-artifact-maps.patch    
Java Version: Sun 1.6
Servlet Container: Jetty 7

 Description   
Latest released version causes TCNonPortableObjectError when artifacts are used. This issue also affects the 2.2 IdP release.

Referring class : org.opensaml.common.binding.artifact.BasicSAMLArtifactMapEntry
Referring field : org.opensaml.common.binding.artifact.BasicSAMLArtifactMapEntry.log
Non-portable field name: org.opensaml.common.binding.artifact.BasicSAMLArtifactMapEntry.log
Thread : TP-Processor9
JVM ID : VM(9)
Non-included class : ch.qos.logback.classic.Logger

Terracotta tries to cluster the non-transient instance field "log", which is not included in the bootstrap jar.

 Comments   
Comment by Adam Lantos [ 08/Oct/10 ]
Working patch.
Comment by Brent Putman [ 08/Oct/10 ]
I looked into this in detail. There are trade-offs associated with declaring SLF4J Loggers as static vs instance variables:

http://www.slf4j.org/faq.html#declared_static

and also the Apache Commons docs linked from there:

http://wiki.apache.org/jakarta-commons/Logging/StaticLog

The general consensus is that it is bad to use static loggers in library code (as opposed to stand-alone application code) for classes that are instantiated (i.e. not helper classes with only static methods, etc).

I double-checked the OpenSAML stack and with one minor exception (which should probably be fixed), we have adhered to this convention. Only helper classes with static methods use static loggers. So I think it would be unwise to fix this by modifying the map entry class.

Also, fixing it here in this one class doesn't really fix it for the "next time". There may be other classes that will be used in Terracotta that have instance Loggers. That is in fact the norm for instantiated classes, as stated above. So this is the fundamental problem to fix.

The fix for this really should be to instrument the class in Terracotta via an additional <include> section for class ch.qos.logback.classic.Logger.

I'm going to move this to the IdP project to be tracked there. Once Adam or someone with a Terracotta environment can test and confirm, we can update the wiki example tc-config.xml.
Comment by Adam Lantos [ 09/Oct/10 ]
The library problem would only occur, if the class in question would be loaded in a shared classloader (eg. an http library in the application server code). As far as the library is only used by web applications, each application will have "their own" class logger.

Secondly, I don't think it's a good idea to share logger instances between nodes. They are referring to their parent logger and attached appenders, which will hold file handles, and so on.
Comment by Brent Putman [ 09/Oct/10 ]
As to your first point: we don't make any assumptions in OpenSAML as to how the library will be used. It might be deployed in a shared classloader or whatever. So instance Loggers are the way to go. As I said, all of our other classes are written that way, I believe consciously so, and we're not going to change it now, especially if the sole reason is Terracotta. As a practical matter, this is the last release of 2.x, and in the 3.x I believe it's pretty much decided that we will not be using Terracotta, or at least advocating as the "primary" clustering solution.

As to your second point: yes, there might be a problem there with distributing the Logger instance across nodes. Not sure, and I don't have any way to test, but makes sense that there could be. (I note we *are* distributing org.apache.commons.logging.impl.SLF4JLocationAwareLog, so I wonder if there is a similar issue there. It's possible no one has gone done a code path where the logger gets used).

Since we staying with instance Loggers, the solution there is the one that Terracotta provides just for cases like this: in tc-config.xml you should 1) declare the field transient (in the Terracotta sense, not the Java serialization sense) and 2) declare an on-load bean shell hook to re-populate the field. There's even an example of #2 for the logger case in the TC wiki:

http://www.terracotta.org/confluence/display/docs/Concept+and+Architecture+Guide#ConceptandArchitectureGuide-onload

That's the solution for the general case. For this particular class logger, you don't need to actually do that b/c the logger is only used in the readObject/writeObject methods and those check for null and re-instantiate anyway. So if you just declare the field transient in tc-config.xml, that should take care of it.

If you have an opportunity to test that, it would be greatly appreciated.
Comment by Adam Lantos [ 09/Oct/10 ]
and what about loggers in static helper classes?
Comment by Brent Putman [ 09/Oct/10 ]
Fair point, static helper classes in OpenSAML should probably be refactored to use local Loggers in each method that logs, and not declare upfront a static Logger. There's not that many of them.
Comment by Adam Lantos [ 09/Oct/10 ]
Just to be on the safe side, we could convert the ArtifactMapEntry logger local, too. I feel it's still better handling it in the code than doing the on-load trick.

I'll test it out on monday.
Comment by Adam Lantos [ 11/Oct/10 ]
Use local loggers instead of instance variable.
Comment by Brent Putman [ 14/Oct/10 ]
Well, note you don't need to do the on-load for this class. It already coincidentally uses lazy instantiation. So it only needs to be marked transient in Terracotta.

I really don't like the idea of changing this one (library) class to meet the assumed needs of Terracotta. It sets a bad precedent. It is only by sheer coincidence that none of the other classes that are instrumented have Loggers or other instance data that is inappropriate to share across nodes (and we're not even sure that Loggers are in fact un-shareable - it depends on the impl of the Loggers. I note that slf4j Loggers are by design Serializable, and that implies that they may in fact not hold references to things that are node specific. Maybe they look them up dynamically each time).

Actually that's not quite true, since we are sharing org.apache.commons.logging.impl.SLF4JLocationAwareLog, and that's very likely suspect, if not wrong. That's used I am sure in a non-OpenSAML class that we can't change and the (only) solution there would be the same - declare it transient and use the on-load to recreate on the other nodes.

We're only having this discussion b/c it's a class in OpenSAML. If it were in a library we didn't control, we wouldn't even have the option.

Terracotta provides mechanisms specifically to deal with these and other situations. IMHO they are not hacks and we shouldn't be afraid to make use of them where needed.

Comment by Adam Lantos [ 15/Oct/10 ]
The following tc-config.xml snippet does the job:

  <transient-fields>
    <field-name>org.opensaml.common.binding.artifact.BasicSAMLArtifactMapEntry.log</field-name>
  </transient-fields>

...still don't like it, but I can live with that :)
Comment by Chad La Joie [ 08/Jan/11 ]
Posted tc-config.xml updated with necessary information to address this issue




[SIDP-424] Artifact clustering is broken Created: 08/Oct/10  Updated: 10/Jan/11  Resolved: 10/Jan/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Adam Lantos Assignee: Chad La Joie
Resolution: Completed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File 0002-Change-SAMLObject-marshal-unmarshal-behavior.patch    
Java Version: Sun 1.6
Servlet Container: Jetty 7

 Description   
With the changes introduced in the 2.4.0 version, BasicArtifactMapEntry no longer works in a clustered environment.

When put() and get() happens on separate nodes, the transient message field is dropped by the clustering code, so the getMessage() method will eventually end up returning null (since Terracotta doesn't call the writeObject/readObject pair).


 Comments   
Comment by Brent Putman [ 08/Oct/10 ]
We need to confirm what's actually happening. I'm not terribly familiar with Terracotta, but the docs say that it shouldn't be dropping transient fields by default:

http://www.terracotta.org/confluence/display/docs/Concept+and+Architecture+Guide#ConceptandArchitectureGuide-transience

"Although Terracotta transience and Java transience are similar, by default, Terracotta does not skip fields that are marked with the Java transient modifier when sharing an object. This is because Java serialization and Terracotta sharing are significantly different, and just because a field should not be serialized does not mean Terracotta should not share it."

There are options to override that and say "honor transient". Are we doing that in our TC config for the IdP ? If so, we should probably disable for that override for this instrumented class.

I'll look into this some more.

In any event, the current transient and serialization behavior of the BasicArtifactMapEntry is correct (given that XMLObject is currently not Serializable) and and I doubt this issue should be logged here against java-opensaml2. Sounds like we should probably move this to java-idp and get the TC config example files fixed up.
Comment by Brent Putman [ 08/Oct/10 ]
To answer my own question: the example instrumentation from the wiki for this class is saying to honor-transient.

https://spaces.internet2.edu/download/attachments/11926/tc-config.xml?version=6

<include>
<class-expression>
org.opensaml.common.binding.artifact.BasicSAMLArtifactMapEntry
</class-expression>
<honor-transient>true</honor-transient>
</include>



In fact, all the instrumented classes say this. Is this just due to cut-and-paste of an initial example? Or is there some reasoning behind all of this? I doubt we have a lot of transient fields, but IMHO the TC default of not honoring transient is correct for the general case.

It think the solution is to remove the honor-transient flag for this class.

I'm going to move this issue to the IdP project.
Comment by Brent Putman [ 08/Oct/10 ]
Did a quick search. This field in BasicSAMLArtifactMapEntry is in fact the only transient field we have in the entire OpenSAML and IdP Java codebase.

So IMHO declaring honor-transient=true on everything in the tc-config.xml seems a little excessive - from a minimalism perspective. Esp. since that would seem to not be the default right thing to do for the general case.
Comment by Adam Lantos [ 09/Oct/10 ]
From a minimalism perspective, I think it would be nicer to keep the old behavior and serialize the artifact into String upon ArtifactMapEntry creation, and parse when needed (with the addition of a transient SAMLObject "cache" reference, so parsing would only be occuring after serialization / clustering).
Comment by Brent Putman [ 09/Oct/10 ]
Well, the reason the old code was changed was:

1) it was inefficiently and unnecessarily serializing the SAMLObject always, even when the object wasn't going to be serialized (and in the IdP it's not, it's just stored in a Map-based StorageService impl). Serializing the DOM is expensive (relatively). Unnecessarily doing it is IMHO non-minimalist.
2) it was doing it outside the class as a pre- and post-processing step, violating the contract of the Serializable interface, and thereby unnecessarily coupling the map entry impl to the map itself

I'm definitely not reverting back to #2, that was just wrong. I'd really prefer not to revert back to #1. Automatic (and unnecessary) serialization could be done in the constructor, as you say. I'd personally prefer to avoid that if possible. Your comment did make me realize that making the SAMLObject field non-transient (in the Terracotta sense) would mean SAMLObject and other classes in its object graph would have to be declared in tc-config.xml. I don't necessarily think that's a problem, just more config declarations to make. Practically we'd need to see how that would work.

I'll think about this one some more, and Chad may want to chime in

In general, I'd say my philosophy is "don't adjust a library to fit Terracotta, adjust Terracotta to fit the library", especially where TC gives you the tools to do so.
Comment by Adam Lantos [ 11/Oct/10 ]
SAMLObject has 340 subtypes in OpenSAML-J and Shibboleth-Common projects, and some of them are also referring to the signature representations, so the class hierarchy to instrument is huge :(
Comment by Adam Lantos [ 11/Oct/10 ]
This patch applies on 0001-Convert-logger-to-local-variable.patch attached to SIDP-425, and is mildly load-tested in a clustered environment.
Comment by Brent Putman [ 14/Oct/10 ]
One wouldn't need to declare 340 subtypes of SAMLObject like that, just declare a common superclass or interface. I'm not a TC expert, but either 1) that works, or else 2) much of the existing TC config is also wrong, since that's how some of the other type hierarchies are being handled.

Based on my read of the TC docs, another option is to use wildcards. We (and I mean probably Chad, who I believe created the initial tc-config.xml, which has been amended by others) are explicitly enumerating each individual class, but that's not the only way to do.

There are other non-XMLObject clases used in the XMLObject object graphs that would also have to be instrumented, notably Apache xmlsec classes, W3C DOM classes and some types like DateTime and XSBooleanValue and such. The "correct" way IMHO to handle these in Terracotta world would be to just instrument them. As I said in the other thread, the only reason for this discussion is because we control this particular library. If this issue came up with respect to another library, there wouldn't be any choice in the matter.

Like I said before, this is a library (not standalone app code) and I'm philosophically opposed to adjusting it in a significant way to fit TC, esp. since we are almost certainly going to be moving away from it as the primary, recommended clustering solution for the IdP.

I don't want to unconditionally serialize the map entry, as you do in your patch. That was one of the things wrong in the old code. I would not be opposed however to having a "pre-serialization" option for the SAMLObject message in the artifact map entry factory mechanism, either a flag or a specialized factory subclass. That way, if someone wants to pre-serialize the SAMLObject and avoid doing a lot of TC config, they can do so. I'll do a little work on that, should be pretty simple.
Comment by Brent Putman [ 14/Oct/10 ]
I added this support in the factory, see JOST-137.

To enable in the IdP, in the internal.xml, you'd just inject the factory explicitly into the artifact map (rather than relying on the default), setting the new serialize flag to true.

If you have an opportunity to test in Terracotta, it would certainly be appreciated.
Comment by Adam Lantos [ 15/Oct/10 ]
Thanks, it's working fine with the explicit BasicArtifactMapEntryFactory configuration (serializeMessage=true).
Comment by Chad La Joie [ 10/Jan/11 ]
Necessary internal.xml changes have been documented in the wiki
https://spaces.internet2.edu/display/SHIB2/IdPCluster




[SIDP-422] aacli.sh Exception in thread "main" Created: 05/Oct/10  Updated: 21/Dec/10  Resolved: 21/Dec/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.2.0
Fix Version/s: 2.2.0

Type: Bug Priority: Minor
Reporter: kevin foote Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Description   
running aacli to test filters etc.. results in

Exception in thread "main" org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.HandlerManager': Initialization of bean failed; nested exception is java.lang.NoClassDefFoundError: javax/servlet/ServletRequest....

 Comments   
Comment by kevin foote [ 05/Oct/10 ]
Full Stack dump..

Exception in thread "main" org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.HandlerManager': Initialization of bean failed; nested exception is java.lang.NoClassDefFoundError: javax/servlet/ServletRequest
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:480)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
        at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429)
        at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:728)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:380)
        at edu.internet2.middleware.shibboleth.common.attribute.AttributeAuthorityCLI.loadConfigurations(AttributeAuthorityCLI.java:180)
        at edu.internet2.middleware.shibboleth.common.attribute.AttributeAuthorityCLI.main(AttributeAuthorityCLI.java:90)
Caused by: java.lang.NoClassDefFoundError: javax/servlet/ServletRequest
        at java.lang.Class.getDeclaredMethods0(Native Method)
        at java.lang.Class.privateGetDeclaredMethods(Class.java:2427)
        at java.lang.Class.getDeclaredMethods(Class.java:1791)
        at java.beans.Introspector$1.run(Introspector.java:1287)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.beans.Introspector.getPublicDeclaredMethods(Introspector.java:1285)
        at java.beans.Introspector.getTargetMethodInfo(Introspector.java:1151)
        at java.beans.Introspector.getBeanInfo(Introspector.java:402)
        at java.beans.Introspector.getBeanInfo(Introspector.java:168)
        at org.springframework.beans.CachedIntrospectionResults.<init>(CachedIntrospectionResults.java:220)
        at org.springframework.beans.CachedIntrospectionResults.forClass(CachedIntrospectionResults.java:144)
        at org.springframework.beans.BeanWrapperImpl.getCachedIntrospectionResults(BeanWrapperImpl.java:252)
        at org.springframework.beans.BeanWrapperImpl.getPropertyDescriptorInternal(BeanWrapperImpl.java:282)
        at org.springframework.beans.BeanWrapperImpl.isWritableProperty(BeanWrapperImpl.java:333)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1247)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
        ... 13 more
Caused by: java.lang.ClassNotFoundException: javax.servlet.ServletRequest
        at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
        ... 30 more
Comment by kevin foote [ 05/Oct/10 ]
gmane link to shibboleth-users thread

http://thread.gmane.org/gmane.comp.web.shibboleth.user/14878
Comment by Chad La Joie [ 21/Dec/10 ]
fixed in rev 2969




[SIDP-421] Error logging SOAP queries Created: 04/Oct/10  Updated: 04/Oct/10  Resolved: 04/Oct/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: SAML 2
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Bug Priority: Minor
Reporter: Scott Cantor Assignee: Brent Putman
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.5
Servlet Container: Jetty 7

 Description   
The SAML2 attribute query handler logs the reference to the SOAP envelope instead of the actual message:

14:20:58.359 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AttributeQueryProfileHandler:174] -
Decoded request from relying party 'org.opensaml.ws.soap.soap11.impl.EnvelopeImpl@1be87a0'

May affect other profile handlers as well.

 Comments   
Comment by Brent Putman [ 04/Oct/10 ]
From looking at the other handlers, I think the intention was to log the entity ID of the protocol message issuer, not the actual SOAP message. There's already code for the latter in the decoders themselves.

Fixed in r2958.
Comment by Scott Cantor [ 04/Oct/10 ]
I actually noted the problem when I turned up logging to DEBUG on the logging category labeled for "dumping protocol messages". Not sure if that means you're right or wrong...
Comment by Brent Putman [ 04/Oct/10 ]
Hmm, OK, but are you sure that's what caused it to happen? The category name (or whatever slf4j calls it) for the logger in question is just the class name:

private static Logger log = LoggerFactory.getLogger(AttributeQueryProfileHandler.class);

and that jibes with the logger name in the output "edu.internet2.middleware.shibboleth.idp.profile.saml2.AttributeQueryProfileHandler".

So I think you must have logging effectively on DEBUG for that category - either the root one or perhaps "edu.internet2.middleware.shibboleth". Not seeing how the PROTOCOL_MESSAGE logger would have any effect on that, it's special and not a part of the standard hierarchically-named loggers.
Comment by Scott Cantor [ 04/Oct/10 ]
Can't say for sure, but when I turned the PROTOCOL_MESSAGE logger on, I didn't get the XML, but did notice this. The buggy line might have been there initially, so maybe the bug is that the encoders/decoders aren't logging in all cases?
Comment by Scott Cantor [ 04/Oct/10 ]
Ah, never mind, you're right. There was a third variable, the use of an EncryptedID in the query. I think that was short circuiting the logging somehow, maybe failing at a different spot, but I'm seeing the XML now as expected.
Comment by Brent Putman [ 04/Oct/10 ]
Yeah, the logging is done all the way up in the OpenWS base class like so:

    public void decode(MessageContext messageContext) throws MessageDecodingException, SecurityException {
        log.debug("Beginning to decode message from inbound transport of type: {}", messageContext
                .getInboundMessageTransport().getClass().getName());
        
        doDecode(messageContext);
        
        logDecodedMessage(messageContext);

        processSecurityPolicy(messageContext);

        log.debug("Successfully decoded message.");
    }


So if the actual decoding op throws in doDecode, then the logging would not be performed, right. Not sure if just using an EncryptedID in the Subject would cause that. Don't think so, but that step in the SAML decoders does include all the extraction of a bunch of information bits into the message context, some of which might fail IIRC. It's a lot of work that probably shouldn't be in the decoders at all, and probably should change in 3.x (should be factored into a handler that runs after the decoder).




[SIDP-420] Status servlet should monitor for Terracotta availablility via SessionStore object Created: 27/Sep/10  Updated: 02/Mar/11  Resolved: 10/Feb/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Attribute Resolution
Affects Version/s: 2.1.5, 2.2.0
Fix Version/s: None

Type: Improvement Priority: Major
Reporter: Russell Beall Assignee: Chad La Joie
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
Here is a patch to edu/internet2/middleware/shibboleth/idp/StatusServlet.java which enables session store monitoring. The page shows a line indicating that the store is accessible, but hangs if Terracotta is disconnected. If terracotta is not implemented, the line always shows true.

$ diff StatusServlet.java.dist StatusServlet.java
47a48
> import org.opensaml.util.storage.StorageService;
69a71,73
> /** Storage service used by the IdP. */
> private StorageService<?,?> store;
>
89a94
> store = HttpServletHelper.getStorageService(config.getServletContext());
173a179,183
> try {
> out.println("storage_accessible: " + ((store.getPartitions() != null) ? Boolean.TRUE : Boolean.FALSE));
> } catch (Exception e) {
> out.println("storage_accessible: " + Boolean.FALSE);
> }


 Comments   
Comment by Russell Beall [ 28/Sep/10 ]
I should mention that this patch was run against the 2.1.5 version of StatusServlet.java
Comment by Chad La Joie [ 10/Feb/11 ]
This will not be fixed. Terracotta will not be used with the next major version of the IdP however its replacement will be a monitored component like this that already report their status via the status page.
Comment by kevin foote [ 02/Mar/11 ]
Russell

Wondering if your running this patch on your production IdP.. I have it running in my test environment for a while now.

If you are running this in production .. do you know what the cost of this check is against the Idp..

I'm running a check from my loadbalancer to the StatusServlet every 30 sec or so .. Just curious about the load that this will cost if any when I move this to production.. and perhaps if I should scale back my monitoring.

Any hints on running this patch on a production Idp? :-)


kevin.foote
Comment by Russell Beall [ 02/Mar/11 ]
I have had no problems with this in production. It is a trivial call with no load on the server. Our loadbalancer uses it every 5 seconds.

It is very convenient for the node to be auto-removed from the loadbalancer if the node disconnects from Terracotta.
Comment by kevin foote [ 02/Mar/11 ]
Great. Thanks




[SIDP-419] Metadata parsing fails when version 2.1.5 succeeds for the same ones Created: 24/Sep/10  Updated: 24/Sep/10  Resolved: 24/Sep/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.2.0
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Hached Mehdi Assignee: Chad La Joie
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: JBoss 6.0 Tomcat

 Description   
The IdP 2.2.0 fails at parsing French federation metadata when version 2.1.5 succeeds. It can be a problem linked to that particular federation's metadata format.
These metadata are available here : https://services-federation.renater.fr/metadata/renater-metadata.xml
signing certificate here : https://services-federation.renater.fr/metadata/metadata-federation-renater.crt

The IdP 2.2.0 stops with the following messages (in debug level the stack trace is not more clearer):

16:47:04.717 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:179] - shibboleth.HandlerManager service loaded new configuration
16:49:37.263 - INFO [org.apache.velocity.app.VelocityEngine:49] - LogSystem has been deprecated. Please use a LogChute implementation.
16:49:37.450 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:157] - Loading new configuration for service shibboleth.AttributeResolver
16:49:37.584 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:54] - Parsing configuration for PrincipalConnector plugin with ID: shibTransient
16:49:37.586 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:54] - Parsing configuration for PrincipalConnector plugin with ID: saml1Unspec
16:49:37.587 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:54] - Parsing configuration for PrincipalConnector plugin with ID: saml2Transient
16:49:37.613 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:54] - Parsing configuration for AttributeDefinition plugin with ID: transientId
16:49:37.824 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:179] - shibboleth.AttributeResolver service loaded new configuration
16:49:37.841 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:157] - Loading new configuration for service shibboleth.AttributeFilterEngine
16:49:37.882 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.filtering.AttributeFilterPolicyBeanDefinitionParser:71] - Parsing configuration for attribute filter policy releaseTransientIdToAnyone
16:49:37.945 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:179] - shibboleth.AttributeFilterEngine service loaded new configuration
16:49:37.957 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:157] - Loading new configuration for service shibboleth.SAML1AttributeAuthority
16:49:37.969 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:157] - Loading new configuration for service shibboleth.SAML2AttributeAuthority
16:49:37.995 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:157] - Loading new configuration for service shibboleth.RelyingPartyConfigurationManager
16:49:38.439 - ERROR [edu.internet2.middleware.shibboleth.common.config.BaseService:187] - Configuration was not loaded for shibboleth.RelyingPartyConfigurationManager service, error creating components. The root cause of this error was: java.lang.NullPointerException: null

 Comments   
Comment by Rod Widdowson [ 24/Sep/10 ]
Duplicate https://bugs.internet2.edu/jira/browse/SIDP-418, I feel...




[SIDP-417] Shib deployed to root web context, SSOProfileHandler forwards to "/null/AuthnEngine" Created: 24/Sep/10  Updated: 10/Nov/10  Resolved: 10/Nov/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.2.0
Fix Version/s: 2.2.1

Type: Bug Priority: Minor
Reporter: Robert Egglestone Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File shib-root-context.patch    
Java Version: Sun 1.5
Servlet Container: Jetty 6

 Description   
I have Shibboleth deployed at the root of a site.

With Shibboleth 2.2.0, attempts to login redirect the user to "https://iam.dev.auckland.ac.nz:443/null/AuthnEngine".

Previously this was being handled by dispatching internally, however the changes in SIDP-380 mean that there is now an extra redirect.

The redirect path is being built using org.opensaml.util.URLBuilder, but the problem is in SSOProfileHandler, which is taking the existing path (which has been converted from "" to null by URLBuilder), and it concatenating authenticationManagerPath to it.

{code}
URLBuilder urlBuilder = HttpServletHelper.getServletContextUrl(httpRequest);
urlBuilder.setPath(urlBuilder.getPath() + authenticationManagerPath);
{code}

 Comments   
Comment by Robert Egglestone [ 24/Sep/10 ]
Patch attached, the same problem occurred in several different places. With the patch applied I can now login again.
Comment by Chad La Joie [ 10/Nov/10 ]
fixed in rev 2966




[SIDP-416] MetadataProviderObserver leak, new one added on every login Created: 23/Sep/10  Updated: 23/Sep/10  Resolved: 23/Sep/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Authentication, SAML 2
Affects Version/s: 2.1.5
Fix Version/s: 2.2.0

Type: Bug Priority: Minor
Reporter: Robert Egglestone Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File shib-use-MetadataCredentialResolverFactory.patch    
Java Version: Sun 1.6
Servlet Container: Jetty 6

 Description   
After running Shibboleth for a period of time, we've found thousands of metadata provider observer instances are registered on the metadata provider. These are getting added every time a user logs in.

MetadataCredentialResolverFactory ensures that only one instance of MetadataCredentialResolver is created for each MetadataProvider.

Shibboleth is not using this factory, but instead directly creating instances of MetadataCredentialResolver. Each resolver then registers its own observer, which causes the observers to build up over time. This also means the caching done in MetadataCredentialResolver is not effective as the cache is being recreated for each instance.

Please can Shibboleth use the factory instead of directly creating instances of MetadataCredentialResolver?

The request trace for these observers being created is...
> SSOProfileHandler.completeAuthenticationRequest
> AbstractSAML2ProfileHandler.buildResponse
> AbstractSAML2ProfileHandler.getEncrypter
> AbstractSAML2ProfileHandler.getKeyEncryptionCredential
> new MetadataCredentialResolver
> new MetadataProviderObserver


 Comments   
Comment by Robert Egglestone [ 23/Sep/10 ]
Patch attached.
Comment by Robert Egglestone [ 23/Sep/10 ]
Note that this issue is the cause of a large number of repeated "Credential cache cleared" messages, as seen in JOST-103




[SIDP-415] SAML name identifier value not logged in audit log Created: 20/Sep/10  Updated: 20/Sep/10  Resolved: 20/Sep/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: SAML 1, SAML 2
Affects Version/s: 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5
Fix Version/s: 2.2.0

Type: Bug Priority: Minor
Reporter: Chad La Joie Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.5
Servlet Container: Jetty 7

 Description   
The SAML name identifier was not being properly logged in the audit log per https://spaces.internet2.edu/display/SHIB2/IdPLogging

 Comments   
Comment by Chad La Joie [ 20/Sep/10 ]
Fixed in rev 2952




[SIDP-414] report number of active sessions in status Created: 16/Sep/10  Updated: 23/Sep/10  Resolved: 20/Sep/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.2.0
Fix Version/s: None

Type: New Feature Priority: Trivial
Reporter: Etienne Dysli Assignee: Chad La Joie
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
It'd be nice if the status page would report the number of active IdP sessions. This should give deployers an idea of the usage level of their IdP.

 Comments   
Comment by Chad La Joie [ 20/Sep/10 ]
The APIs available at the level of the status page don't allow this. That's something on the IdP v3 list of things to fix as it also causes issues with the Hungarian's logout plugin




[SIDP-413] Change link on example login page Created: 16/Sep/10  Updated: 20/Sep/10  Resolved: 20/Sep/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: None
Fix Version/s: 2.2.0

Type: Improvement Priority: Minor
Reporter: Patrik Schnellmann Assignee: Chad La Joie
Resolution: Completed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
The link for the documentation in login.jsp should point to https://spaces.internet2.edu/display/SHIB2/IdPAuthUserPassLoginPage instead of IdPAuthUserPass

 Comments   
Comment by Chad La Joie [ 20/Sep/10 ]
Done in rev 2953




[SIDP-412] Create new login context, discard old one(s) Created: 16/Sep/10  Updated: 23/Sep/10  Resolved: 20/Sep/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Authentication
Affects Version/s: 2.2.0
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: Halm Reusser Assignee: Chad La Joie
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Jetty 7

 Description   
Let me explain the issue:

1. User access to SP A
2. LoginContext is created, User authenticates
3. User might be redirected to an extension (e.g., uApprove), the LoginContext is persisted (cookie, storage service)
4. The user does not complete authentication (e.g., within uApprove he clicks on some bookmark to another SP B)
    --> LoginContext is still persisted and valid (refers to RP A), because he gets not unbound by the IdP.
5. When the user access to IdP again (session imitation from SP B) the login context from A is retrieved from the storage.

The behavior, which in my opinion will be the "right" one:
When a new SSO session is initiated, a new login context will be created and old ones are discarded.

 Comments   
Comment by Chad La Joie [ 20/Sep/10 ]
There isn't anything the IdP can do here. It has no way of detecting a user coming back to the profile handler after a successful authentication vs a user that successfully authenticated but left the IdP at some other non-IdP managed page provided by an extension then came back again with a new request from an SP.




[SIDP-411] Check for loginContext != null at login.jsp Created: 31/Aug/10  Updated: 23/Sep/10  Resolved: 13/Sep/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Authentication
Affects Version/s: 2.2.0
Fix Version/s: 2.2.0

Type: Improvement Priority: Trivial
Reporter: Halm Reusser Assignee: Chad La Joie
Resolution: Fixed Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
Some users will bookmark the IdP login form. If they access later again, they get an error after authentication, cause of missing login context.

A suggestion would be, to check for loginContext != null at the login.jsp and print a warning message. This would be a good example for the shipped login.jsp, deployers might to adjust it accordingly.


 Comments   
Comment by Peter Schober [ 09/Sep/10 ]
From http://groups.google.com/group/shibboleth-users/msg/09b3953b9cb9757e

<%@ page
import="edu.internet2.middleware.shibboleth.idp.authn.LoginContext,
edu.internet2.middleware.shibboleth.idp.session.*,
edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper" %><%
  LoginContext loginContext = HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(appli cation), application, request);
  Session userSession = HttpServletHelper.getUserSession(request);
%><?xml ...><!DOCTYPE ...><html ...>
<% if(loginContext != null){ %>
  <% if ("true".equals(request.getAttribute("loginFailed"))) { %>
    <h1>Authentication failed</h1>
  <% } else { %>
    <h1>Login</h1>
  <% } %>
<% } else { %>
  <h1>Error</h1>
<% } %>
Comment by Chad La Joie [ 13/Sep/10 ]
Added in rev 2949

Also made it more clear that the shipping login page is only an example




[SIDP-410] Subject Principal NullPointerException on restart (or change of nodes) of Terracotta-instrumented tomcat nodes Created: 27/Aug/10  Updated: 23/Sep/10  Resolved: 27/Aug/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Authentication
Affects Version/s: 2.2.0
Fix Version/s: None

Type: Bug Priority: Critical
Reporter: Russell Beall Assignee: Chad La Joie
Resolution: Invalid Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Description   
1. Existing session in browser
2. Restart tomcat node using TC or switch to a different node where the session is not present
3. Use browser to navigate to new SP
4. NullPointerException in resolving principal

It seems we still do not have the complete set of classes requiring instrumentation for TC.

Not sure why, but the browser ends up on this link:
https://shibboleth.usc.edu:443/idp/AuthnEngine

This is the error message; it bypasses the idp-process.log and is printed to catalina.out:
SEVERE: Servlet.service() for servlet AuthenticationEngine threw exception
java.lang.NullPointerException
        at javax.security.auth.Subject$ClassSet.<init>(Subject.java:1311)
        at javax.security.auth.Subject.getPrincipals(Subject.java:592)
        at edu.internet2.middleware.shibboleth.idp.session.impl.SessionImpl.__tc_wrapped_getPrincipalName(SessionImpl.java:98)
        at edu.internet2.middleware.shibboleth.idp.session.impl.SessionImpl.getPrincipalName(SessionImpl.java)
        at edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.startUserAuthentication(AuthenticationEngine.java:237)
        at edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.service(AuthenticationEngine.java:216)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:77)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:51)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.terracotta.modules.tomcat.tomcat_5_5.SessionValve55.invoke(SessionValve55.java:57)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767)
        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697)
        at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
        at java.lang.Thread.run(Thread.java:619)

 Comments   
Comment by Russell Beall [ 27/Aug/10 ]
Should have tried debugging this a bit before reporting it (maybe... but now you have record of it).

This bug is resolved by adding:
                <include>javax.security.auth.Subject$ClassSet</include>
to the block:
            <additional-boot-jar-classes>

re-running make-boot-jar.sh and restarting the nodes
Comment by Russell Beall [ 27/Aug/10 ]
I see that the snapshot has no tc-config.xml at all.
I have added all the various configuration elements found to be required to support the snapshot (both by myself and Kevin P. Foote) into the tc-config.xml published on the IdPCluster wiki page.




[SIDP-408] NullPointerException when unable to construct NameID Created: 26/Aug/10  Updated: 23/Sep/10  Resolved: 27/Aug/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Attribute Resolution
Affects Version/s: 2.2.0
Fix Version/s: None

Type: Bug Priority: Critical
Reporter: Russell Beall Assignee: Chad La Joie
Resolution: Invalid Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Description   
At USC we don't release any attributes about a person where the person does not have an entitlement to the application. This includes all identifiers including the usual transient-nameid field which is constructed for all relying parties if the person is entitled. Here is the stack trace from the exception:

11:34:34.794 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:825] - Attemping to build NameID for principal 'beall' in response to request from relying party 'https://grs.usc.edu/shibboleth-sp
11:34:34.794 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:434] - No attributes for principal 'beall', no name identifier will be created for relying party 'https://grs.usc.edu/shibboleth-sp&#39;
11:34:34.798 - ERROR [edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet:88] - Error occured while processing request
java.lang.NullPointerException: null
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler.buildNameId(AbstractSAML2ProfileHandler.java:837) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.buildNameId(SSOProfileHandler.java:584) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler.buildSubject(AbstractSAML2ProfileHandler.java:700) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler.buildResponse(AbstractSAML2ProfileHandler.java:263) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.completeAuthenticationRequest(SSOProfileHandler.java:265) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:151) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:85) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet.service(ProfileRequestDispatcherServlet.java:83) [shibboleth-common-1.2.0.jar:na]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) [servlet-api.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:na]
        at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:630) [catalina.jar:na]
        at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436) [catalina.jar:na]
        at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374) [catalina.jar:na]
        at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302) [catalina.jar:na]
        at edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.forwardRequest(AuthenticationEngine.java:185) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.returnToProfileHandler(AuthenticationEngine.java:171) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.completeAuthentication(AuthenticationEngine.java:520) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.service(AuthenticationEngine.java:213) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) [servlet-api.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:na]
        at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:630) [catalina.jar:na]
        at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436) [catalina.jar:na]
        at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374) [catalina.jar:na]
        at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302) [catalina.jar:na]
        at edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.forwardRequest(AuthenticationEngine.java:185) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.returnToAuthenticationEngine(AuthenticationEngine.java:149) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.idp.authn.provider.PreviousSessionLoginHandler.login(PreviousSessionLoginHandler.java:115) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.startUserAuthentication(AuthenticationEngine.java:257) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.service(AuthenticationEngine.java:211) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) [servlet-api.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:na]
        at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:630) [catalina.jar:na]
        at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436) [catalina.jar:na]
        at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374) [catalina.jar:na]
        at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302) [catalina.jar:na]
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.performAuthentication(SSOProfileHandler.java:192) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:148) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:85) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet.service(ProfileRequestDispatcherServlet.java:83) [shibboleth-common-1.2.0.jar:na]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) [servlet-api.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:na]
        at edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:77) [shibboleth-identityprovider-2.2.0-SNAPSHOT.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [catalina.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:na]
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [catalina.jar:na]
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [catalina.jar:na]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) [catalina.jar:na]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [catalina.jar:na]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [catalina.jar:na]
        at org.terracotta.modules.tomcat.tomcat_5_5.SessionValve55.invoke(SessionValve55.java:57) [na:na]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) [catalina.jar:na]
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) [tomcat-coyote.jar:na]
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) [tomcat-coyote.jar:na]
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767) [tomcat-coyote.jar:na]
        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697) [tomcat-coyote.jar:na]
        at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889) [tomcat-coyote.jar:na]
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) [tomcat-coyote.jar:na]
        at java.lang.Thread.run(Thread.java:619) [na:1.6.0_20]

 Comments   
Comment by Chad La Joie [ 26/Aug/10 ]
Russ, are you using the snapshot from just a few days ago? This sound like a problem in the previous snapshot that was fixed (or at least I thought it was)
Comment by Russell Beall [ 27/Aug/10 ]
After downloading and trying the latest snapshot, this error no longer exists.




[SIDP-407] Shibboleth SSO profile handler sets incorrect protocol string in outbound message context Created: 25/Aug/10  Updated: 26/Sep/10  Resolved: 25/Aug/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: SAML 1
Affects Version/s: 2.1.5
Fix Version/s: 2.2.0

Type: Bug Priority: Minor
Reporter: Scott Cantor Assignee: Scott Cantor
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.5
Servlet Container: Jetty 7

 Description   
The ShibbolethSSOProfileHandler buildRequestContext method is setting the outbound protocol as SAML 2.0. Looks like it should be the SAML 1.1 constant? Assuming there's no SAML 1.0 support...

 Comments   
Comment by Scott Cantor [ 25/Aug/10 ]
Fixed in rev. 2947.




[SIDP-404] Add an install-time setting for the path to web.xml Created: 24/Aug/10  Updated: 14/Mar/11  Resolved: 08/Feb/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Build
Affects Version/s: 2.0.0, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5
Fix Version/s: 2.3.0

Type: Improvement Priority: Minor
Reporter: Scott Cantor Assignee: Rod Widdowson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
If web.xml has to be customized (e.g. to add a container managed data source) it would be convenient when tracking snapshots or upgrading to override the path to the web.xml to pull into the war. I think this is fairly straightforward in the ant task that builds the war.

 Comments   
Comment by Rod Widdowson [ 04/Feb/11 ]
I'm going to be all over the build.xml in 2.3 so I'll take a look at this.
Comment by Rod Widdowson [ 08/Feb/11 ]
The installer now looks for ${IDP_HOME}\conf\web.xml and uses that if this is a reinstall.

Revisions 2988.

Installation documentation amended as well.




[SIDP-403] Use text/xml as the media type for returned metadata unless user agent request metadata media type Created: 24/Aug/10  Updated: 22/Oct/10  Resolved: 13/Sep/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.1.5
Fix Version/s: 2.2.0

Type: Improvement Priority: Minor
Reporter: Chad La Joie Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
Currently, when a user agent requests an IdP's metadata from the metadata profile handler it responds with the SAML metadata media type. If you point a browser at this URL, since it doesn't understand the SAML metadata media type, it will simply prompt to save the file instead of displaying it.

In order to avoid this, check the incoming requests for supported media types. If SAML metadata media type is not listed use text/xml or text as supported. If nothing is supported return an error.

 Comments   
Comment by Chad La Joie [ 13/Sep/10 ]
Added in rev 2950

Use the media type application/xml instead of text/xml because text/xml implies US-ASCII character encoding which isn't what we want.
Comment by seylok [ 22/Oct/10 ]
According to SAML 2.0 Metadata Spec (saml-metadata-2.0-os), section 4.1.1 (rows 1229-1235),

"... the content type of the metadata instance MUST be application/samlmetadata+xml..."




[SIDP-402] Update 3rd party libraries for 2.2 release Created: 23/Aug/10  Updated: 23/Aug/10  Resolved: 23/Aug/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: None
Fix Version/s: 2.2.0

Type: Task Priority: Minor
Reporter: Chad La Joie Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
Update 3rd party libs:
  xerces 2.9.1 -> 2.10.0
  ant 1.7.0 -> 1.7.1

 Comments   
Comment by Chad La Joie [ 23/Aug/10 ]
Added in rev 2942




[SIDP-401] Quick Installer doesn't set up the Admin access rights correctly for Tomcat Created: 23/Aug/10  Updated: 17/May/11  Resolved: 19/Mar/11

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Build
Affects Version/s: 2.1.5
Fix Version/s: 2.3.0

Type: Bug Priority: Minor
Reporter: Rod Widdowson Assignee: Rod Widdowson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Description   
The QS installer (should have) enough smarts to use the Shibboleth JAAS connector to allow the "administrator" user (by name) to get access to the tomcat manager capability.

This seemed like a good idea at the time, particularly since I naively expected people to wire in something more permanent if they had a need. However has proven to be contstantly problematic and I just don't like hardwiring this to an account name. Further it is not widely used (people just don't have a need) and adds marginal value, somewhere quite far from our core needs.

It has now rusted - (https://lists.internet2.edu/sympa/arc/shibboleth-users/2010-08/msg00190.html), I'll trouble shoot this, but unless there is a wail of complaint. I am going to remove this function from future version - probably 2.2, failing that 3.0 definitely.

 Comments   
Comment by Rod Widdowson [ 23/Aug/10 ]
The issue is that the principal in the web.xml is "Administrator" (starting with caps). Specifying a login as "Administrator" works (for me), "administrator" doesn't. I knew that using the hardwired login name was a smelly idea.

I'm going to keep this case alive to track deleting this unfortunate function from the installer and the documentation,
Comment by Rod Widdowson [ 19/Mar/11 ]
This has been checked in as part of the 2.3 work. Check,in 292 in the extensiona




[SIDP-399] SessionManagerImpl fails to destroy indexed sessions Created: 21/Jul/09  Updated: 26/Sep/10  Resolved: 06/Aug/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: None
Fix Version/s: 2.2.0

Type: Bug Priority: Minor
Reporter: Adam Lantos Assignee: Chad La Joie
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.5
Servlet Container: Apache Tomcat 5.5

 Description   
SessionManagerImpl.destroySession() only removes the given sessionID from the session store and keeps indexed references in place. This causes several code-paths to access the session depending on the index they use.

 Comments   
Comment by Adam Lantos [ 17/Aug/09 ]
I have a proposed patch here:

https://repo.niif.hu/gitweb/gitweb.cgi?p=java-idp.git;a=commitdiff;h=98d404d241e946ed3745ce55d52d0c64b9fa1889
Comment by Chad La Joie [ 06/Aug/10 ]
Duplicate of SIDP-386




[SIDP-398] Add X-Frame-Options http header as a prevention for XSRF (Clickjacking) attacks on IdP login page Created: 03/Aug/10  Updated: 13/Sep/10  Resolved: 13/Sep/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: None
Fix Version/s: 2.2.0

Type: New Feature Priority: Minor
Reporter: Patrik Schnellmann Assignee: Chad La Joie
Resolution: Completed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
The latest browser versions (IE8, Opera 10.50, Safari 4+ i.e. WebKit, forthcoming Firefox 3.6.9 or current FF with NoScript Add-On) support the header and for older browsers, the header won't do any harm.

References:
http://blogs.msdn.com/b/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx
http://www.owasp.org/index.php/Clickjacking

 Comments   
Comment by Chad La Joie [ 13/Sep/10 ]
Instead of adding this to the login.jsp itself, where we know it will cause problems with some sites (that do purposefully frame their login page) it will be added to a much expanded version of the documentation page describing how to customize the login page.




[SIDP-397] Remove any unit test that won't be fixed in the 2.X branch, fix the rest Created: 03/Aug/10  Updated: 31/Jan/11  Resolved: 03/Aug/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Build
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Minor
Reporter: Chad La Joie Assignee: Chad La Joie
Resolution: Completed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
Fix any failing unit test that can be fixed with minimal effort. Remove all the rest.

 Comments   
Comment by Chad La Joie [ 03/Aug/10 ]
Finished in rev 2934
Comment by Scott Cantor [ 31/Jan/11 ]
Closing resolved issues.




[SIDP-396] Previous session LoginHandler used even if authentication method has expired Created: 28/Jul/10  Updated: 17/Aug/10  Resolved: 17/Aug/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: Authentication
Affects Version/s: 2.1.5
Fix Version/s: 2.2.0

Type: Bug Priority: Minor
Reporter: David Langenberg Assignee: Chad La Joie
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Description   
From: handler.xml

<LoginHandler xsi:type="UsernamePassword" authenticationDuration="1"
                  jaasConfigurationLocation="file:///opt/shibboleth-idp/conf/login.config">
        <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod>
    </LoginHandler>

From: internal.xml

<bean id="shibboleth.SessionManager"
          class="edu.internet2.middleware.shibboleth.idp.session.impl.SessionManagerImpl"
          depends-on="shibboleth.LogbackLogging">
        <constructor-arg ref="shibboleth.StorageService" />
        <constructor-arg value="28800000" type="long" />
    </bean>

1) Visit SP
2) Login to IdP
3) Wait 2 minutes
4) Cause SP to re-check with the IdP

SP will report back that the SAML from the IdP contains errors. If you leave authenticationDuration off & wait the default time the same issue happens. Ideally the IdP would notice that there is a mis-match in the SessionManager timeout & loginHandler timeout & either log the issue or throw a fatal error and abort. When you reverse the settings (short session management & long authenticationDuration) the expected behavior of having to re-enter your credentials after the session times-out happens.

 Comments   
Comment by Chad La Joie [ 16/Aug/10 ]
What is the actual error at the SP? What do the IdP logs say?
Comment by Chad La Joie [ 17/Aug/10 ]
Fixed in rev 2941




[SIDP-395] Slow Memory Leak Created: 23/Jul/10  Updated: 31/Jan/11  Resolved: 02/Aug/10

Status: Closed
Project: Shibboleth IdP 2 - Java
Component/s: None
Affects Version/s: 2.1.5
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: Russell Beall Assignee: Chad La Joie
Resolution: Cannot Reproduce Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Java Version: Sun 1.6
Servlet Container: Apache Tomcat 6.0

 Description   
It appears that not quite all memory leaks were plugged from last year's work on the memory issues.

Instead of filling up the JVM in two weeks of heavy use, it takes two months of heavy use to fill up a 2G JVM. The following is a heap trace showing the objects which were hanging around. This is with Terracotta in use.

Object Histogram:

num #instances #bytes Class description
--------------------------------------------------------------------------
1: 3740573 364185984 char[]
2: 7121427 341828496 java.util.HashMap$Entry
3: 3498305 195905080 java.lang.ref.SoftReference
4: 61004 177727376 java.util.HashMap$Entry[]
5: 3756237 150249480 java.lang.String
6: 3517010 84408240 java.lang.Integer
7: 25603 32320384 byte[]
8: 108632 14826176 * ConstMethodKlass
9: 108632 13045840 * MethodKlass
10: 10602 11330072 * ConstantPoolKlass
11: 10602 9559192 * InstanceKlassKlass
12: 74289 8995264 java.lang.Object[]
13: 142345 7757336 * SymbolKlass
14: 9330 6933728 * ConstantPoolCacheKlass
15: 16801 6056696 int[]
16: 67160 5372800 com.tc.object.TCObjectPhysical
17: 8625 4454528 * MethodDataKlass
18: 2 4325424 org.apache.commons.collections.map.AbstractHashedMap$HashEntry[]
19: 128616 4115712 EDU.oswego.cs.dl.util.concurrent.LinkedNode
20: 68558 3839248 com.tc.object.WeakObjectReference
21: 42125 3707000 java.util.HashMap
22: 116109 2786616 com.tc.object.ObjectID
23: 44217 2476152 java.lang.ThreadLocal$ThreadLocalMap$Entry
24: 43945 2471088 java.lang.String[]
25: 218 2385648 java.lang.ThreadLocal$ThreadLocalMap$Entry[]
26: 26254 2290856 java.util.concurrent.ConcurrentHashMap$HashEntry[]
27: 47054 2258592 java.util.concurrent.ConcurrentHashMap$HashEntry
28: 35203 2252992 java.util.LinkedHashMap$Entry
29: 26240 2099200 java.util.concurrent.ConcurrentHashMap$Segment
30: 11267 2073128 java.lang.Class
31: 25792 2063360 java.util.concurrent.locks.ReentrantReadWriteLock$FairSync
32: 51543 2061720 java.util.concurrent.locks.ReentrantReadWriteLock$DsoLock
33: 18812 1956448 java.util.LinkedHashMap
34: 17108 1779232 com.tc.aspectwerkz.reflect.impl.asm.AsmMethodInfo
35: 34287 1645776 java.util.ArrayList
36: 18689 1526680 * System ObjArray
37: 30996 1487808 java.lang.ref.WeakReference
38: 42500 1360000 java.util.concurrent.locks.ReentrantReadWriteLock$Sync$HoldCounter
39: 41264 1320448 org.opensaml.xml.util.LazyList
40: 19740 1105440 com.tc.aspectwerkz.reflect.impl.asm.MethodStruct
41: 22158 1063584 javax.xml.namespace.QName
42: 25792 1031680 java.util.concurrent.locks.ReentrantReadWriteLock$WriteLock
43: 25751 1030040 java.util.concurrent.locks.ReentrantReadWriteLock$ReadLock
44: 9802 1019408 com.tc.object.dna.impl.ObjectDNAImpl
45: 13595 1018280 short[]
46: 191 966888 java.util.WeakHashMap$Entry[]
47: 19491 935568 org.opensaml.xml.Namespace
48: 15779 883624 java.nio.HeapByteBuffer
49: 5465 830680 java.lang.reflect.Method
50: 6851 822120 java.lang.reflect.Constructor
51: 19846 793840 java.util.HashSet
52: 12967 726152 gnu.trove.THashMap
53: 15003 720144 com.tc.bytes.TCByteBufferImpl
54: 28598 686352 org.opensaml.xml.util.LazyMap
55: 4964 650192 java.util.Hashtable$Entry[]
56: 25792 619008 java.util.concurrent.locks.ReentrantReadWriteLock$Sync$ThreadLocalHoldCounter
57: 19178 613696 java.util.HashMap$EntrySet
58: 5935 569760 org.springframework.beans.PropertyValue
59: 13846 553840 org.opensaml.xml.util.XMLObjectChildrenList
60: 22809 547416 org.opensaml.xml.util.LazySet
61: 17063 546016 org.opensaml.xml.util.IDIndex
62: 15036 481152 java.util.Collections$SingletonSet
63: 9805 470640 com.tc.io.TCByteBufferInputStream
64: 5812 464960 org.apache.tomcat.util.buf.MessageBytes
65: 14248 455936 java.util.HashMap$KeySet
66: 9376 450048 edu.internet2.middleware.shibboleth.idp.session.impl.SessionManagerEntry
67: 9314 447072 java.util.Hashtable$Entry
68: 7687 430472 org.apache.commons.collections.map.AbstractReferenceMap$WeakRef
69: 7687 430472 org.apache.commons.collections.map.AbstractReferenceMap$ReferenceEntry
70: 7537 422072 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.TransientIdEntry
71: 7519 421064 com.tc.util.ToggleableReferenceManager$SometimesStrongAlwaysWeakReference
72: 4308 413568 com.tc.jrexx.regex.Automaton_Pattern$PState
73: 1710 396720 org.springframework.beans.factory.support.RootBeanDefinition
74: 6183 395712 org.apache.tomcat.util.buf.ByteChunk
75: 636 366336 * ObjArrayKlassKlass
76: 4955 356760 java.util.WeakHashMap$Entry
77: 10645 351480 com.tc.bytes.TCByteBuffer[]
78: 6077 340312 org.apache.tomcat.util.buf.CharChunk
79: 2714 303968 org.apache.xerces.dom.ElementNSImpl
80: 4085 294120 org.apache.catalina.loader.ResourceEntry
81: 1728 290304 org.springframework.beans.factory.support.GenericBeanDefinition
82: 6011 288528 java.util.Vector
83: 3595 287600 java.util.Hashtable
84: 5050 282800 org.apache.xerces.dom.TextImpl
85: 5605 269040 org.opensaml.xml.util.IndexedXMLObjectChildrenList
86: 4197 268608 com.tc.jrexx.automaton.Automaton$State$Transition
87: 1316 263200 com.tc.aspectwerkz.reflect.impl.asm.AsmClassInfo
88: 6327 253080 java.util.Collections$SynchronizedSet
89: 3948 252672 com.tc.aspectwerkz.reflect.impl.asm.AsmFieldInfo
90: 5243 251664 java.util.LinkedHashSet
91: 1640 249280 java.util.concurrent.ConcurrentHashMap$Segment[]
92: 3425 246600 org.apache.xerces.dom.AttrNSImpl
93: 2942 235360 java.util.Collections$SingletonMap
94: 5711 228440 org.opensaml.xml.util.AttributeMap
95: 5567 222680 java.util.LinkedList$Entry
96: 3461 221504 java.lang.ref.Finalizer
97: 3948 221088 com.tc.aspectwerkz.reflect.impl.asm.FieldStruct
98: 1287 216216 org.opensaml.saml2.metadata.impl.ContactPersonImpl
99: 1351 216160 org.opensaml.saml2.metadata.impl.AssertionConsumerServiceImpl
100: 4502 216096 java.util.LinkedList
101: 2632 210560 com.tc.aspectwerkz.reflect.impl.asm.AsmConstructorInfo
102: 4198 201520 com.tc.jrexx.set.CharSet$Wrapper[]
103: 6252 201456 java.lang.Class[]
104: 1680 188160 java.net.URL
105: 1408 168960 com.tc.aspectwerkz.definition.AspectDefinition
106: 1758 168768 java.beans.MethodDescriptor
107: 4198 167920 com.tc.jrexx.set.CharSet$LongMap
108: 1327 159240 org.mozilla.javascript.DefiningClassLoader
109: 3972 158880 java.util.Collections$SingletonList
110: 1640 157440 java.util.concurrent.ConcurrentHashMap
111: 1122 152592 org.apache.catalina.session.StandardSession
112: 1287 144144 org.opensaml.saml2.metadata.impl.EmailAddressImpl
113: 1279 143248 org.opensaml.saml2.metadata.impl.GivenNameImpl
114: 2207 141248 java.util.TreeMap$Entry
115: 4308 137856 com.tc.jrexx.automaton.Automaton$Wrapper_State
116: 3438 137520 org.springframework.beans.MutablePropertyValues
117: 4253 136096 com.tc.jrexx.set.CharSet$Wrapper
118: 1408 135168 com.tc.aspectwerkz.definition.AdviceDefinition
119: 3227 129080 sun.reflect.generics.tree.SimpleClassTypeSignature
120: 1343 128928 java.util.Properties
121: 643 128600 org.opensaml.saml2.metadata.impl.EntityDescriptorImpl
122: 495 126720 org.opensaml.saml2.metadata.impl.SPSSODescriptorImpl
123: 979 117480 org.opensaml.xml.signature.impl.KeyInfoImpl
124: 912 116736 org.opensaml.saml2.metadata.impl.KeyDescriptorImpl
125: 647 113872 org.springframework.beans.GenericTypeAwarePropertyDescriptor
126: 2833 113320 org.springframework.beans.BeanWrapperImpl$PropertyTokenHolder
127: 2810 112400 org.apache.xerces.dom.AttributeMap
128: 3438 110016 org.springframework.beans.factory.config.ConstructorArgumentValues
129: 980 109760 org.opensaml.xml.signature.impl.X509CertificateImpl
130: 979 109648 org.opensaml.xml.signature.impl.X509DataImpl
131: 1195 105160 javax.management.MBeanServerNotification
132: 1408 101376 com.tc.aspectwerkz.definition.SystemDefinition
133: 4198 100752 com.tc.jrexx.set.CharSet
134: 1398 100656 com.tc.object.TCObjectLogical
135: 1501 96064 gnu.trove.TIntObjectHashMap
136: 641 92304 org.opensaml.saml2.metadata.impl.OrganizationImpl
137: 688 88064 java.beans.PropertyDescriptor
138: 2632 84224 com.tc.aspectwerkz.reflect.NullClassInfo
139: 1503 84168 gnu.trove.TObjectIntHashMap
140: 3438 82512 org.springframework.beans.factory.support.MethodOverrides
141: 566 81504 com.tc.object.lockmanager.impl.ClientLock
142: 2536 81152 java.util.jar.Attributes$Name
143: 3227 80168 sun.reflect.generics.tree.TypeArgument[]
144: 1574 75552 com.tc.aspectwerkz.util.SequencedHashMap$Entry
145: 4529 72464 java.lang.Object
146: 105 72256 org.apache.xerces.util.SymbolHash$Entry[]
147: 641 71792 org.opensaml.saml2.metadata.impl.OrganizationURLImpl
148: 641 71792 org.opensaml.saml2.metadata.impl.OrganizationNameImpl
149: 641 71792 org.opensaml.saml2.metadata.impl.OrganizationDisplayNameImpl
150: 1275 71400 org.springframework.beans.factory.config.ConstructorArgumentValues$ValueHolder
151: 221 69064 long[]
152: 1689 67560 sun.reflect.NativeConstructorAccessorImpl
153: 1392 66208 javax.management.ObjectName$Property[]
154: 2045 65440 javax.management.ObjectName$Property
155: 1321 63744 com.tc.aspectwerkz.reflect.FieldInfo[]
156: 1574 62960 com.tc.aspectwerkz.util.SequencedHashMap
157: 1923 61536 org.opensaml.saml2.metadata.LocalizedString
158: 2493 59832 java.util.HashMap$Values
159: 322 59248 java.net.SocksSocketImpl
160: 585 56160 java.lang.Package
161: 501 56112 org.opensaml.saml2.common.impl.ExtensionsImpl
162: 1373 54920 edu.internet2.middleware.shibboleth.idp.authn.LoginContextEntry
163: 1142 54816 java.beans.PropertyChangeSupport
164: 521 54184 java.security.Provider$Service
165: 1691 54112 com.tc.stats.counter.sampled.TimeStampedCounterValue
166: 99 53856 org.apache.xmlbeans.impl.schema.SchemaTypeImpl
167: 1330 53296 java.lang.reflect.Constructor[]
168: 1318 52720 com.tc.aspectwerkz.reflect.impl.asm.AsmClassInfoRepository
169: 2150 51600 java.lang.Long
170: 644 51520 org.apache.tomcat.util.modeler.AttributeInfo
171: 805 51520 sun.security.pkcs11.SessionKeyRef
172: 1500 48000 com.tc.object.dna.impl.ObjectStringSerializer
173: 319 45936 org.opensaml.saml2.metadata.impl.SingleSignOnServiceImpl
174: 1068 42720 sun.security.util.MemoryCache$HardCacheEntry
175: 1060 42400 java.security.Provider$ServiceKey
176: 1759 42216 sun.reflect.DelegatingConstructorAccessorImpl
177: 1316 42112 com.tc.aspectwerkz.reflect.ClassInfo[]
178: 870 41760 org.apache.tomcat.util.http.MimeHeaderField
179: 225 41400 com.sun.jndi.ldap.LdapCtx
180: 427 40992 java.util.regex.Pattern
181: 188 40608 java.text.DecimalFormat
182: 1550 40496 java.security.cert.Certificate[]
183: 148 40256 org.opensaml.saml2.metadata.impl.IDPSSODescriptorImpl
184: 355 39760 org.opensaml.saml2.metadata.impl.SurNameImpl
185: 621 39744 java.util.Collections$SynchronizedMap
186: 987 39480 org.apache.xerces.util.SymbolTable$Entry
187: 696 38976 javax.management.ObjectName
188: 1195 38240 com.sun.jmx.remote.opt.internal.ArrayNotificationBuffer$NamedNotification
189: 296 37888 edu.internet2.middleware.shibboleth.common.xmlobject.impl.ShibbolethMetadataScopeImpl
190: 469 37520 ch.qos.logback.classic.Logger
191: 342 35568 javax.naming.NameImpl
192: 886 35440 sun.security.util.DerValue
193: 886 35440 sun.security.util.DerInputBuffer
194: 884 35360 sun.security.x509.RDN
195: 148 34336 org.opensaml.saml2.metadata.impl.AttributeAuthorityDescriptorImpl
196: 475 34200 org.apache.tomcat.util.http.ServerCookie
197: 1067 34144 javax.crypto.spec.SecretKeySpec
198: 836 33440 edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.AttributeRule
199: 180 33120 javax.management.NotificationListener[][]
200: 458 32976 sun.security.pkcs11.P11Key$P11SecretKey
201: 1363 32712 com.tc.util.concurrent.SetOnceFlag
202: 574 32144 javax.management.MBeanAttributeInfo
203: 1306 31344 com.tc.object.lockmanager.api.LockID
204: 217 31248 org.opensaml.saml2.metadata.impl.AttributeServiceImpl
205: 188 30080 java.util.GregorianCalendar
206: 200 28800 com.tc.object.config.TransparencyClassSpecImpl
207: 900 28800 java.util.concurrent.atomic.AtomicReference
208: 115 28520 com.tc.object.msg.LockRequestMessage
209: 886 28352 sun.security.util.DerInputStream
210: 884 28288 sun.security.x509.AVA[]
211: 884 28288 sun.security.x509.AVA
212: 113 28024 com.sun.net.ssl.internal.ssl.SSLSocketImpl
213: 248 27776 org.opensaml.xml.schema.impl.XSStringImpl
214: 165 27720 org.apache.xmlbeans.impl.store.Xobj$ElementXobj
215: 572 27456 java.util.HashMap$UnwrappedEntriesIterator
216: 489 27384 java.util.HashMap$EntryIterator
217: 1122 26928 org.apache.catalina.session.StandardSessionFacade
218: 165 26400 org.opensaml.saml2.metadata.impl.ArtifactResolutionServiceImpl
219: 458 25648 java.util.Stack
220: 1068 25632 sun.security.pkcs11.KeyCache$IdentityWrapper
221: 199 25472 org.opensaml.saml1.core.impl.AttributeImpl
222: 226 25312 sun.security.pkcs11.P11Cipher
223: 350 25200 com.tc.runtime.Jdk15MemoryUsage
224: 519 24912 java.math.BigInteger
225: 205 24600 sun.util.calendar.Gregorian$Date
226: 613 24520 org.opensaml.util.storage.ReplayCacheEntry
227: 278 24464 org.springframework.core.MethodParameter
228: 191 24448 org.apache.jasper.compiler.Node$TemplateText
229: 217 24304 org.opensaml.saml2.metadata.impl.NameIDFormatImpl
230: 296 23680 org.apache.xerces.dom.DeferredAttrNSImpl
231: 590 23600 edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.AttributeValueStringMatchFunctor
232: 226 23504 javax.crypto.Cipher
233: 586 23440 org.opensaml.xml.util.IndexingObjectStore$StoredObjectWrapper
234: 970 23280 java.util.jar.Attributes
235: 96 23040 org.apache.xerces.dom.DocumentImpl
236: 480 23040 javax.security.auth.Subject$SecureSet
237: 575 23000 java.util.HashMap$EntrySetWrapper
238: 260 22880 sun.security.provider.SHA
239: 566 22640 com.tc.util.LazyMap$LazyHashMap
240: 696 22272 java.util.regex.Pattern$Slice
241: 214 22256 org.mozilla.javascript.NativeJavaMethod
242: 390 21840 java.nio.HeapCharBuffer
243: 448 21504 org.apache.xerces.xni.QName
244: 103 21424 edu.vt.middleware.ldap.LdapConfig
245: 533 21320 java.util.Date
246: 63 21168 org.apache.xerces.impl.dv.xs.XSSimpleTypeDecl
247: 329 21056 org.springframework.beans.factory.support.ManagedList
248: 375 21000 java.security.MessageDigest$Delegate
249: 236 20768 org.apache.jasper.compiler.Mark
250: 370 20720 org.apache.xerces.impl.xs.XSParticleDecl
251: 336 20640 boolean[]
252: 416 19968 java.util.HashMap$KeysIterator
253: 8 19712 org.apache.xerces.util.SymbolTable$Entry[]
254: 492 19680 org.apache.velocity.runtime.parser.Parser$JJCalls
255: 153 19584 org.opensaml.xml.schema.impl.XSAnyImpl
256: 349 19544 java.nio.HeapByteBufferR
257: 812 19488 com.tc.management.stats.AggregateInteger$Sample
258: 186 19344 java.text.SimpleDateFormat
259: 150 19200 org.mozilla.javascript.IdFunctionObject
260: 199 19104 com.tc.net.protocol.transport.WireProtocolMessageImpl
261: 182 18928 org.apache.xerces.impl.xs.XSElementDecl
262: 169 18928 sun.reflect.DelegatingClassLoader
263: 236 18880 com.tc.aspectwerkz.reflect.impl.java.JavaMethodInfo
264: 292 18688 javax.management.MBeanOperationInfo
265: 564 18272 com.tc.aspectwerkz.expression.ast.Node[]
266: 163 18256 sun.net.www.protocol.jar.URLJarFile
267: 72 18216 java.beans.MethodDescriptor[]
268: 206 18128 sun.security.x509.X500Name
269: 566 18112 com.tc.object.lockmanager.impl.ClientLock$Greediness
270: 226 18080 sun.security.pkcs11.P11Mac
271: 188 18048 java.text.DecimalFormatSymbols
272: 186 17856 java.text.DateFormatSymbols
273: 197 17336 com.tc.net.protocol.delivery.OOOProtocolMessageImpl
274: 354 16992 org.mozilla.javascript.MemberBox
275: 162 16848 org.apache.xerces.impl.xs.XSComplexTypeDecl
276: 78 16848 org.apache.tomcat.util.threads.ThreadWithAttributes
277: 100 16800 org.apache.xmlbeans.impl.schema.SchemaLocalElementImpl
278: 346 16608 java.lang.management.MemoryUsage
279: 415 16600 java.util.HashMap$KeySetWrapper
280: 206 16480 com.tc.object.dna.impl.DNAWriterImpl
281: 114 16416 com.sun.net.ssl.internal.ssl.SSLSessionImpl
282: 502 16336 java.lang.reflect.Type[]
283: 255 16320 ch.qos.logback.core.status.InfoStatus
284: 408 16320 sun.security.util.ObjectIdentifier
285: 226 16272 javax.crypto.Mac
286: 406 16240 java.util.Collections$SynchronizedCollection
287: 169 16224 sun.nio.cs.StreamEncoder
288: 53 16112 org.apache.catalina.connector.Request
289: 402 16080 com.tc.util.SetIteratorWrapper
290: 125 16000 java.lang.reflect.Field
291: 663 15912 sun.reflect.generics.tree.ClassTypeSignature
292: 497 15904 java.util.concurrent.ConcurrentHashMap$KeySet
293: 497 15904 com.tcclient.util.ConcurrentHashMapKeySetWrapper
294: 218 15696 org.apache.tomcat.util.modeler.OperationInfo
295: 279 15624 org.springframework.beans.factory.support.DisposableBeanAdapter
296: 975 15600 edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.AnyMatchFunctor
297: 390 15600 org.apache.xerces.util.SymbolHash$Entry
298: 484 15488 com.tc.util.LazyMap$LazyEntrySet
299: 128 15360 com.tc.object.lockmanager.impl.ClientLockManagerImpl
300: 316 15168 java.lang.StackTraceElement
301: 469 15008 ch.qos.logback.classic.spi.LoggerRemoteView
302: 186 14880 java.util.WeakHashMap
303: 181 14480 edu.internet2.middleware.shibboleth.idp.session.impl.SessionImpl
304: 53 14416 org.apache.coyote.Request
305: 111 14208 org.apache.xmlbeans.impl.schema.SchemaPropertyImpl
306: 192 13824 org.apache.xerces.impl.xs.XSAttributeDecl
307: 215 13760 sun.nio.cs.US_ASCII$Decoder
308: 156 13728 com.tc.jrexx.regex.Automaton_Pattern
309: 282 13536 java.util.zip.Inflater
310: 338 13520 com.tc.aspectwerkz.expression.regexp.TypePattern
311: 34 13392 java.lang.reflect.Method[]
312: 416 13312 java.lang.StringBuilder
313: 16 13184 com.tc.management.stats.AggregateInteger$Sample[]
314: 237 13128 java.nio.ByteBuffer[]
315: 164 13120 org.apache.xerces.impl.xs.XSAttributeGroupDecl
316: 272 13056 sun.reflect.generics.tree.MethodTypeSignature
317: 408 13056 org.joda.time.DateTime
318: 204 13056 edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder
319: 199 12736 java.net.SocketInputStream
320: 156 12480 com.tc.jrexx.regex.Automaton_Pattern$TerminalFormat[]
321: 106 12464 org.apache.tomcat.util.http.MimeHeaderField[]
322: 111 12432 com.sun.jndi.ldap.LdapSearchEnumeration
323: 388 12416 java.util.concurrent.ConcurrentHashMap$EntrySet
324: 388 12416 com.tcclient.util.ConcurrentHashMapEntrySetWrapper
325: 188 12032 java.text.DigitList
326: 167 12024 java.net.SocketOutputStream
327: 206 12016 sun.security.x509.RDN[]
328: 100 12000 org.apache.xerces.dom.DeferredElementNSImpl
329: 93 11904 sun.security.x509.X509CertImpl
330: 99 11880 edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.SimpleAttributeDefinitionFactoryBean
331: 245 11760 org.mozilla.javascript.ScriptableObject$Slot
332: 104 11648 java.util.logging.Logger
333: 164 11576 org.apache.xerces.impl.xs.XSAttributeUseImpl[]
334: 204 11424 edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML1StringAttributeEncoder
335: 284 11360 sun.reflect.generics.reflectiveObjects.ParameterizedTypeImpl
336: 232 11136 org.apache.xml.serializer.EncodingInfo
337: 347 11104 EDU.oswego.cs.dl.util.concurrent.CopyOnWriteArrayList$COWIterator
338: 345 11040 org.apache.xerces.impl.xs.util.XSObjectListImpl
339: 227 10896 com.sun.net.ssl.internal.ssl.MAC
340: 339 10848 java.lang.StringBuffer
341: 224 10752 javax.management.MBeanParameterInfo
342: 111 10656 com.sun.jndi.ldap.LdapResult
343: 222 10656 java.util.regex.Pattern$BnM
344: 166 10624 com.tc.aspectwerkz.expression.ExpressionInfo
345: 164 10496 sun.reflect.generics.repository.MethodRepository
346: 72 10368 org.opensaml.saml2.core.impl.IssuerImpl
347: 161 10304 org.apache.xmlbeans.impl.store.Xobj$Bookmark
348: 143 10296 org.apache.log4j.Logger
349: 107 10272 javax.management.MBeanAttributeInfo[]
350: 80 10240 edu.internet2.middleware.shibboleth.idp.authn.Saml2LoginContext
351: 255 10200 com.tc.io.TCByteBufferOutputStream$Mark
352: 115 10120 sun.security.provider.MD5
353: 115 10120 org.apache.tomcat.util.http.mapper.MappingData
354: 417 10008 com.tc.jrexx.regex.Pattern
355: 306 9792 sun.reflect.generics.factory.CoreReflectionFactory
356: 93 9672 sun.security.x509.X509CertInfo
357: 134 9648 edu.internet2.middleware.shibboleth.idp.session.impl.AuthenticationMethodInformationImpl
358: 67 9648 org.opensaml.xml.signature.impl.SignatureImpl
359: 401 9624 com.tc.util.LazyMap$LazyCollection
360: 60 9600 org.opensaml.samlext.idpdisco.DiscoveryResponseImpl
361: 398 9552 java.util.concurrent.ConcurrentHashMap$Values
362: 119 9520 java.util.jar.JarFile
363: 148 9472 org.apache.velocity.runtime.parser.Token
364: 294 9408 org.opensaml.xml.schema.XSBooleanValue
365: 35 9336 org.apache.xerces.xni.QName[]
366: 194 9312 org.apache.xerces.impl.xs.XSAttributeUseImpl
367: 115 9200 com.sun.net.ssl.internal.ssl.InputRecord
368: 190 9120 sun.security.x509.AlgorithmId
369: 142 9088 java.util.concurrent.locks.ReentrantLock$FairSync
370: 227 9080 com.sun.net.ssl.internal.ssl.CipherBox
371: 162 9072 javax.security.auth.Subject
372: 113 9040 sun.security.pkcs11.P11Key$P11TlsMasterSecretKey
373: 70 8960 edu.internet2.middleware.shibboleth.idp.authn.ShibbolethSSOLoginContext
374: 372 8928 java.util.regex.Pattern$Dot
375: 222 8880 javax.naming.ldap.Rdn$RdnEntry
376: 111 8880 com.sun.jndi.toolkit.ctx.Continuation
377: 184 8832 org.apache.tomcat.util.modeler.ParameterInfo
378: 156 8736 com.tc.jrexx.automaton.Automaton$LinkedSet_State
379: 78 8736 sun.security.pkcs11.P11Signature
380: 273 8736 edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.AttributeRequesterStringMatchFunctor
381: 273 8736 * CompilerICHolderKlass
382: 107 8560 javax.management.MBeanInfo
383: 177 8496 java.security.AccessControlContext
384: 95 8360 sun.security.pkcs11.P11RSACipher
385: 208 8320 java.lang.ref.ReferenceQueue
386: 1 8216 org.joda.time.chrono.BasicChronology$YearInfo[]
387: 341 8184 javax.naming.CompositeName
388: 51 8160 org.apache.xmlbeans.impl.store.Xobj$AttrXobj
389: 102 8160 sun.nio.cs.ISO_8859_1$Encoder
390: 222 8112 org.mozilla.javascript.MemberBox[]
391: 202 8080 com.tc.net.protocol.transport.WireProtocolHeader
392: 202 8080 java.net.Socket
393: 53 8056 org.apache.tomcat.util.http.Parameters
394: 272 8024 sun.reflect.generics.tree.TypeSignature[]
395: 200 8000 org.apache.tomcat.util.buf.StringCache$ByteEntry
396: 166 7968 com.tc.aspectwerkz.expression.AdvisedClassFilterExpressionVisitor
397: 83 7968 org.apache.tomcat.util.modeler.ManagedBean
398: 166 7968 com.tc.aspectwerkz.expression.ast.ASTRoot
399: 166 7968 com.tc.aspectwerkz.expression.ast.ASTExpression
400: 166 7968 com.tc.aspectwerkz.expression.ExpressionVisitor
401: 62 7936 org.apache.jasper.runtime.PageContextImpl
402: 99 7920 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.SimpleAttributeDefinition
403: 72 7912 java.beans.PropertyDescriptor[]
404: 197 7880 com.tc.net.protocol.delivery.OOOProtocolMessageHeader
405: 123 7872 org.apache.xerces.dom.DeferredTextImpl
406: 89 7832 sun.security.pkcs11.P11Key$P11RSAPublicKey
407: 312 7800 sun.reflect.generics.tree.FieldTypeSignature[]
408: 88 7744 edu.internet2.middleware.shibboleth.common.config.attribute.filtering.AttributeFilterPolicyFactoryBean
409: 160 7680 edu.internet2.middleware.shibboleth.idp.session.impl.ServiceInformationImpl
410: 160 7680 org.apache.xmlbeans.XmlLineNumber
411: 62 7664 org.apache.tomcat.util.http.ServerCookie[]
412: 191 7640 java.util.AbstractList$Itr
413: 159 7632 org.apache.xerces.impl.xs.util.SimpleLocator
414: 306 7560 sun.reflect.generics.tree.FormalTypeParameter[]
415: 189 7560 javax.management.ImmutableDescriptor
416: 187 7480 sun.reflect.NativeMethodAccessorImpl
417: 58 7424 org.opensaml.saml1.core.impl.SubjectConfirmationImpl
418: 58 7424 org.opensaml.saml1.core.impl.NameIdentifierImpl
419: 66 7392 org.apache.xml.security.signature.SignedInfo
420: 92 7360 org.apache.tomcat.util.digester.CallMethodRule
421: 40 7360 com.tc.object.TCClassImpl
422: 230 7360 com.tc.object.config.schema.IncludeOnLoad
423: 6 7312 java.util.TimerTask[]
424: 114 7296 com.sun.net.ssl.internal.ssl.OutputRecord
425: 182 7280 org.apache.xerces.impl.xs.identity.IdentityConstraint[]
426: 3 7272 java.util.concurrent.atomic.AtomicReference[]
427: 226 7232 sun.security.pkcs11.wrapper.CK_MECHANISM
428: 53 7208 org.apache.coyote.Response
429: 180 7200 org.apache.tomcat.util.modeler.BaseNotificationBroadcasterEntry
430: 225 7200 javax.naming.ldap.Control[]
431: 100 7200 org.apache.naming.resources.CacheEntry
432: 180 7200 org.apache.xmlbeans.SchemaType$Ref
433: 180 7200 org.apache.tomcat.util.modeler.BaseNotificationBroadcaster
434: 224 7168 javax.naming.ldap.LdapName
435: 64 7168 java.util.jar.JarFile$JarFileEntry
436: 128 7168 com.tc.object.lockmanager.impl.ClientLockManagerImpl$LockGCTask
437: 179 7160 org.apache.juli.ClassLoaderLogManager$LogNode
438: 37 7104 org.opensaml.saml2.core.impl.ResponseImpl
439: 126 7088 org.apache.xerces.xs.XSObject[]
440: 177 7080 org.springframework.beans.factory.config.RuntimeBeanReference
441: 49 7056 org.opensaml.saml2.core.impl.AttributeImpl
442: 40 7040 org.apache.velocity.runtime.parser.Parser
443: 175 7000 com.tc.object.field.GenericTCField
444: 87 6960 sun.nio.cs.UTF_8$Encoder
445: 58 6960 org.opensaml.saml1.core.impl.SubjectImpl
446: 79 6952 org.apache.velocity.runtime.parser.VelocityCharStream
447: 216 6912 java.lang.ThreadLocal$ThreadLocalMap
448: 86 6880 sun.nio.cs.US_ASCII$Encoder
449: 86 6880 sun.nio.cs.StreamDecoder
450: 85 6800 java.util.zip.ZipEntry
451: 53 6784 org.apache.catalina.connector.InputBuffer
452: 218 6704 org.apache.tomcat.util.modeler.ParameterInfo[]
453: 93 6696 javax.servlet.http.Cookie
454: 93 6696 sun.security.util.MemoryCache$SoftCacheEntry
455: 279 6696 org.bouncycastle.asn1.DERObjectIdentifier
456: 180 6688 javax.management.MBeanParameterInfo[]
457: 167 6680 com.tc.net.core.TCConnectionJDK14$WriteContext
458: 139 6672 EDU.oswego.cs.dl.util.concurrent.ConcurrentReaderHashMap$Entry
459: 208 6656 org.apache.log4j.CategoryKey
460: 166 6640 com.tc.aspectwerkz.cflow.CflowAspectExpressionVisitor
461: 58 6496 org.opensaml.saml1.core.impl.ConfirmationMethodImpl
462: 81 6480 java.util.ResourceBundle$CacheKey
463: 135 6480 org.apache.xmlbeans.QNameSet
464: 159 6360 org.apache.jk.common.MsgAjp
465: 53 6360 org.apache.jk.core.MsgContext
466: 53 6360 org.apache.coyote.RequestInfo
467: 66 6336 org.apache.xml.security.signature.XMLSignatureInput
468: 79 6320 com.tc.aspectwerkz.expression.ast.ASTMethodPattern
469: 156 6240 java.lang.StringCoding$StringDecoder
470: 54 6240 org.mozilla.javascript.ScriptableObject$Slot[]
471: 156 6240 com.tc.jrexx.regex.PScanner
472: 60 6240 sun.org.mozilla.javascript.internal.NativeJavaMethod
473: 194 6208 org.apache.xerces.impl.xs.XSAnnotationImpl
474: 35 6160 org.opensaml.saml2.core.impl.AssertionImpl
475: 157 6128 java.security.ProtectionDomain[]
476: 152 6080 org.apache.xmlbeans.impl.schema.XmlValueRef
477: 252 6048 sun.reflect.DelegatingMethodAccessorImpl
478: 126 6048 org.apache.xerces.impl.xs.XSModelGroupImpl
479: 108 6048 sun.reflect.generics.repository.ConstructorRepository
480: 188 6016 sun.nio.cs.Surrogate$Parser
481: 53 5936 org.apache.catalina.connector.OutputBuffer
482: 46 5936 int[][]
483: 53 5936 org.apache.catalina.connector.Response
484: 4 5776 sun.misc.CacheEntry[]
485: 100 5768 javax.management.MBeanOperationInfo[]
486: 80 5760 org.apache.xerces.util.XMLAttributesImpl$Attribute
487: 48 5760 sun.security.pkcs11.SunPKCS11$P11Service
488: 72 5760 java.beans.BeanDescriptor
489: 19 5728 java.lang.StackTraceElement[]
490: 58 5712 org.apache.catalina.core.ApplicationFilterConfig[]
491: 101 5656 org.apache.tomcat.util.buf.WriteConvertor
492: 47 5640 com.tc.aspectwerkz.reflect.impl.java.JavaClassInfo
493: 39 5616 java.net.URI
494: 35 5600 org.opensaml.saml2.core.impl.SubjectConfirmationDataImpl
495: 99 5544 java.net.SocketException
496: 99 5544 javax.net.ssl.SSLException
497: 53 5512 org.apache.jk.core.Msg[]
498: 86 5504 com.sun.net.ssl.internal.ssl.CipherSuite
499: 86 5504 org.apache.tomcat.util.modeler.BaseModelMBean
500: 137 5480 com.tc.object.tx.ServerTransactionID
501: 62 5456 javax.servlet.jsp.PageContext[]
502: 227 5448 java.io.FileDescriptor
503: 113 5424 com.sun.jndi.ldap.LdapClient
504: 134 5360 com.tc.net.protocol.tcm.TCMessageHeaderImpl
505: 126 5344 org.apache.xerces.impl.xs.XSParticleDecl[]
506: 111 5328 javax.naming.directory.SearchControls
507: 222 5328 javax.naming.ldap.Rdn
508: 111 5328 com.sun.jndi.ldap.LdapCtx$SearchArgs
509: 66 5280 org.apache.xml.security.signature.Reference
510: 73 5256 sun.misc.URLClassPath$JarLoader
511: 164 5248 sun.reflect.generics.scope.MethodScope
512: 41 5248 sun.org.mozilla.javascript.internal.IdFunctionObject
513: 93 5208 com.tc.aspectwerkz.expression.ast.ASTParameter
514: 53 5088 org.apache.catalina.util.ParameterMap
515: 53 5088 org.apache.catalina.connector.CoyoteWriter
516: 105 5040 com.sun.jmx.mbeanserver.ConvertingMethod
517: 63 5040 java.security.Signature$Delegate
518: 126 5040 java.net.Inet4Address
519: 35 5040 org.opensaml.saml2.core.impl.SubjectConfirmationImpl
520: 35 5040 org.opensaml.saml2.core.impl.NameIDImpl
521: 35 5040 org.opensaml.saml2.core.impl.AuthnStatementImpl
522: 125 5000 java.util.BitSet
523: 78 4992 java.util.ResourceBundle$BundleReference
524: 62 4960 org.apache.jasper.runtime.JspWriterImpl
525: 29 4872 org.opensaml.saml1.core.impl.AssertionImpl
526: 87 4872 java.util.concurrent.locks.AbstractQueuedSynchronizer$Node
527: 87 4872 org.opensaml.xml.parse.BasicParserPool$DocumentBuilderProxy
528: 87 4872 com.tc.aspectwerkz.expression.ast.ASTClassPattern
529: 29 4872 org.opensaml.saml1.core.impl.ResponseImpl
530: 29 4872 java.lang.Thread
531: 101 4848 org.apache.tomcat.util.buf.C2BConverter
532: 40 4800 org.apache.velocity.runtime.parser.ParserTokenManager
533: 40 4800 org.apache.velocity.runtime.parser.Parser$JJCalls[]
534: 35 4760 org.opensaml.saml2.core.impl.AuthnContextImpl
535: 35 4760 org.opensaml.saml2.core.impl.SubjectImpl
536: 66 4752 org.apache.xml.security.signature.XMLSignature
537: 99 4752 com.tc.net.core.CoreNIOServices$InterestRequest
538: 37 4736 org.opensaml.saml2.core.impl.StatusImpl
539: 39 4680 org.opensaml.saml2.core.impl.StatusCodeImpl
540: 53 4664 org.apache.catalina.connector.CoyoteReader
541: 83 4648 java.util.LinkedHashMap$EntryIterator
542: 8 4608 * TypeArrayKlassKlass
543: 72 4608 java.beans.GenericBeanInfo
544: 192 4608 com.tc.util.ObjectIDSet$MyLong
545: 115 4600 java.security.cert.X509Certificate[]
546: 142 4544 java.util.concurrent.locks.ReentrantLock
547: 71 4544 java.security.cert.TrustAnchor
548: 81 4536 java.util.ResourceBundle$LoaderReference
549: 113 4520 com.sun.net.ssl.internal.ssl.AppInputStream
550: 113 4520 com.sun.net.ssl.internal.ssl.AppOutputStream
551: 80 4480 java.security.ProtectionDomain
552: 35 4480 org.opensaml.saml2.core.impl.ConditionsImpl
553: 79 4424 java.security.CodeSource
554: 29 4408 org.apache.xmlbeans.impl.store.Xobj$CommentXobj
555: 78 4368 org.apache.tomcat.util.threads.ThreadPool$ControlRunnable
556: 133 4256 edu.vt.middleware.ldap.jaas.LdapPrincipal
557: 106 4240 java.lang.StringCoding$StringEncoder
558: 176 4224 com.tc.object.tx.TransactionID
559: 75 4200 java.io.ObjectStreamField
560: 35 4200 org.opensaml.saml2.core.impl.SubjectLocalityImpl
561: 58 4176 com.tc.aspectwerkz.reflect.impl.java.JavaConstructorInfo
562: 174 4176 edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.AndMatchFunctor
563: 29 4176 org.opensaml.saml1.core.impl.AuthenticationStatementImpl
564: 87 4176 com.tc.aspectwerkz.expression.ast.ASTWithin
565: 87 4176 org.apache.xerces.util.AugmentationsImpl$SmallContainer
566: 103 4120 com.sun.jmx.interceptor.DefaultMBeanServerInterceptor$ListenerWrapper
567: 1 4120 org.joda.time.tz.CachedDateTimeZone$Info[]
568: 128 4096 com.tc.logging.TextDecoratorTCLogger
569: 128 4096 org.apache.commons.collections.map.ListOrderedMap
570: 85 4080 org.apache.naming.resources.WARDirContext$Entry
571: 51 4080 edu.vt.middleware.ldap.Authenticator
572: 1 4024 org.apache.tomcat.util.threads.ThreadPool$ControlRunnable[]
573: 36 4016 org.apache.xmlbeans.impl.schema.XmlValueRef[]
574: 100 4000 java.io.File
575: 55 3960 java.io.BufferedWriter
576: 29 3944 org.apache.xmlbeans.impl.schema.SchemaParticleImpl
577: 35 3920 org.opensaml.saml2.core.impl.AudienceImpl
578: 35 3920 org.opensaml.saml2.core.impl.AttributeStatementImpl
579: 35 3920 org.opensaml.saml2.core.impl.AudienceRestrictionImpl
580: 35 3920 org.opensaml.saml2.core.impl.AuthnContextClassRefImpl
581: 81 3888 com.tc.object.ClientObjectManagerImpl$LocalLookupContext
582: 162 3888 com.tc.util.Counter
583: 97 3880 sun.org.mozilla.javascript.internal.ScriptableObject$Slot
584: 119 3808 java.util.regex.Pattern$Start
585: 79 3792 com.tc.aspectwerkz.expression.ast.ASTExecution
586: 118 3776 com.sun.jmx.mbeanserver.NamedObject
587: 156 3744 com.tc.jrexx.regex.Automaton_Pattern$TerminalFormat_LABEL
588: 156 3744 com.tc.jrexx.regex.Automaton_Pattern$TerminalFormat_LITERAL
589: 156 3744 com.tc.jrexx.regex.Automaton_Pattern$TerminalFormat_GroupBegin
590: 156 3744 com.tc.jrexx.regex.Automaton_Pattern$TerminalFormat_RegExp
591: 156 3744 com.tc.jrexx.regex.Automaton_Pattern$TerminalFormat_LITERALSET
592: 156 3744 com.tc.jrexx.regex.Automaton_Pattern$TerminalFormat_REPETITION
593: 156 3744 com.tc.jrexx.regex.Automaton_Pattern$TerminalFormat_GroupEnd
594: 29 3712 org.opensaml.saml1.core.impl.StatusImpl
595: 58 3712 com.tc.aspectwerkz.reflect.impl.java.JavaFieldInfo
596: 29 3712 org.opensaml.saml1.core.impl.ConditionsImpl
597: 66 3696 org.apache.xml.security.algorithms.SignatureAlgorithm
598: 46 3680 org.mozilla.javascript.NativeJavaPackage
599: 153 3672 com.tc.logging.TCLoggerImpl
600: 113 3616 com.sun.net.ssl.internal.ssl.HandshakeHash
601: 10 3616 java.lang.Object[][]
602: 32 3584 javax.management.openmbean.OpenMBeanAttributeInfoSupport
603: 64 3584 sun.security.pkcs11.SunPKCS11$Descriptor
604: 88 3520 edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.AttributeFilterPolicy
605: 109 3488 org.apache.commons.logging.impl.SLF4JLocationAwareLog
606: 29 3480 org.opensaml.saml1.core.impl.StatusCodeImpl
607: 29 3480 org.opensaml.saml1.core.impl.SubjectLocalityImpl
608: 29 3480 org.opensaml.saml1.core.impl.AttributeStatementImpl
609: 108 3456 sun.reflect.generics.scope.ConstructorScope
610: 108 3456 org.apache.xerces.util.XMLStringBuffer
611: 54 3456 org.apache.jk.common.JkInputStream
612: 86 3440 java.io.InputStreamReader
613: 43 3440 java.util.IdentityHashMap
614: 71 3408 sun.security.x509.BasicConstraintsExtension
615: 106 3392 edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.AttributeValueRegexMatchFunctor
616: 106 3392 org.apache.tomcat.util.http.MimeHeaders
617: 210 3360 java.lang.ref.ReferenceQueue$Lock
618: 105 3360 org.apache.xerces.util.SymbolHash
619: 42 3360 EDU.oswego.cs.dl.util.concurrent.ConcurrentHashMap$ValueIterator
620: 30 3360 org.apache.naming.resources.ResourceAttributes
621: 46 3312 sun.security.ec.NamedCurve
622: 205 3280 org.opensaml.xml.schema.impl.XSStringBuilder
623: 30 3272 org.apache.xerces.impl.xs.util.SimpleLocator[]
624: 68 3264 sun.security.x509.SubjectKeyIdentifierExtension
625: 136 3264 com.tc.net.ClientID
626: 29 3248 org.opensaml.saml1.core.impl.AudienceRestrictionConditionImpl
627: 29 3248 org.opensaml.saml1.core.impl.AudienceImpl
628: 112 3240 com.sun.jmx.mbeanserver.OpenConverter[]
629: 101 3232 org.apache.tomcat.util.buf.IntermediateOutputStream
630: 134 3216 com.tc.object.gtx.GlobalTransactionID
631: 67 3216 java.security.Permissions
632: 67 3216 org.opensaml.common.impl.SAMLObjectContentReference
633: 80 3200 sun.security.x509.CertificateExtensions
634: 80 3200 java.io.ByteArrayInputStream
635: 80 3200 com.sun.jmx.mbeanserver.PerInterface$MethodAndSig
636: 16 3200 com.tc.async.impl.StageImpl$WorkerThread
637: 66 3168 org.apache.xml.security.transforms.Transforms
638: 66 3168 org.apache.xml.security.algorithms.MessageDigestAlgorithm
639: 66 3168 java.util.regex.Pattern$Curly
640: 99 3168 org.apache.jk.common.ChannelSocket$SocketConnection
641: 65 3120 org.apache.log4j.ProvisionNode
642: 65 3120 java.util.HashMap$ValuesIterator
643: 97 3104 javax.security.auth.x500.X500Principal
644: 18 3088 java.lang.String[][]
645: 64 3072 java.io.FilePermission
646: 128 3072 java.lang.Character
647: 32 3072 java.util.TreeMap
648: 42 3024 org.apache.xmlbeans.impl.schema.SchemaAnnotationImpl
649: 63 3024 com.tc.object.config.LockDefinitionImpl
650: 8 3008 EDU.oswego.cs.dl.util.concurrent.ConcurrentReaderHashMap$Entry[]
651: 93 2976 sun.security.util.Cache$EqualByteArray
652: 93 2976 sun.security.x509.CertificateValidity
653: 93 2976 sun.security.x509.CertificateSubjectName
654: 93 2976 sun.security.x509.CertificateIssuerName
655: 62 2976 java.io.OutputStreamWriter
656: 53 2968 org.apache.tomcat.util.collections.MultiMap$Field[]
657: 8 2944 org.apache.catalina.core.StandardWrapper
658: 91 2912 sun.org.mozilla.javascript.internal.MemberBox
659: 7 2912 org.apache.xerces.impl.XMLNSDocumentScannerImpl
660: 50 2800 java.util.zip.Deflater
661: 15 2792 org.apache.xerces.impl.xs.XSComplexTypeDecl[]
662: 87 2784 com.tc.object.config.ClassExpressionMatcherImpl
663: 114 2736 com.sun.net.ssl.internal.ssl.SessionId
664: 57 2736 java.io.BufferedInputStream
665: 85 2712 org.apache.naming.resources.WARDirContext$Entry[]
666: 56 2688 org.apache.catalina.core.ApplicationFilterChain
667: 67 2680 com.tc.net.core.CoreNIOServices$3
668: 83 2656 java.util.regex.Pattern$Dollar
669: 48 2648 org.joda.time.format.DateTimeParser[]
670: 55 2640 java.text.SimpleDateFormat[]
671: 66 2640 org.w3c.dom.Element[]
672: 66 2640 org.apache.xml.security.utils.UnsyncBufferedOutputStream
673: 66 2640 org.apache.xml.security.utils.DigesterOutputStream
674: 110 2640 sun.security.x509.SerialNumber
675: 58 2632 com.tc.net.core.TCConnectionJDK14$WriteContext[]
676: 7 2632 org.apache.xerces.parsers.XIncludeAwareParserConfiguration
677: 41 2624 sun.security.x509.AuthorityKeyIdentifierExtension
678: 54 2616 char[][]
679: 12 2592 org.apache.xerces.impl.xs.SchemaGrammar
680: 54 2592 sun.security.x509.KeyUsageExtension
681: 26 2576 sun.org.mozilla.javascript.internal.ScriptableObject$Slot[]
682: 53 2544 org.apache.tomcat.util.buf.UEncoder
683: 79 2528 com.tc.aspectwerkz.expression.regexp.NamePattern
684: 35 2520 org.joda.time.format.DateTimeFormatter
685: 21 2520 org.apache.jasper.compiler.Node$Expression
686: 104 2496 sun.security.x509.KeyIdentifier
687: 78 2496 java.util.regex.Pattern$SliceI
688: 26 2496 com.tc.object.tx.ClientTransactionImpl
689: 104 2496 org.apache.juli.logging.DirectJDKLog
690: 62 2480 org.apache.jasper.runtime.JspFactoryImpl$PageContextPool
691: 4 2464 java.lang.Thread[]
692: 44 2464 java.io.PrintStream
693: 14 2464 java.io.ObjectStreamClass
694: 102 2448 java.util.zip.Adler32
695: 102 2448 sun.reflect.BootstrapConstructorAccessorImpl
696: 61 2440 edu.vt.middleware.ldap.Ldap
697: 12 2400 * KlassKlass
698: 100 2400 org.apache.xmlbeans.SchemaIdentityConstraint$Ref[]
699: 74 2368 java.security.Provider$UString
700: 74 2368 com.tc.object.lockmanager.api.ThreadID
701: 72 2368 org.apache.xerces.impl.xs.XSAnnotationImpl[]
702: 16 2304 org.apache.xerces.impl.xs.XSElementDecl[]
703: 96 2304 EDU.oswego.cs.dl.util.concurrent.ConcurrentHashMap$Segment
704: 72 2304 com.tc.object.config.StandardDSOClientConfigHelperImpl$Resource
705: 36 2304 com.tc.management.stats.AggregateInteger
706: 72 2304 org.apache.xerces.xni.XMLString
707: 4 2288 java.lang.Integer[]
708: 71 2272 sun.security.provider.JavaKeyStore$TrustedCertEntry
709: 7 2240 org.apache.xerces.impl.dtd.XMLNSDTDValidator
710: 28 2240 sun.util.calendar.ZoneInfo
711: 40 2240 org.apache.velocity.runtime.parser.Parser$LookaheadSuccess
712: 35 2240 EDU.oswego.cs.dl.util.concurrent.BoundedLinkedQueue
713: 93 2232 sun.security.x509.CertificateAlgorithmId
714: 93 2232 sun.security.x509.CertificateSerialNumber
715: 93 2232 sun.security.x509.CertificateX509Key
716: 93 2232 sun.security.x509.CertificateVersion
717: 46 2208 java.security.spec.EllipticCurve
718: 39 2184 java.io.ObjectStreamClass$WeakClassKey
719: 34 2176 org.mozilla.javascript.ScriptableObject$GetterSlot
720: 68 2176 com.tc.object.config.Lock
721: 34 2176 org.apache.xerces.impl.dtd.XMLSimpleType
722: 63 2168 sun.org.mozilla.javascript.internal.MemberBox[]
723: 53 2120 org.apache.catalina.util.StringParser
724: 53 2120 org.apache.tomcat.util.http.Cookies
725: 2 2096 org.apache.commons.collections.map.AbstractHashedMap$HashEntry[]
726: 2 2096 java.lang.Long[]
727: 87 2088 org.apache.xerces.util.AugmentationsImpl
728: 65 2080 sun.nio.ch.AllocatedNativeObject
729: 13 2080 org.apache.velocity.runtime.parser.node.ASTReference
730: 65 2080 com.tc.object.tx.ThreadTransactionContext
731: 1 2072 com.tc.object.TCObject[]
732: 1 2072 org.apache.xerces.impl.dv.DatatypeValidator[]
733: 1 2072 org.apache.xerces.impl.dtd.models.ContentModelValidator[]
734: 41 2064 org.apache.xerces.impl.xs.traversers.OneAttr[]
735: 86 2064 java.util.regex.Pattern$Begin
736: 64 2048 java.util.HashMap$ValuesCollectionWrapper
737: 64 2048 java.util.AbstractMap$SimpleImmutableEntry
738: 16 2048 com.sun.jndi.ldap.Connection
739: 64 2048 java.io.FilePermissionCollection
740: 11 2024 com.tc.object.msg.AcknowledgeTransactionMessageImpl
741: 18 2016 org.springframework.beans.BeanWrapperImpl
742: 21 2016 org.apache.velocity.runtime.parser.node.ASTText
743: 63 2016 org.apache.jasper.compiler.JspUtil$ValidAttribute
744: 50 2000 org.apache.xmlbeans.impl.values.XmlBooleanImpl
745: 83 1992 org.apache.tomcat.util.modeler.NotificationInfo[]
746: 62 1984 org.apache.catalina.core.ApplicationContext$DispatchData
747: 34 1960 org.joda.time.format.DateTimePrinter[]
748: 61 1952 org.springframework.beans.CachedIntrospectionResults
749: 81 1944 com.tc.util.concurrent.ResetableLatch
750: 10 1920 org.knopflerfish.framework.BundleImpl
751: 20 1920 org.opensaml.xml.security.x509.BasicX509Credential
752: 48 1920 org.apache.xerces.impl.xs.traversers.OneAttr
753: 80 1920 java.security.Principal[]
754: 40 1920 org.apache.velocity.runtime.parser.JJTParserState
755: 34 1904 org.apache.xmlbeans.impl.regex.RangeToken
756: 17 1904 org.apache.xerces.impl.xs.models.XSDFACM
757: 34 1904 sun.reflect.generics.repository.ClassRepository
758: 1 1880 org.apache.xml.serializer.EncodingInfo[]
759: 78 1872 com.tc.object.lockmanager.impl.ClientLock$Action
760: 18 1872 edu.internet2.middleware.shibboleth.common.config.relyingparty.RelyingPartyFactoryBean
761: 39 1872 org.apache.tomcat.util.digester.ObjectCreateRule
762: 68 1864 javax.management.MBeanConstructorInfo[]
763: 58 1856 sun.reflect.generics.scope.ClassScope
764: 29 1856 com.tc.io.TCByteBufferOutputStream
765: 23 1840 sun.org.mozilla.javascript.internal.NativeJavaPackage
766: 25 1800 java.util.PropertyResourceBundle
767: 28 1792 org.mozilla.javascript.IdScriptableObject$PrototypeValues
768: 44 1760 java.util.regex.Pattern$8
769: 7 1736 org.apache.xerces.impl.XMLDTDScannerImpl
770: 54 1728 java.util.jar.Manifest
771: 43 1720 org.springframework.beans.factory.config.TypedStringValue
772: 42 1680 java.util.Collections$UnmodifiableRandomAccessList
773: 19 1672 java.util.zip.ZipFile$1
774: 9 1656 edu.internet2.middleware.shibboleth.common.config.relyingparty.saml.SAML2SSOProfileConfigurationFactoryBean
775: 23 1656 org.joda.time.chrono.ZonedChronology$ZonedDateTimeField
776: 41 1640 com.tc.object.NamedTraversedReference
777: 12 1632 edu.internet2.middleware.shibboleth.common.config.relyingparty.saml.SAML1AttributeQueryProfileConfigurationFactoryBean
778: 34 1632 sun.security.x509.URIName
779: 12 1632 edu.internet2.middleware.shibboleth.common.config.relyingparty.saml.SAML1ArtifactResolutionProfileConfigurationFactoryBean
780: 1 1624 org.apache.tomcat.util.buf.StringCache$ByteEntry[]
781: 67 1608 com.tc.util.UUID
782: 67 1608 com.tc.object.tx.ClientTransactionManagerImpl$ThreadTransactionLoggingStack
783: 5 1600 org.springframework.beans.factory.support.DefaultListableBeanFactory
784: 4 1600 org.apache.xerces.impl.XMLDocumentScannerImpl
785: 10 1600 org.knopflerfish.framework.BundleClassLoader
786: 40 1600 org.apache.xmlbeans.impl.schema.SchemaAttributeModelImpl
787: 33 1584 sun.security.pkcs11.Session
788: 28 1568 sun.security.x509.DistributionPoint
789: 49 1568 java.util.HashMap$EntryWrapper
790: 65 1560 com.tc.util.Stack
791: 65 1560 sun.security.x509.GeneralName
792: 32 1536 org.apache.xerces.impl.xs.XSWildcardDecl
793: 64 1536 sun.nio.ch.DevPollArrayWrapper$Updator
794: 63 1512 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1
795: 27 1512 sun.reflect.generics.reflectiveObjects.TypeVariableImpl
796: 47 1504 java.security.spec.ECPoint
797: 62 1488 org.apache.jasper.runtime.BodyContentImpl[]
798: 40 1480 com.tc.object.field.TCField[]
799: 23 1472 java.io.ObjectStreamClass$FieldReflectorKey
800: 30 1440 java.security.Provider$EngineDescription
801: 36 1440 org.apache.xmlbeans.impl.values.XmlIntegerImpl
802: 15 1440 org.apache.xerces.impl.xs.XSDDescription
803: 36 1440 org.apache.xerces.impl.xs.traversers.SmallContainer
804: 15 1440 org.apache.velocity.runtime.parser.node.ASTComment
805: 20 1440 org.mozilla.javascript.NativeError
806: 45 1440 java.io.ByteArrayOutputStream
807: 22 1408 com.sun.jmx.mbeanserver.PerInterface
808: 28 1408 org.apache.xmlbeans.SchemaParticle[]
809: 35 1400 org.joda.time.format.DateTimeFormatterBuilder$Composite
810: 25 1400 org.apache.tomcat.util.digester.SetNextRule
811: 25 1400 sun.security.x509.CRLDistributionPointsExtension
812: 25 1400 org.apache.xerces.util.XMLResourceIdentifierImpl
813: 19 1368 org.apache.xerces.impl.dtd.XMLEntityDecl
814: 34 1360 sun.reflect.generics.tree.ClassSignature
815: 42 1344 org.apache.tomcat.util.log.CaptureLog
816: 56 1344 sun.security.x509.GeneralNames
817: 7 1344 org.apache.xerces.impl.XMLEntityManager
818: 28 1344 java.io.DataOutputStream
819: 24 1344 com.tc.object.lockmanager.impl.ClientLock$LockHold
820: 55 1320 edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.OrMatchFunctor
821: 15 1320 javax.management.openmbean.ArrayType
822: 30 1320 java.io.ObjectStreamField[]
823: 41 1312 edu.internet2.middleware.shibboleth.idp.authn.UsernamePrincipal
824: 54 1296 org.apache.catalina.connector.ResponseFacade
825: 53 1296 org.apache.xmlbeans.SchemaType$Ref[]
826: 27 1296 java.math.BigDecimal
827: 54 1296 org.apache.catalina.connector.RequestFacade
828: 10 1280 org.apache.jasper.compiler.Node$PageDirective
829: 32 1280 com.sun.jmx.mbeanserver.OpenConverter$IdentityConverter
830: 16 1280 com.tc.object.bytecode.LogicalMethodAdapter
831: 53 1272 org.apache.catalina.connector.CoyoteInputStream
832: 53 1272 com.tc.net.protocol.delivery.OOOProtocolEvent
833: 53 1272 org.apache.catalina.connector.CoyoteOutputStream
834: 26 1248 com.tc.object.tx.TransactionContextImpl
835: 39 1248 com.tc.net.protocol.tcm.TCMessageType
836: 43 1248 java.lang.reflect.TypeVariable[]
837: 4 1248 org.apache.xerces.impl.dtd.XMLDTDValidator
838: 31 1240 org.apache.xml.security.algorithms.JCEMapper$Algorithm
839: 31 1240 java.util.Collections$UnmodifiableCollection$1
840: 22 1232 javax.management.MBeanConstructorInfo
841: 7 1232 org.apache.xerces.impl.dtd.XMLDTDProcessor
842: 47 1224 javax.management.MBeanNotificationInfo[]
843: 51 1224 com.tc.util.State
844: 30 1200 org.mozilla.javascript.BeanProperty
845: 30 1200 com.tc.object.config.schema.IncludedInstrumentedClass
846: 10 1200 org.apache.jasper.compiler.Node$Scriptlet
847: 15 1200 java.io.PrintWriter
848: 50 1200 java.lang.Boolean
849: 30 1200 org.apache.xmlbeans.impl.values.XmlStringImpl
850: 25 1200 org.apache.tomcat.util.digester.ArrayStack
851: 29 1160 org.osgi.framework.Version
852: 8 1152 edu.internet2.middleware.shibboleth.common.config.relyingparty.saml.ShibbolethSSOProfileConfigurationFactoryBean
853: 16 1152 com.tc.async.impl.StageImpl
854: 18 1152 org.apache.xerces.impl.dv.xs.DecimalDV$XDecimal
855: 6 1152 com.tc.object.msg.CommitTransactionMessageImpl
856: 11 1144 org.knopflerfish.framework.BundlePackages
857: 20 1144 org.apache.velocity.runtime.parser.node.Node[]
858: 14 1120 edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyFactoryBean
859: 5 1120 org.apache.jasper.JspCompilationContext
860: 35 1120 com.tc.object.applicator.PhysicalApplicator
861: 23 1104 com.tc.util.ListIteratorWrapper
862: 6 1104 java.util.TimerThread
863: 23 1104 java.util.LinkedList$ListItr
864: 23 1104 org.joda.time.DateTimeFieldType$StandardDateTimeFieldType
865: 8 1088 edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.SSOConfiguration
866: 34 1088 java.util.concurrent.atomic.AtomicInteger
867: 17 1088 sun.nio.cs.ISO_8859_1$Decoder
868: 17 1088 org.apache.tomcat.util.digester.CallParamRule
869: 16 1080 javax.servlet.http.Cookie[]
870: 2 1072 java.lang.Character[]
871: 19 1064 java.util.zip.ZipFile$ZipFileInputStream
872: 22 1056 sun.security.x509.OIDMap$OIDInfo
873: 33 1056 com.tc.logging.ClientIDLogger
874: 1 1048 javax.xml.namespace.QName[]
875: 1 1048 com.tc.object.lockmanager.impl.ClientLockManagerImpl[]
876: 1 1048 java.util.Map[]
877: 34 1040 sun.reflect.generics.tree.ClassTypeSignature[]
878: 26 1040 java.security.spec.ECFieldF2m
879: 16 1024 com.sun.jmx.mbeanserver.MXBeanSupport
880: 16 1024 com.tc.async.impl.StageQueueImpl
881: 16 1024 com.tc.config.schema.dynamic.BooleanXPathBasedConfigItem
882: 42 1008 org.apache.xmlbeans.SchemaAnnotation$Attribute[]
883: 21 1008 com.tc.util.AATreeSet$AANode
884: 18 1008 org.opensaml.saml2.binding.security.SAML2HTTPPostSimpleSignRule
885: 18 1008 edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration
886: 14 1008 javax.management.openmbean.SimpleType
887: 18 1008 org.mozilla.javascript.LazilyLoadedCtor
888: 21 1008 org.apache.xerces.impl.dtd.XMLElementDecl
889: 18 1008 org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule
890: 21 1008 java.util.Locale
891: 18 1008 edu.internet2.middleware.shibboleth.common.binding.security.ShibbolethClientCertAuthRule
892: 20 1000 sun.security.pkcs11.wrapper.CK_ATTRIBUTE[]
893: 12 992 java.util.regex.Pattern$Node[]
894: 11 968 org.apache.xmlbeans.impl.schema.SchemaLocalAttributeImpl
895: 30 960 org.apache.catalina.util.LifecycleSupport
896: 30 960 com.tc.object.config.InstrumentationDescriptorImpl
897: 40 960 com.tc.object.TraversedReferencesImpl
898: 40 960 sun.security.x509.DNSName
899: 17 952 com.sun.jmx.mbeanserver.WeakIdentityHashMap$IdentityWeakReference
900: 39 936 java.util.regex.Pattern$CharPropertyNames$1
901: 13 936 sun.org.mozilla.javascript.internal.IdScriptableObject$PrototypeValues
902: 12 928 org.apache.xerces.util.XMLAttributesImpl$Attribute[]
903: 5 920 org.apache.jasper.servlet.JasperLoader
904: 38 912 sun.reflect.generics.tree.TypeVariableSignature
905: 19 912 org.apache.naming.resources.WARDirContext$WARResource
906: 3 912 edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler
907: 28 896 java.util.regex.Pattern$GroupTail
908: 7 896 org.apache.commons.collections.ExtendedProperties
909: 4 896 org.apache.tomcat.util.digester.Digester
910: 28 896 java.util.regex.Pattern$GroupHead
911: 10 880 org.apache.xerces.impl.xs.AttributePSVImpl
912: 27 864 gnu.trove.TIntArrayList
913: 18 864 org.springframework.beans.propertyeditors.URLEditor
914: 9 864 javax.management.openmbean.CompositeType
915: 18 864 org.springframework.beans.propertyeditors.URIEditor
916: 18 864 com.terracottatech.config.impl.ClassExpressionImpl
917: 18 864 org.springframework.core.io.support.ResourceArrayPropertyEditor
918: 27 864 sun.reflect.generics.tree.FormalTypeParameter
919: 18 864 org.springframework.beans.propertyeditors.InputStreamEditor
920: 12 864 org.apache.xerces.impl.dtd.XMLDTDDescription
921: 18 864 org.springframework.beans.propertyeditors.ClassEditor
922: 18 864 org.springframework.beans.propertyeditors.FileEditor
923: 15 864 org.apache.jasper.compiler.JspUtil$ValidAttribute[]
924: 18 864 org.apache.tomcat.util.http.mapper.Mapper$Wrapper
925: 18 864 org.springframework.core.io.ResourceEditor
926: 18 864 org.apache.tomcat.util.digester.SetPropertiesRule
927: 53 848 org.apache.tomcat.util.buf.UDecoder
928: 21 840 org.opensaml.common.binding.security.IssueInstantRule
929: 3 840 EDU.oswego.cs.dl.util.concurrent.ConcurrentHashMap$Segment[]
930: 21 840 sun.security.x509.AVAKeyword
931: 21 840 org.apache.xmlbeans.impl.regex.Op$RangeOp
932: 15 840 org.opensaml.security.MetadataCredentialResolver$MetadataCacheKey
933: 15 840 com.terracottatech.config.impl.LockLevelImpl
934: 3 840 EDU.oswego.cs.dl.util.concurrent.ConcurrentHashMap$Entry[]
935: 8 832 EDU.oswego.cs.dl.util.concurrent.ConcurrentReaderHashMap
936: 8 832 com.tc.object.tx.TransactionBatchWriter
937: 26 832 java.util.regex.Pattern$2
938: 8 832 org.apache.catalina.core.StandardWrapperValve
939: 8 832 javax.management.openmbean.OpenMBeanParameterInfoSupport
940: 13 832 edu.internet2.middleware.shibboleth.common.attribute.provider.BasicAttribute
941: 13 832 org.apache.xerces.impl.dv.ValidatedInfo
942: 26 832 java.util.concurrent.CopyOnWriteArrayList
943: 6 816 org.apache.xmlbeans.impl.schema.SchemaContainer
944: 17 816 java.util.concurrent.locks.ReentrantReadWriteLock
945: 4 816 java.math.BigInteger[]
946: 30 800 org.apache.catalina.LifecycleListener[]
947: 20 800 com.tc.asm.Type
948: 2 800 edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler$ShibbolethSSORequestContext
949: 20 800 org.apache.xmlbeans.impl.regex.Token$ClosureToken
950: 10 800 org.knopflerfish.framework.bundlestorage.memory.BundleArchiveImpl
951: 20 800 org.opensaml.xml.security.credential.CredentialContextSet
952: 9 792 org.knopflerfish.framework.ImportPkg
953: 33 792 com.tc.config.schema.dynamic.CompoundConfigItemListener
954: 16 768 sun.security.x509.NetscapeCertTypeExtension
955: 16 768 java.security.cert.PolicyQualifierInfo
956: 16 768 org.opensaml.xml.signature.impl.CryptoBinaryUnmarshaller
957: 12 768 sun.nio.cs.UTF_8$Decoder
958: 8 768 org.knopflerfish.framework.ExportPkg
959: 6 768 org.mozilla.javascript.FunctionObject
960: 16 768 sun.misc.CacheEntry
961: 8 768 edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml1.ShibbolethSSOConfiguration
962: 5 760 org.joda.time.convert.ConverterSet$Entry[]
963: 3 744 org.apache.xerces.parsers.DOMParser
964: 4 736 org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser
965: 18 720 org.springframework.beans.factory.config.BeanDefinitionHolder
966: 18 720 com.tc.aspectwerkz.expression.ast.ExpressionParser$JJCalls
967: 15 720 com.sun.net.ssl.internal.ssl.CipherSuite$KeyExchange
968: 15 720 sun.security.x509.CertificatePoliciesExtension
969: 15 720 org.apache.xmlbeans.impl.regex.Op$ModifierOp
970: 15 720 com.terracottatech.config.impl.MethodExpressionImpl
971: 18 720 org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule
972: 18 720 com.terracottatech.config.impl.IncludeImpl
973: 18 720 org.opensaml.common.binding.security.MessageReplayRule
974: 10 720 sun.org.mozilla.javascript.internal.NativeError
975: 1 712 org.apache.catalina.core.StandardContext
976: 11 704 org.knopflerfish.framework.RequireBundle
977: 8 704 edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml1.ArtifactResolutionConfiguration
978: 22 704 com.tc.object.config.DSOChangeApplicatorSpec
979: 11 704 byte[][]
980: 11 704 org.apache.xerces.impl.validation.ValidationState
981: 8 704 edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml1.AttributeQueryConfiguration
982: 4 704 sun.nio.ch.SocketChannelImpl
983: 19 680 org.apache.xmlbeans.impl.regex.RegularExpression[]
984: 17 680 sun.security.pkcs11.TemplateManager$TemplateKey
985: 28 672 java.lang.Float
986: 12 672 org.apache.xerces.util.XMLAttributesImpl
987: 21 672 org.apache.velocity.util.introspection.Info
988: 4 672 sun.org.mozilla.javascript.internal.InterpreterData
989: 6 672 com.tc.object.tx.TransactionBatchWriter$TransactionBufferImpl
990: 21 672 org.apache.xmlbeans.impl.regex.Token$CharToken
991: 14 672 org.apache.xerces.impl.XMLEntityManager$CharacterBuffer[]
992: 12 672 java.util.Collections$UnmodifiableMap
993: 14 672 org.apache.catalina.startup.SetNextNamingRule
994: 5 640 org.apache.catalina.core.ApplicationHttpRequest
995: 4 640 org.springframework.context.support.GenericApplicationContext
996: 5 640 org.apache.xmlbeans.impl.store.Cur
997: 16 640 org.joda.time.format.DateTimeFormatterBuilder$PaddedNumber
998: 16 640 org.opensaml.security.SAMLMDCredentialContext
999: 10 640 org.apache.catalina.core.StandardPipeline
1000: 2 640 org.joda.time.chrono.ISOChronology
1001: 20 640 ch.qos.logback.core.pattern.LiteralConverter
1002: 20 640 net.sourceforge.yamlbeans.tokenizer.TokenType
1003: 16 640 org.apache.xerces.impl.xpath.regex.Op$RangeOp
1004: 16 640 org.opensaml.xml.signature.impl.CryptoBinaryMarshaller
1005: 20 640 ch.qos.logback.classic.spi.LoggerContextAwareBase
1006: 6 624 java.security.SecureRandom
1007: 11 616 sun.misc.URLClassPath
1008: 19 608 com.tc.util.ObjectIDSet$Range
1009: 15 600 com.terracottatech.config.impl.AutolockImpl
1010: 15 600 javax.naming.ldap.InitialLdapContext
1011: 15 600 org.apache.xerces.impl.xs.XSGroupDecl[]
1012: 5 600 org.apache.jasper.servlet.JspServletWrapper
1013: 15 600 java.lang.ref.SoftReference[]
1014: 18 576 java.text.DateFormat$Field
1015: 18 576 java.util.Collections$UnmodifiableCollection
1016: 6 576 edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2ScopedStringAttributeEncoder
1017: 24 576 com.tc.object.lockmanager.impl.ClientLock$LevelCounter
1018: 12 576 java.util.regex.Pattern$Branch
1019: 8 576 org.mozilla.javascript.JavaMembers
1020: 18 576 java.util.regex.Pattern$Single
1021: 12 576 com.tc.net.core.ConnectionInfo
1022: 18 576 org.springframework.beans.TypeConverterDelegate
1023: 24 576 gnu.trove.TIntStack
1024: 10 560 com.sun.net.ssl.internal.ssl.CipherSuite$BulkCipher
1025: 7 560 com.tc.object.bytecode.DateMethodAdapter
1026: 14 560 org.apache.xerces.impl.xpath.regex.Op$ChildOp
1027: 5 560 org.apache.juli.FileHandler
1028: 23 552 org.apache.coyote.ActionCode
1029: 23 552 java.lang.ThreadLocal
1030: 17 544 java.util.concurrent.atomic.AtomicLong
1031: 17 544 com.tc.object.loaders.LoaderDescription
1032: 17 544 com.tc.net.protocol.tcm.TCMessageSinkToSedaSink
1033: 17 544 EDU.oswego.cs.dl.util.concurrent.SynchronizedLong
1034: 1 536 org.joda.time.chrono.ISOChronology[]
1035: 2 528 com.tc.object.msg.BroadcastTransactionMessageImpl
1036: 6 528 edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML1ScopedStringAttributeEncoder
1037: 11 528 org.joda.time.chrono.ZonedChronology$ZonedDurationField
1038: 5 528 java.io.File[]
1039: 6 528 java.util.jar.JarVerifier
1040: 11 528 sun.security.x509.ExtendedKeyUsageExtension
1041: 9 520 java.lang.Boolean[]
1042: 5 520 org.opensaml.util.resource.ResourceChangeWatcher
1043: 4 512 edu.internet2.middleware.shibboleth.common.config.security.X509CredentialFactoryBean
1044: 16 512 sun.security.pkcs11.wrapper.CK_ATTRIBUTE
1045: 16 512 com.tc.async.impl.StageImpl$WorkerThread[]
1046: 16 512 com.tc.async.impl.StageQueueImpl$NullStageQueueStatsCollector
1047: 8 512 java.io.ObjectStreamClass$FieldReflector
1048: 4 512 ch.qos.logback.classic.spi.LoggingEvent
1049: 7 504 com.sun.jmx.mbeanserver.OpenConverter$CompositeConverter
1050: 7 504 org.apache.xerces.impl.XMLErrorReporter
1051: 21 504 org.opensaml.ws.security.provider.MandatoryIssuerRule
1052: 3 504 ch.qos.logback.core.rolling.helper.RollingCalendar
1053: 3 504 edu.internet2.middleware.shibboleth.common.config.relyingparty.saml.SAML2AttributeQueryProfileConfigurationFactoryBean
1054: 21 504 EDU.oswego.cs.dl.util.concurrent.CopyOnWriteArrayList
1055: 3 504 edu.internet2.middleware.shibboleth.common.config.relyingparty.saml.SAML2ArtifactResolutionProfileConfigurationFactoryBean
1056: 21 504 edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.NotMatchFunctor
1057: 15 488 java.lang.Byte[]
1058: 15 480 sun.security.x509.PolicyInformation
1059: 4 480 org.apache.xerces.impl.dv.xs.AbstractDateTimeDV$DateTimeData
1060: 12 480 org.apache.xerces.impl.dtd.XMLAttributeDecl
1061: 5 480 org.apache.xmlbeans.impl.regex.RegularExpression
1062: 10 480 org.eclipse.jdt.internal.compiler.lookup.BaseTypeBinding
1063: 15 480 java.util.regex.Pattern$BitClass
1064: 1 480 org.apache.xerces.impl.dtd.DTDGrammar
1065: 20 480 java.security.spec.ECFieldFp
1066: 15 480 org.apache.xmlbeans.impl.regex.Token$UnionToken
1067: 12 480 java.util.Arrays$ArrayList
1068: 3 480 org.opensaml.saml2.metadata.impl.EntitiesDescriptorImpl
1069: 15 480 javax.management.StandardMBean
1070: 10 480 org.opensaml.xml.schema.impl.XSBase64BinaryUnmarshaller
1071: 4 480 org.springframework.beans.factory.support.ManagedMap
1072: 10 480 sun.security.jca.ProviderConfig
1073: 10 480 sun.security.x509.SubjectAlternativeNameExtension
1074: 12 480 org.knopflerfish.framework.VersionRange
1075: 20 480 java.lang.Double
1076: 15 480 java.util.concurrent.CopyOnWriteArrayList$COWIterator
1077: 12 480 java.lang.RuntimePermission
1078: 10 480 org.apache.xmlbeans.impl.values.XmlTokenImpl
1079: 19 456 org.joda.time.format.DateTimeFormatterBuilder$CharacterLiteral
1080: 3 456 ch.qos.logback.core.rolling.RollingFileAppender
1081: 8 448 org.joda.time.field.PreciseDateTimeField
1082: 8 448 org.apache.xerces.impl.xpath.regex.RangeToken
1083: 7 448 com.tc.aspectwerkz.expression.ast.Token
1084: 8 448 sun.misc.ProxyGenerator$PrimitiveTypeInfo
1085: 14 448 edu.internet2.middleware.shibboleth.common.security.ShibbolethSecurityPolicy
1086: 8 448 java.lang.OutOfMemoryError
1087: 11 440 org.apache.xmlbeans.impl.regex.Op$CharOp
1088: 11 440 java.util.TreeSet
1089: 11 440 com.sun.jmx.mbeanserver.StandardMBeanSupport
1090: 5 440 org.apache.velocity.runtime.parser.node.ASTExpression
1091: 11 440 java.io.FileOutputStream
1092: 5 440 org.apache.velocity.runtime.parser.node.ASTBlock
1093: 5 440 org.apache.velocity.runtime.parser.node.ASTIfStatement
1094: 11 440 org.apache.xerces.impl.dtd.DTDGrammarBucket
1095: 3 432 edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.ScriptedAttributeDefinitionFactoryBean
1096: 18 432 org.opensaml.security.SAMLSignatureProfileValidator
1097: 2 432 org.apache.xmlbeans.impl.schema.SchemaTypeSystemImpl
1098: 2 432 org.apache.xerces.impl.xs.SchemaGrammar$BuiltinSchemaGrammar
1099: 1 416 java.net.URL[]
1100: 13 416 org.joda.time.format.DateTimeFormatterBuilder$MatchingParser
1101: 4 416 ch.qos.logback.classic.PatternLayout
1102: 17 408 sun.security.pkcs11.TemplateManager$Template
1103: 1 408 java.util.jar.JarFile[]
1104: 5 400 org.apache.jasper.compiler.JDTCompiler
1105: 10 400 sun.org.mozilla.javascript.internal.BeanProperty
1106: 10 400 javax.management.NotificationBroadcasterSupport
1107: 10 400 java.awt.AWTPermission
1108: 10 400 org.knopflerfish.framework.bundlestorage.memory.Archive
1109: 10 400 org.apache.xmlbeans.impl.schema.SchemaStringEnumEntryImpl
1110: 10 400 com.terracottatech.config.impl.PropertyImpl
1111: 1 400 org.apache.xmlbeans.impl.schema.SchemaTypeImpl[]
1112: 5 400 org.apache.naming.resources.WARDirContext
1113: 10 400 org.opensaml.xml.schema.impl.XSBase64BinaryMarshaller
1114: 7 392 org.apache.xerces.impl.XMLVersionDetector
1115: 7 392 org.apache.xerces.impl.XMLEntityScanner
1116: 7 392 org.apache.xerces.impl.XMLEntityManager$CharacterBufferPool
1117: 5 392 double[]
1118: 7 392 java.util.NoSuchElementException
1119: 8 384 org.opensaml.xacml.profile.saml.impl.ReferencedPoliciesTypeUnmarshaller
1120: 16 384 org.opensaml.xml.security.keyinfo.KeyInfoCredentialContext
1121: 8 384 org.opensaml.xml.schema.impl.XSStringUnmarshaller
1122: 16 384 java.lang.Byte
1123: 12 384 org.joda.time.DurationFieldType$StandardDurationFieldType
1124: 3 384 sun.org.mozilla.javascript.internal.FunctionObject
1125: 8 384 org.opensaml.xacml.policy.impl.AttributeDesignatorTypeUnmarshaller
1126: 8 384 org.opensaml.xacml.profile.saml.impl.XACMLAuthzDecisionQueryTypeUnmarshaller
1127: 12 384 org.xml.sax.helpers.AttributesImpl
1128: 12 384 EDU.oswego.cs.dl.util.concurrent.SynchronizedBoolean
1129: 8 384 org.opensaml.xacml.profile.saml.impl.XACMLAuthzDecisionStatementTypeUnmarshaller
1130: 12 384 org.apache.log4j.Level
1131: 8 384 org.knopflerfish.framework.Pkg
1132: 16 384 com.tc.util.concurrent.TCBoundedLinkedQueue
1133: 3 384 org.apache.xmlbeans.impl.schema.SchemaTypeLoaderImpl
1134: 12 384 java.util.Collections$UnmodifiableSet
1135: 6 384 ch.qos.logback.core.rolling.helper.DateTokenConverter
1136: 16 384 com.tc.object.AnonymousTraversedReference
1137: 2 384 com.sun.jmx.remote.opt.util.JobExecutor
1138: 16 384 java.util.regex.Pattern$CharPropertyNames$4
1139: 8 384 org.apache.log4j.helpers.PatternParser$LiteralPatternConverter
1140: 4 384 java.lang.reflect.Field[]
1141: 8 384 org.opensaml.xacml.profile.saml.impl.XACMLPolicyQueryTypeUnmarshaller
1142: 3 384 ch.qos.logback.core.rolling.TimeBasedRollingPolicy
1143: 8 384 org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeUnmarshaller
1144: 12 384 com.sun.jmx.remote.opt.util.ClassLogger
1145: 2 368 org.apache.xmlbeans.impl.store.Cur[]
1146: 5 360 sun.management.MemoryPoolImpl
1147: 9 360 java.util.logging.Level
1148: 3 360 org.apache.juli.ClassLoaderLogManager$RootLogger
1149: 15 360 net.sourceforge.yamlbeans.tokenizer.Token
1150: 15 360 sun.security.x509.CertificatePolicyId
1151: 9 360 org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver
1152: 3 360 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.ScriptedAttributeDefinition
1153: 15 360 org.opensaml.ws.security.provider.MandatoryAuthenticatedMessageRule
1154: 9 360 javax.management.NotificationBroadcasterSupport$SendNotifJob
1155: 9 360 org.opensaml.util.resource.FilesystemResource
1156: 3 360 sun.org.mozilla.javascript.internal.InterpretedFunction
1157: 15 360 org.eclipse.jdt.internal.compiler.impl.IntConstant
1158: 9 360 java.net.InetSocketAddress
1159: 9 360 com.tc.management.AbstractTerracottaMBean$Listener
1160: 1 352 org.apache.xerces.dom.DeferredDocumentImpl
1161: 11 352 org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$ElementStack
1162: 11 352 org.apache.xerces.impl.xpath.regex.Token$CharToken
1163: 11 352 sun.security.pkcs11.TemplateManager$KeyAndTemplate
1164: 11 352 java.util.regex.Pattern$Ctype
1165: 4 352 org.apache.xerces.jaxp.SAXParserImpl
1166: 11 352 org.knopflerfish.framework.BundleContextImpl
1167: 9 344 org.apache.tomcat.util.http.mapper.Mapper$Wrapper[]
1168: 7 336 sun.security.x509.AuthorityInfoAccessExtension
1169: 6 336 com.tc.object.tx.TransactionBatchWriter$FoldingKey
1170: 7 336 org.apache.xerces.util.NamespaceSupport
1171: 7 336 com.tc.net.TCSocketAddress
1172: 6 336 sun.reflect.generics.reflectiveObjects.WildcardTypeImpl
1173: 7 336 org.opensaml.xml.security.BasicSecurityConfiguration$KeyTransportEncryptionIndex
1174: 6 336 java.util.IdentityHashMap$KeyIterator
1175: 1 336 org.joda.time.chrono.GregorianChronology
1176: 2 336 sun.security.jgss.SunProvider
1177: 6 336 javax.management.MBeanNotificationInfo
1178: 2 336 java.text.DateFormat$Field[]
1179: 6 336 org.apache.catalina.LifecycleEvent
1180: 7 336 org.apache.catalina.util.ManifestResource
1181: 1 336 com.tc.net.protocol.tcm.TCMessageType[]
1182: 5 328 org.joda.time.convert.Converter[]
1183: 1 320 org.joda.time.chrono.ZonedChronology
1184: 10 320 java.io.ObjectStreamClass$ClassDataSlot
1185: 8 320 org.opensaml.xacml.profile.saml.impl.XACMLPolicyQueryTypeMarshaller
1186: 8 320 sun.security.x509.AccessDescription
1187: 8 320 org.opensaml.xacml.profile.saml.impl.XACMLAuthzDecisionStatementTypeMarshaller
1188: 10 320 com.tc.object.config.DistributedMethodSpec
1189: 8 320 org.apache.xerces.util.SymbolTable
1190: 8 320 org.opensaml.xacml.profile.saml.impl.ReferencedPoliciesTypeMarshaller
1191: 10 320 org.knopflerfish.framework.bundlestorage.memory.Archive[]
1192: 4 320 ch.qos.logback.classic.pattern.ExtendedThrowableProxyConverter
1193: 10 320 com.tc.object.LiteralValues
1194: 10 320 sun.misc.MetaIndex
1195: 5 320 sun.management.MemoryPoolImpl$CollectionSensor
1196: 10 320 com.tc.util.LazyMap$LazyValueIterator
1197: 10 320 org.apache.xerces.impl.XMLEntityManager$CharacterBuffer
1198: 20 320 org.opensaml.xml.security.x509.InternalX500DNHandler
1199: 8 320 org.opensaml.xacml.profile.saml.impl.XACMLAuthzDecisionQueryTypeMarshaller
1200: 10 320 net.sourceforge.yamlbeans.parser.EventType
1201: 2 320 com.tc.net.core.TCConnectionJDK14
1202: 8 320 org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeMarshaller
1203: 8 320 org.opensaml.xml.schema.impl.XSStringMarshaller
1204: 10 320 com.tc.config.TcProperty
1205: 8 320 java.math.RoundingMode
1206: 5 320 sun.management.MemoryPoolImpl$PoolSensor
1207: 8 320 org.opensaml.xacml.policy.impl.AttributeDesignatorTypeMarshaller
1208: 1 312 org.apache.catalina.loader.WebappClassLoader
1209: 3 312 java.util.regex.Pattern$GroupHead[]
1210: 2 304 org.apache.jasper.compiler.Node$Root
1211: 1 296 com.tc.object.config.StandardDSOClientConfigHelperImpl
1212: 6 288 java.util.logging.SimpleFormatter
1213: 6 288 sun.util.LocaleServiceProviderPool
1214: 4 288 sun.nio.ch.SocketAdaptor
1215: 6 288 java.lang.ClassLoader$NativeLibrary
1216: 9 288 ch.qos.logback.core.rolling.helper.PeriodicityType
1217: 1 288 com.sun.net.ssl.internal.ssl.ClientHandshaker
1218: 4 288 org.apache.xerces.impl.xs.SchemaGrammar$BuiltinAttrDecl
1219: 6 288 org.opensaml.ws.security.provider.CertificateNameOptions
1220: 6 288 ch.qos.logback.core.rolling.helper.FileNamePattern
1221: 9 288 org.apache.xmlbeans.impl.schema.StscComplexTypeResolver$CodeForNameEntry
1222: 3 288 edu.internet2.middleware.shibboleth.common.config.attribute.resolver.principalConnector.TransientPrincipalConnectorFactoryBean
1223: 3 288 ch.qos.logback.core.rolling.DefaultTimeBasedFileNamingAndTriggeringPolicy
1224: 9 288 org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider
1225: 2 288 org.apache.jasper.EmbeddedServletOptions
1226: 12 288 java.util.regex.Pattern$BranchConn
1227: 4 288 org.apache.xmlbeans.impl.regex.RegularExpression$Context
1228: 6 288 edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringNameIDEncoder
1229: 3 288 org.apache.tomcat.util.http.mapper.Mapper$Context
1230: 3 288 EDU.oswego.cs.dl.util.concurrent.ConcurrentHashMap
1231: 6 288 com.terracottatech.config.impl.QualifiedClassNameImpl
1232: 6 288 com.terracottatech.config.impl.NonBlankTokenImpl
1233: 7 280 java.net.NetPermission
1234: 1 280 org.apache.xmlbeans.impl.store.Xobj[]
1235: 5 280 com.tc.config.schema.repository.StandardBeanRepository
1236: 6 280 org.apache.xerces.xs.ShortList[]
1237: 7 280 java.util.regex.Pattern$6
1238: 7 280 org.apache.xerces.impl.XMLEntityManager$ByteBufferPool
1239: 5 280 javax.script.SimpleScriptContext
1240: 7 280 org.apache.xmlbeans.impl.regex.Token$ParenToken
1241: 7 280 org.apache.xerces.impl.XMLNSDocumentScannerImpl$NSContentDispatcher
1242: 7 280 com.tc.object.dna.impl.VersionizedDNAWrapper
1243: 2 272 sun.security.pkcs11.P11Key$P11RSAPrivateKey
1244: 1 272 edu.internet2.middleware.shibboleth.idp.profile.saml2.ArtifactResolution
1245: 11 264 java.text.NumberFormat$Field
1246: 11 264 org.apache.xerces.impl.XMLDocumentScannerImpl$DTDDispatcher
1247: 11 264 org.apache.xerces.impl.xs.util.XInt
1248: 7 264 com.tc.net.core.ConnectionInfo[]
1249: 1 264 org.apache.catalina.core.StandardHost
1250: 3 264 java.util.regex.Matcher
1251: 2 264 java.math.BigDecimal[]
1252: 11 264 org.apache.xerces.impl.XMLDocumentScannerImpl$TrailingMiscDispatcher
1253: 1 264 org.apache.xerces.impl.dv.xs.TypeValidator[]
1254: 11 264 org.apache.xerces.impl.XMLDocumentScannerImpl$XMLDeclDispatcher
1255: 3 264 javax.management.openmbean.OpenMBeanOperationInfoSupport
1256: 11 264 org.apache.xerces.impl.XMLDocumentScannerImpl$PrologDispatcher
1257: 8 256 com.tc.object.config.ConfigLockLevel
1258: 8 256 java.util.Hashtable$EntrySet
1259: 8 256 java.util.regex.Pattern$CharProperty$1
1260: 8 256 java.net.InetAddress[]
1261: 8 256 org.apache.catalina.util.InstanceSupport
1262: 2 256 edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.PrescopedAttributeDefinitionFactoryBean
1263: 1 256 edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOProfileHandler
1264: 8 256 com.tc.object.dna.api.LogicalAction
1265: 8 256 com.sun.net.ssl.internal.ssl.ExtensionType
1266: 8 256 sun.misc.URLClassPath$FileLoader
1267: 8 256 org.opensaml.xml.validation.ValidatorSuite
1268: 8 256 org.apache.catalina.core.StandardWrapperFacade
1269: 4 256 org.hyperic.sigar.Sigar
1270: 8 256 org.joda.time.chrono.BasicChronology$YearInfo
1271: 2 256 edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler$SAML2AuditLogEntry
1272: 4 256 org.bouncycastle.math.ec.ECPoint$Fp
1273: 8 256 org.bouncycastle.math.ec.ECFieldElement$Fp
1274: 1 256 org.apache.catalina.core.StandardEngine
1275: 7 248 java.beans.PropertyChangeListener[]
1276: 1 248 sun.security.pkcs11.SunPKCS11
1277: 7 248 java.io.ObjectStreamClass$ClassDataSlot[]
1278: 1 248 com.tc.net.core.CoreNIOServices
1279: 1 248 edu.internet2.middleware.shibboleth.idp.profile.saml1.ArtifactResolution
1280: 1 248 edu.internet2.middleware.shibboleth.idp.profile.saml2.AttributeQueryProfileHandler
1281: 1 248 com.tc.object.ClientObjectManagerImpl
1282: 5 240 com.tc.config.schema.context.StandardConfigContext
1283: 2 240 edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.ArtifactResolutionConfiguration
1284: 3 240 org.apache.xerces.jaxp.DocumentBuilderImpl
1285: 5 240 org.apache.log4j.helpers.PatternParser$BasicPatternConverter
1286: 3 240 org.apache.catalina.util.Extension
1287: 3 240 org.knopflerfish.framework.ServiceRegistrationImpl
1288: 6 240 org.apache.catalina.startup.SetAllPropertiesRule
1289: 10 240 com.tc.net.groups.NodeIDSerializer
1290: 6 240 org.apache.velocity.app.event.ReferenceInsertionEventHandler$referenceInsertExecutor
1291: 5 240 java.io.FileWriter
1292: 6 240 com.tc.object.config.ConnectionInfoConfigItem
1293: 2 240 edu.internet2.middleware.shibboleth.common.relyingparty.provider.saml2.AttributeQueryConfiguration
1294: 10 240 org.knopflerfish.framework.HeaderDictionary
1295: 5 240 org.springframework.context.support.DelegatingMessageSource
1296: 6 240 java.util.Timer
1297: 10 240 org.apache.catalina.util.StringManager
1298: 1 232 com.tc.object.DistributedObjectClient
1299: 1 232 edu.internet2.middleware.shibboleth.idp.profile.saml1.AttributeQueryProfileHandler
1300: 7 224 java.net.InetAddress$CacheEntry
1301: 2 224 org.mozilla.javascript.gen.c7
1302: 4 224 ch.qos.logback.classic.pattern.LineSeparatorConverter
1303: 1 224 org.joda.time.format.DateTimeFormatter[]
1304: 4 224 org.opensaml.saml2.common.impl.ExtensionsUnmarshaller
1305: 7 224 org.apache.xml.security.keys.keyresolver.KeyResolver
1306: 2 224 org.apache.commons.collections.map.ReferenceIdentityMap
1307: 2 224 org.mozilla.javascript.gen.c2
1308: 2 224 java.io.ExpiringCache$1
1309: 4 224 sun.security.x509.PrivateKeyUsageExtension
1310: 4 224 ch.qos.logback.classic.pattern.MessageConverter
1311: 7 224 ch.qos.logback.classic.Level
1312: 4 224 short[][]
1313: 4 224 java.lang.Throwable
1314: 2 224 org.mozilla.javascript.gen.c5
1315: 2 224 org.apache.catalina.deploy.NamingResources
1316: 7 224 sun.security.x509.NetscapeCertTypeExtension$MapEntry
1317: 4 224 org.joda.time.tz.CachedDateTimeZone$Info
1318: 7 224 org.apache.xerces.impl.msg.XMLMessageFormatter
1319: 2 224 edu.vt.middleware.ldap.jaas.LdapLoginModule
1320: 2 224 org.apache.velocity.runtime.RuntimeInstance
1321: 1 224 org.apache.catalina.session.StandardManager
1322: 7 224 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector$AUTHENTICATION_TYPE
1323: 7 224 org.apache.xerces.impl.validation.ValidationManager
1324: 2 224 org.mozilla.javascript.gen.c8
1325: 1 216 org.apache.jk.common.ChannelSocket
1326: 3 216 java.io.BufferedReader
1327: 3 216 com.sun.jmx.remote.opt.util.ThreadService
1328: 1 216 org.springframework.web.context.support.XmlWebApplicationContext
1329: 1 216 com.tc.object.LiteralValues[]
1330: 9 216 org.opensaml.xml.signature.validator.CryptoBinarySchemaValidator
1331: 3 216 org.apache.log4j.varia.NullAppender
1332: 9 216 org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider
1333: 9 216 org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider
1334: 3 216 com.tc.object.change.TCChangeBufferImpl
1335: 1 216 org.apache.xerces.impl.xs.SchemaGrammar$Schema4Annotations
1336: 9 216 org.opensaml.xml.schema.validator.XSBase64BinarySchemaValidator
1337: 3 216 java.lang.ThreadGroup
1338: 9 216 com.tc.object.tx.TxnBatchID
1339: 2 208 java.text.Format[]
1340: 2 208 org.eclipse.jdt.internal.compiler.lookup.LocalVariableBinding[]
1341: 1 208 edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.LdapDataConnectorFactoryBean
1342: 2 208 com.sun.jmx.remote.generic.ServerSynchroMessageConnectionImpl
1343: 2 208 org.apache.commons.collections.map.LRUMap
1344: 2 208 com.tc.object.dna.impl.DNAImpl
1345: 1 208 org.apache.xml.security.c14n.implementations.NameSpaceSymbEntry[]
1346: 2 208 org.opensaml.xml.parse.BasicParserPool
1347: 2 208 com.tc.util.properties.TCPropertyStore
1348: 1 208 org.apache.catalina.startup.Catalina
1349: 2 208 org.mozilla.javascript.NativeGenerator
1350: 1 208 org.apache.naming.resources.CacheEntry[]
1351: 5 200 org.springframework.context.support.AbstractApplicationContext$BeanPostProcessorChecker
1352: 5 200 sun.security.x509.Extension
1353: 5 200 org.apache.xerces.impl.xs.traversers.LargeContainer
1354: 5 200 org.apache.log4j.helpers.OnlyOnceErrorHandler
1355: 5 200 org.opensaml.xml.security.BasicSecurityConfiguration$DataEncryptionIndex
1356: 5 200 org.joda.time.format.DateTimeFormatterBuilder$FixedNumber
1357: 1 200 org.knopflerfish.framework.SystemBundle
1358: 4 192 org.apache.xmlbeans.impl.values.XmlNonNegativeIntegerImpl
1359: 8 192 org.apache.catalina.InstanceListener[]
1360: 3 192 sun.org.mozilla.javascript.internal.JavaMembers
1361: 1 192 com.tc.net.protocol.transport.ClientMessageTransport
1362: 4 192 java.nio.channels.SelectionKey[]
1363: 2 192 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.PrescopedAttributeDefinition
1364: 3 192 sun.org.mozilla.javascript.internal.ScriptableObject$GetterSlot
1365: 2 192 org.apache.jasper.compiler.JspRuntimeContext
1366: 4 192 org.opensaml.xacml.policy.impl.IdReferenceTypeUnmarshaller
1367: 6 192 com.tc.config.schema.dynamic.ConfigItem[]
1368: 2 192 org.mozilla.javascript.NativeArray
1369: 6 192 java.io.FileInputStream
1370: 8 192 java.util.regex.Pattern$CharPropertyNames$3
1371: 2 192 org.mozilla.javascript.NativeCall
1372: 4 192 edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML1StringNameIdentifierEncoder
1373: 2 192 com.tc.util.concurrent.CopyOnWriteArrayMap
1374: 2 192 org.apache.jasper.compiler.JspConfig
1375: 3 192 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.principalConnector.TransientPrincipalConnector
1376: 4 192 com.sun.jmx.mbeanserver.OpenConverter$ArrayConverter
1377: 4 192 org.apache.tomcat.util.digester.RulesBase
1378: 6 192 java.util.TaskQueue
1379: 2 192 javax.security.auth.login.LoginContext
1380: 1 192 org.apache.catalina.realm.JAASRealm
1381: 4 192 org.apache.velocity.util.introspection.IntrospectorCacheImpl
1382: 6 192 java.security.CodeSigner[]
1383: 1 192 com.tc.util.ProductInfo
1384: 4 192 org.apache.naming.NamingContext
1385: 6 192 com.tc.asm.commons.Method
1386: 6 192 org.joda.time.field.PreciseDurationField
1387: 3 192 com.sun.jmx.remote.opt.internal.ListenerInfo
1388: 8 192 com.tc.net.protocol.transport.MessageTransportState
1389: 6 192 sun.reflect.generics.tree.Wildcard
1390: 3 192 com.tc.config.schema.dynamic.StringArrayXPathBasedConfigItem
1391: 4 192 org.apache.xerces.jaxp.SAXParserFactoryImpl
1392: 4 192 com.sun.phobos.script.javascript.ExternalScriptable
1393: 4 192 org.opensaml.xml.util.ListView
1394: 8 192 javax.script.SimpleBindings
1395: 4 192 com.tc.object.tx.TransactionBatchAccounting$BatchDescriptor
1396: 6 192 java.util.IdentityHashMap$KeySet
1397: 2 192 org.mozilla.javascript.NativeScript
1398: 4 192 org.joda.time.field.RemainderDateTimeField
1399: 3 192 java.util.concurrent.ConcurrentHashMap$KeyIterator
1400: 2 192 com.sun.jndi.ldap.ext.StartTlsResponseImpl
1401: 1 184 org.apache.xmlbeans.impl.store.Locale
1402: 1 184 org.apache.xerces.impl.xpath.regex.RegularExpression[]
1403: 1 184 net.sourceforge.yamlbeans.tokenizer.TokenType[]
1404: 1 184 com.tc.object.ClientObjectManagerImpl$2
1405: 1 184 org.apache.catalina.connector.Connector
1406: 1 184 org.apache.jk.core.JkHandler[]
1407: 1 176 javax.management.remote.generic.GenericConnectorServer$Receiver
1408: 2 176 sun.security.pkcs11.P11Key$P11DSAPublicKey
1409: 4 176 org.apache.xmlbeans.SchemaStringEnumEntry[]
1410: 2 176 org.apache.catalina.startup.CallMethodMultiRule
1411: 2 176 org.apache.velocity.runtime.parser.node.ASTprocess
1412: 2 176 javax.management.openmbean.TabularType
1413: 2 176 org.mozilla.javascript.ImporterTopLevel
1414: 11 176 org.apache.xerces.jaxp.datatype.DatatypeFactoryImpl
1415: 1 176 org.apache.catalina.startup.Catalina$CatalinaShutdownHook
1416: 2 176 org.apache.catalina.core.NamingContextListener
1417: 2 176 ch.qos.logback.core.rolling.helper.PeriodicityType[]
1418: 1 176 java.util.logging.LogManager$Cleaner
1419: 2 176 org.mozilla.javascript.BaseFunction
1420: 1 176 com.tc.object.RemoteObjectManagerImpl
1421: 1 168 sun.security.smartcardio.SunPCSC
1422: 1 168 sun.security.util.ObjectIdentifier[]
1423: 1 168 org.bouncycastle.jce.provider.BouncyCastleProvider
1424: 7 168 com.tc.config.schema.listen.ConfigurationChangeListenerSet
1425: 1 168 org.jcp.xml.dsig.internal.dom.XMLDSigRI
1426: 1 168 sun.security.provider.Sun
1427: 1 168 sun.security.rsa.SunRsaSign
1428: 1 168 java.lang.Byte[][]
1429: 1 168 com.tc.aspectwerkz.expression.ast.ExpressionParser$JJCalls[]
1430: 1 168 java.lang.ref.Finalizer$FinalizerThread
1431: 1 168 com.sun.net.ssl.internal.ssl.Provider
1432: 7 168 org.apache.xerces.util.ErrorHandlerWrapper
1433: 7 168 sun.awt.EventListenerAggregate
1434: 7 168 edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartySecurityPolicyResolver
1435: 1 168 com.tc.net.protocol.tcm.ClientMessageChannelImpl
1436: 1 168 sun.security.pkcs11.Token
1437: 3 168 java.lang.ThreadGroup[]
1438: 1 168 com.sun.security.sasl.Provider
1439: 3 168 java.util.IdentityHashMap$EntryIterator
1440: 1 168 com.sun.crypto.provider.SunJCE
1441: 1 168 java.lang.ref.Reference$ReferenceHandler
1442: 7 168 com.tc.util.SequenceID
1443: 3 168 org.apache.commons.ssl.TrustMaterial
1444: 3 168 com.tc.stats.counter.sampled.SampledCounterImpl$1
1445: 3 168 com.tc.util.AATreeSet
1446: 7 168 com.tc.object.config.TransparencyCodeSpecImpl
1447: 7 168 com.tc.aspectwerkz.DeploymentModel
1448: 1 168 sun.security.jca.ProviderList$1
1449: 7 168 com.tc.aspectwerkz.expression.PointcutType
1450: 2 160 org.mozilla.javascript.NativeBoolean
1451: 4 160 org.apache.xmlbeans.SchemaGlobalElement$Ref
1452: 2 160 org.apache.jasper.compiler.JspReader
1453: 5 160 org.springframework.context.event.SimpleApplicationEventMulticaster
1454: 2 160 org.mozilla.javascript.NativeDate
1455: 2 160 org.mozilla.javascript.NativeJavaTopPackage
1456: 2 160 com.sun.jmx.mbeanserver.MBeanIntrospector$PerInterfaceMap
1457: 4 160 com.tc.management.TerracottaManagement$MBeanDomain
1458: 1 160 org.eclipse.jdt.internal.compiler.CompilationResult
1459: 2 160 org.mozilla.javascript.NativeIterator
1460: 4 160 sun.misc.JarIndex
1461: 4 160 sun.misc.Cache
1462: 1 160 sun.security.pkcs11.wrapper.CK_TOKEN_INFO
1463: 4 160 com.tc.license.Capability
1464: 3 160 java.lang.management.MemoryPoolMXBean[]
1465: 1 160 org.apache.xmlbeans.impl.store.Xobj$DocumentXobj
1466: 6 160 org.apache.catalina.Container[]
1467: 1 160 javax.management.remote.generic.GenericConnectorServer
1468: 4 160 org.apache.naming.NamingEntry
1469: 1 160 com.tc.object.bytecode.ManagerImpl
1470: 1 160 sun.security.pkcs11.Config
1471: 5 160 sun.security.jca.ServiceId
1472: 4 160 org.apache.xerces.impl.XMLEntityManager$InternalEntity
1473: 4 160 org.opensaml.saml2.common.impl.ExtensionsMarshaller
1474: 2 160 org.springframework.beans.factory.config.MapFactoryBean
1475: 2 160 org.mozilla.javascript.NativeNumber
1476: 4 160 java.io.BufferedOutputStream
1477: 2 160 org.apache.catalina.core.ApplicationDispatcher$State
1478: 2 160 org.mozilla.javascript.NativeJavaClass
1479: 4 160 java.net.InetAddress
1480: 5 160 com.sun.net.ssl.internal.ssl.ProtocolVersion
1481: 2 160 com.tc.object.cache.CacheManager$CacheStatistics
1482: 4 160 org.apache.jasper.compiler.Node$Nodes
1483: 4 160 com.tc.util.concurrent.SetOnceRef
1484: 5 160 org.joda.time.convert.ConverterSet
1485: 2 160 ch.qos.logback.classic.pattern.DateConverter
1486: 5 160 org.springframework.core.NamedThreadLocal
1487: 4 160 com.sun.jndi.ldap.BerDecoder
1488: 2 160 org.apache.catalina.core.ApplicationDispatcher
1489: 5 160 ch.qos.logback.core.util.AggregationType
1490: 5 160 org.joda.time.format.DateTimeFormatterBuilder$Fraction
1491: 4 160 sun.security.util.MemoryCache
1492: 5 160 com.sun.jmx.remote.util.ClassLogger
1493: 2 160 org.apache.catalina.mbeans.NamingResourcesMBean
1494: 1 160 int[][][]
1495: 4 160 org.opensaml.xacml.policy.impl.IdReferenceTypeMarshaller
1496: 2 160 org.mozilla.javascript.NativeString
1497: 2 160 com.sun.jmx.mbeanserver.MBeanIntrospector$MBeanInfoMap
1498: 1 152 sun.misc.Launcher$ExtClassLoader
1499: 6 144 org.opensaml.xml.schema.validator.XSStringSchemaValidator
1500: 1 144 org.apache.catalina.loader.StandardClassLoader
1501: 6 144 java.util.logging.ErrorManager
1502: 3 144 java.util.AbstractList$ListItr
1503: 2 144 edu.internet2.middleware.shibboleth.common.config.security.ChainingTrustEngineFactoryBean
1504: 2 144 org.mozilla.javascript.NativeObject
1505: 3 144 org.apache.xmlbeans.impl.store.Cursor
1506: 2 144 org.apache.xmlbeans.impl.store.Locale$nthCache
1507: 3 144 org.opensaml.xacml.policy.impl.DefaultsTypeUnmarshaller
1508: 1 144 sun.nio.ch.ServerSocketChannelImpl
1509: 3 144 org.knopflerfish.framework.PropertiesDictionary
1510: 2 144 com.tc.stats.counter.sampled.derived.SampledRateCounterImpl
1511: 1 144 com.tc.object.tx.RemoteTransactionManagerImpl
1512: 2 144 com.tc.config.schema.dynamic.SubstitutedFileXPathBasedConfigItem
1513: 1 144 org.knopflerfish.framework.Framework
1514: 2 144 com.tc.object.bytecode.DelegateMethodAdapter
1515: 1 144 com.sun.net.ssl.internal.ssl.CipherSuite$KeyExchange[]
1516: 6 144 com.tc.handler.CallbackStartupExceptionLoggingAdapter
1517: 3 144 org.apache.xerces.impl.dv.xs.QNameDV$XQName
1518: 3 144 java.util.RegularEnumSet
1519: 3 144 ch.qos.logback.core.spi.AppenderAttachableImpl
1520: 6 144 com.tc.aspectwerkz.aspect.AdviceType
1521: 4 144 com.tc.config.schema.L2ConfigForL1$L2Data[]
1522: 2 144 org.mozilla.javascript.NativeIterator$StopIteration
1523: 3 144 java.util.RandomAccessSubList
1524: 1 144 java.net.URLClassLoader
1525: 1 144 org.opensaml.saml2.metadata.provider.FileBackedHTTPMetadataProvider
1526: 2 144 edu.internet2.middleware.shibboleth.common.config.security.ChainingSignatureTrustEngineFactoryBean
1527: 6 144 com.tc.management.TerracottaManagement$Type
1528: 3 144 com.tc.object.lockmanager.api.LockRequest
1529: 6 144 com.tc.management.TerracottaManagement$Subsystem
1530: 2 144 org.mozilla.javascript.NativeMath
1531: 1 144 com.tc.config.schema.setup.StandardL1TVSConfigurationSetupManager
1532: 3 144 org.opensaml.saml2.core.impl.SubjectConfirmationDataUnmarshaller
1533: 6 144 java.security.spec.ECGenParameterSpec
1534: 1 144 edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.MappedAttributeDefinitionFactoryBean
1535: 6 144 java.util.regex.Pattern$CharPropertyNames$2
1536: 1 144 javax.management.remote.generic.ServerIntermediary
1537: 3 144 com.tcclient.cluster.DsoNodeImpl
1538: 6 144 java.util.Timer$1
1539: 3 144 com.sun.jmx.mbeanserver.OpenConverter$EnumConverter
1540: 3 144 org.joda.time.field.OffsetDateTimeField
1541: 1 144 sun.misc.Launcher$AppClassLoader
1542: 3 144 ch.qos.logback.core.rolling.helper.DefaultArchiveRemover
1543: 3 144 org.apache.juli.ClassLoaderLogManager$ClassLoaderLogInfo
1544: 2 144 org.mozilla.javascript.ObjArray
1545: 3 144 org.opensaml.xml.schema.impl.XSQNameUnmarshaller
1546: 1 144 com.tc.management.L1Info
1547: 1 136 javax.management.openmbean.SimpleType[]
1548: 1 136 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver
1549: 1 136 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector
1550: 1 136 edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager
1551: 2 128 edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver
1552: 1 128 org.apache.log4j.RollingFileAppender
1553: 4 128 javax.servlet.http.HttpSessionEvent
1554: 2 128 org.apache.catalina.startup.CallParamMultiRule
1555: 2 128 com.sun.jmx.mbeanserver.OpenConverter$TabularConverter
1556: 1 128 edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.TransientIdAttributeDefinitionFactoryBean
1557: 1 128 com.tc.management.L1Management
1558: 8 128 org.opensaml.xacml.profile.saml.impl.ReferencedPoliciesTypeImplBuilder
1559: 1 128 com.tc.net.protocol.transport.TransportMessageImpl
1560: 4 128 ch.qos.logback.core.UnsynchronizedAppenderBase$1
1561: 1 128 com.sun.jmx.remote.opt.util.ClassLoaderWithRepository
1562: 1 128 org.apache.catalina.core.StandardService
1563: 1 128 com.tc.management.beans.tx.ClientTxMonitor
1564: 2 128 org.apache.velocity.runtime.VelocimacroFactory
1565: 2 128 org.apache.jasper.servlet.JspServlet
1566: 2 128 org.apache.velocity.app.event.InvalidReferenceEventHandler$InvalidGetMethodExecutor
1567: 2 128 org.apache.velocity.runtime.directive.Foreach
1568: 8 128 org.opensaml.xacml.profile.saml.impl.XACMLAuthzDecisionQueryTypeImplBuilder
1569: 2 128 sun.security.jca.ProviderConfig[]
1570: 2 128 java.io.InvalidClassException
1571: 2 128 org.opensaml.security.MetadataCredentialResolver
1572: 4 128 sun.security.pkcs11.wrapper.Functions$Flags
1573: 1 128 edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager
1574: 1 128 sun.reflect.misc.MethodUtil
1575: 2 128 sun.security.provider.DSAPublicKeyImpl
1576: 2 128 java.text.MessageFormat
1577: 4 128 com.tc.util.LazyMap$LazyEntryIterator
1578: 4 128 org.apache.tomcat.util.res.StringManager
1579: 2 128 sun.nio.ch.SelectionKeyImpl
1580: 2 128 org.apache.velocity.runtime.resource.ResourceManagerImpl
1581: 1 128 org.apache.catalina.core.StandardServer
1582: 1 128 org.apache.catalina.loader.WebappLoader
1583: 8 128 org.opensaml.xacml.profile.saml.impl.XACMLAuthzDecisionStatementTypeImplBuilder
1584: 2 128 java.util.concurrent.ConcurrentHashMap$ValueIterator
1585: 4 128 org.apache.xerces.impl.XMLDocumentScannerImpl$ContentDispatcher
1586: 8 128 org.opensaml.xacml.policy.impl.AttributeDesignatorTypeImplBuilder
1587: 4 128 com.sun.jmx.remote.generic.ServerSynchroMessageConnectionImpl$RemoteJob
1588: 2 128 ch.qos.logback.classic.pattern.LoggerConverter
1589: 1 128 org.apache.jk.common.HandlerRequest
1590: 1 128 edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.ScopedAttributeDefinitionFactoryBean
1591: 4 128 org.apache.velocity.util.introspection.Introspector
1592: 1 128 com.tc.net.protocol.delivery.SendStateMachine
1593: 4 128 java.text.Normalizer$Form
1594: 8 128 org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeImplBuilder
1595: 8 128 org.opensaml.xacml.profile.saml.impl.XACMLPolicyQueryTypeImplBuilder
1596: 4 128 ch.qos.logback.core.pattern.parser.Token
1597: 4 128 org.springframework.core.io.support.PathMatchingResourcePatternResolver
1598: 4 128 com.terracottatech.config.LockLevel$Enum
1599: 4 128 com.tc.util.sequence.SequenceBatch
1600: 2 128 org.apache.catalina.mbeans.MBeanFactory
1601: 2 128 org.apache.velocity.app.event.EventCartridge
1602: 2 128 org.apache.commons.collections.map.AbstractLinkedMap$LinkEntry
1603: 8 128 EDU.oswego.cs.dl.util.concurrent.ConcurrentReaderHashMap$BarrierLock
1604: 1 128 com.tc.net.protocol.transport.ConnectionHealthCheckerContextImpl
1605: 1 120 com.tc.net.protocol.delivery.OnceAndOnlyOnceProtocolNetworkLayerImpl
1606: 1 120 org.apache.commons.lang.builder.ToStringStyle$SimpleToStringStyle
1607: 5 120 sun.nio.ch.SocketOptsImpl$IP$TCP
1608: 5 120 java.util.Collections$EmptySet$1
1609: 1 120 org.apache.commons.lang.builder.ToStringStyle$MultiLineToStringStyle
1610: 3 120 ch.qos.logback.core.joran.action.AppenderRefAction
1611: 5 120 com.tc.object.dna.impl.ObjectStringSerializer$SerializeProcedure
1612: 3 120 java.security.CodeSigner
1613: 1 120 edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine
1614: 3 120 com.tc.config.schema.L2ConfigForL1$L2Data
1615: 1 120 org.apache.jk.server.JkMain
1616: 1 120 sun.nio.ch.DevPollSelectorImpl
1617: 3 120 org.opensaml.xml.schema.impl.XSQNameMarshaller
1618: 5 120 org.opensaml.saml2.metadata.ContactPersonTypeEnumeration
1619: 3 120 java.security.SecurityPermission
1620: 3 120 org.opensaml.saml2.core.impl.SubjectConfirmationDataMarshaller
1621: 3 120 com.tc.util.concurrent.CircularLossyQueue
1622: 5 120 java.nio.channels.spi.AbstractInterruptibleChannel$1
1623: 5 120 org.springframework.context.support.ApplicationContextAwareProcessor
1624: 3 120 javax.security.auth.login.AppConfigurationEntry
1625: 3 120 javax.management.NotificationBroadcasterSupport$ListenerInfo
1626: 3 120 org.opensaml.xacml.policy.impl.DefaultsTypeMarshaller
1627: 3 120 org.apache.velocity.context.InternalContextAdapterImpl
1628: 1 120 com.tc.net.core.TCListenerJDK14
1629: 1 120 org.apache.commons.lang.builder.ToStringStyle$NoFieldNameToStringStyle
1630: 2 120 org.apache.xmlbeans.impl.schema.StscComplexTypeResolver$CodeForNameEntry[]
1631: 3 120 sun.org.mozilla.javascript.internal.LazilyLoadedCtor
1632: 1 120 com.tc.object.tx.ClientTransactionManagerImpl
1633: 5 120 sun.security.x509.RFC822Name
1634: 3 120 ch.qos.logback.classic.joran.action.LevelAction
1635: 5 120 org.apache.log4j.helpers.AppenderAttachableImpl
1636: 1 120 org.apache.commons.lang.builder.ToStringStyle$DefaultToStringStyle
1637: 5 120 org.springframework.beans.factory.annotation.QualifierAnnotationAutowireCandidateResolver
1638: 5 120 sun.nio.ch.OptionAdaptor
1639: 3 120 java.util.SubList$1
1640: 1 120 java.util.logging.LogManager$RootLogger
1641: 3 120 org.apache.xerces.impl.xpath.regex.Token$ClosureToken
1642: 3 120 org.joda.time.field.ScaledDurationField
1643: 3 120 sun.security.pkcs11.Secmod$DbMode
1644: 1 120 com.tc.net.protocol.tcm.CommunicationsManagerImpl
1645: 5 120 org.apache.xml.serializer.CharInfo$CharKey
1646: 1 120 com.tc.object.tx.TransactionSequencer
1647: 3 120 ch.qos.logback.core.rolling.helper.Compressor
1648: 1 120 ch.qos.logback.classic.LoggerContext
1649: 1 120 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.TransientIdAttributeDefinition
1650: 5 120 org.springframework.util.AntPathMatcher
1651: 5 120 org.springframework.beans.support.ResourceEditorRegistrar
1652: 1 120 com.tc.net.protocol.transport.ServerStackProvider
1653: 1 120 com.tc.object.ClusterMetaDataManagerImpl
1654: 2 112 com.tc.object.lockmanager.api.LockContext
1655: 2 112 java.io.IOException
1656: 2 112 com.tc.license.Capability[]
1657: 1 112 org.apache.naming.resources.ProxyDirContext
1658: 1 112 org.eclipse.jdt.internal.compiler.lookup.ProblemReferenceBinding
1659: 2 112 org.joda.time.field.DividedDateTimeField
1660: 2 112 org.opensaml.saml1.core.impl.AuthorizationDecisionStatementUnmarshaller
1661: 1 112 org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider
1662: 1 112 com.tc.statistics.beans.impl.StatisticsEmitterMBeanImpl
1663: 1 112 com.tc.object.handshakemanager.ClientHandshakeManagerImpl
1664: 1 112 org.apache.commons.httpclient.HttpConnection
1665: 1 112 org.apache.jk.server.JkCoyoteHandler
1666: 2 112 com.sun.jmx.mbeanserver.OpenConverter$CollectionConverter
1667: 2 112 org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader
1668: 2 112 org.bouncycastle.jce.provider.JCEECPublicKey
1669: 2 112 org.apache.xerces.xni.QName[][]
1670: 2 112 edu.internet2.middleware.shibboleth.common.config.service.ServletContextAttributeExporter
1671: 1 112 ch.qos.logback.core.ConsoleAppender
1672: 2 112 com.tc.net.core.event.TCConnectionEventCaller
1673: 2 112 org.apache.log4j.helpers.PatternParser$DatePatternConverter
1674: 2 112 sun.management.GarbageCollectorImpl
1675: 2 112 org.mozilla.javascript.ClassCache
1676: 2 112 org.apache.log4j.PatternLayout
1677: 1 112 org.springframework.beans.factory.support.ManagedProperties
1678: 1 112 java.util.ResourceBundle$RBClassLoader
1679: 2 112 com.sun.phobos.script.javascript.RhinoScriptEngine
1680: 1 112 com.tc.object.loaders.StandardClassProvider$RemovedClassLoader
1681: 1 112 org.mozilla.javascript.gen.c3
1682: 1 112 edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.ComputedIDDataConnectorFactoryBean
1683: 2 112 org.apache.xerces.jaxp.DocumentBuilderFactoryImpl
1684: 2 112 ch.qos.logback.classic.pattern.LevelConverter
1685: 2 112 org.apache.xmlbeans.impl.store.Locale$domNthCache
1686: 1 112 org.mozilla.javascript.gen.c6
1687: 7 112 org.apache.xerces.impl.dv.dtd.DTDDVFactoryImpl
1688: 1 104 org.apache.xerces.dom.CoreDOMImplementationImpl
1689: 1 104 java.util.logging.ConsoleHandler
1690: 1 104 edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML1AttributeAuthority
1691: 1 104 org.apache.xerces.impl.xs.SchemaGrammar$XSAnyType
1692: 1 104 org.apache.xerces.dom.DOMImplementationImpl
1693: 1 104 java.lang.Runnable[]
1694: 1 104 org.apache.xerces.dom.DeferredDOMImplementationImpl
1695: 1 104 org.apache.xerces.impl.xs.util.XInt[]
1696: 1 104 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.MappedAttributeDefinition
1697: 1 104 org.apache.log4j.ConsoleAppender
1698: 1 104 com.tc.config.TcProperty[]
1699: 1 104 org.opensaml.xml.security.BasicSecurityConfiguration
1700: 4 104 org.eclipse.jdt.internal.compiler.lookup.ReferenceBinding[]
1701: 1 104 edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority
1702: 1 104 net.sourceforge.yamlbeans.parser.EventType[]
1703: 2 96 org.opensaml.saml2.core.impl.AuthzDecisionStatementUnmarshaller
1704: 1 96 org.apache.xmlbeans.impl.regex.SchemaRegularExpression$2
1705: 2 96 java.security.AlgorithmParameters
1706: 2 96 org.opensaml.saml2.core.impl.IDPEntryUnmarshaller
1707: 2 96 org.opensaml.saml2.core.impl.ProxyRestrictionUnmarshaller
1708: 2 96 org.opensaml.xacml.ctx.impl.MissingAttributeDetailTypeUnmarshaller
1709: 1 96 org.hyperic.sigar.SigarLoader
1710: 2 96 org.opensaml.xacml.ctx.impl.DecisionTypeUnmarshaller
1711: 3 96 sun.security.util.BitArray
1712: 2 96 org.opensaml.saml2.core.impl.AssertionIDRequestUnmarshaller
1713: 2 96 com.tc.net.protocol.delivery.StateMachineRunner
1714: 2 96 org.opensaml.xacml.policy.impl.CombinerParametersTypeUnmarshaller
1715: 4 96 javax.security.auth.login.AppConfigurationEntry$LoginModuleControlFlag
1716: 2 96 org.apache.velocity.runtime.directive.Include
1717: 2 96 org.opensaml.saml2.metadata.impl.EntityDescriptorUnmarshaller
1718: 2 96 org.opensaml.saml1.core.impl.SubjectUnmarshaller
1719: 2 96 org.opensaml.saml2.metadata.impl.PDPDescriptorUnmarshaller
1720: 2 96 org.opensaml.xacml.policy.impl.ResourceTypeUnmarshaller
1721: 2 96 org.opensaml.xacml.policy.impl.ActionTypeUnmarshaller
1722: 2 96 org.opensaml.saml1.core.impl.AuthenticationStatementUnmarshaller
1723: 2 96 org.opensaml.saml1.core.impl.StatusUnmarshaller
1724: 2 96 org.opensaml.saml1.core.impl.AudienceRestrictionConditionUnmarshaller
1725: 2 96 org.opensaml.saml2.core.impl.TerminateUnmarshaller
1726: 2 96 org.opensaml.xacml.policy.impl.ApplyTypeUnmarshaller
1727: 1 96 org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder
1728: 2 96 org.opensaml.saml2.core.impl.AttributeQueryUnmarshaller
1729: 2 96 org.opensaml.xacml.policy.impl.AttributeSelectorTypeUnmarshaller
1730: 3 96 com.tc.object.change.event.PhysicalChangeEvent
1731: 2 96 org.opensaml.xacml.policy.impl.ObligationTypeUnmarshaller
1732: 3 96 edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel
1733: 1 96 sun.org.mozilla.javascript.internal.NativeScript
1734: 3 96 EDU.oswego.cs.dl.util.concurrent.CopyOnWriteArraySet
1735: 2 96 org.opensaml.saml2.metadata.impl.IDPSSODescriptorUnmarshaller
1736: 2 96 java.io.ExpiringCache
1737: 2 96 org.opensaml.xml.schema.impl.XSURIUnmarshaller
1738: 3 96 sun.security.provider.certpath.X509CertPath
1739: 2 96 org.opensaml.xml.security.x509.BasicX509CredentialNameEvaluator
1740: 2 96 org.opensaml.xacml.policy.impl.RuleTypeUnmarshaller
1741: 1 96 com.tc.statistics.beans.impl.StatisticsManagerMBeanImpl
1742: 2 96 org.opensaml.saml2.metadata.impl.AuthnAuthorityDescriptorUnmarshaller
1743: 2 96 org.opensaml.saml2.core.impl.ArtifactResolveUnmarshaller
1744: 2 96 EDU.oswego.cs.dl.util.concurrent.LinkedQueue
1745: 3 96 ch.qos.logback.core.spi.FilterReply
1746: 2 96 org.opensaml.saml1.core.impl.AuthorizationDecisionQueryUnmarshaller
1747: 3 96 com.tc.object.tx.TimerSpec$Signature
1748: 3 96 EDU.oswego.cs.dl.util.concurrent.SynchronizedRef
1749: 2 96 com.sun.net.ssl.internal.ssl.SSLSessionContextImpl
1750: 2 96 edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel[]
1751: 2 96 org.opensaml.xacml.policy.impl.SubjectTypeUnmarshaller
1752: 2 96 org.opensaml.xacml.ctx.impl.ResourceTypeUnmarshaller
1753: 1 96 org.apache.xerces.impl.xpath.regex.RegularExpression
1754: 1 96 com.sun.script.javascript.RhinoTopLevel
1755: 2 96 org.opensaml.saml2.metadata.impl.AdditionalMetadataLocationUnmarshaller
1756: 2 96 org.opensaml.saml2.metadata.impl.ContactPersonUnmarshaller
1757: 2 96 org.opensaml.xacml.policy.impl.FunctionTypeUnmarshaller
1758: 2 96 org.opensaml.saml2.core.impl.EvidenceUnmarshaller
1759: 2 96 org.opensaml.xacml.policy.impl.PolicySetCombinerParametersTypeUnmarshaller
1760: 2 96 org.opensaml.xacml.policy.impl.ConditionTypeUnmarshaller
1761: 2 96 org.opensaml.saml2.core.impl.ArtifactResponseUnmarshaller
1762: 4 96 net.sourceforge.yamlbeans.parser.Event
1763: 2 96 org.opensaml.saml1.core.impl.AssertionUnmarshaller
1764: 2 96 org.opensaml.saml2.metadata.impl.EntityDescriptorMarshaller
1765: 2 96 org.opensaml.saml2.metadata.impl.AffiliationDescriptorUnmarshaller
1766: 2 96 org.opensaml.saml2.core.impl.AttributeUnmarshaller
1767: 2 96 org.opensaml.saml1.core.impl.NameIdentifierUnmarshaller
1768: 2 96 org.opensaml.saml1.core.impl.AttributeQueryUnmarshaller
1769: 2 96 org.opensaml.xacml.ctx.impl.AttributeTypeUnmarshaller
1770: 6 96 org.apache.naming.NameParserImpl
1771: 2 96 org.opensaml.saml2.metadata.impl.KeyDescriptorUnmarshaller
1772: 2 96 org.opensaml.saml1.core.impl.AttributeUnmarshaller
1773: 2 96 org.opensaml.saml2.core.impl.RequestedAuthnContextUnmarshaller
1774: 3 96 org.opensaml.common.SAMLVersion
1775: 1 96 edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.StaticDataConnectorFactoryBean
1776: 2 96 org.opensaml.saml2.core.impl.StatusUnmarshaller
1777: 1 96 com.tc.net.protocol.tcm.NetworkListenerImpl
1778: 2 96 org.opensaml.saml2.metadata.impl.OrganizationUnmarshaller
1779: 3 96 sun.misc.Signal
1780: 3 96 sun.util.resources.LocaleData$1
1781: 2 96 org.opensaml.saml2.core.impl.ManageNameIDResponseUnmarshaller
1782: 2 96 org.opensaml.saml1.core.impl.SubjectLocalityUnmarshaller
1783: 2 96 org.opensaml.xacml.ctx.impl.StatusCodeTypeUnmarshaller
1784: 2 96 org.opensaml.saml2.core.impl.OneTimeUseUnmarshaller
1785: 2 96 org.opensaml.saml1.core.impl.AuthorityBindingUnmarshaller
1786: 2 96 org.opensaml.xacml.policy.impl.VariableDefinitionTypeUnmarshaller
1787: 3 96 org.opensaml.util.resource.ResourceChangeListener$ResourceChange
1788: 2 96 org.apache.commons.httpclient.auth.AuthScope
1789: 2 96 org.opensaml.xacml.policy.impl.DescriptionTypeUnmarshaller
1790: 2 96 org.opensaml.saml2.metadata.impl.EntitiesDescriptorMarshaller
1791: 3 96 ch.qos.logback.core.rolling.helper.RenameUtil
1792: 2 96 org.opensaml.xml.schema.impl.XSIntegerUnmarshaller
1793: 2 96 float[]
1794: 1 96 org.eclipse.jdt.internal.compiler.lookup.ReferenceBinding$1
1795: 2 96 org.opensaml.saml2.metadata.impl.SPSSODescriptorUnmarshaller
1796: 2 96 org.opensaml.saml2.core.impl.SubjectConfirmationUnmarshaller
1797: 2 96 org.opensaml.saml2.core.impl.SubjectLocalityUnmarshaller
1798: 4 96 java.util.Hashtable$ValueCollection
1799: 2 96 org.opensaml.saml1.core.impl.AttributeDesignatorUnmarshaller
1800: 2 96 org.opensaml.xacml.ctx.impl.ActionTypeUnmarshaller
1801: 2 96 gnu.trove.TLinkedList
1802: 2 96 org.opensaml.saml2.core.impl.NameIDUnmarshaller
1803: 2 96 org.opensaml.xacml.ctx.impl.EnvironmentTypeUnmarshaller
1804: 2 96 org.opensaml.saml2.core.impl.ScopingUnmarshaller
1805: 1 96 org.opensaml.saml1.binding.decoding.HTTPSOAP11Decoder
1806: 4 96 org.apache.xerces.util.EntityResolverWrapper
1807: 2 96 org.opensaml.xacml.policy.impl.ActionsTypeUnmarshaller
1808: 2 96 org.opensaml.xacml.policy.impl.EnvironmentsTypeUnmarshaller
1809: 2 96 org.opensaml.saml2.core.impl.AudienceRestrictionUnmarshaller
1810: 4 96 com.tc.net.protocol.tcm.ChannelEventType
1811: 2 96 org.opensaml.saml1.core.impl.ConditionsUnmarshaller
1812: 2 96 org.opensaml.saml2.core.impl.LogoutRequestUnmarshaller
1813: 2 96 org.opensaml.xacml.policy.impl.SubjectMatchTypeUnmarshaller
1814: 3 96 java.net.Proxy$Type
1815: 3 96 org.joda.time.field.ImpreciseDateTimeField$LinkedDurationField
1816: 1 96 sun.org.mozilla.javascript.internal.NativeCall
1817: 2 96 org.apache.xmlbeans.impl.schema.SchemaTypeSystemImpl$HandlePool
1818: 2 96 org.opensaml.saml2.metadata.impl.AttributeConsumingServiceUnmarshaller
1819: 3 96 java.util.regex.Pattern$TreeInfo
1820: 2 96 org.opensaml.saml2.core.impl.SubjectUnmarshaller
1821: 2 96 org.opensaml.saml1.core.impl.AttributeStatementUnmarshaller
1822: 2 96 sun.security.provider.SecureRandom
1823: 2 96 java.security.BasicPermissionCollection
1824: 2 96 org.opensaml.saml2.core.impl.IDPListUnmarshaller
1825: 2 96 org.opensaml.xacml.ctx.impl.StatusTypeUnmarshaller
1826: 2 96 org.opensaml.saml1.core.impl.ActionUnmarshaller
1827: 2 96 org.opensaml.saml2.core.impl.AuthnRequestUnmarshaller
1828: 2 96 org.opensaml.saml2.core.impl.NameIDMappingRequestUnmarshaller
1829: 4 96 com.tc.net.GroupID
1830: 1 96 org.apache.xmlbeans.impl.regex.SchemaRegularExpression$1
1831: 2 96 org.opensaml.xacml.policy.impl.PolicySetTypeUnmarshaller
1832: 2 96 org.opensaml.saml2.metadata.impl.AuthnAuthorityDescriptorMarshaller
1833: 4 96 org.apache.xerces.parsers.AbstractSAXParser$LocatorProxy
1834: 4 96 com.sun.net.ssl.internal.ssl.HandshakeMessage$DistinguishedName
1835: 2 96 org.opensaml.saml2.metadata.impl.AttributeAuthorityDescriptorUnmarshaller
1836: 2 96 org.opensaml.saml2.core.impl.StatusDetailUnmarshaller
1837: 2 96 org.opensaml.saml2.metadata.impl.AffiliationDescriptorMarshaller
1838: 2 96 org.apache.velocity.runtime.log.LogDisplayWrapper
1839: 4 96 sun.nio.ch.SocketChannelImpl$1
1840: 3 96 sun.security.jca.GetInstance$Instance
1841: 2 96 org.opensaml.xacml.policy.impl.EnvironmentTypeUnmarshaller
1842: 1 96 sun.security.provider.NativePRNG$RandomIO
1843: 3 96 org.opensaml.xml.security.credential.UsageType
1844: 2 96 org.opensaml.xacml.policy.impl.SubjectsTypeUnmarshaller
1845: 2 96 org.bouncycastle.math.ec.ECCurve$Fp
1846: 2 96 org.opensaml.saml1.core.impl.EvidenceUnmarshaller
1847: 2 96 org.opensaml.xacml.ctx.impl.SubjectTypeUnmarshaller
1848: 1 96 org.apache.commons.logging.impl.WeakHashtable
1849: 1 96 com.tc.management.beans.sessions.SessionMonitorImpl
1850: 3 96 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector$SEARCH_SCOPE
1851: 2 96 org.opensaml.saml2.core.impl.NameIDPolicyUnmarshaller
1852: 2 96 org.opensaml.xacml.ctx.impl.AttributeValueTypeUnmarshaller
1853: 2 96 org.opensaml.saml2.core.impl.AuthnContextUnmarshaller
1854: 2 96 org.opensaml.xacml.policy.impl.PolicyTypeUnmarshaller
1855: 2 96 org.opensaml.xacml.ctx.impl.RequestTypeUnmarshaller
1856: 2 96 org.opensaml.xacml.policy.impl.ObligationsTypeUnmarshaller
1857: 2 96 org.opensaml.xacml.ctx.impl.ResponseTypeUnmarshaller
1858: 2 96 org.opensaml.saml2.core.impl.AuthzDecisionQueryUnmarshaller
1859: 2 96 org.opensaml.saml2.core.impl.ManageNameIDRequestUnmarshaller
1860: 2 96 org.apache.jasper.compiler.TagPluginManager
1861: 2 96 org.opensaml.xml.security.credential.UsageType[]
1862: 2 96 org.apache.velocity.runtime.VelocimacroManager
1863: 2 96 com.terracottatech.config.impl.HostImpl
1864: 2 96 org.opensaml.xacml.policy.impl.RuleCombinerParametersTypeUnmarshaller
1865: 2 96 org.opensaml.saml2.core.impl.StatusCodeUnmarshaller
1866: 3 96 sun.net.www.protocol.http.HttpURLConnection$TunnelState
1867: 2 96 org.opensaml.saml2.core.impl.ActionUnmarshaller
1868: 2 96 org.opensaml.xacml.policy.impl.ResourcesTypeUnmarshaller
1869: 2 96 org.opensaml.saml2.metadata.impl.AttributeAuthorityDescriptorMarshaller
1870: 4 96 ch.qos.logback.core.spi.FilterAttachableImpl
1871: 2 96 org.opensaml.saml2.core.impl.AssertionUnmarshaller
1872: 2 96 org.opensaml.ws.transport.http.HttpServletRequestAdapter
1873: 2 96 org.opensaml.saml2.core.impl.AuthnQueryUnmarshaller
1874: 2 96 org.opensaml.xacml.policy.impl.EnvironmentMatchTypeUnmarshaller
1875: 2 96 org.opensaml.saml2.metadata.impl.RequestedAttributeUnmarshaller
1876: 2 96 ch.qos.logback.core.joran.action.AppenderAction
1877: 2 96 org.opensaml.saml2.core.impl.ConditionsUnmarshaller
1878: 2 96 org.opensaml.saml2.metadata.impl.SPSSODescriptorMarshaller
1879: 2 96 org.opensaml.saml1.core.impl.StatusCodeUnmarshaller
1880: 2 96 org.opensaml.xacml.ctx.impl.ResultTypeUnmarshaller
1881: 4 96 org.apache.xml.security.utils.resolver.ResourceResolver
1882: 3 96 java.util.TreeMap$KeySet
1883: 2 96 org.opensaml.xacml.policy.impl.PolicyCombinerParametersTypeUnmarshaller
1884: 1 96 org.apache.xerces.impl.dv.XSSimpleType[]
1885: 2 96 org.opensaml.saml1.core.impl.SubjectConfirmationUnmarshaller
1886: 2 96 org.opensaml.xacml.policy.impl.ResourceMatchTypeUnmarshaller
1887: 2 96 org.apache.commons.httpclient.HostConfiguration
1888: 2 96 org.opensaml.xacml.policy.impl.VariableReferenceTypeUnmarshaller
1889: 2 96 org.apache.jasper.compiler.TldLocationsCache
1890: 2 96 org.opensaml.xacml.ctx.impl.ResourceContentTypeUnmarshaller
1891: 3 96 ch.qos.logback.core.rolling.helper.CompressionMode
1892: 2 96 org.opensaml.saml1.core.impl.DoNotCacheConditionUnmarshaller
1893: 2 96 org.opensaml.saml2.core.impl.AttributeStatementUnmarshaller
1894: 2 96 org.opensaml.saml2.metadata.impl.EntitiesDescriptorUnmarshaller
1895: 3 96 com.sun.net.ssl.internal.ssl.CipherSuite$MacAlg
1896: 2 96 org.opensaml.saml2.core.impl.AuthnStatementUnmarshaller
1897: 1 96 com.tc.object.handler.ReceiveTransactionHandler
1898: 2 96 org.opensaml.xacml.policy.impl.AttributeAssignmentTypeUnmarshaller
1899: 2 96 org.opensaml.xml.schema.impl.XSAnyUnmarshaller
1900: 2 96 org.opensaml.xacml.ctx.impl.StatusDetailTypeUnmarshaller
1901: 2 96 org.opensaml.saml2.core.impl.LogoutResponseUnmarshaller
1902: 2 96 org.opensaml.saml2.core.impl.AdviceUnmarshaller
1903: 4 96 org.apache.xerces.parsers.AbstractSAXParser$AttributesProxy
1904: 2 96 com.terracottatech.config.impl.PathImpl
1905: 1 96 edu.internet2.middleware.shibboleth.idp.config.profile.authn.PreviousSessionLoginHandlerFactoryBean
1906: 2 96 org.opensaml.xacml.policy.impl.TargetTypeUnmarshaller
1907: 2 96 org.opensaml.xacml.policy.impl.ActionMatchTypeUnmarshaller
1908: 1 96 org.apache.xmlbeans.impl.regex.SchemaRegularExpression$3
1909: 4 96 edu.internet2.middleware.shibboleth.common.config.BaseReloadableService$ConfigurationResourceListener
1910: 2 96 org.opensaml.saml2.metadata.impl.PDPDescriptorMarshaller
1911: 2 96 org.opensaml.saml1.core.impl.AdviceUnmarshaller
1912: 2 96 org.opensaml.xacml.policy.impl.CombinerParameterTypeUnmarshaller
1913: 2 96 com.tc.config.schema.repository.ChildBeanRepository
1914: 2 96 org.opensaml.saml1.core.impl.AuthenticationQueryUnmarshaller
1915: 2 96 org.opensaml.xacml.policy.impl.AttributeValueTypeUnmarshaller
1916: 2 96 org.opensaml.saml2.metadata.impl.IDPSSODescriptorMarshaller
1917: 2 96 org.opensaml.saml2.core.impl.NameIDMappingResponseUnmarshaller
1918: 3 96 com.sun.jmx.mbeanserver.ClassLoaderRepositorySupport$LoaderEntry
1919: 1 88 sun.net.www.http.KeepAliveCache
1920: 1 88 org.opensaml.saml2.binding.encoding.HTTPPostSimpleSignEncoder
1921: 1 88 org.apache.catalina.servlets.DefaultServlet
1922: 1 88 org.apache.tomcat.util.threads.ThreadPool
1923: 2 88 long[][]
1924: 1 88 com.sun.jmx.remote.opt.internal.ArrayNotificationBuffer
1925: 1 88 org.apache.naming.resources.ImmutableNameNotFoundException
1926: 1 88 org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory$X509Options
1927: 1 88 org.eclipse.jdt.internal.compiler.flow.UnconditionalFlowInfo
1928: 1 88 sun.org.mozilla.javascript.internal.NativeArray
1929: 1 88 org.apache.juli.ClassLoaderLogManager
1930: 1 88 org.apache.catalina.startup.HostConfig
1931: 1 88 com.tc.object.bytecode.TreeMapAdapter$DeleteEntryAdapter
1932: 1 88 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.ScopedAttributeDefinition
1933: 1 88 com.tc.object.bytecode.TreeMapAdapter$PutAdapter
1934: 1 88 java.io.StreamTokenizer
1935: 1 88 java.security.cert.PKIXBuilderParameters
1936: 1 88 com.tc.object.bytecode.THashMapAdapter$TransformValuesAdapter
1937: 1 88 edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet
1938: 1 88 java.math.RoundingMode[]
1939: 1 88 edu.internet2.middleware.shibboleth.idp.config.profile.authn.UsernamePasswordLoginHandlerFactoryBean
1940: 1 88 sun.awt.AppContext
1941: 1 88 javax.naming.directory.SchemaViolationException
1942: 1 88 sun.org.mozilla.javascript.internal.BaseFunction
1943: 1 88 sun.nio.ch.FileChannelImpl
1944: 1 88 org.apache.xmlbeans.impl.store.Cur$Locations
1945: 1 88 com.tc.cluster.DsoClusterImpl
1946: 2 80 org.opensaml.saml2.metadata.impl.RequestedAttributeMarshaller
1947: 2 80 org.opensaml.xacml.policy.impl.EnvironmentsTypeMarshaller
1948: 2 80 org.opensaml.saml2.core.impl.StatusMarshaller
1949: 2 80 org.opensaml.xacml.ctx.impl.ResponseTypeMarshaller
1950: 2 80 org.opensaml.xacml.policy.impl.ActionMatchTypeMarshaller
1951: 2 80 org.opensaml.saml1.core.impl.AttributeDesignatorMarshaller
1952: 2 80 org.opensaml.saml2.core.impl.AudienceRestrictionMarshaller
1953: 2 80 org.opensaml.saml1.core.impl.ActionMarshaller
1954: 2 80 javax.management.remote.message.NotificationRequestMessage
1955: 2 80 org.opensaml.saml2.core.impl.AttributeMarshaller
1956: 1 80 org.joda.time.chrono.GregorianChronology[]
1957: 2 80 org.opensaml.saml2.core.impl.ArtifactResponseMarshaller
1958: 2 80 org.joda.time.format.DateTimeFormatterBuilder$TimeZoneOffset
1959: 2 80 org.joda.time.tz.DateTimeZoneBuilder$OfYear
1960: 2 80 org.opensaml.saml2.core.impl.LogoutRequestMarshaller
1961: 2 80 org.opensaml.saml1.core.impl.SubjectConfirmationMarshaller
1962: 2 80 org.opensaml.saml2.core.impl.NameIDPolicyMarshaller
1963: 2 80 org.opensaml.saml1.core.impl.DoNotCacheConditionMarshaller
1964: 2 80 ch.qos.logback.core.joran.action.NestedComplexPropertyIA
1965: 2 80 org.opensaml.xacml.policy.impl.PolicySetCombinerParametersTypeMarshaller
1966: 2 80 org.opensaml.saml2.core.impl.AttributeStatementMarshaller
1967: 1 80 sun.org.mozilla.javascript.internal.NativeNumber
1968: 2 80 org.opensaml.xacml.policy.impl.RuleCombinerParametersTypeMarshaller
1969: 1 80 org.apache.jasper.compiler.JspConfig$JspProperty
1970: 2 80 sun.reflect.UnsafeQualifiedIntegerFieldAccessorImpl
1971: 2 80 java.lang.management.MemoryType
1972: 1 80 org.apache.naming.resources.ResourceCache
1973: 2 80 org.apache.velocity.util.introspection.ClassMap$MethodCache
1974: 2 80 org.opensaml.xacml.ctx.impl.EnvironmentTypeMarshaller
1975: 2 80 org.opensaml.xacml.ctx.impl.AttributeValueTypeMarshaller
1976: 2 80 com.terracottatech.config.impl.ModuleImpl
1977: 1 80 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector$AUTHENTICATION_TYPE[]
1978: 2 80 org.opensaml.saml1.core.impl.AuthenticationQueryMarshaller
1979: 2 80 sun.net.spi.DefaultProxySelector$NonProxyInfo
1980: 2 80 org.opensaml.saml2.core.impl.NameIDMappingRequestMarshaller
1981: 2 80 org.opensaml.saml2.core.impl.AssertionMarshaller
1982: 1 80 com.tc.object.config.schema.StandardDSORuntimeLoggingOptions
1983: 1 80 com.sun.jmx.mbeanserver.OpenConverter$ConverterMap
1984: 2 80 org.opensaml.xacml.policy.impl.ResourceMatchTypeMarshaller
1985: 1 80 sun.org.mozilla.javascript.internal.continuations.Continuation
1986: 2 80 java.util.Random
1987: 2 80 org.opensaml.saml2.metadata.impl.AttributeConsumingServiceMarshaller
1988: 5 80 org.springframework.beans.factory.support.CglibSubclassingInstantiationStrategy
1989: 2 80 org.opensaml.saml1.core.impl.AuthorityBindingMarshaller
1990: 2 80 org.apache.velocity.util.introspection.ClassMap
1991: 2 80 org.opensaml.xacml.policy.impl.PolicyTypeMarshaller
1992: 2 80 org.opensaml.saml2.core.impl.AuthnRequestMarshaller
1993: 2 80 org.opensaml.xacml.policy.impl.ConditionTypeMarshaller
1994: 2 80 org.apache.velocity.runtime.ParserPoolImpl
1995: 2 80 org.opensaml.xacml.policy.impl.AttributeAssignmentTypeMarshaller
1996: 2 80 org.opensaml.xacml.ctx.impl.SubjectTypeMarshaller
1997: 2 80 sun.security.provider.DSAParameters
1998: 2 80 org.opensaml.saml2.core.impl.SubjectMarshaller
1999: 2 80 org.opensaml.xacml.ctx.impl.RequestTypeMarshaller
2000: 2 80 org.opensaml.saml2.core.impl.AdviceMarshaller
2001: 2 80 org.opensaml.xacml.policy.impl.PolicySetTypeMarshaller
2002: 2 80 org.opensaml.saml1.core.impl.SubjectMarshaller
2003: 1 80 edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSODecoder
2004: 2 80 org.opensaml.saml2.core.impl.AssertionIDRequestMarshaller
2005: 2 80 org.opensaml.xacml.policy.impl.DescriptionTypeMarshaller
2006: 2 80 org.opensaml.xacml.policy.impl.VariableReferenceTypeMarshaller
2007: 2 80 org.opensaml.xacml.policy.impl.ActionTypeMarshaller
2008: 2 80 org.opensaml.xacml.policy.impl.RuleTypeMarshaller
2009: 2 80 org.opensaml.saml2.core.impl.ActionMarshaller
2010: 2 80 java.net.ServerSocket
2011: 2 80 org.opensaml.saml2.core.impl.IDPEntryMarshaller
2012: 2 80 org.opensaml.saml2.core.impl.TerminateMarshaller
2013: 2 80 org.opensaml.saml2.core.impl.AuthzDecisionQueryMarshaller
2014: 2 80 org.apache.xerces.impl.xpath.regex.Token$ParenToken
2015: 2 80 org.opensaml.saml2.core.impl.ArtifactResolveMarshaller
2016: 2 80 org.opensaml.xacml.policy.impl.FunctionTypeMarshaller
2017: 1 80 org.apache.xerces.util.URI
2018: 2 80 org.opensaml.xacml.ctx.impl.ResourceContentTypeMarshaller
2019: 2 80 org.opensaml.saml1.core.impl.AudienceRestrictionConditionMarshaller
2020: 1 80 com.tc.net.protocol.delivery.ReceiveStateMachine
2021: 2 80 java.lang.ref.ReferenceQueue$Null
2022: 1 80 com.tc.config.schema.setup.StandardXMLFileConfigurationCreator
2023: 1 80 com.tc.object.ClientShutdownManager
2024: 2 80 org.opensaml.saml2.core.impl.ProxyRestrictionMarshaller
2025: 2 80 org.opensaml.xacml.ctx.impl.DecisionTypeMarshaller
2026: 1 80 org.terracotta.modules.tomcat.tomcat_5_5.SessionValve55
2027: 1 80 org.opensaml.util.URLBuilder
2028: 1 80 sun.org.mozilla.javascript.internal.NativeBoolean
2029: 2 80 com.sun.phobos.script.javascript.RhinoScriptEngineFactory
2030: 1 80 sun.org.mozilla.javascript.internal.NativeString
2031: 2 80 org.opensaml.saml2.core.impl.EvidenceMarshaller
2032: 1 80 org.apache.catalina.core.StandardContextValve
2033: 2 80 org.opensaml.saml1.core.impl.StatusCodeMarshaller
2034: 1 80 com.sun.jmx.interceptor.DefaultMBeanServerInterceptor
2035: 2 80 ch.qos.logback.classic.joran.action.ConfigurationAction
2036: 2 80 org.opensaml.xacml.policy.impl.TargetTypeMarshaller
2037: 1 80 java.nio.DirectByteBuffer
2038: 2 80 org.opensaml.saml2.core.impl.IDPListMarshaller
2039: 2 80 org.joda.time.tz.DateTimeZoneBuilder$Recurrence
2040: 2 80 com.terracottatech.config.impl.ServerImpl
2041: 2 80 org.opensaml.xacml.policy.impl.PolicyCombinerParametersTypeMarshaller
2042: 1 80 sun.security.x509.NetscapeCertTypeExtension$MapEntry[]
2043: 2 80 org.opensaml.saml2.core.impl.AuthzDecisionStatementMarshaller
2044: 1 80 org.apache.jk.core.WorkerEnv
2045: 2 80 org.opensaml.xacml.ctx.impl.StatusDetailTypeMarshaller
2046: 1 80 com.tc.net.core.TCConnectionManagerJDK14
2047: 2 80 org.opensaml.xacml.ctx.impl.ResultTypeMarshaller
2048: 2 80 org.opensaml.ws.transport.http.HttpServletResponseAdapter
2049: 2 80 org.opensaml.saml2.core.impl.StatusCodeMarshaller
2050: 2 80 javax.security.auth.callback.PasswordCallback
2051: 2 80 org.opensaml.saml2.metadata.impl.ContactPersonMarshaller
2052: 1 80 org.opensaml.saml1.binding.decoding.HTTPPostDecoder
2053: 2 80 org.opensaml.xml.schema.impl.XSIntegerMarshaller
2054: 2 80 org.opensaml.saml2.core.impl.SubjectLocalityMarshaller
2055: 1 80 com.tc.object.DistributedObjectClient$StatisticsSetupCallback
2056: 1 80 com.tc.management.beans.logging.RuntimeOutputOptions
2057: 2 80 org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator
2058: 2 80 org.opensaml.xacml.ctx.impl.ResourceTypeMarshaller
2059: 2 80 org.opensaml.saml2.core.impl.LogoutResponseMarshaller
2060: 2 80 org.opensaml.saml1.core.impl.AuthenticationStatementMarshaller
2061: 2 80 java.lang.management.ManagementPermission
2062: 2 80 org.opensaml.xml.schema.impl.XSURIMarshaller
2063: 2 80 org.opensaml.xacml.policy.impl.CombinerParameterTypeMarshaller
2064: 2 80 org.opensaml.saml2.core.impl.AttributeQueryMarshaller
2065: 2 80 org.opensaml.xacml.policy.impl.SubjectTypeMarshaller
2066: 2 80 org.opensaml.saml2.metadata.impl.AdditionalMetadataLocationMarshaller
2067: 1 80 com.tc.net.protocol.transport.ClientConnectionEstablisher
2068: 5 80 org.springframework.core.task.SyncTaskExecutor
2069: 2 80 org.opensaml.xacml.policy.impl.ActionsTypeMarshaller
2070: 2 80 org.opensaml.xacml.policy.impl.CombinerParametersTypeMarshaller
2071: 1 80 com.tc.net.protocol.transport.ConnectionHealthCheckerImpl$HealthCheckerMonitorThreadEngine
2072: 2 80 org.opensaml.saml2.core.impl.ManageNameIDResponseMarshaller
2073: 5 80 sun.net.www.protocol.jar.Handler
2074: 2 80 com.tc.object.config.TimCapability[]
2075: 2 80 org.opensaml.saml2.core.impl.NameIDMappingResponseMarshaller
2076: 2 80 com.sun.jmx.remote.opt.security.AdminServer
2077: 2 80 org.opensaml.saml2.metadata.impl.OrganizationMarshaller
2078: 2 80 org.opensaml.xacml.policy.impl.AttributeSelectorTypeMarshaller
2079: 2 80 org.opensaml.saml2.core.impl.ConditionsMarshaller
2080: 2 80 org.opensaml.saml2.core.impl.OneTimeUseMarshaller
2081: 2 80 org.opensaml.saml1.core.impl.AdviceMarshaller
2082: 2 80 org.opensaml.saml1.core.impl.ConditionsMarshaller
2083: 2 80 org.opensaml.xacml.policy.impl.EnvironmentMatchTypeMarshaller
2084: 2 80 org.opensaml.xacml.policy.impl.ApplyTypeMarshaller
2085: 2 80 org.opensaml.xacml.policy.impl.ResourceTypeMarshaller
2086: 2 80 org.opensaml.saml2.core.impl.AuthnStatementMarshaller
2087: 2 80 edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet$SimpleCallbackHandler
2088: 2 80 org.opensaml.xacml.policy.impl.ResourcesTypeMarshaller
2089: 1 80 com.tc.management.beans.logging.InstrumentationLogging
2090: 2 80 org.opensaml.saml2.core.impl.NameIDMarshaller
2091: 1 80 com.tc.config.schema.L2ConfigForL1Object$2
2092: 2 80 org.apache.velocity.runtime.directive.Literal
2093: 1 80 edu.internet2.middleware.shibboleth.idp.StatusServlet
2094: 2 80 javax.security.auth.AuthPermission
2095: 1 80 com.tc.object.config.schema.NewDSOApplicationConfigObject
2096: 2 80 org.opensaml.saml1.core.impl.AuthorizationDecisionQueryMarshaller
2097: 2 80 com.tc.net.protocol.tcm.TCMessageFactoryImpl
2098: 2 80 org.opensaml.saml1.core.impl.EvidenceMarshaller
2099: 2 80 org.opensaml.saml2.core.impl.AuthnQueryMarshaller
2100: 2 80 org.opensaml.xacml.policy.impl.ObligationsTypeMarshaller
2101: 1 80 com.tc.lang.TCThreadGroup
2102: 2 80 org.opensaml.saml1.core.impl.AttributeStatementMarshaller
2103: 2 80 org.opensaml.xacml.policy.impl.VariableDefinitionTypeMarshaller
2104: 2 80 org.opensaml.xacml.policy.impl.AttributeValueTypeMarshaller
2105: 2 80 sun.security.jca.ProviderList
2106: 2 80 org.opensaml.xml.schema.impl.XSAnyMarshaller
2107: 2 80 org.opensaml.saml2.core.impl.AuthnContextMarshaller
2108: 2 80 edu.internet2.middleware.shibboleth.idp.util.IPRange
2109: 2 80 org.opensaml.saml2.metadata.impl.KeyDescriptorMarshaller
2110: 2 80 org.opensaml.saml2.core.impl.ScopingMarshaller
2111: 2 80 org.opensaml.saml1.core.impl.StatusMarshaller
2112: 1 80 org.knopflerfish.framework.StartLevelImpl
2113: 2 80 org.opensaml.saml2.core.impl.SubjectConfirmationMarshaller
2114: 2 80 org.apache.catalina.deploy.ErrorPage
2115: 1 80 sun.org.mozilla.javascript.internal.NativeDate
2116: 2 80 org.opensaml.saml1.core.impl.AttributeQueryMarshaller
2117: 2 80 com.sun.net.ssl.internal.ssl.EphemeralKeyManager$EphemeralKeyPair
2118: 2 80 org.opensaml.saml2.core.impl.ManageNameIDRequestMarshaller
2119: 1 80 org.opensaml.saml2.binding.decoding.HTTPSOAP11Decoder
2120: 2 80 org.apache.tomcat.util.http.mapper.Mapper
2121: 2 80 org.opensaml.xacml.ctx.impl.ActionTypeMarshaller
2122: 2 80 org.opensaml.saml2.core.impl.RequestedAuthnContextMarshaller
2123: 1 80 org.knopflerfish.framework.Packages
2124: 1 80 sun.security.validator.PKIXValidator
2125: 2 80 javax.security.auth.callback.NameCallback
2126: 2 80 org.opensaml.saml2.core.impl.StatusDetailMarshaller
2127: 2 80 org.opensaml.xacml.ctx.impl.StatusCodeTypeMarshaller
2128: 2 80 com.tc.util.ObjectIDSet
2129: 2 80 org.opensaml.saml1.core.impl.AuthorizationDecisionStatementMarshaller
2130: 1 80 com.tc.management.beans.logging.RuntimeLogging
2131: 2 80 org.opensaml.saml1.core.impl.SubjectLocalityMarshaller
2132: 2 80 org.opensaml.saml1.core.impl.AssertionMarshaller
2133: 2 80 org.opensaml.saml1.core.impl.NameIdentifierMarshaller
2134: 2 80 org.opensaml.xacml.ctx.impl.StatusTypeMarshaller
2135: 2 80 org.opensaml.xacml.ctx.impl.MissingAttributeDetailTypeMarshaller
2136: 2 80 org.opensaml.saml1.core.impl.AttributeMarshaller
2137: 2 80 org.opensaml.xacml.policy.impl.SubjectMatchTypeMarshaller
2138: 2 80 org.opensaml.xacml.policy.impl.ObligationTypeMarshaller
2139: 1 80 java.net.SocketPermission
2140: 1 80 sun.org.mozilla.javascript.internal.NativeJavaTopPackage
2141: 2 80 org.opensaml.xacml.ctx.impl.AttributeTypeMarshaller
2142: 2 80 org.opensaml.xacml.policy.impl.SubjectsTypeMarshaller
2143: 2 80 org.opensaml.xacml.policy.impl.EnvironmentTypeMarshaller
2144: 2 80 java.security.cert.CertificateFactory
2145: 1 72 sun.util.logging.resources.logging
2146: 1 72 org.apache.log4j.spi.RootLogger
2147: 3 72 com.tc.handler.CallbackDumpAdapter
2148: 1 72 com.tc.management.beans.L1Dumper
2149: 3 72 org.apache.xerces.impl.dv.dtd.ListDatatypeValidator
2150: 3 72 com.tc.object.applicator.ListApplicator
2151: 1 72 org.apache.catalina.deploy.FilterDef
2152: 1 72 org.terracotta.modules.tomcat.tomcat_5_5.TerracottaPipeline
2153: 1 72 edu.internet2.middleware.shibboleth.common.config.security.MetadataExplicitKeySignatureTrustEngineFactoryBean
2154: 1 72 edu.internet2.middleware.shibboleth.common.util.EventingMapBasedStorageService$AddEntryEvent
2155: 1 72 com.tc.object.config.schema.NewDSOApplicationConfigObject$1
2156: 3 72 org.apache.commons.httpclient.HttpVersion
2157: 1 72 org.apache.tomcat.util.modeler.Registry
2158: 3 72 org.apache.catalina.util.URLEncoder
2159: 1 72 edu.internet2.middleware.shibboleth.common.config.relyingparty.RelyingPartyGroup
2160: 1 72 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.ComputedIDDataConnector
2161: 1 72 edu.internet2.middleware.shibboleth.common.config.security.MetadataExplicitKeyTrustEngineFactoryBean
2162: 1 72 org.apache.catalina.valves.ErrorReportValve
2163: 3 72 com.tc.object.config.Root$DsoFinal
2164: 1 72 org.opensaml.saml1.binding.encoding.HTTPPostEncoder
2165: 1 72 sun.org.mozilla.javascript.internal.NativeMath
2166: 1 72 org.apache.xerces.impl.xpath.regex.RegularExpression$Context
2167: 1 72 com.tc.util.ProductInfoBundle
2168: 1 72 sun.text.resources.FormatData_en
2169: 1 72 com.tc.net.protocol.transport.HealthCheckerSocketConnectImpl
2170: 1 72 org.opensaml.saml1.binding.encoding.HTTPArtifactEncoder
2171: 3 72 org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule
2172: 3 72 com.tc.runtime.cache.CacheMemoryEventType
2173: 1 72 org.opensaml.saml2.binding.encoding.HTTPPostEncoder
2174: 3 72 java.nio.charset.CodingErrorAction
2175: 1 72 sun.text.resources.FormatData_en_US
2176: 1 72 org.apache.velocity.VelocityContext
2177: 1 72 com.tc.config.schema.L2ConfigForL1Object
2178: 1 72 com.tc.net.protocol.transport.HealthCheckerConfigClientImpl
2179: 1 72 org.opensaml.util.storage.ExpiringObjectStorageServiceSweeper
2180: 3 72 com.tc.aspectwerkz.expression.SubtypePatternType
2181: 3 72 org.apache.catalina.realm.RealmBase$AllRolesMode
2182: 3 72 org.apache.commons.lang.builder.HashCodeBuilder
2183: 1 72 com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl
2184: 1 72 com.tc.runtime.TCMemoryManagerImpl
2185: 1 72 sun.text.resources.FormatData
2186: 1 72 edu.internet2.middleware.shibboleth.common.config.security.MetadataPKIXSignatureTrustEngineFactoryBean
2187: 3 72 com.tc.object.tx.TxnType
2188: 1 72 edu.internet2.middleware.shibboleth.common.config.security.MetadataPKIXX509CredentialTrustEngineFactoryBean
2189: 1 72 edu.internet2.middleware.shibboleth.idp.session.impl.SessionManagerImpl
2190: 1 72 org.apache.catalina.startup.ContextConfig
2191: 1 72 com.tc.statistics.buffer.memory.MemoryStatisticsBufferImpl
2192: 1 72 com.tc.management.remote.protocol.terracotta.TunnelingEventHandler
2193: 3 72 org.eclipse.jdt.internal.compiler.lookup.VariableBinding[]
2194: 1 72 com.tc.config.schema.L2ConfigForL1Object$1
2195: 3 72 org.knopflerfish.framework.ServiceReferenceImpl
2196: 1 72 sun.nio.ch.DevPollArrayWrapper
2197: 3 72 sun.org.mozilla.javascript.internal.UniqueTag
2198: 1 72 com.sun.script.javascript.JavaAdapter
2199: 3 72 org.apache.xerces.impl.dtd.DTDGrammar$QNameHashtable
2200: 1 72 com.tc.object.config.schema.NewDSOApplicationConfigObject$3
2201: 1 72 org.apache.catalina.core.StandardEngineValve
2202: 1 72 org.springframework.ui.velocity.VelocityEngineFactoryBean
2203: 1 72 com.tc.statistics.StatisticsAgentSubSystemImpl
2204: 3 72 java.lang.InheritableThreadLocal
2205: 3 72 com.tc.net.protocol.tcm.AbstractMessageChannel$ChannelState
2206: 1 72 org.apache.catalina.core.StandardHostValve
2207: 1 72 sun.org.mozilla.javascript.internal.NativeObject
2208: 2 72 com.sun.jmx.mbeanserver.ClassLoaderRepositorySupport$LoaderEntry[]
2209: 3 72 org.mozilla.javascript.UniqueTag
2210: 1 72 org.apache.catalina.core.ApplicationContext
2211: 3 72 java.text.AttributedCharacterIterator$Attribute
2212: 1 72 org.apache.log4j.helpers.PatternParser
2213: 1 72 sun.org.mozilla.javascript.internal.ObjArray
2214: 1 72 org.apache.log4j.Hierarchy
2215: 3 72 sun.text.normalizer.NormalizerBase$QuickCheckResult
2216: 1 72 sun.misc.Cleaner
2217: 1 72 sun.security.rsa.RSAPublicKeyImpl
2218: 1 72 org.opensaml.saml2.metadata.provider.ChainingMetadataProvider
2219: 1 72 org.eclipse.jdt.internal.compiler.lookup.ProblemPackageBinding
2220: 1 72 com.tc.object.config.schema.NewDSOApplicationConfigObject$2
2221: 1 72 org.eclipse.jdt.internal.compiler.ast.IntLiteral
2222: 1 64 sun.nio.cs.StandardCharsets$Aliases
2223: 1 64 com.sun.jndi.toolkit.dir.HierMemDirCtx
2224: 1 64 com.tc.object.ClientConfigurationContext
2225: 2 64 com.tc.statistics.StatisticsSystemType
2226: 2 64 java.util.concurrent.atomic.AtomicBoolean
2227: 1 64 com.tc.object.config.schema.StandardDSOInstrumentationLoggingOptions
2228: 2 64 org.apache.velocity.runtime.directive.Parse
2229: 1 64 java.util.UUID
2230: 1 64 com.tc.management.lock.stats.ClientLockStatisticsManagerImpl
2231: 2 64 com.tc.object.bytecode.AQSSubclassStrongReferenceAdapter
2232: 2 64 com.tc.object.config.TimCapability
2233: 2 64 org.apache.xerces.impl.xpath.regex.Token$UnionToken
2234: 2 64 sun.security.pkcs11.SessionManager$Pool
2235: 2 64 sun.security.validator.EndEntityChecker
2236: 4 64 org.opensaml.saml2.common.impl.ExtensionsBuilder
2237: 1 64 org.apache.xmlbeans.impl.store.CharUtil$CharIterator
2238: 1 64 java.util.ResourceBundle$1
2239: 1 64 org.apache.catalina.mbeans.ConnectorMBean
2240: 2 64 org.apache.velocity.util.introspection.UberspectImpl
2241: 1 64 sun.nio.ch.ServerSocketAdaptor
2242: 1 64 com.sun.jmx.mbeanserver.JmxMBeanServer
2243: 2 64 org.mozilla.javascript.NativeWith
2244: 1 64 org.eclipse.jdt.internal.compiler.codegen.ExceptionLabel[]
2245: 1 64 edu.internet2.middleware.shibboleth.common.util.StringResourceLoader
2246: 2 64 org.joda.time.field.ZeroIsMaxDateTimeField
2247: 1 64 org.opensaml.saml2.binding.decoding.HTTPPostDecoder
2248: 1 64 sun.misc.SoftCache
2249: 2 64 com.tc.net.protocol.transport.ConnectionID
2250: 2 64 net.sourceforge.yamlbeans.parser.DocumentEndEvent
2251: 2 64 org.apache.velocity.runtime.resource.ResourceCacheImpl
2252: 1 64 com.tc.config.schema.dynamic.IntXPathBasedConfigItem
2253: 2 64 com.tc.net.protocol.tcm.TCMessageRouterImpl
2254: 1 64 sun.security.jca.ServiceId[]
2255: 1 64 com.tc.object.appevent.NonPortableEventContext
2256: 1 64 org.apache.tomcat.util.log.SystemLogHandler
2257: 2 64 javax.management.remote.TargetedNotification
2258: 2 64 org.opensaml.xml.security.trust.ChainingTrustEngine
2259: 2 64 javax.security.auth.login.LoginContext$ModuleInfo
2260: 1 64 com.tc.management.exposed.TerracottaCluster
2261: 2 64 org.opensaml.xml.signature.impl.ChainingSignatureTrustEngine
2262: 2 64 org.apache.commons.httpclient.params.HttpClientParams
2263: 2 64 com.sun.phobos.script.javascript.RhinoScriptEngine$1
2264: 1 64 org.eclipse.jdt.internal.compiler.lookup.FieldBinding
2265: 1 64 sun.nio.cs.StandardCharsets$Classes
2266: 1 64 com.tc.object.loaders.StandardClassProvider
2267: 2 64 javax.security.auth.login.LoginContext$ModuleInfo[]
2268: 2 64 com.sun.jmx.mbeanserver.WeakIdentityHashMap
2269: 2 64 javax.security.auth.login.LoginContext$4
2270: 4 64 ch.qos.logback.classic.pattern.EnsureExceptionHandling
2271: 1 64 com.tc.statistics.logging.impl.StatisticsLoggerImpl$LogActionDataTask
2272: 1 64 sun.security.pkcs11.SessionManager
2273: 2 64 java.net.InetAddress$Cache
2274: 2 64 org.opensaml.xml.security.x509.PKIXValidationOptions
2275: 2 64 java.util.concurrent.CopyOnWriteArraySet
2276: 1 64 com.tc.net.protocol.transport.WireProtocolAdaptorImpl
2277: 1 64 org.apache.xmlbeans.impl.schema.BuiltinSchemaTypeSystem
2278: 2 64 java.util.Hashtable$KeySet
2279: 2 64 com.sun.phobos.script.javascript.RhinoCompiledScript
2280: 2 64 org.apache.velocity.runtime.directive.Macro
2281: 1 64 org.apache.log4j.helpers.CountingQuietWriter
2282: 1 64 ch.qos.logback.core.BasicStatusManager
2283: 4 64 org.opensaml.xacml.policy.impl.IdReferenceTypeImplBuilder
2284: 1 64 org.apache.coyote.RequestGroupInfo
2285: 2 64 java.net.InetAddress$Cache$Type
2286: 1 64 sun.nio.cs.StandardCharsets$Cache
2287: 2 64 sun.awt.MostRecentKeyValue
2288: 2 64 sun.security.jca.ProviderList$3
2289: 2 64 org.apache.jasper.compiler.ErrorDispatcher
2290: 1 64 org.eclipse.jdt.internal.compiler.codegen.BranchLabel[]
2291: 2 64 java.util.Currency
2292: 1 64 com.tc.object.tx.RemoteTransactionManagerImpl$RemoteTransactionManagerTimerTask
2293: 1 64 edu.internet2.middleware.shibboleth.idp.authn.provider.PreviousSessionLoginHandler
2294: 2 64 com.tc.logging.ConnectionIdLogger
2295: 2 64 javax.security.auth.login.LoginContext$SecureCallbackHandler
2296: 1 64 org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine
2297: 2 64 java.security.AllPermissionCollection
2298: 1 64 org.opensaml.saml2.binding.decoding.HTTPPostSimpleSignDecoder
2299: 1 64 org.apache.xml.serializer.CharInfo
2300: 2 64 org.apache.commons.httpclient.params.HostParams
2301: 1 64 org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder
2302: 2 64 sun.security.pkcs11.KeyCache
2303: 1 64 com.sun.jmx.remote.opt.internal.ServerNotifForwarder
2304: 2 64 org.apache.log4j.helpers.ISO8601DateFormat
2305: 1 64 com.tc.object.cache.CacheManager
2306: 2 64 com.tc.net.protocol.delivery.OOOEventHandler
2307: 1 64 org.joda.time.tz.DateTimeZoneBuilder$PrecalculatedZone
2308: 2 64 org.apache.velocity.util.SimplePool
2309: 1 64 ch.qos.logback.core.util.AggregationType[]
2310: 1 56 org.opensaml.saml2.metadata.impl.EncryptionMethodUnmarshaller
2311: 1 56 org.apache.log4j.Logger[]
2312: 1 56 org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder
2313: 1 56 org.opensaml.ws.wsaddressing.impl.ReferenceParametersUnmarshaller
2314: 1 56 java.lang.ClassCastException
2315: 1 56 edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginHandler
2316: 1 56 sun.nio.ch.FileLockImpl
2317: 1 56 org.opensaml.ws.wssecurity.impl.UsernameUnmarshaller
2318: 1 56 org.bouncycastle.jce.provider.JCEECPrivateKey
2319: 1 56 org.opensaml.util.storage.ReplayCache
2320: 1 56 edu.internet2.middleware.shibboleth.common.xmlobject.impl.ShibbolethMetadataKeyAuthorityUnmarshaller
2321: 1 56 org.opensaml.ws.wssecurity.impl.SignatureConfirmationUnmarshaller
2322: 1 56 org.opensaml.ws.wsaddressing.impl.RetryAfterUnmarshaller
2323: 1 56 org.opensaml.xml.encryption.impl.DataReferenceUnmarshaller
2324: 1 56 org.opensaml.xml.encryption.impl.AgreementMethodUnmarshaller
2325: 1 56 org.opensaml.ws.wsaddressing.impl.AddressUnmarshaller
2326: 1 56 com.tc.object.logging.RuntimeLoggerImpl
2327: 1 56 org.opensaml.xml.signature.impl.X509DataUnmarshaller
2328: 1 56 org.apache.catalina.startup.WebRuleSet
2329: 1 56 com.sun.jmx.remote.opt.internal.ArrayNotificationBuffer$2
2330: 1 56 org.opensaml.xml.encryption.impl.CipherDataUnmarshaller
2331: 1 56 org.opensaml.xml.encryption.impl.DHKeyValueUnmarshaller
2332: 1 56 org.opensaml.xml.encryption.impl.EncryptionPropertiesUnmarshaller
2333: 1 56 org.opensaml.ws.wssecurity.impl.EncryptedHeaderUnmarshaller
2334: 1 56 org.opensaml.ws.wssecurity.impl.ExpiresUnmarshaller
2335: 1 56 org.opensaml.ws.wsaddressing.impl.ProblemActionUnmarshaller
2336: 1 56 org.opensaml.xml.encryption.impl.KeyReferenceUnmarshaller
2337: 1 56 com.tc.object.event.DmiManagerImpl
2338: 1 56 org.opensaml.xml.signature.impl.X509IssuerSerialUnmarshaller
2339: 1 56 sun.nio.ch.FileChannelImpl$FileLockReference
2340: 1 56 java.lang.String[][][]
2341: 2 56 org.apache.catalina.connector.Connector[]
2342: 1 56 org.opensaml.ws.wssecurity.impl.PasswordUnmarshaller
2343: 1 56 org.opensaml.xml.signature.impl.KeyInfoUnmarshaller
2344: 1 56 java.lang.Error
2345: 1 56 java.lang.VirtualMachineError
2346: 1 56 org.opensaml.xml.signature.impl.DigestMethodUnmarshaller
2347: 1 56 org.apache.xerces.impl.dv.xs.AbstractDateTimeDV$DateTimeData[]
2348: 1 56 org.apache.catalina.startup.HostConfig$DeployedApplication
2349: 1 56 java.lang.ArrayStoreException
2350: 1 56 org.joda.time.chrono.GJMonthOfYearDateTimeField
2351: 1 56 org.opensaml.ws.wssecurity.impl.TransformationParametersUnmarshaller
2352: 1 56 org.opensaml.xml.signature.impl.KeyValueUnmarshaller
2353: 1 56 org.opensaml.ws.wssecurity.impl.BinarySecurityTokenUnmarshaller
2354: 1 56 org.opensaml.ws.wssecurity.impl.KeyIdentifierUnmarshaller
2355: 1 56 com.sun.net.ssl.internal.ssl.X509TrustManagerImpl
2356: 1 56 org.opensaml.ws.wsaddressing.impl.ActionUnmarshaller
2357: 1 56 java.lang.OutOfMemoryError[]
2358: 1 56 org.opensaml.xml.encryption.impl.EncryptedKeyUnmarshaller
2359: 1 56 ch.qos.logback.classic.pattern.ThreadConverter
2360: 1 56 javax.management.remote.generic.ServerIntermediary$GenericServerCommunicatorAdmin
2361: 1 56 ch.qos.logback.classic.pattern.LineOfCallerConverter
2362: 1 56 org.opensaml.xml.signature.impl.SPKIDataUnmarshaller
2363: 1 56 org.opensaml.ws.wsaddressing.impl.ProblemIRIUnmarshaller
2364: 1 56 org.knopflerfish.framework.Queue
2365: 1 56 java.lang.ArithmeticException
2366: 1 56 org.opensaml.common.binding.artifact.BasicSAMLArtifactMap
2367: 1 56 org.opensaml.ws.wsaddressing.impl.ReplyToUnmarshaller
2368: 1 56 org.opensaml.ws.wssecurity.impl.SecurityUnmarshaller
2369: 1 56 com.tc.stats.counter.sampled.SampledCounterImpl
2370: 2 56 org.apache.tomcat.util.http.mapper.Mapper$Host[]
2371: 1 56 org.joda.time.convert.ConverterManager
2372: 2 56 org.apache.catalina.startup.HostConfig$DeployedApplication[]
2373: 1 56 com.tc.aspectwerkz.expression.ast.ASTModifier
2374: 1 56 org.opensaml.xml.encryption.impl.RecipientKeyInfoUnmarshaller
2375: 1 56 com.tc.object.TCClassFactoryImpl
2376: 1 56 com.tc.net.protocol.transport.ConnectionHealthCheckerImpl
2377: 1 56 org.opensaml.ws.wsaddressing.impl.ToUnmarshaller
2378: 1 56 org.opensaml.ws.wssecurity.impl.SecurityTokenReferenceUnmarshaller
2379: 1 56 org.opensaml.xml.encryption.impl.TransformsUnmarshaller
2380: 1 56 com.tc.object.gtx.ClientGlobalTransactionManagerImpl
2381: 1 56 org.apache.xerces.parsers.AbstractDOMParser$1
2382: 1 56 org.opensaml.xml.signature.impl.DSAKeyValueUnmarshaller
2383: 1 56 javax.crypto.SunJCE_k
2384: 2 56 org.apache.xmlbeans.SchemaTypeLoader[]
2385: 1 56 javax.management.remote.JMXServiceURL
2386: 1 56 org.opensaml.saml1.core.impl.RequestUnmarshaller
2387: 1 56 org.apache.xml.security.c14n.implementations.NameSpaceSymbEntry
2388: 1 56 org.opensaml.xml.signature.impl.PGPDataUnmarshaller
2389: 1 56 org.apache.xerces.impl.XMLEntityScanner$1
2390: 1 56 org.opensaml.ws.wssecurity.impl.TimestampUnmarshaller
2391: 1 56 com.sun.net.ssl.internal.ssl.ProtocolList
2392: 1 56 org.apache.catalina.connector.MapperListener
2393: 1 56 org.opensaml.ws.wssecurity.impl.SaltUnmarshaller
2394: 1 56 org.opensaml.xml.encryption.impl.EncryptionMethodUnmarshaller
2395: 1 56 org.opensaml.xml.encryption.impl.EncryptionPropertyUnmarshaller
2396: 1 56 com.tc.net.protocol.delivery.OOOConnectionWatcher
2397: 1 56 edu.internet2.middleware.shibboleth.common.log.AccessLogEntry
2398: 1 56 java.text.Normalizer$Form[]
2399: 1 56 org.opensaml.ws.wssecurity.impl.UsernameTokenUnmarshaller
2400: 1 56 org.opensaml.xml.encryption.impl.CipherReferenceUnmarshaller
2401: 1 56 com.tc.object.config.schema.NewL1DSOConfigObject
2402: 1 56 org.opensaml.ws.wssecurity.impl.NonceUnmarshaller
2403: 1 56 java.lang.ArrayIndexOutOfBoundsException
2404: 1 56 org.opensaml.ws.wssecurity.impl.ReferenceUnmarshaller
2405: 1 56 java.lang.NullPointerException
2406: 1 56 org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine
2407: 1 56 org.opensaml.saml1.binding.encoding.HTTPSOAP11Encoder
2408: 1 56 org.opensaml.ws.wssecurity.impl.EmbeddedUnmarshaller
2409: 1 56 sun.security.validator.SimpleValidator
2410: 1 56 org.opensaml.xml.signature.impl.TransformUnmarshaller
2411: 1 56 java.io.StringReader
2412: 1 56 org.opensaml.ws.wsaddressing.impl.EndpointReferenceUnmarshaller
2413: 1 56 org.opensaml.ws.wsaddressing.impl.MetadataUnmarshaller
2414: 1 56 org.opensaml.xml.signature.impl.RetrievalMethodUnmarshaller
2415: 1 56 org.opensaml.xml.encryption.impl.EncryptedDataUnmarshaller
2416: 1 56 org.opensaml.ws.wssecurity.impl.IterationUnmarshaller
2417: 1 56 com.sun.security.auth.login.ConfigFile
2418: 1 56 sun.org.mozilla.javascript.internal.ClassCache
2419: 1 56 com.tc.net.protocol.tcm.CommunicationsManagerImpl$MessageTransportFactoryImpl
2420: 1 56 java.io.CharArrayWriter
2421: 1 56 com.tc.aspectwerkz.expression.ast.ExpressionParser$LookaheadSuccess
2422: 1 56 org.opensaml.xml.signature.impl.RSAKeyValueUnmarshaller
2423: 1 56 org.apache.xerces.impl.dtd.models.ContentModelValidator[][]
2424: 1 56 org.opensaml.saml1.core.impl.ResponseUnmarshaller
2425: 1 56 org.apache.commons.logging.impl.WeakHashtable$WeakKey
2426: 1 56 org.opensaml.ws.wsaddressing.impl.FaultToUnmarshaller
2427: 1 56 com.tc.async.impl.StageManagerImpl
2428: 1 56 com.sun.jmx.mbeanserver.MBeanServerDelegateImpl
2429: 1 56 org.joda.time.chrono.BasicChronology$HalfdayField
2430: 1 56 org.opensaml.ws.wsaddressing.impl.MessageIDUnmarshaller
2431: 1 56 org.opensaml.xml.signature.impl.TransformsUnmarshaller
2432: 1 56 org.opensaml.ws.wssecurity.impl.CreatedUnmarshaller
2433: 1 56 com.sun.script.javascript.RhinoScriptEngine
2434: 1 56 org.opensaml.ws.wsaddressing.impl.FromUnmarshaller
2435: 1 56 edu.internet2.middleware.shibboleth.common.xmlobject.impl.ShibbolethMetadataScopeUnmarshaller
2436: 1 56 org.opensaml.xml.encryption.impl.ReferenceListUnmarshaller
2437: 1 56 java.lang.Exception
2438: 1 56 java.io.DataInputStream
2439: 1 56 com.tc.object.config.Root
2440: 1 56 org.apache.xerces.impl.dv.DatatypeValidator[][]
2441: 1 56 org.apache.log4j.helpers.PatternParser$CategoryPatternConverter
2442: 1 56 org.knopflerfish.framework.Listeners
2443: 1 56 com.tc.runtime.cache.CacheMemoryManagerEventGenerator
2444: 1 56 org.apache.log4j.helpers.QuietWriter
2445: 1 56 com.tc.management.TerracottaManagement$MBeanDomain[]
2446: 1 56 org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder
2447: 1 56 com.tc.management.remote.protocol.terracotta.TunnelingMessageConnection
2448: 1 56 org.opensaml.xml.encryption.impl.OriginatorKeyInfoUnmarshaller
2449: 1 48 com.tc.object.tx.TransactionBatchWriterFactory
2450: 1 48 com.tc.util.sequence.BatchSequence
2451: 1 48 org.opensaml.ws.wsaddressing.impl.SoapActionUnmarshaller
2452: 2 48 com.tc.object.SerializationUtil
2453: 1 48 org.opensaml.saml2.core.impl.NewEncryptedIDUnmarshaller
2454: 1 48 com.tc.util.runtime.VmVersion
2455: 1 48 org.joda.time.chrono.BasicWeekyearDateTimeField
2456: 2 48 java.lang.annotation.Annotation[]
2457: 2 48 org.eclipse.jdt.internal.compiler.impl.BooleanConstant
2458: 1 48 org.opensaml.ws.wsfed.impl.AppliesToUnmarshaller
2459: 1 48 org.opensaml.saml1.core.impl.ConfirmationMethodUnmarshaller
2460: 2 48 com.tc.stats.counter.CounterImpl
2461: 1 48 sun.management.MemoryImpl
2462: 1 48 java.net.Proxy$Type[]
2463: 1 48 org.opensaml.saml1.core.impl.AssertionArtifactUnmarshaller
2464: 2 48 org.opensaml.saml2.metadata.provider.ChainingMetadataProvider$ContainedProviderObserver
2465: 2 48 sun.misc.NativeSignalHandler
2466: 2 48 org.apache.velocity.runtime.log.Log
2467: 1 48 org.apache.xmlbeans.impl.values.XmlPositiveIntegerImpl
2468: 2 48 org.opensaml.xml.signature.impl.SignatureMarshaller
2469: 1 48 org.opensaml.ws.soap.soap11.impl.DetailUnmarshaller
2470: 1 48 com.tc.object.PortabilityImpl
2471: 1 48 com.tc.object.cache.CacheConfigImpl
2472: 1 48 org.opensaml.saml2.core.impl.ArtifactUnmarshaller
2473: 1 48 org.joda.time.chrono.BasicDayOfYearDateTimeField
2474: 2 48 org.apache.xmlbeans.SchemaModelGroup[]
2475: 2 48 java.util.logging.Handler[]
2476: 1 48 org.opensaml.saml2.core.impl.AuthnContextDeclRefUnmarshaller
2477: 1 48 org.opensaml.saml2.metadata.impl.NameIDFormatUnmarshaller
2478: 1 48 org.opensaml.saml2.core.impl.SessionIndexUnmarshaller
2479: 1 48 org.joda.time.chrono.GJDayOfWeekDateTimeField
2480: 2 48 com.tc.net.protocol.tcm.ChannelID
2481: 1 48 org.apache.catalina.deploy.LoginConfig
2482: 2 48 com.tc.net.protocol.transport.WireProtocolAdaptorFactoryImpl
2483: 1 48 ch.qos.logback.classic.joran.action.LoggerAction
2484: 1 48 org.opensaml.samlext.samlpthrpty.impl.RespondToUnmarshaller
2485: 1 48 ch.qos.logback.core.spi.FilterReply[]
2486: 1 48 org.opensaml.saml2.metadata.impl.OrganizationNameUnmarshaller
2487: 1 48 com.tc.statistics.logging.impl.StatisticsLoggerImpl
2488: 2 48 org.apache.xmlbeans.impl.regex.Token
2489: 2 48 com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
2490: 1 48 sun.net.www.protocol.https.Handler
2491: 1 48 com.tc.runtime.TCMemoryManagerImpl$MemoryMonitor
2492: 2 48 java.security.AllPermission
2493: 1 48 org.opensaml.ws.wsfed.impl.RequestSecurityTokenResponseUnmarshaller
2494: 1 48 com.tc.net.core.TCCommJDK14
2495: 1 48 org.opensaml.samlext.saml1md.impl.SourceIDUnmarshaller
2496: 1 48 sun.security.pkcs11.Secmod$DbMode[]
2497: 1 48 org.apache.xmlbeans.impl.store.CharUtil
2498: 2 48 edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver$MetadataProviderObserver
2499: 2 48 org.apache.xmlbeans.SchemaAnnotation[]
2500: 1 48 sun.security.pkcs11.P11SecureRandom
2501: 1 48 com.terracottatech.config.impl.PortImpl
2502: 1 48 org.opensaml.saml2.core.impl.IssuerUnmarshaller
2503: 3 48 org.opensaml.xacml.policy.impl.DefaultsTypeImplBuilder
2504: 2 48 javax.management.NotificationFilterSupport
2505: 1 48 org.opensaml.ws.wsaddressing.impl.ProblemHeaderQNameUnmarshaller
2506: 2 48 org.apache.xmlbeans.SchemaAttributeGroup[]
2507: 2 48 com.tc.statistics.retrieval.actions.SRAMemoryUsage
2508: 1 48 org.opensaml.saml2.metadata.impl.AuthzServiceUnmarshaller
2509: 1 48 org.opensaml.saml2.metadata.impl.NameIDMappingServiceUnmarshaller
2510: 1 48 org.opensaml.xacml.ctx.impl.StatusMessageTypeUnmarshaller
2511: 1 48 org.joda.time.tz.DateTimeZoneBuilder$DSTZone
2512: 1 48 org.opensaml.ws.soap.soap11.impl.BodyUnmarshaller
2513: 1 48 com.tc.object.tx.TransactionBatchAccounting
2514: 2 48 org.opensaml.xml.signature.impl.SignatureUnmarshaller
2515: 2 48 org.apache.velocity.util.introspection.MethodMap
2516: 1 48 com.tc.aspectwerkz.expression.ast.JJTExpressionParserState
2517: 1 48 java.util.concurrent.atomic.AtomicReferenceFieldUpdater$AtomicReferenceFieldUpdaterImpl
2518: 1 48 org.opensaml.saml2.metadata.impl.ServiceDescriptionUnmarshaller
2519: 1 48 org.opensaml.saml2.metadata.impl.SingleLogoutServiceUnmarshaller
2520: 1 48 sun.management.NotificationEmitterSupport$ListenerInfo
2521: 1 48 org.opensaml.saml2.metadata.impl.AuthnQueryServiceUnmarshaller
2522: 1 48 org.opensaml.samlext.saml2mdquery.impl.AuthzDecisionQueryDescriptorTypeUnmarshaller
2523: 2 48 org.apache.naming.StringManager
2524: 2 48 org.apache.xmlbeans.impl.schema.ClassLoaderResourceLoader
2525: 2 48 com.sun.jmx.remote.opt.util.ThreadService$ThreadServiceJob
2526: 2 48 sun.security.pkcs11.wrapper.CK_VERSION
2527: 1 48 com.sun.jmx.remote.opt.internal.ArrayQueue
2528: 1 48 org.apache.catalina.util.SchemaResolver
2529: 2 48 org.apache.xmlbeans.XmlOptions
2530: 1 48 org.opensaml.saml2.core.impl.EncryptedAttributeUnmarshaller
2531: 1 48 sun.nio.cs.StandardCharsets
2532: 1 48 edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet
2533: 1 48 org.opensaml.saml2.metadata.impl.GivenNameUnmarshaller
2534: 1 48 org.opensaml.saml2.metadata.impl.OrganizationDisplayNameUnmarshaller
2535: 1 48 org.opensaml.ws.wsfed.impl.EndPointReferenceUnmarshaller
2536: 1 48 com.tc.object.idprovider.impl.RemoteObjectIDBatchSequenceProvider
2537: 1 48 com.tc.config.schema.NewCommonL1ConfigObject
2538: 1 48 org.opensaml.saml2.metadata.impl.SingleSignOnServiceUnmarshaller
2539: 1 48 java.util.Collections$SynchronizedSortedSet
2540: 1 48 org.opensaml.saml2.core.impl.StatusMessageUnmarshaller
2541: 1 48 sun.management.VMManagementImpl
2542: 1 48 sun.security.x509.IssuerAlternativeNameExtension
2543: 1 48 com.tc.lang.ThrowableHandler
2544: 1 48 org.opensaml.saml2.core.impl.AuthnContextClassRefUnmarshaller
2545: 2 48 org.apache.xmlbeans.SchemaType[]
2546: 1 48 org.opensaml.saml2.core.impl.AssertionIDRefUnmarshaller
2547: 1 48 org.opensaml.samlext.saml2delrestrict.impl.DelegationRestrictionTypeUnmarshaller
2548: 1 48 org.opensaml.saml2.ecp.impl.ResponseUnmarshaller
2549: 1 48 java.util.zip.ZipFile
2550: 1 48 org.opensaml.samlext.saml2mdquery.impl.AttributeQueryDescriptorTypeMarshaller
2551: 1 48 java.lang.management.MemoryManagerMXBean[]
2552: 1 48 org.opensaml.ws.soap.soap11.impl.FaultUnmarshaller
2553: 1 48 com.tc.object.config.schema.StandardDSORuntimeOutputOptions
2554: 1 48 org.joda.time.chrono.BasicDayOfMonthDateTimeField
2555: 1 48 org.opensaml.saml2.core.impl.EncryptedIDUnmarshaller
2556: 1 48 org.opensaml.samlext.idpdisco.DiscoveryResponseUnmarshaller
2557: 1 48 org.springframework.ui.context.support.ResourceBundleThemeSource
2558: 1 48 org.opensaml.saml2.core.impl.RequesterIDUnmarshaller
2559: 2 48 org.apache.commons.ssl.asn1.DERBoolean
2560: 1 48 org.apache.catalina.deploy.FilterMap
2561: 1 48 org.opensaml.saml2.metadata.impl.TelephoneNumberUnmarshaller
2562: 1 48 org.joda.time.chrono.BasicYearDateTimeField
2563: 1 48 org.opensaml.saml2.metadata.impl.AssertionIDRequestServiceUnmarshaller
2564: 1 48 edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine
2565: 2 48 org.apache.xmlbeans.SchemaGlobalElement[]
2566: 1 48 org.apache.commons.httpclient.HttpState
2567: 1 48 org.opensaml.saml2.metadata.impl.EmailAddressUnmarshaller
2568: 2 48 java.nio.charset.CoderResult
2569: 1 48 com.tc.net.protocol.tcm.ChannelManagerImpl
2570: 1 48 org.opensaml.samlext.saml2mdquery.impl.AuthnQueryDescriptorTypeUnmarshaller
2571: 1 48 java.util.HashMap[]
2572: 1 48 org.apache.commons.httpclient.HttpClient
2573: 1 48 org.opensaml.saml2.metadata.impl.ManageNameIDServiceUnmarshaller
2574: 2 48 org.eclipse.jdt.internal.compiler.lookup.FieldBinding[]
2575: 1 48 org.opensaml.ws.soap.soap11.impl.HeaderUnmarshaller
2576: 1 48 org.opensaml.ws.wsaddressing.impl.RelatesToUnmarshaller
2577: 2 48 java.nio.ByteOrder
2578: 2 48 org.opensaml.xml.parse.LoggingErrorHandler
2579: 2 48 org.springframework.web.context.request.SessionScope
2580: 1 48 javax.management.StandardEmitterMBean
2581: 1 48 org.opensaml.ws.wsfed.impl.AddressUnmarshaller
2582: 1 48 org.opensaml.saml2.ecp.impl.RelayStateUnmarshaller
2583: 1 48 org.opensaml.saml2.core.impl.AudienceUnmarshaller
2584: 1 48 edu.vt.middleware.ldap.LdapPool
2585: 1 48 org.apache.xerces.impl.xpath.regex.Op$ModifierOp
2586: 1 48 com.sun.script.javascript.RhinoScriptEngine$1
2587: 1 48 org.opensaml.saml2.metadata.impl.ArtifactResolutionServiceUnmarshaller
2588: 1 48 org.apache.jasper.runtime.JspApplicationContextImpl
2589: 2 48 com.tc.object.config.CompoundExpressionMatcher
2590: 1 48 org.apache.xerces.dom.NodeListCache
2591: 1 48 com.tc.util.concurrent.TCFuture
2592: 1 48 org.mozilla.javascript.ContextFactory
2593: 1 48 org.opensaml.samlext.saml2mdquery.impl.ActionNamespaceUnmarshaller
2594: 1 48 org.opensaml.saml1.core.impl.AssertionIDReferenceUnmarshaller
2595: 1 48 com.sun.jndi.ldap.LdapRequest
2596: 1 48 com.terracottatech.config.impl.NonNegativeIntImpl
2597: 1 48 com.tc.cluster.DsoClusterTopologyImpl
2598: 1 48 com.tc.object.cache.ClockEvictionPolicy
2599: 1 48 org.opensaml.xml.signature.impl.X509SerialNumberUnmarshaller
2600: 1 48 org.opensaml.saml2.core.impl.AssertionURIRefUnmarshaller
2601: 1 48 java.text.DontCareFieldPosition
2602: 1 48 com.tc.object.handler.LockResponseHandler
2603: 1 48 com.tc.net.protocol.delivery.OOONetworkStackHarnessFactory
2604: 1 48 org.opensaml.saml2.core.impl.AuthnContextDeclUnmarshaller
2605: 1 48 com.tc.object.bytecode.hook.impl.DSOContextImpl
2606: 1 48 org.opensaml.samlext.saml2mdquery.impl.AuthzDecisionQueryDescriptorTypeMarshaller
2607: 2 48 org.opensaml.security.MetadataCredentialResolver$MetadataProviderObserver
2608: 1 48 org.opensaml.util.resource.ResourceChangeListener$ResourceChange[]
2609: 2 48 org.apache.commons.httpclient.Wire
2610: 1 48 org.opensaml.saml2.core.impl.GetCompleteUnmarshaller
2611: 2 48 com.tc.object.appevent.NonPortableEventContextFactory
2612: 1 48 java.lang.ref.Reference
2613: 1 48 com.sun.jmx.remote.generic.SynchroMessageConnectionServerImpl
2614: 2 48 com.sun.net.ssl.internal.ssl.RandomCookie
2615: 2 48 com.tc.net.protocol.tcm.TCMessageRouterImpl$1
2616: 1 48 sun.net.www.protocol.http.HttpURLConnection$TunnelState[]
2617: 1 48 org.opensaml.xml.security.x509.PKIXX509CredentialTrustEngine
2618: 2 48 org.apache.xerces.impl.xpath.regex.Token
2619: 1 48 org.opensaml.samlext.saml2mdquery.impl.AttributeQueryDescriptorTypeUnmarshaller
2620: 1 48 org.joda.time.tz.ZoneInfoProvider
2621: 1 48 org.opensaml.saml2.metadata.impl.AttributeProfileUnmarshaller
2622: 1 48 org.opensaml.saml2.metadata.impl.OrganizationURLUnmarshaller
2623: 1 48 org.opensaml.ws.soap.soap11.impl.EnvelopeUnmarshaller
2624: 2 48 com.tc.object.tools.BootJar$State
2625: 2 48 org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator
2626: 1 48 org.opensaml.saml2.ecp.impl.RequestUnmarshaller
2627: 2 48 org.eclipse.jdt.internal.compiler.impl.DoubleConstant
2628: 1 48 org.opensaml.saml2.core.impl.ResponseUnmarshaller
2629: 1 48 edu.internet2.middleware.shibboleth.common.xmlobject.impl.ShibbolethScopedValueUnmarshaller
2630: 1 48 org.opensaml.saml2.core.impl.AuthenticatingAuthorityUnmarshaller
2631: 1 48 org.opensaml.saml2.core.impl.NewIDUnmarshaller
2632: 1 48 org.opensaml.saml2.metadata.impl.ServiceNameUnmarshaller
2633: 1 48 com.sun.script.javascript.ExternalScriptable
2634: 1 48 com.tc.net.protocol.delivery.GuaranteedDeliveryProtocol
2635: 1 48 com.tc.object.handler.ClientCoordinationHandler
2636: 1 48 org.opensaml.saml1.core.impl.StatusMessageUnmarshaller
2637: 1 48 EDU.oswego.cs.dl.util.concurrent.ConcurrentHashMap$Entry
2638: 1 48 org.opensaml.ws.wsfed.impl.RequestedSecurityTokenUnmarshaller
2639: 1 48 com.sun.jndi.ldap.BerEncoder
2640: 1 48 org.opensaml.saml2.metadata.impl.AssertionConsumerServiceUnmarshaller
2641: 2 48 org.eclipse.jdt.internal.compiler.lookup.TypeBinding[]
2642: 1 48 org.opensaml.samlext.saml2mdquery.impl.AuthnQueryDescriptorTypeMarshaller
2643: 1 48 com.terracottatech.config.impl.QualifiedFieldNameImpl
2644: 2 48 com.tc.logging.DelegatingAppender
2645: 1 48 org.opensaml.saml1.core.impl.AudienceUnmarshaller
2646: 1 48 org.opensaml.saml2.core.impl.EncryptedAssertionUnmarshaller
2647: 2 48 sun.security.util.HostnameChecker
2648: 2 48 org.opensaml.saml2.metadata.provider.AbstractObservableMetadataProvider$DescriptorIndexClearingObserver
2649: 1 48 org.joda.time.chrono.BasicWeekOfWeekyearDateTimeField
2650: 1 48 org.apache.naming.TransactionRef
2651: 1 48 org.opensaml.saml2.metadata.impl.AttributeServiceUnmarshaller
2652: 3 48 org.opensaml.xml.signature.validator.KeyInfoTypeSchemaValidator
2653: 1 48 org.opensaml.saml2.metadata.impl.CompanyUnmarshaller
2654: 1 48 org.opensaml.util.resource.ClasspathResource
2655: 1 48 java.security.KeyStore
2656: 1 48 ch.qos.logback.core.rolling.helper.CompressionMode[]
2657: 1 48 java.lang.ThreadLocal[]
2658: 1 48 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StaticDataConnector
2659: 1 48 org.knopflerfish.framework.ServiceURLStreamHandlerFactory
2660: 1 48 java.io.UnixFileSystem
2661: 1 48 org.opensaml.saml2.metadata.impl.SurNameUnmarshaller
2662: 1 48 org.apache.catalina.startup.Bootstrap
2663: 1 48 org.eclipse.jdt.internal.compiler.flow.FlowContext
2664: 2 48 org.apache.velocity.runtime.log.HoldingLogChute
2665: 1 48 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector$SEARCH_SCOPE[]
2666: 1 48 org.opensaml.samlext.saml2delrestrict.impl.DelegateUnmarshaller
2667: 1 48 org.apache.commons.httpclient.SimpleHttpConnectionManager
2668: 1 48 org.opensaml.saml2.metadata.impl.AffiliateMemberUnmarshaller
2669: 2 48 org.apache.xmlbeans.SchemaGlobalAttribute[]
2670: 1 40 java.lang.management.MemoryType[]
2671: 1 40 org.apache.xerces.impl.dtd.XMLContentSpec
2672: 1 40 com.tc.object.DSOClientMessageChannelImpl
2673: 1 40 org.apache.jsp.logout_jsp
2674: 1 40 com.tc.runtime.TCMemoryManagerJdk15PoolMonitor
2675: 1 40 org.springframework.context.event.SimpleApplicationEventMulticaster$1
2676: 1 40 org.opensaml.xml.encryption.impl.TransformsMarshaller
2677: 1 40 org.opensaml.saml2.metadata.impl.OrganizationNameMarshaller
2678: 1 40 org.apache.jsp.idp_002dstatus_002dlb_jsp
2679: 1 40 org.opensaml.ws.wsaddressing.impl.ToMarshaller
2680: 1 40 org.opensaml.ws.wsfed.impl.EndPointReferenceMarshaller
2681: 1 40 org.opensaml.xml.signature.impl.RetrievalMethodMarshaller
2682: 1 40 java.util.logging.LogManager$LogNode
2683: 1 40 com.tc.util.TCCollections$EmptyObjectIDSet
2684: 1 40 com.tc.object.handler.DmiHandler
2685: 1 40 com.tc.object.handler.ReceiveObjectHandler
2686: 1 40 org.opensaml.samlext.samlpthrpty.impl.RespondToMarshaller
2687: 1 40 org.opensaml.ws.wssecurity.impl.UsernameTokenMarshaller
2688: 1 40 org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager
2689: 1 40 com.tc.properties.L1ReconnectConfigImpl
2690: 1 40 org.opensaml.saml2.ecp.impl.ResponseMarshaller
2691: 1 40 com.tc.object.config.ClassReplacementMappingImpl
2692: 1 40 com.sun.jmx.mbeanserver.Repository
2693: 1 40 com.terracottatech.config.impl.ApplicationImpl
2694: 1 40 org.opensaml.xml.signature.impl.SPKIDataMarshaller
2695: 1 40 org.opensaml.saml2.metadata.impl.NameIDMappingServiceMarshaller
2696: 1 40 org.opensaml.xml.encryption.impl.EncryptionPropertyMarshaller
2697: 1 40 org.opensaml.ws.wssecurity.impl.EmbeddedMarshaller
2698: 1 40 com.terracottatech.config.impl.DsoApplicationImpl
2699: 1 40 org.opensaml.ws.wsaddressing.impl.MessageIDMarshaller
2700: 1 40 org.opensaml.saml1.core.impl.StatusMessageMarshaller
2701: 1 40 org.knopflerfish.framework.ServiceListenerState
2702: 1 40 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.ValueMap
2703: 1 40 org.opensaml.ws.soap.soap11.impl.BodyMarshaller
2704: 1 40 org.opensaml.saml2.metadata.impl.AuthnQueryServiceMarshaller
2705: 1 40 org.opensaml.samlext.saml2delrestrict.impl.DelegationRestrictionTypeMarshaller
2706: 1 40 org.opensaml.saml2.core.impl.AuthnContextDeclMarshaller
2707: 1 40 com.sun.net.ssl.internal.ssl.HandshakeOutStream
2708: 1 40 org.opensaml.saml2.metadata.impl.SingleLogoutServiceMarshaller
2709: 1 40 com.tc.object.handler.ReceiveRootIDHandler
2710: 1 40 sun.nio.cs.ISO_8859_1
2711: 1 40 com.tc.statistics.StatisticsSystemType[]
2712: 1 40 org.opensaml.ws.wsaddressing.impl.EndpointReferenceMarshaller
2713: 1 40 org.opensaml.xml.signature.impl.TransformsMarshaller
2714: 1 40 org.opensaml.saml2.core.impl.AssertionIDRefMarshaller
2715: 1 40 org.opensaml.saml2.metadata.impl.GivenNameMarshaller
2716: 1 40 java.lang.reflect.ReflectPermission
2717: 1 40 com.terracottatech.config.impl.InstrumentedClassesImpl
2718: 1 40 org.opensaml.saml2.metadata.impl.SurNameMarshaller
2719: 1 40 org.opensaml.saml2.metadata.impl.AttributeServiceMarshaller
2720: 1 40 org.opensaml.saml2.metadata.impl.AffiliateMemberMarshaller
2721: 1 40 org.opensaml.ws.wssecurity.impl.IterationMarshaller
2722: 1 40 org.opensaml.xml.signature.impl.KeyValueMarshaller
2723: 1 40 org.opensaml.saml2.core.impl.RequesterIDMarshaller
2724: 1 40 java.io.RandomAccessFile
2725: 1 40 org.apache.xerces.impl.xpath.regex.Op$CharOp
2726: 1 40 org.opensaml.ws.wsaddressing.impl.SoapActionMarshaller
2727: 1 40 org.opensaml.saml2.metadata.impl.ServiceNameMarshaller
2728: 1 40 org.opensaml.saml2.metadata.impl.AssertionConsumerServiceMarshaller
2729: 1 40 com.terracottatech.config.impl.AdditionalBootJarClassesImpl
2730: 1 40 org.apache.xmlbeans.impl.regex.Token$ConcatToken
2731: 1 40 org.joda.time.tz.CachedDateTimeZone
2732: 1 40 org.apache.jsp.error_002d404_jsp
2733: 1 40 org.terracotta.modules.tomcat.tomcat_5_5.Tomcat55Configurator
2734: 1 40 org.apache.tomcat.util.http.mapper.Mapper$Host
2735: 1 40 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.ValueMap$SourceValue
2736: 1 40 org.opensaml.saml1.core.impl.ConfirmationMethodMarshaller
2737: 1 40 org.opensaml.xml.encryption.impl.DHKeyValueMarshaller
2738: 1 40 com.sun.jmx.mbeanserver.ClassLoaderRepositorySupport
2739: 1 40 org.opensaml.xml.encryption.impl.CipherReferenceMarshaller
2740: 1 40 com.tc.net.protocol.tcm.CommunicationsManagerImpl$1
2741: 1 40 java.util.Collections$EmptyMap
2742: 1 40 com.tc.object.handler.ReceiveTransactionCompleteHandler
2743: 1 40 org.opensaml.ws.wssecurity.impl.UsernameMarshaller
2744: 1 40 org.springframework.core.io.UrlResource
2745: 1 40 com.terracottatech.config.impl.LocksImpl
2746: 1 40 org.opensaml.xml.encryption.impl.EncryptionPropertiesMarshaller
2747: 1 40 com.sun.net.ssl.internal.ssl.HandshakeMessage$DistinguishedName[]
2748: 1 40 ch.qos.logback.classic.spi.LoggerContextVO
2749: 1 40 org.opensaml.xml.encryption.impl.ReferenceListMarshaller
2750: 1 40 org.opensaml.saml2.ecp.impl.RequestMarshaller
2751: 1 40 org.opensaml.xml.signature.impl.TransformMarshaller
2752: 1 40 java.util.Collections$UnmodifiableSortedSet
2753: 1 40 org.opensaml.ws.wsaddressing.impl.ReferenceParametersMarshaller
2754: 1 40 com.sun.jmx.remote.opt.internal.ArrayNotificationBuffer$5
2755: 1 40 org.opensaml.saml2.core.impl.NewEncryptedIDMarshaller
2756: 1 40 sun.reflect.UnsafeQualifiedObjectFieldAccessorImpl
2757: 1 40 org.opensaml.saml2.core.impl.AssertionURIRefMarshaller
2758: 1 40 org.opensaml.ws.wsfed.impl.AddressMarshaller
2759: 1 40 com.sun.jmx.remote.generic.ServerSynchroMessageConnectionImpl$MessageReader
2760: 1 40 org.opensaml.saml2.core.impl.ArtifactMarshaller
2761: 1 40 org.apache.catalina.startup.SetPublicIdRule
2762: 1 40 org.opensaml.ws.wsaddressing.impl.ActionMarshaller
2763: 1 40 java.util.logging.LoggingPermission
2764: 1 40 com.terracottatech.config.impl.ClientImpl
2765: 1 40 org.opensaml.saml2.metadata.impl.SingleSignOnServiceMarshaller
2766: 1 40 org.opensaml.samlext.saml2mdquery.impl.ActionNamespaceMarshaller
2767: 1 40 com.terracottatech.config.impl.MirrorGroupsImpl
2768: 1 40 com.tc.object.lockmanager.impl.StripedClientLockManagerImpl
2769: 1 40 org.apache.catalina.core.ApplicationFilterConfig
2770: 1 40 org.opensaml.xml.signature.impl.X509SerialNumberMarshaller
2771: 1 40 com.terracottatech.config.impl.ModulesImpl
2772: 1 40 org.opensaml.xml.encryption.impl.KeyReferenceMarshaller
2773: 1 40 org.opensaml.ws.wssecurity.impl.ExpiresMarshaller
2774: 1 40 org.joda.time.tz.FixedDateTimeZone
2775: 1 40 com.terracottatech.config.impl.MirrorGroupImpl
2776: 1 40 org.opensaml.ws.wsaddressing.impl.AddressMarshaller
2777: 1 40 org.opensaml.saml2.core.impl.ResponseMarshaller
2778: 1 40 com.tc.runtime.logging.LongGCLogger
2779: 1 40 org.opensaml.ws.wsaddressing.impl.ProblemIRIMarshaller
2780: 1 40 org.apache.catalina.startup.SetLoginConfig
2781: 1 40 edu.internet2.middleware.shibboleth.common.xmlobject.impl.ShibbolethMetadataScopeMarshaller
2782: 1 40 com.tc.io.TCByteBufferInputStream$TCMark
2783: 1 40 org.opensaml.saml2.metadata.impl.OrganizationURLMarshaller
2784: 1 40 org.opensaml.ws.wsfed.impl.RequestSecurityTokenResponseMarshaller
2785: 1 40 org.opensaml.saml2.metadata.impl.AttributeProfileMarshaller
2786: 1 40 com.sun.net.ssl.internal.ssl.CipherSuiteList
2787: 1 40 org.opensaml.saml2.core.impl.NewIDMarshaller
2788: 1 40 org.opensaml.saml2.core.impl.EncryptedAssertionMarshaller
2789: 1 40 com.sun.jmx.mbeanserver.MXBeanLookup
2790: 1 40 edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter
2791: 1 40 org.opensaml.ws.wssecurity.impl.ReferenceMarshaller
2792: 1 40 long[][][]
2793: 1 40 org.opensaml.saml2.metadata.impl.AuthzServiceMarshaller
2794: 1 40 org.opensaml.ws.wssecurity.impl.TimestampMarshaller
2795: 1 40 org.opensaml.saml2.ecp.impl.RelayStateMarshaller
2796: 1 40 org.opensaml.ws.soap.soap11.impl.EnvelopeMarshaller
2797: 1 40 org.apache.catalina.core.ApplicationContextFacade
2798: 1 40 sun.nio.cs.US_ASCII
2799: 1 40 org.opensaml.ws.wsaddressing.impl.ProblemActionMarshaller
2800: 1 40 org.opensaml.saml2.core.impl.AuthenticatingAuthorityMarshaller
2801: 1 40 edu.internet2.middleware.shibboleth.common.xmlobject.impl.ShibbolethScopedValueMarshaller
2802: 1 40 org.opensaml.ws.soap.soap11.impl.HeaderMarshaller
2803: 1 40 org.opensaml.samlext.saml1md.impl.SourceIDMarshaller
2804: 1 40 java.util.regex.Pattern$Ques
2805: 1 40 com.terracottatech.config.impl.RootsImpl
2806: 1 40 com.sun.jndi.ldap.ManageReferralControl
2807: 1 40 org.opensaml.saml2.metadata.impl.OrganizationDisplayNameMarshaller
2808: 1 40 com.terracottatech.config.impl.TcConfigDocumentImpl
2809: 1 40 java.net.InetAddress$Cache$Type[]
2810: 1 40 org.apache.tomcat.util.threads.ThreadPool$MonitorRunnable
2811: 1 40 org.opensaml.xml.signature.impl.RSAKeyValueMarshaller
2812: 1 40 com.terracottatech.config.impl.SystemImpl
2813: 1 40 com.terracottatech.config.impl.ServersImpl
2814: 1 40 org.opensaml.xacml.ctx.impl.StatusMessageTypeMarshaller
2815: 1 40 org.opensaml.saml2.metadata.impl.ServiceDescriptionMarshaller
2816: 1 40 com.terracottatech.config.impl.MembersImpl
2817: 1 40 org.opensaml.samlext.idpdisco.DiscoveryResponseMarshaller
2818: 1 40 edu.internet2.middleware.shibboleth.common.xmlobject.impl.ShibbolethMetadataKeyAuthorityMarshaller
2819: 1 40 org.opensaml.saml2.core.impl.EncryptedIDMarshaller
2820: 1 40 com.terracottatech.config.impl.TcConfigDocumentImpl$TcConfigImpl
2821: 1 40 org.opensaml.xml.signature.impl.X509DataMarshaller
2822: 1 40 ch.qos.logback.core.helpers.CyclicBuffer
2823: 1 40 org.apache.jsp.error_jsp
2824: 1 40 sun.security.pkcs11.wrapper.CK_MECHANISM_INFO
2825: 1 40 org.opensaml.samlext.saml2delrestrict.impl.DelegateMarshaller
2826: 1 40 org.opensaml.ws.wsaddressing.impl.FaultToMarshaller
2827: 1 40 org.opensaml.ws.soap.soap11.impl.DetailMarshaller
2828: 1 40 org.apache.xmlbeans.impl.regex.Op$UnionOp
2829: 1 40 org.opensaml.ws.wsaddressing.impl.RetryAfterMarshaller
2830: 1 40 org.opensaml.saml1.core.impl.RequestMarshaller
2831: 1 40 com.tc.object.handler.BatchTransactionAckHandler
2832: 1 40 org.opensaml.xml.signature.impl.DSAKeyValueMarshaller
2833: 1 40 com.tc.object.ClientObjectManagerImpl$AddManagedObjectAction
2834: 1 40 org.opensaml.ws.wssecurity.impl.CreatedMarshaller
2835: 1 40 org.opensaml.saml2.core.impl.StatusMessageMarshaller
2836: 1 40 sun.org.mozilla.javascript.internal.InterpreterData[]
2837: 1 40 com.tc.properties.TCPropertiesImpl$LoggingInvocationHandler
2838: 1 40 org.opensaml.saml2.core.impl.EncryptedAttributeMarshaller
2839: 1 40 com.tc.object.handler.ClusterMetaDataHandler
2840: 1 40 com.tc.object.bytecode.hook.impl.DefaultWeavingStrategy
2841: 1 40 org.opensaml.saml2.metadata.impl.ManageNameIDServiceMarshaller
2842: 1 40 com.tc.util.runtime.ThreadIDManagerImpl
2843: 1 40 org.opensaml.xml.encryption.impl.OriginatorKeyInfoMarshaller
2844: 1 40 org.apache.jsp.login_jsp
2845: 1 40 org.opensaml.ws.wsaddressing.impl.FromMarshaller
2846: 1 40 org.opensaml.saml2.metadata.impl.CompanyMarshaller
2847: 1 40 com.terracottatech.config.impl.RootImpl
2848: 1 40 sun.nio.cs.UTF_8
2849: 1 40 sun.management.MemoryManagerImpl
2850: 1 40 org.opensaml.saml1.core.impl.AudienceMarshaller
2851: 1 40 org.opensaml.ws.wssecurity.impl.SignatureConfirmationMarshaller
2852: 1 40 org.opensaml.ws.wsaddressing.impl.ReplyToMarshaller
2853: 1 40 org.eclipse.jdt.internal.compiler.util.HashtableOfInt
2854: 1 40 org.opensaml.ws.wsfed.impl.RequestedSecurityTokenMarshaller
2855: 1 40 org.opensaml.ws.wssecurity.impl.EncryptedHeaderMarshaller
2856: 1 40 org.knopflerfish.framework.ServiceContentHandlerFactory
2857: 1 40 org.slf4j.impl.StaticLoggerBinder
2858: 1 40 org.opensaml.ws.wssecurity.impl.NonceMarshaller
2859: 1 40 org.opensaml.saml1.core.impl.ResponseMarshaller
2860: 1 40 org.opensaml.saml2.core.impl.AuthnContextClassRefMarshaller
2861: 1 40 org.opensaml.xml.encryption.impl.RecipientKeyInfoMarshaller
2862: 1 40 org.opensaml.ws.wsfed.impl.AppliesToMarshaller
2863: 1 40 org.opensaml.xml.encryption.impl.DataReferenceMarshaller
2864: 1 40 org.opensaml.ws.wssecurity.impl.SecurityMarshaller
2865: 1 40 org.opensaml.xml.signature.impl.KeyInfoMarshaller
2866: 1 40 org.apache.catalina.startup.SetJspConfig
2867: 1 40 org.opensaml.ws.wsaddressing.impl.RelatesToMarshaller
2868: 1 40 org.opensaml.ws.wssecurity.impl.PasswordMarshaller
2869: 1 40 com.tc.net.ServerID
2870: 1 40 com.tc.object.session.SessionManagerImpl$Provider
2871: 1 40 org.opensaml.saml2.metadata.impl.AssertionIDRequestServiceMarshaller
2872: 1 40 org.opensaml.ws.wsaddressing.impl.ProblemHeaderQNameMarshaller
2873: 1 40 org.joda.time.chrono.GJYearOfEraDateTimeField
2874: 1 40 org.apache.catalina.startup.SetSessionConfig
2875: 1 40 org.opensaml.saml1.core.impl.AssertionArtifactMarshaller
2876: 1 40 com.terracottatech.config.impl.TcPropertiesImpl
2877: 1 40 org.opensaml.saml2.metadata.impl.TelephoneNumberMarshaller
2878: 1 40 org.apache.xmlbeans.QNameCache
2879: 1 40 org.apache.commons.httpclient.protocol.Protocol
2880: 1 40 com.tc.properties.TCPropertiesImpl
2881: 1 40 org.opensaml.xml.signature.impl.DigestMethodMarshaller
2882: 1 40 org.opensaml.xml.signature.impl.X509IssuerSerialMarshaller
2883: 1 40 org.opensaml.xml.signature.impl.PGPDataMarshaller
2884: 1 40 org.opensaml.ws.wssecurity.impl.SaltMarshaller
2885: 1 40 org.opensaml.xml.encryption.impl.EncryptedDataMarshaller
2886: 1 40 org.opensaml.saml2.core.impl.IssuerMarshaller
2887: 1 40 org.apache.velocity.runtime.resource.util.StringResource
2888: 1 40 edu.internet2.middleware.shibboleth.common.util.EventingMapBasedStorageService
2889: 1 40 org.apache.xml.security.c14n.implementations.SymbMap
2890: 1 40 com.tc.statistics.config.impl.StatisticsConfigImpl
2891: 1 40 com.tc.object.RemoteObjectManagerImpl$DNALRU
2892: 1 40 org.opensaml.saml2.metadata.impl.EncryptionMethodMarshaller
2893: 1 40 org.opensaml.ws.soap.soap11.impl.FaultMarshaller
2894: 1 40 org.opensaml.ws.wssecurity.impl.BinarySecurityTokenMarshaller
2895: 1 40 org.opensaml.xml.encryption.impl.AgreementMethodMarshaller
2896: 1 40 com.tc.statistics.retrieval.actions.SRAVmGarbageCollector$SRAVmGarbageCollectorType[]
2897: 1 40 org.opensaml.saml2.core.impl.AudienceMarshaller
2898: 1 40 org.opensaml.saml2.core.impl.AuthnContextDeclRefMarshaller
2899: 1 40 org.opensaml.saml2.metadata.impl.NameIDFormatMarshaller
2900: 1 40 org.opensaml.saml2.core.impl.SessionIndexMarshaller
2901: 1 40 org.opensaml.xml.security.trust.ExplicitKeyTrustEngine
2902: 1 40 com.tc.object.handler.LockStatisticsEnableDisableHandler
2903: 1 40 org.opensaml.saml2.metadata.impl.EmailAddressMarshaller
2904: 1 40 com.tc.object.lockmanager.impl.RemoteLockManagerImpl
2905: 1 40 org.opensaml.ws.wssecurity.impl.SecurityTokenReferenceMarshaller
2906: 1 40 org.opensaml.ws.wssecurity.impl.TransformationParametersMarshaller
2907: 1 40 org.opensaml.saml2.metadata.impl.ArtifactResolutionServiceMarshaller
2908: 1 40 org.opensaml.ws.wssecurity.impl.KeyIdentifierMarshaller
2909: 1 40 org.opensaml.ws.wsaddressing.impl.MetadataMarshaller
2910: 1 40 com.sun.net.ssl.internal.ssl.EphemeralKeyManager$EphemeralKeyPair[]
2911: 1 40 org.opensaml.saml1.core.impl.AssertionIDReferenceMarshaller
2912: 1 40 org.opensaml.saml2.core.impl.GetCompleteMarshaller
2913: 1 40 javax.net.ssl.SSLContext
2914: 1 40 org.opensaml.xml.encryption.impl.EncryptionMethodMarshaller
2915: 1 40 org.opensaml.xml.encryption.impl.CipherDataMarshaller
2916: 1 40 org.knopflerfish.framework.Services
2917: 1 40 org.opensaml.xml.encryption.impl.EncryptedKeyMarshaller
2918: 1 32 com.tc.stats.counter.CounterManagerImpl
2919: 1 32 com.tc.object.tx.ClientTransactionManagerImpl$3
2920: 2 32 org.opensaml.saml2.core.impl.NameIDMappingResponseBuilder
2921: 2 32 com.tc.object.config.Root$Type
2922: 1 32 com.tc.object.LiteralValues$5
2923: 1 32 EDU.oswego.cs.dl.util.concurrent.ConcurrentHashMap$KeySet
2924: 2 32 org.opensaml.saml2.core.impl.OneTimeUseBuilder
2925: 2 32 org.opensaml.xacml.policy.impl.PolicyTypeImplBuilder
2926: 1 32 com.tc.backport175.bytecode.AnnotationElement$Annotation
2927: 1 32 org.apache.catalina.startup.SecurityRoleRefCreateRule
2928: 1 32 com.tc.net.protocol.tcm.AbstractMessageChannel$ChannelStatus
2929: 2 32 org.opensaml.xacml.policy.impl.ResourceTypeImplBuilder
2930: 1 32 com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateRequest
2931: 2 32 org.opensaml.xacml.policy.impl.FunctionTypeImplBuilder
2932: 1 32 com.tcclient.util.DSOUnsafe
2933: 1 32 com.tc.net.protocol.transport.DefaultConnectionIdFactory
2934: 1 32 java.util.Collections$EmptyList
2935: 2 32 org.bouncycastle.asn1.x9.X9IntegerConverter
2936: 2 32 org.opensaml.xacml.ctx.impl.ResultTypeImplBuilder
2937: 1 32 com.sun.net.ssl.internal.ssl.SupportedEllipticCurvesExtension
2938: 1 32 sun.reflect.UnsafeObjectFieldAccessorImpl
2939: 2 32 org.opensaml.saml2.core.impl.ScopingBuilder
2940: 1 32 com.sun.net.ssl.internal.ssl.ECDHCrypt
2941: 1 32 com.tc.object.lockmanager.impl.ThreadLockManagerImpl
2942: 1 32 com.tc.management.remote.protocol.terracotta.TunnelingMessageConnectionServer
2943: 2 32 org.opensaml.saml1.core.impl.AdviceBuilder
2944: 1 32 org.knopflerfish.framework.BundleURLStreamHandler
2945: 1 32 org.apache.catalina.startup.SetContextPropertiesRule
2946: 1 32 org.bouncycastle.jce.provider.PKCS12BagAttributeCarrierImpl
2947: 2 32 org.opensaml.saml2.core.impl.AttributeBuilder
2948: 1 32 org.terracotta.modules.tomcat.common.adapters.JspWriterImplAdapter
2949: 1 32 com.tc.object.tx.LockAccounting
2950: 1 32 sun.security.action.GetPropertyAction
2951: 1 32 org.apache.xmlbeans.impl.schema.SchemaTypeLoaderImpl$SchemaTypeLoaderCache
2952: 2 32 org.opensaml.xacml.policy.impl.SubjectTypeImplBuilder
2953: 1 32 javax.naming.directory.BasicAttributes
2954: 1 32 org.springframework.web.context.ContextLoader
2955: 2 32 org.opensaml.saml1.core.impl.StatusBuilder
2956: 1 32 org.joda.time.chrono.GJEraDateTimeField
2957: 2 32 org.opensaml.saml2.metadata.impl.AttributeAuthorityDescriptorBuilder
2958: 2 32 org.opensaml.saml2.core.impl.ManageNameIDResponseBuilder
2959: 2 32 org.opensaml.xacml.policy.impl.CombinerParametersTypeImplBuilder
2960: 2 32 org.opensaml.saml2.metadata.impl.AuthnAuthorityDescriptorBuilder
2961: 2 32 org.opensaml.saml2.core.impl.LogoutRequestBuilder
2962: 1 32 java.security.Policy$UnsupportedEmptyCollection
2963: 2 32 org.opensaml.saml1.core.impl.AttributeBuilder
2964: 1 32 org.apache.catalina.startup.SetAuthConstraintRule
2965: 1 32 org.apache.commons.httpclient.params.HttpConnectionParams
2966: 1 32 org.apache.commons.logging.impl.SLF4JLogFactory
2967: 1 32 org.apache.catalina.Service[]
2968: 2 32 org.opensaml.xacml.policy.impl.ResourceMatchTypeImplBuilder
2969: 1 32 com.tc.config.schema.repository.StandardApplicationsRepository
2970: 2 32 org.opensaml.xacml.ctx.impl.DecisionTypeImplBuilder
2971: 2 32 org.opensaml.saml2.core.impl.AuthnRequestBuilder
2972: 1 32 com.tc.net.protocol.transport.MessageTransportStatus
2973: 2 32 org.opensaml.xacml.ctx.impl.StatusCodeTypeImplBuilder
2974: 2 32 org.opensaml.saml2.core.impl.SubjectConfirmationBuilder
2975: 2 32 org.opensaml.saml2.core.impl.StatusDetailBuilder
2976: 1 32 com.tc.object.LiteralValues$11
2977: 1 32 org.apache.log4j.helpers.FormattingInfo
2978: 1 32 org.joda.time.format.DateTimeFormatterBuilder$UnpaddedNumber
2979: 1 32 edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordCredential
2980: 2 32 org.opensaml.xacml.ctx.impl.ResourceTypeImplBuilder
2981: 1 32 sun.org.mozilla.javascript.internal.NativeWith
2982: 2 32 org.opensaml.saml2.core.impl.AudienceRestrictionBuilder
2983: 2 32 org.opensaml.xacml.policy.impl.RuleTypeImplBuilder
2984: 2 32 org.opensaml.saml2.core.impl.NameIDBuilder
2985: 2 32 org.opensaml.xacml.ctx.impl.ResourceContentTypeImplBuilder
2986: 2 32 org.opensaml.saml1.core.impl.ActionBuilder
2987: 1 32 org.apache.catalina.startup.IgnoreAnnotationsRule
2988: 1 32 com.sun.management.UnixOperatingSystem
2989: 1 32 com.tc.object.logging.InstrumentationLoggerImpl
2990: 2 32 org.opensaml.saml1.core.impl.AuthorizationDecisionQueryBuilder
2991: 1 32 sun.security.pkcs11.wrapper.PKCS11
2992: 1 32 com.tc.object.LiteralValues$7
2993: 2 32 org.opensaml.xacml.ctx.impl.ActionTypeImplBuilder
2994: 1 32 sun.net.www.protocol.http.Handler
2995: 1 32 javax.management.ObjectInstance
2996: 1 32 org.terracotta.modules.GUIModelsConfiguration
2997: 1 32 org.apache.catalina.security.SecurityConfig
2998: 2 32 org.opensaml.saml2.metadata.impl.AffiliationDescriptorBuilder
2999: 1 32 sun.nio.ch.NativeThreadSet
3000: 2 32 org.opensaml.xacml.policy.impl.ResourcesTypeImplBuilder
3001: 2 32 org.opensaml.xacml.ctx.impl.StatusTypeImplBuilder
3002: 2 32 org.opensaml.saml1.core.impl.SubjectLocalityBuilder
3003: 2 32 org.opensaml.saml1.core.impl.AssertionBuilder
3004: 1 32 com.tc.license.Capabilities
3005: 2 32 org.opensaml.saml2.metadata.impl.EntityDescriptorBuilder
3006: 1 32 com.sun.script.javascript.RhinoScriptEngine$2
3007: 1 32 org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory
3008: 1 32 org.terracotta.modules.test.TestModuleCommonConfigurator
3009: 2 32 org.apache.xerces.impl.dv.dtd.ENTITYDatatypeValidator
3010: 1 32 com.tc.aspectwerkz.reflect.impl.java.JavaClassInfoRepository
3011: 2 32 org.opensaml.saml2.metadata.impl.AdditionalMetadataLocationBuilder
3012: 2 32 org.opensaml.saml2.core.impl.AuthzDecisionStatementBuilder
3013: 1 32 $Proxy0
3014: 1 32 org.apache.xerces.impl.xs.util.ShortListImpl
3015: 1 32 edu.internet2.middleware.shibboleth.common.config.OpensamlConfigBean
3016: 1 32 javax.net.ssl.KeyManager[]
3017: 1 32 sun.security.provider.NativeSeedGenerator
3018: 2 32 org.opensaml.saml2.core.impl.ActionBuilder
3019: 1 32 org.apache.xerces.impl.Constants$ArrayEnumeration
3020: 1 32 org.springframework.web.context.support.ServletContextResourcePatternResolver
3021: 1 32 org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver
3022: 2 32 org.apache.el.ExpressionFactoryImpl
3023: 1 32 org.apache.velocity.runtime.resource.util.StringResourceRepositoryImpl
3024: 2 32 org.opensaml.xacml.policy.impl.ObligationsTypeImplBuilder
3025: 1 32 org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver
3026: 2 32 org.opensaml.xml.encryption.validator.ReferenceTypeSchemaValidator
3027: 2 32 org.opensaml.xacml.ctx.impl.EnvironmentTypeImplBuilder
3028: 1 32 org.apache.catalina.connector.CoyoteAdapter
3029: 1 32 com.tc.object.LiteralValues$2
3030: 1 32 com.tc.object.lockmanager.impl.TCLockTimerImpl
3031: 1 32 org.apache.catalina.startup.WrapperCreateRule
3032: 1 32 com.tc.object.handler.LockStatisticsResponseHandler
3033: 1 32 ch.qos.logback.core.pattern.FormatInfo
3034: 2 32 org.opensaml.xacml.policy.impl.VariableDefinitionTypeImplBuilder
3035: 2 32 org.mozilla.javascript.NativeGlobal
3036: 1 32 org.knopflerfish.framework.Bundles
3037: 2 32 org.opensaml.saml2.core.impl.NameIDPolicyBuilder
3038: 2 32 sun.security.provider.X509Factory
3039: 1 32 sun.nio.ch.FileChannelImpl$SharedFileLockTable
3040: 1 32 com.tc.object.idprovider.impl.ObjectIDClientHandshakeRequester
3041: 2 32 sun.nio.ch.SocketDispatcher
3042: 1 32 com.sun.jmx.remote.opt.security.SubjectDelegator
3043: 2 32 org.opensaml.saml2.core.impl.SubjectLocalityBuilder
3044: 1 32 org.apache.commons.httpclient.params.HttpConnectionManagerParams
3045: 2 32 org.opensaml.saml2.metadata.impl.AttributeConsumingServiceBuilder
3046: 1 32 com.tc.net.protocol.delivery.SendStateMachine$HandshakeWaitState
3047: 2 32 org.opensaml.xml.schema.impl.XSAnyBuilder
3048: 1 32 org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver
3049: 1 32 org.apache.tomcat.util.http.mapper.Mapper$ContextList
3050: 1 32 com.tc.object.ClientObjectManagerImpl$1
3051: 1 32 java.nio.DirectByteBuffer$Deallocator
3052: 2 32 org.opensaml.saml2.core.impl.AuthnContextBuilder
3053: 2 32 org.opensaml.saml1.core.impl.AttributeQueryBuilder
3054: 2 32 org.opensaml.xacml.policy.impl.RuleCombinerParametersTypeImplBuilder
3055: 2 32 org.opensaml.xacml.policy.impl.EnvironmentsTypeImplBuilder
3056: 2 32 org.opensaml.saml2.core.impl.AssertionBuilder
3057: 2 32 org.opensaml.saml2.core.impl.IDPEntryBuilder
3058: 1 32 com.tc.config.schema.dynamic.ObjectArrayConfigItem[]
3059: 2 32 org.opensaml.saml1.core.impl.AudienceRestrictionConditionBuilder
3060: 1 32 com.tc.exception.ExceptionHelperImpl
3061: 2 32 org.opensaml.xacml.policy.impl.ActionsTypeImplBuilder
3062: 1 32 com.tc.object.LiteralValues$10
3063: 2 32 org.opensaml.saml2.metadata.impl.PDPDescriptorBuilder
3064: 1 32 org.opensaml.xml.io.MarshallerFactory
3065: 2 32 org.opensaml.saml2.metadata.impl.RequestedAttributeBuilder
3066: 2 32 org.opensaml.saml1.core.impl.NameIdentifierBuilder
3067: 1 32 com.tc.net.protocol.tcm.HydrateHandler
3068: 2 32 org.opensaml.xacml.policy.impl.AttributeAssignmentTypeImplBuilder
3069: 1 32 sun.security.pkcs11.TemplateManager
3070: 2 32 org.opensaml.saml2.core.impl.AuthnQueryBuilder
3071: 2 32 org.opensaml.common.impl.SecureRandomIdentifierGenerator
3072: 1 32 org.apache.commons.logging.impl.WeakHashtable$Referenced
3073: 2 32 org.opensaml.saml1.core.impl.AuthenticationStatementBuilder
3074: 1 32 javax.crypto.SunJCE_d
3075: 1 32 edu.vt.middleware.ldap.PoolableLdapFactory
3076: 2 32 org.opensaml.saml1.core.impl.AttributeStatementBuilder
3077: 2 32 org.opensaml.saml1.core.impl.DoNotCacheConditionBuilder
3078: 2 32 org.opensaml.saml2.core.impl.AuthzDecisionQueryBuilder
3079: 2 32 org.opensaml.xacml.policy.impl.ApplyTypeImplBuilder
3080: 2 32 org.opensaml.saml2.core.impl.ConditionsBuilder
3081: 1 32 org.apache.tomcat.util.http.mapper.Mapper$Context[]
3082: 2 32 org.opensaml.xacml.ctx.impl.RequestTypeImplBuilder
3083: 1 32 com.tc.statistics.retrieval.actions.SRAVmGarbageCollector$SRAVmGarbageCollectorType$2
3084: 1 32 com.tc.net.protocol.delivery.SendStateMachine$MessageWaitState
3085: 2 32 org.opensaml.saml2.metadata.impl.EntitiesDescriptorBuilder
3086: 2 32 org.opensaml.saml1.core.impl.AuthorityBindingBuilder
3087: 2 32 org.opensaml.xacml.ctx.impl.AttributeTypeImplBuilder
3088: 1 32 org.knopflerfish.framework.bundlestorage.memory.BundleStorageImpl
3089: 1 32 org.terracotta.modules.Jdk15PreInstrumentedConfiguration
3090: 1 32 sun.management.CompilationImpl
3091: 2 32 org.opensaml.saml2.core.impl.ManageNameIDRequestBuilder
3092: 2 32 org.opensaml.saml2.core.impl.AuthnStatementBuilder
3093: 1 32 com.tc.net.protocol.tcm.HydrateContext
3094: 1 32 org.terracotta.modules.StandardConfiguration
3095: 2 32 org.opensaml.saml2.core.impl.ArtifactResolveBuilder
3096: 2 32 org.opensaml.saml2.core.impl.IDPListBuilder
3097: 2 32 org.opensaml.saml2.core.impl.SubjectBuilder
3098: 1 32 java.net.Proxy
3099: 1 32 com.tc.object.LiteralValues$14
3100: 1 32 com.tc.object.DistributedObjectClient$2
3101: 1 32 org.joda.time.convert.ConverterSet$Entry
3102: 2 32 com.tc.net.protocol.transport.TransportMessageFactoryImpl
3103: 2 32 org.apache.jasper.compiler.DefaultErrorHandler
3104: 2 32 org.opensaml.saml2.core.impl.AttributeQueryBuilder
3105: 1 32 sun.security.pkcs11.P11RSAKeyFactory
3106: 2 32 org.apache.xerces.impl.dv.xs.QNameDV
3107: 2 32 org.opensaml.saml1.core.impl.EvidenceBuilder
3108: 1 32 org.bouncycastle.util.encoders.HexEncoder
3109: 2 32 org.opensaml.saml1.core.impl.SubjectConfirmationBuilder
3110: 1 32 sun.org.mozilla.javascript.internal.DefaultErrorReporter
3111: 2 32 org.opensaml.saml2.metadata.impl.KeyDescriptorBuilder
3112: 1 32 org.apache.catalina.deploy.FilterMap[]
3113: 1 32 com.tc.object.LiteralValues$9
3114: 2 32 org.opensaml.saml2.core.impl.ArtifactResponseBuilder
3115: 2 32 org.opensaml.xacml.ctx.impl.ResponseTypeImplBuilder
3116: 2 32 org.opensaml.saml2.core.impl.StatusBuilder
3117: 2 32 org.opensaml.saml1.core.impl.StatusCodeBuilder
3118: 1 32 com.tc.object.session.SessionManagerImpl
3119: 1 32 org.opensaml.xml.util.IndexingObjectStore
3120: 2 32 org.opensaml.xacml.policy.impl.PolicyCombinerParametersTypeImplBuilder
3121: 2 32 org.opensaml.xacml.policy.impl.SubjectMatchTypeImplBuilder
3122: 2 32 org.opensaml.saml2.core.impl.RequestedAuthnContextBuilder
3123: 2 32 org.opensaml.xacml.policy.impl.AttributeSelectorTypeImplBuilder
3124: 1 32 org.mozilla.javascript.DefaultErrorReporter
3125: 1 32 com.tc.statistics.retrieval.actions.SRAVmGarbageCollector$SRAVmGarbageCollectorType$1
3126: 2 32 java.lang.Shutdown$Lock
3127: 2 32 org.opensaml.xacml.policy.impl.SubjectsTypeImplBuilder
3128: 1 32 org.terracotta.modules.session.SessionsConfigurator
3129: 2 32 org.opensaml.xacml.policy.impl.PolicySetTypeImplBuilder
3130: 1 32 com.tc.license.util.LicenseDescriptor
3131: 1 32 java.math.MutableBigInteger
3132: 1 32 com.tc.object.bytecode.hook.impl.DefaultWeavingStrategy$AnnotationByteCodeProvider
3133: 2 32 org.opensaml.xacml.policy.impl.ConditionTypeImplBuilder
3134: 1 32 com.tc.object.tx.TransactionBatchWriter$FoldingConfig
3135: 2 32 org.opensaml.xacml.policy.impl.AttributeValueTypeImplBuilder
3136: 1 32 com.tc.net.protocol.delivery.ReceiveStateMachine$MessageWaitState
3137: 1 32 edu.internet2.middleware.shibboleth.idp.profile.StatusProfileHandler
3138: 1 32 org.springframework.core.Constants
3139: 1 32 com.tc.object.LiteralValues$4
3140: 1 32 com.tc.object.LiteralValues$13
3141: 1 32 org.apache.catalina.startup.SoapHeaderRule
3142: 1 32 sun.management.ThreadImpl
3143: 1 32 org.springframework.web.context.support.ServletContextAwareProcessor
3144: 2 32 org.opensaml.saml1.core.impl.AuthenticationQueryBuilder
3145: 1 32 com.tc.object.TCObjectFactoryImpl
3146: 1 32 edu.vt.middleware.ldap.jaas.LdapCredential
3147: 2 32 org.opensaml.xacml.policy.impl.TargetTypeImplBuilder
3148: 1 32 com.tc.object.LiteralValues$3
3149: 2 32 org.opensaml.saml2.core.impl.EvidenceBuilder
3150: 1 32 org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory$BasicOptions
3151: 1 32 org.apache.xmlbeans.StringEnumAbstractBase$Table
3152: 2 32 org.opensaml.xacml.policy.impl.DescriptionTypeImplBuilder
3153: 2 32 org.opensaml.saml2.core.impl.AttributeStatementBuilder
3154: 2 32 org.opensaml.saml2.core.impl.AdviceBuilder
3155: 1 32 com.tc.object.tx.ClientTransactionManagerImpl$1
3156: 1 32 org.terracotta.modules.ExcludesConfiguration
3157: 2 32 org.opensaml.saml2.core.impl.AssertionIDRequestBuilder
3158: 2 32 org.opensaml.xacml.policy.impl.ActionMatchTypeImplBuilder
3159: 1 32 org.opensaml.xml.XMLObjectBuilderFactory
3160: 2 32 org.opensaml.saml1.core.impl.ConditionsBuilder
3161: 2 32 org.opensaml.saml2.core.impl.ProxyRestrictionBuilder
3162: 2 32 org.opensaml.saml1.core.impl.AuthorizationDecisionStatementBuilder
3163: 2 32 sun.net.www.protocol.file.Handler
3164: 2 32 org.opensaml.xacml.ctx.impl.AttributeValueTypeImplBuilder
3165: 2 32 org.opensaml.xacml.ctx.impl.StatusDetailTypeImplBuilder
3166: 2 32 org.opensaml.xacml.policy.impl.PolicySetCombinerParametersTypeImplBuilder
3167: 1 32 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine
3168: 2 32 org.opensaml.saml1.core.impl.AttributeDesignatorBuilder
3169: 2 32 org.opensaml.xacml.policy.impl.ObligationTypeImplBuilder
3170: 2 32 org.opensaml.saml2.metadata.impl.SPSSODescriptorBuilder
3171: 1 32 org.apache.tomcat.util.IntrospectionUtils$PropertySource[]
3172: 1 32 com.tc.object.config.StandardDSOClientConfigHelperImpl$ModulesContext
3173: 2 32 org.opensaml.saml1.core.impl.SubjectBuilder
3174: 1 32 com.tc.object.LiteralValues$8
3175: 2 32 org.opensaml.xml.encryption.validator.EncryptedTypeSchemaValidator
3176: 1 32 com.tc.object.LiteralValues$6
3177: 1 32 org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver
3178: 2 32 org.opensaml.saml2.metadata.impl.IDPSSODescriptorBuilder
3179: 2 32 org.opensaml.saml2.core.impl.TerminateBuilder
3180: 2 32 org.opensaml.xacml.ctx.impl.SubjectTypeImplBuilder
3181: 1 32 com.sun.script.javascript.RhinoCompiledScript
3182: 1 32 com.tc.net.core.SocketParams
3183: 2 32 org.opensaml.saml2.core.impl.SubjectConfirmationDataBuilder
3184: 1 32 org.opensaml.xml.io.UnmarshallerFactory
3185: 1 32 org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver
3186: 1 32 org.terracotta.modules.tomcat.common.adapters.ContainerBaseAdapter
3187: 2 32 org.opensaml.xacml.policy.impl.EnvironmentMatchTypeImplBuilder
3188: 1 32 java.net.Inet4AddressImpl
3189: 1 32 java.util.IdentityHashMap$EntrySet
3190: 1 32 com.tc.properties.TCSubProperties
3191: 1 32 org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver
3192: 1 32 org.apache.jasper.runtime.JspFactoryImpl
3193: 1 32 ch.qos.logback.classic.spi.TurboFilterList
3194: 1 32 javax.crypto.SunJCE_l
3195: 2 32 org.opensaml.saml2.metadata.impl.OrganizationBuilder
3196: 1 32 EDU.oswego.cs.dl.util.concurrent.SynchronizedInt
3197: 1 32 sun.net.ProgressMonitor
3198: 1 32 org.apache.catalina.startup.ServiceQnameRule
3199: 1 32 com.sun.jmx.remote.opt.internal.ArrayNotificationBuffer$ShareBuffer
3200: 1 32 org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver
3201: 1 32 org.apache.xmlbeans.impl.schema.SchemaTypeLoaderImpl$1
3202: 2 32 org.opensaml.xml.signature.impl.SignatureBuilder
3203: 1 32 org.joda.time.chrono.ISOYearOfEraDateTimeField
3204: 1 32 com.tc.object.LiteralValues$1
3205: 2 32 org.opensaml.saml2.core.impl.NameIDMappingRequestBuilder
3206: 2 32 com.tc.statistics.util.NullStatsRecorder
3207: 1 32 javax.net.ssl.TrustManager[]
3208: 1 32 sun.nio.ch.FileKey
3209: 1 32 com.tc.object.lockmanager.impl.ClientLockManagerConfigImpl
3210: 1 32 edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet
3211: 2 32 org.opensaml.saml2.core.impl.LogoutResponseBuilder
3212: 2 32 org.opensaml.xacml.policy.impl.EnvironmentTypeImplBuilder
3213: 2 32 org.opensaml.xacml.policy.impl.VariableReferenceTypeImplBuilder
3214: 1 32 com.tc.net.protocol.delivery.SendStateMachine$AckWaitState
3215: 2 32 org.opensaml.saml2.metadata.impl.ContactPersonBuilder
3216: 2 32 org.opensaml.xacml.policy.impl.ActionTypeImplBuilder
3217: 1 32 org.apache.catalina.startup.SetDistributableRule
3218: 2 32 org.opensaml.saml2.core.impl.StatusCodeBuilder
3219: 1 32 sun.security.pkcs11.P11DSAKeyFactory
3220: 1 32 sun.management.RuntimeImpl
3221: 2 32 org.opensaml.xacml.policy.impl.CombinerParameterTypeImplBuilder
3222: 1 32 com.tc.object.LiteralValues$12
3223: 1 32 com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl
3224: 1 32 com.tc.net.GroupID[]
3225: 2 32 org.opensaml.xacml.ctx.impl.MissingAttributeDetailTypeImplBuilder
3226: 2 32 org.opensaml.saml2.core.validator.AuthnContextClassRefSchemaValidator
3227: 1 32 edu.internet2.middleware.shibboleth.common.profile.provider.JSPErrorHandler
3228: 1 32 com.sun.net.ssl.internal.ssl.SupportedEllipticPointFormatsExtension
3229: 1 24 com.tc.injection.InjectionInstrumentationRegistry
3230: 1 24 org.joda.time.field.UnsupportedDurationField
3231: 1 24 org.apache.xerces.dom.DeferredDocumentImpl$RefCount
3232: 1 24 org.opensaml.saml2.binding.artifact.SAML2ArtifactBuilderFactory
3233: 1 24 com.tc.net.core.TCConnection[]
3234: 1 24 java.util.regex.Pattern$CharPropertyNames$11
3235: 1 24 org.apache.xerces.impl.dv.xs.DateDV
3236: 1 24 com.sun.jmx.mbeanserver.DescriptorCache
3237: 1 24 java.util.regex.Pattern$CharPropertyNames$19
3238: 1 24 org.apache.xmlbeans.impl.store.CharUtil$1
3239: 1 24 java.lang.Float[]
3240: 1 24 java.util.regex.Pattern$CharPropertyNames$7
3241: 1 24 java.util.regex.Pattern$CharPropertyNames$15
3242: 1 24 org.apache.xerces.impl.dv.xs.DayTimeDurationDV
3243: 1 24 java.util.regex.Pattern$LastNode
3244: 1 24 com.tc.net.core.ConnectionAddressProvider
3245: 1 24 com.tc.jam.transform.ReflectClassBuilderAdapter
3246: 1 24 com.tc.object.idprovider.impl.ObjectIDProviderImpl
3247: 1 24 ch.qos.logback.classic.pattern.TargetLengthBasedClassNameAbbreviator
3248: 1 24 org.apache.xmlbeans.impl.store.Locale$DocProps
3249: 1 24 sun.text.normalizer.NormalizerBase$NFKCMode
3250: 1 24 com.tc.object.applicator.ConcurrentHashMapApplicator
3251: 1 24 org.apache.commons.httpclient.params.DefaultHttpParamsFactory
3252: 1 24 sun.text.normalizer.NormalizerBase$NFKDMode
3253: 1 24 org.apache.xerces.impl.dv.xs.DateTimeDV
3254: 1 24 org.apache.xerces.impl.dv.xs.DurationDV
3255: 1 24 com.tc.object.session.SessionID
3256: 1 24 org.terracotta.modules.UnsafeAdapter
3257: 1 24 sun.misc.FloatingDecimal$1
3258: 1 24 sun.management.ClassLoadingImpl
3259: 1 24 org.opensaml.saml1.binding.artifact.SAML1ArtifactType0002Builder
3260: 1 24 org.opensaml.xml.encryption.validator.KeySizeSchemaValidator
3261: 1 24 com.tc.object.ClientIDProviderImpl
3262: 1 24 com.tc.object.DistributedObjectClient$1
3263: 1 24 org.apache.xerces.impl.dv.xs.DayDV
3264: 1 24 org.apache.xml.security.utils.resolver.implementations.ResolverXPointer
3265: 1 24 org.apache.log4j.spi.DefaultRepositorySelector
3266: 1 24 org.apache.xmlbeans.impl.piccolo.xml.UnicodeLittleXMLDecoder
3267: 1 24 com.tc.statistics.retrieval.actions.SRAL1TransactionCount
3268: 1 24 com.tc.net.protocol.tcm.MessageChannelInternal[]
3269: 1 24 sun.nio.ch.ServerSocketChannelImpl$1
3270: 1 24 com.tc.object.ClientObjectManagerImpl$NewObjectTraverseTest
3271: 1 24 com.sun.net.ssl.internal.ssl.HandshakeInStream
3272: 1 24 org.apache.xmlbeans.impl.store.Locale$1
3273: 1 24 org.apache.log4j.or.RendererMap
3274: 1 24 java.text.DontCareFieldPosition$1
3275: 1 24 com.tc.statistics.StatisticData[]
3276: 1 24 com.tc.util.InitialClassDumper
3277: 1 24 java.util.regex.Pattern$CharPropertyNames$20
3278: 1 24 com.tc.statistics.retrieval.actions.SRAMessages
3279: 1 24 com.tc.config.schema.ConfigTCPropertiesFromObject
3280: 1 24 com.sun.jmx.remote.opt.internal.ArrayNotificationBuffer$BufferListener
3281: 1 24 java.text.FieldPosition[]
3282: 1 24 org.apache.xmlbeans.PrePostExtension[]
3283: 1 24 com.tc.bytes.TCByteBufferFactory$1
3284: 1 24 org.apache.xml.security.algorithms.SignatureAlgorithm$1
3285: 1 24 com.tc.util.runtime.ThreadIDMapJdk15
3286: 1 24 org.apache.jk.common.ChannelSocket$SocketAcceptor
3287: 1 24 org.apache.xmlbeans.impl.piccolo.xml.ASCIIXMLDecoder
3288: 1 24 sun.nio.ch.Util$1
3289: 1 24 sun.org.mozilla.javascript.internal.jdk13.VMBridge_jdk13
3290: 1 24 com.tc.backport175.Annotation[]
3291: 1 24 org.opensaml.saml2.binding.artifact.SAML2ArtifactType0004Builder
3292: 1 24 org.apache.xml.security.algorithms.SignatureAlgorithm$2
3293: 1 24 org.eclipse.jdt.internal.compiler.lookup.AnnotationBinding[]
3294: 1 24 org.apache.xml.security.utils.resolver.implementations.ResolverFragment
3295: 1 24 org.opensaml.saml1.binding.artifact.SAML1ArtifactType0001Builder
3296: 1 24 org.eclipse.jdt.internal.compiler.lookup.MethodBinding[]
3297: 1 24 com.tc.object.DistributedObjectClient$3
3298: 1 24 com.tc.object.bytecode.hook.impl.ClassProcessorHelper$State
3299: 1 24 com.tc.license.OpenSourceLicense
3300: 1 24 com.tc.object.bytecode.hook.impl.PreparedComponentsFromL2Connection
3301: 1 24 edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector$LDAPValueEscapingStrategy
3302: 1 24 org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
3303: 1 24 com.tc.statistics.retrieval.actions.SRAVmGarbageCollector
3304: 1 24 org.apache.xerces.impl.xs.SubstitutionGroupHandler$OneSubGroup[]
3305: 1 24 org.apache.xmlbeans.impl.piccolo.xml.ISO8859_1XMLDecoder
3306: 1 24 com.tc.statistics.retrieval.actions.SRAL1TransactionsPerBatch
3307: 1 24 com.tc.statistics.retrieval.actions.SRACpu
3308: 1 24 java.security.Provider[]
3309: 1 24 org.apache.xmlbeans.SchemaProperty[]
3310: 1 24 java.text.MessageFormat$Field
3311: 1 24 org.apache.xml.security.transforms.implementations.TransformC14NExclusive
3312: 1 24 sun.util.calendar.Gregorian
3313: 1 24 java.util.regex.Pattern$CharPropertyNames$8
3314: 1 24 org.apache.catalina.deploy.SecurityConstraint[]
3315: 1 24 com.tc.net.protocol.delivery.OOOProtocolMessageParser
3316: 1 24 com.tc.object.bytecode.ManagerImpl$MethodDisplayNames
3317: 1 24 com.tc.logging.ClientIDLoggerProvider
3318: 1 24 com.tc.net.protocol.NullProtocolAdaptor
3319: 1 24 com.tc.object.ObjectRequestID
3320: 1 24 java.util.Collections$EmptySet
3321: 1 24 java.util.regex.Pattern$CharPropertyNames$16
3322: 1 24 com.tc.object.applicator.ArrayApplicator
3323: 1 24 org.apache.catalina.util.CharsetMapper
3324: 1 24 org.slf4j.impl.LogbackMDCAdapter
3325: 1 24 sun.text.normalizer.NormalizerBase$Mode
3326: 1 24 org.eclipse.jdt.internal.compiler.lookup.TypeVariableBinding[]
3327: 1 24 com.tc.util.ToggleableReferenceManager
3328: 1 24 org.apache.xerces.impl.dv.xs.MonthDV
3329: 1 24 com.tc.object.dna.impl.StorageDNAEncodingImpl
3330: 1 24 org.terracotta.modules.tomcat.common.adapters.BootstrapAdapter
3331: 1 24 org.apache.catalina.mbeans.ServerLifecycleListener
3332: 1 24 com.sun.net.ssl.internal.ssl.EphemeralKeyManager
3333: 1 24 com.tc.util.sequence.SimpleSequence
3334: 1 24 org.slf4j.helpers.SubstituteLoggerFactory
3335: 1 24 ch.qos.logback.classic.selector.DefaultContextSelector
3336: 1 24 org.apache.catalina.Engine[]
3337: 1 24 org.springframework.web.context.ContextLoaderListener
3338: 1 24 org.apache.xmlbeans.impl.store.Locale$DefaultQNameFactory
3339: 1 24 java.nio.channels.spi.AbstractSelector$1
3340: 1 24 com.tc.statistics.retrieval.actions.SRADiskActivity
3341: 1 24 org.joda.time.tz.DefaultNameProvider
3342: 1 24 javax.servlet.jsp.tagext.VariableInfo[]
3343: 1 24 com.tc.object.tx.TransactionIDGenerator
3344: 1 24 com.tc.config.schema.setup.BaseTVSConfigurationSetupManager$1
3345: 1 24 org.apache.xerces.impl.dv.xs.YearDV
3346: 1 24 org.eclipse.jdt.internal.compiler.impl.LongConstant
3347: 1 24 org.apache.xmlbeans.SchemaIdentityConstraint[]
3348: 1 24 sun.net.www.protocol.http.AuthCacheImpl
3349: 1 24 org.apache.catalina.util.DefaultAnnotationProcessor
3350: 1 24 java.util.regex.Pattern$CharPropertyNames$12
3351: 1 24 com.tc.management.lock.stats.LockStatisticsManager$LockStatConfig
3352: 1 24 com.tc.statistics.retrieval.impl.StatisticsRetrievalRegistryImpl
3353: 1 24 com.tc.util.AdaptedClassDumper
3354: 1 24 org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature
3355: 1 24 java.util.regex.Pattern$CharPropertyNames$21
3356: 1 24 org.apache.xml.security.utils.UnsyncByteArrayOutputStream$1
3357: 1 24 com.tc.object.bytecode.JavaUtilConcurrentLocksAQSAdapter
3358: 1 24 com.tc.statistics.retrieval.actions.SRANetworkActivity
3359: 1 24 com.sun.jmx.mbeanserver.SecureClassLoaderRepository
3360: 1 24 com.tc.runtime.logging.LongGCEventType
3361: 1 24 sun.text.normalizer.NormalizerBase$NFCMode
3362: 1 24 javax.management.remote.generic.ServerIntermediary$RequestHandler
3363: 1 24 com.tc.object.config.DSOClientConfigHelperLogger
3364: 1 24 com.tc.statistics.retrieval.actions.SRACpuCombined
3365: 1 24 com.tc.util.SequenceGenerator
3366: 1 24 org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem
3367: 1 24 org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory
3368: 1 24 org.joda.time.format.DateTimeFormatterBuilder$StringLiteral
3369: 1 24 com.tc.bytes.TCByteBufferFactory$2
3370: 1 24 java.lang.Enum[]
3371: 1 24 org.apache.xerces.xni.grammars.Grammar[]
3372: 1 24 org.apache.juli.logging.LogFactory
3373: 1 24 org.apache.xml.security.utils.UnsyncBufferedOutputStream$1
3374: 1 24 com.tc.logging.ThreadDumpHandler
3375: 1 24 com.tc.net.protocol.transport.TypeOfService
3376: 1 24 com.sun.jmx.remote.opt.internal.ArrayNotificationBuffer$1
3377: 1 24 org.apache.xmlbeans.SchemaLocalAttribute[]
3378: 1 24 com.sun.naming.internal.VersionHelper12
3379: 1 24 sun.text.normalizer.NormalizerBase$NFDMode
3380: 1 24 EDU.oswego.cs.dl.util.concurrent.ConcurrentHashMap$Values
3381: 1 24 java.util.regex.Pattern$CharPropertyNames$9
3382: 1 24 com.tc.statistics.retrieval.actions.SRAL1PendingBatchesSize
3383: 1 24 com.tc.net.core.TCConnectionManagerJDK14$ListenerEvents
3384: 1 24 com.tc.management.ManagementResources
3385: 1 24 org.apache.xerces.util.SecurityManager
3386: 1 24 java.util.regex.Pattern$CharPropertyNames$17
3387: 1 24 java.nio.charset.CoderResult$1
3388: 1 24 org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager
3389: 1 24 org.apache.xerces.impl.dv.xs.YearMonthDurationDV
3390: 1 24 org.apache.xerces.impl.dv.xs.TimeDV
3391: 1 24 sun.security.provider.JavaKeyStore$JKS
3392: 1 24 org.apache.xml.security.algorithms.SignatureAlgorithm$3
3393: 1 24 com.tc.object.lockmanager.impl.StandardLockDistributionStrategy
3394: 1 24 org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP
3395: 1 24 com.tc.statistics.retrieval.actions.SRAL1OutstandingBatches
3396: 1 24 com.tc.net.protocol.tcm.CommunicationsManagerImpl$MessageTransportFactoryImpl$1
3397: 1 24 org.slf4j.impl.CopyOnInheritThreadLocal
3398: 1 24 org.apache.velocity.app.VelocityEngine
3399: 1 24 com.tc.util.concurrent.NoExceptionLinkedQueue
3400: 1 24 org.apache.xmlbeans.impl.piccolo.xml.UTF8XMLDecoder
3401: 1 24 com.tc.net.protocol.transport.ClientMessageTransport$1
3402: 1 24 sun.net.spi.DefaultProxySelector
3403: 1 24 com.tc.net.protocol.tcm.ClientMessageChannelImpl$ChannelIDProviderImpl
3404: 1 24 javax.management.ObjectName[]
3405: 1 24 org.terracotta.modules.tomcat.common.adapters.WebAppLoaderAdapter
3406: 1 24 com.tc.config.schema.setup.LogSettingConfigItemListener
3407: 1 24 com.tc.object.tx.ClientTransactionManagerImpl$2
3408: 1 24 org.apache.catalina.deploy.ApplicationParameter[]
3409: 1 24 java.math.BigDecimal$1
3410: 1 24 java.util.regex.Pattern$CharPropertyNames$13
3411: 1 24 com.tc.util.concurrent.QueueFactory
3412: 1 24 com.tc.object.bytecode.ManagerImpl$ShutdownAction
3413: 1 24 org.mozilla.javascript.jdk15.VMBridge_jdk15
3414: 1 24 com.tc.statistics.retrieval.actions.SRAStageQueueDepths
3415: 1 24 org.apache.xerces.impl.dv.xs.MonthDayDV
3416: 1 24 com.tc.object.bytecode.aspectwerkz.ExpressionHelper
3417: 1 24 org.terracotta.modules.DSOUnsafeAdapter
3418: 1 24 org.apache.xmlbeans.impl.piccolo.xml.UnicodeBigXMLDecoder
3419: 1 24 com.sun.jmx.mbeanserver.MBeanInstantiator
3420: 1 24 org.terracotta.modules.tomcat.common.adapters.CatalinaAdapter
3421: 1 24 java.beans.EventSetDescriptor[]
3422: 1 24 java.util.regex.Pattern$Node
3423: 1 24 com.sun.script.javascript.RhinoWrapFactory
3424: 1 24 javax.management.openmbean.OpenType[]
3425: 1 24 com.tc.net.protocol.tcm.CommunicationsManagerImpl$2
3426: 1 24 com.tc.object.Traverser
3427: 1 24 java.util.regex.Pattern$CharPropertyNames$10
3428: 1 24 org.apache.xml.security.algorithms.SignatureAlgorithm$4
3429: 1 24 sun.jkernel.DownloadManager$1
3430: 1 24 org.apache.catalina.Session[]
3431: 1 24 sun.misc.Launcher
3432: 1 24 java.util.regex.Pattern$CharPropertyNames$18
3433: 1 24 com.tc.net.protocol.tcm.TCMessageParser
3434: 1 24 org.apache.jasper.el.ExpressionEvaluatorImpl
3435: 1 24 org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor
3436: 1 24 java.lang.Short[]
3437: 1 24 org.apache.xmlbeans.InterfaceExtension[]
3438: 1 24 org.apache.xml.security.algorithms.MessageDigestAlgorithm$1
3439: 1 24 java.lang.Double[]
3440: 1 24 com.tc.net.core.event.TCListenerEvent
3441: 1 24 com.tc.config.schema.setup.StandardL1TVSConfigurationSetupManager$1
3442: 1 24 org.apache.commons.lang.builder.ReflectionToStringBuilder$1
3443: 1 24 com.tc.statistics.retrieval.actions.SRAL1TransactionSize
3444: 1 24 org.apache.catalina.startup.EngineConfig
3445: 1 24 java.nio.charset.CoderResult$2
3446: 1 24 org.knopflerfish.framework.PackageAdminImpl
3447: 1 24 org.eclipse.jdt.internal.compiler.lookup.ElementValuePair[]
3448: 1 24 java.util.regex.Pattern$5
3449: 1 24 org.apache.catalina.core.JasperListener
3450: 1 24 com.tc.net.core.TCListener[]
3451: 1 24 org.apache.commons.ssl.asn1.DERNull
3452: 1 24 org.apache.catalina.core.AprLifecycleListener
3453: 1 24 org.apache.velocity.runtime.log.LogChuteSystem
3454: 1 24 org.apache.xmlbeans.XmlObject[]
3455: 1 24 java.util.regex.Pattern$CharPropertyNames$14
3456: 1 24 ch.qos.logback.classic.spi.StackTraceElementProxy[]
3457: 1 24 com.tc.net.core.TCConnectionManagerJDK14$ConnectionEvents
3458: 1 24 org.opensaml.saml1.binding.artifact.SAML1ArtifactBuilderFactory
3459: 1 24 com.tc.object.ApplicatorDNAEncodingImpl
3460: 1 24 org.apache.xmlbeans.XmlBeans$1
3461: 1 24 com.tc.util.ResourceBundleHelper
3462: 1 24 com.tc.backport175.bytecode.AnnotationElement$Annotation[]
3463: 1 24 org.apache.xerces.impl.dv.xs.YearMonthDV
3464: 1 24 com.tc.object.tx.ClientTransactionFactoryImpl
3465: 1 24 com.tc.object.field.TCFieldFactory
3466: 1 24 java.util.regex.Pattern$CharPropertyNames$6
3467: 1 24 org.apache.commons.httpclient.DefaultHttpMethodRetryHandler
3468: 1 16 org.opensaml.ws.wssecurity.impl.SignatureConfirmationBuilder
3469: 1 16 sun.org.mozilla.javascript.internal.Undefined
3470: 1 16 sun.reflect.GeneratedMethodAccessor108
3471: 1 16 sun.reflect.GeneratedMethodAccessor56
3472: 1 16 org.opensaml.xml.schema.impl.XSIntegerBuilder
3473: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$LOCK_RECALL_MESSAGEFactory
3474: 1 16 com.tc.statistics.retrieval.actions.SRACacheObjectsEvictRequest
3475: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor70
3476: 1 16 org.opensaml.xml.encryption.impl.GeneratorBuilder
3477: 1 16 sun.reflect.GeneratedConstructorAccessor9
3478: 1 16 sun.reflect.GeneratedConstructorAccessor1269
3479: 1 16 com.tc.object.NullObjectRequestMonitor
3480: 1 16 org.opensaml.saml2.metadata.validator.PDPDescriptorSchemaValidator
3481: 1 16 org.opensaml.ws.wsaddressing.impl.FaultToBuilder
3482: 1 16 org.opensaml.saml2.core.validator.ResponseSchemaValidator
3483: 1 16 sun.reflect.GeneratedMethodAccessor17
3484: 1 16 com.tc.util.SequenceID$1
3485: 1 16 org.opensaml.saml2.core.impl.StatusMessageBuilder
3486: 1 16 sun.reflect.GeneratedConstructorAccessor1227
3487: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor78
3488: 1 16 com.sun.jmx.mbeanserver.MXBeanIntrospector
3489: 1 16 org.springframework.web.context.request.RequestScope
3490: 1 16 org.joda.time.convert.LongConverter
3491: 1 16 org.opensaml.saml2.metadata.validator.EmailAddressSchemaValidator
3492: 1 16 org.opensaml.ws.wssecurity.impl.BinarySecurityTokenBuilder
3493: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$LOCK_REQUEST_MESSAGEFactory
3494: 1 16 sun.reflect.GeneratedMethodAccessor37
3495: 1 16 sun.reflect.GeneratedMethodAccessor52
3496: 1 16 sun.reflect.GeneratedConstructorAccessor72
3497: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor35
3498: 1 16 sun.reflect.GeneratedConstructorAccessor30
3499: 1 16 org.opensaml.saml2.core.validator.StatusCodeSchemaValidator
3500: 1 16 org.opensaml.xml.signature.impl.ExponentBuilder
3501: 1 16 sun.reflect.ReflectionFactory
3502: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor39
3503: 1 16 org.opensaml.saml2.metadata.validator.NameIDMappingServiceSpecValidator
3504: 1 16 sun.reflect.GeneratedMethodAccessor31
3505: 1 16 com.tc.net.protocol.tcm.NullMessageMonitor
3506: 1 16 org.opensaml.xml.encryption.validator.EncryptionMethodSchemaValidator
3507: 1 16 org.springframework.web.context.support.WebApplicationContextUtils$2
3508: 1 16 org.knopflerfish.framework.Pkg$1
3509: 1 16 org.opensaml.saml2.core.validator.NewIDSchemaValidator
3510: 1 16 org.slf4j.impl.StaticMDCBinder
3511: 1 16 org.apache.xmlbeans.impl.values.XmlObjectBase$ValueOutOfRangeValidationContext
3512: 1 16 sun.reflect.GeneratedMethodAccessor51
3513: 1 16 sun.reflect.GeneratedConstructorAccessor8
3514: 1 16 org.opensaml.saml2.metadata.impl.AttributeProfileBuilder
3515: 1 16 org.opensaml.ws.wssecurity.impl.SecurityBuilder
3516: 1 16 org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder
3517: 1 16 org.opensaml.saml2.core.validator.AuthenticatingAuthoritySchemaValidator
3518: 1 16 sun.reflect.GeneratedConstructorAccessor55
3519: 1 16 org.opensaml.saml2.metadata.validator.SPSSODescriptorSchemaValidator
3520: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor73
3521: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$REQUEST_ROOT_RESPONSE_MESSAGEFactory
3522: 1 16 org.opensaml.ws.wsfed.impl.AppliesToBuilder
3523: 1 16 org.opensaml.xml.encryption.impl.EncryptionPropertiesBuilder
3524: 1 16 sun.reflect.GeneratedConstructorAccessor51
3525: 1 16 org.opensaml.xml.signature.impl.PGPKeyIDBuilder
3526: 1 16 org.joda.time.convert.ReadablePeriodConverter
3527: 1 16 org.opensaml.saml1.core.validator.StatusSchemaValidator
3528: 1 16 org.opensaml.saml2.metadata.impl.NameIDFormatBuilder
3529: 1 16 org.opensaml.saml2.core.impl.EncryptedIDBuilder
3530: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor33
3531: 1 16 com.sun.jmx.trace.TraceManager
3532: 1 16 org.opensaml.samlext.idpdisco.DiscoveryResponseBuilder
3533: 1 16 org.opensaml.saml2.metadata.validator.ArtifactResolutionServiceSpecValidator
3534: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$NODES_WITH_OBJECTS_MESSAGEFactory
3535: 1 16 com.tc.injection.DsoClusterInjectionInstrumentation
3536: 1 16 org.eclipse.jdt.internal.compiler.lookup.ReferenceBinding$3
3537: 1 16 org.opensaml.xacml.ctx.impl.StatusMessageTypeImplBuilder
3538: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor68
3539: 1 16 sun.nio.ch.DevPollSelectorProvider
3540: 1 16 org.opensaml.xml.signature.validator.RSAKeyValueSchemaValidator
3541: 1 16 com.sun.jndi.toolkit.dir.HierarchicalNameParser
3542: 1 16 org.opensaml.xml.encryption.impl.CipherDataBuilder
3543: 1 16 sun.reflect.GeneratedMethodAccessor38
3544: 1 16 org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory
3545: 1 16 org.knopflerfish.framework.BundlePackages$1
3546: 1 16 com.tc.object.bytecode.NullManager
3547: 1 16 org.opensaml.ws.wssecurity.impl.TransformationParametersBuilder
3548: 1 16 org.opensaml.saml2.core.impl.EncryptedAttributeBuilder
3549: 1 16 java.net.UnknownContentHandler
3550: 1 16 org.opensaml.ws.wsaddressing.impl.RetryAfterBuilder
3551: 1 16 org.apache.xerces.impl.xs.util.ShortListImpl$1
3552: 1 16 org.opensaml.saml2.metadata.impl.EncryptionMethodBuilder
3553: 1 16 org.opensaml.saml1.core.validator.AssertionSchemaValidator
3554: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor31
3555: 1 16 sun.misc.ASCIICaseInsensitiveComparator
3556: 1 16 org.apache.xerces.impl.dv.xs.AnyURIDV
3557: 1 16 com.tc.object.config.NullInstrumentationDescriptor
3558: 1 16 org.opensaml.samlext.saml2mdquery.impl.AttributeQueryDescriptorTypeBuilder
3559: 1 16 org.opensaml.xml.signature.impl.X509SKIBuilder
3560: 1 16 org.bouncycastle.math.ec.FpNafMultiplier
3561: 1 16 org.opensaml.xml.signature.impl.PgenCounterBuilder
3562: 1 16 javax.management.MBeanServerBuilder
3563: 1 16 org.apache.xerces.impl.dv.xs.PrecisionDecimalDV
3564: 1 16 org.opensaml.saml2.core.validator.NameIDMappingRequestSchemaValidator
3565: 1 16 org.opensaml.saml2.core.validator.AssertionSchemaValidator
3566: 1 16 org.opensaml.saml2.metadata.impl.AssertionConsumerServiceBuilder
3567: 1 16 sun.reflect.GeneratedMethodAccessor15
3568: 1 16 org.opensaml.saml2.metadata.impl.AssertionIDRequestServiceBuilder
3569: 1 16 sun.reflect.GeneratedMethodAccessor111
3570: 1 16 org.apache.velocity.util.introspection.ClassMap$MethodCache$CacheMiss
3571: 1 16 com.tc.statistics.retrieval.actions.SRASystemProperties
3572: 1 16 org.opensaml.saml1.core.impl.AudienceBuilder
3573: 1 16 org.opensaml.ws.wssecurity.impl.SaltBuilder
3574: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor37
3575: 1 16 org.apache.xerces.impl.dv.xs.ListDV
3576: 1 16 org.opensaml.saml2.metadata.validator.AttributeServiceSchemaValidator
3577: 1 16 org.opensaml.saml2.core.impl.AssertionIDRefBuilder
3578: 1 16 sun.reflect.GeneratedConstructorAccessor61
3579: 1 16 com.tc.aspectwerkz.expression.ast.ExpressionParser
3580: 1 16 java.util.logging.Logging
3581: 1 16 org.opensaml.xml.encryption.impl.RecipientKeyInfoBuilder
3582: 1 16 org.opensaml.ws.wssecurity.impl.PasswordBuilder
3583: 1 16 sun.reflect.GeneratedConstructorAccessor69
3584: 1 16 sun.reflect.GeneratedConstructorAccessor48
3585: 1 16 sun.reflect.GeneratedMethodAccessor44
3586: 1 16 org.opensaml.ws.wsaddressing.impl.ReplyToBuilder
3587: 1 16 sun.reflect.GeneratedMethodAccessor104
3588: 1 16 org.opensaml.ws.wsaddressing.impl.ActionBuilder
3589: 1 16 org.opensaml.ws.wssecurity.impl.EncryptedHeaderBuilder
3590: 1 16 sun.reflect.GeneratedConstructorAccessor58
3591: 1 16 org.opensaml.saml2.core.impl.NewEncryptedIDBuilder
3592: 1 16 org.opensaml.xml.encryption.impl.OriginatorKeyInfoBuilder
3593: 1 16 org.opensaml.xml.schema.impl.XSURIBuilder
3594: 1 16 sun.reflect.GeneratedMethodAccessor106
3595: 1 16 com.tc.async.impl.StageImpl$1
3596: 1 16 org.opensaml.samlext.saml2mdquery.impl.AuthzDecisionQueryDescriptorTypeBuilder
3597: 1 16 sun.reflect.GeneratedConstructorAccessor5
3598: 1 16 org.joda.time.convert.ReadableInstantConverter
3599: 1 16 org.opensaml.xml.signature.impl.X509CRLBuilder
3600: 1 16 java.util.Hashtable$EmptyIterator
3601: 1 16 org.opensaml.saml2.metadata.validator.KeyDescriptorSchemaValidator
3602: 1 16 org.opensaml.xml.encryption.impl.PgenCounterBuilder
3603: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$CLIENT_HANDSHAKE_ACK_MESSAGEFactory
3604: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$LOCK_STATISTICS_RESPONSE_MESSAGEFactory
3605: 1 16 org.opensaml.saml2.core.validator.AssertionURIRefSchemaValidator
3606: 1 16 org.opensaml.ws.wsaddressing.impl.ProblemActionBuilder
3607: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$CLUSTER_MEMBERSHIP_EVENT_MESSAGEFactory
3608: 1 16 sun.reflect.GeneratedConstructorAccessor7
3609: 1 16 java.security.cert.CertPathHelperImpl
3610: 1 16 java.util.Collections$ReverseComparator
3611: 1 16 sun.misc.Launcher$Factory
3612: 1 16 java.util.jar.JavaUtilJarAccessImpl
3613: 1 16 org.opensaml.saml1.core.validator.SubjectSchemaValidator
3614: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$JMX_MESSAGEFactory
3615: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$COMMIT_TRANSACTION_MESSAGEFactory
3616: 1 16 sun.reflect.GeneratedConstructorAccessor50
3617: 1 16 org.apache.jasper.xmlparser.MyErrorHandler
3618: 1 16 sun.reflect.GeneratedMethodAccessor28
3619: 1 16 sun.reflect.GeneratedMethodAccessor53
3620: 1 16 org.opensaml.xml.encryption.impl.EncryptedKeyBuilder
3621: 1 16 org.opensaml.xml.signature.impl.RSAKeyValueBuilder
3622: 1 16 org.opensaml.saml2.metadata.validator.OrganizationSchemaValidator
3623: 1 16 org.opensaml.saml2.core.impl.AuthnContextDeclRefBuilder
3624: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$JMXREMOTE_MESSAGE_CONNECTION_MESSAGEFactory
3625: 1 16 org.opensaml.saml2.core.validator.ManageNameIDResponseSchemaValidator
3626: 1 16 sun.reflect.GeneratedMethodAccessor23
3627: 1 16 org.opensaml.ws.wsaddressing.impl.FromBuilder
3628: 1 16 org.opensaml.xml.encryption.impl.CipherValueBuilder
3629: 1 16 org.apache.tomcat.util.buf.StringCache
3630: 1 16 sun.reflect.GeneratedConstructorAccessor1
3631: 1 16 org.opensaml.saml2.metadata.validator.AttributeConsumingServiceSchemaValidator
3632: 1 16 sun.reflect.generics.tree.BottomSignature
3633: 1 16 com.tc.exception.RuntimeExceptionHelper
3634: 1 16 org.opensaml.saml2.core.validator.AuthnQuerySchemaValidator
3635: 1 16 sun.reflect.GeneratedConstructorAccessor23
3636: 1 16 org.opensaml.saml2.core.validator.IDPEntrySchemaValidator
3637: 1 16 com.tc.backport175.bytecode.DefaultBytecodeProvider
3638: 1 16 org.joda.time.convert.CalendarConverter
3639: 1 16 org.opensaml.xml.signature.impl.PGPKeyPacketBuilder
3640: 1 16 org.apache.xerces.impl.xs.XSConstraints$1
3641: 1 16 org.opensaml.saml2.metadata.validator.AuthnAuthorityDescriptorSchemaValidator
3642: 1 16 sun.reflect.GeneratedConstructorAccessor19
3643: 1 16 org.opensaml.saml1.core.validator.AuthenticationStatementSchemaValidator
3644: 1 16 org.opensaml.xml.encryption.impl.EncryptionPropertyBuilder
3645: 1 16 com.tc.config.schema.defaults.FromSchemaDefaultValueProvider
3646: 1 16 sun.reflect.GeneratedMethodAccessor26
3647: 1 16 sun.reflect.GeneratedMethodAccessor8
3648: 1 16 org.opensaml.xml.signature.validator.DSAKeyValueSchemaValidator
3649: 1 16 com.sun.jndi.ldap.DefaultResponseControlFactory
3650: 1 16 org.opensaml.saml2.metadata.impl.TelephoneNumberBuilder
3651: 1 16 com.tc.statistics.retrieval.SigarUtil$SigarFilenameFilter
3652: 1 16 org.opensaml.saml1.core.validator.EvidenceSchemaValidator
3653: 1 16 org.apache.xerces.impl.dv.dtd.NOTATIONDatatypeValidator
3654: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor40
3655: 1 16 org.opensaml.saml2.metadata.impl.AttributeServiceBuilder
3656: 1 16 sun.reflect.GeneratedMethodAccessor45
3657: 1 16 org.opensaml.xml.signature.impl.XPathBuilder
3658: 1 16 org.opensaml.ws.wssecurity.impl.KeyIdentifierBuilder
3659: 1 16 sun.reflect.GeneratedConstructorAccessor10
3660: 1 16 sun.reflect.GeneratedConstructorAccessor56
3661: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$LOCK_QUERY_RESPONSE_MESSAGEFactory
3662: 1 16 com.tc.async.impl.DefaultAddPredicate
3663: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor36
3664: 1 16 org.opensaml.saml2.core.validator.ActionSchemaValidator
3665: 1 16 org.opensaml.saml2.metadata.validator.SingleLogoutServiceSchemaValidator
3666: 1 16 org.opensaml.saml1.core.impl.RequestBuilder
3667: 1 16 org.opensaml.saml2.metadata.validator.EntityDescriptorSpecValidator
3668: 1 16 java.lang.String$CaseInsensitiveComparator
3669: 1 16 org.opensaml.saml2.ecp.impl.ResponseBuilder
3670: 1 16 sun.net.www.protocol.jar.JarFileFactory
3671: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor41
3672: 1 16 org.apache.xerces.dom.CharacterDataImpl$1
3673: 1 16 org.apache.xml.security.c14n.helper.AttrCompare
3674: 1 16 org.apache.catalina.core.ApplicationFilterFactory
3675: 1 16 org.opensaml.saml1.core.validator.AuthorizationDecisionQuerySchemaValidator
3676: 1 16 org.knopflerfish.framework.PermissionOps
3677: 1 16 com.tc.object.bytecode.AbstractListMethodCreator
3678: 1 16 org.opensaml.saml2.ecp.impl.RequestBuilder
3679: 1 16 sun.reflect.GeneratedConstructorAccessor1232
3680: 1 16 org.eclipse.jdt.internal.compiler.ast.CompilationUnitDeclaration$1
3681: 1 16 org.opensaml.ws.wsfed.impl.RequestSecurityTokenResponseBuilder
3682: 1 16 org.opensaml.saml2.metadata.impl.ArtifactResolutionServiceBuilder
3683: 1 16 org.opensaml.saml2.metadata.validator.EntityDescriptorSchemaValidator
3684: 1 16 org.opensaml.xml.encryption.validator.TransformsSchemaValidator
3685: 1 16 sun.reflect.GeneratedConstructorAccessor53
3686: 1 16 org.opensaml.xml.signature.impl.CryptoBinaryBuilder
3687: 1 16 javax.management.NotificationBroadcasterSupport$1
3688: 1 16 sun.reflect.GeneratedMethodAccessor11
3689: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$ACKNOWLEDGE_TRANSACTION_MESSAGEFactory
3690: 1 16 sun.reflect.GeneratedConstructorAccessor28
3691: 1 16 sun.reflect.GeneratedMethodAccessor103
3692: 1 16 org.opensaml.saml2.metadata.validator.GivenNameSchemaValidator
3693: 1 16 sun.net.DefaultProgressMeteringPolicy
3694: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$OBJECT_ID_BATCH_REQUEST_RESPONSE_MESSAGEFactory
3695: 1 16 com.tc.util.StandardResourceBundleFactory
3696: 1 16 org.opensaml.saml1.core.impl.StatusMessageBuilder
3697: 1 16 org.opensaml.xml.signature.impl.KeyInfoBuilder
3698: 1 16 org.knopflerfish.framework.BundlePackages$2
3699: 1 16 org.opensaml.xml.signature.validator.X509DataSchemaValidator
3700: 1 16 org.opensaml.samlext.saml2mdquery.impl.AuthnQueryDescriptorTypeBuilder
3701: 1 16 org.opensaml.xml.encryption.impl.DHKeyValueBuilder
3702: 1 16 sun.reflect.GeneratedConstructorAccessor1306
3703: 1 16 org.apache.xerces.impl.dv.xs.DecimalDV
3704: 1 16 org.apache.tomcat.util.digester.Digester$SystemPropertySource
3705: 1 16 sun.reflect.GeneratedConstructorAccessor1230
3706: 1 16 org.opensaml.saml2.core.validator.ManageNameIDRequestSchemaValidator
3707: 1 16 org.opensaml.saml2.core.validator.IDPListSchemaValidator
3708: 1 16 sun.reflect.GeneratedConstructorAccessor59
3709: 1 16 org.opensaml.xml.signature.impl.ModulusBuilder
3710: 1 16 sun.reflect.GeneratedMethodAccessor41
3711: 1 16 org.apache.xerces.impl.dv.dtd.StringDatatypeValidator
3712: 1 16 org.opensaml.saml2.metadata.impl.ServiceDescriptionBuilder
3713: 1 16 org.springframework.ui.velocity.CommonsLoggingLogSystem
3714: 1 16 org.opensaml.saml2.metadata.validator.AffiliateMemberSchemaValidator
3715: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor76
3716: 1 16 org.opensaml.saml1.core.validator.ActionSpecValidator
3717: 1 16 org.opensaml.ws.wssecurity.impl.EmbeddedBuilder
3718: 1 16 sun.reflect.GeneratedMethodAccessor40
3719: 1 16 org.opensaml.saml2.core.validator.RequestedAuthnContextSchemaValidator
3720: 1 16 org.opensaml.saml1.core.validator.RequestSchemaValidator
3721: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor29
3722: 1 16 sun.reflect.GeneratedConstructorAccessor46
3723: 1 16 org.opensaml.saml2.core.validator.ConditionsSpecValidator
3724: 1 16 org.apache.commons.ssl.Java14
3725: 1 16 org.opensaml.saml2.core.validator.AuthnRequestSchemaValidator
3726: 1 16 sun.reflect.GeneratedMethodAccessor58
3727: 1 16 org.opensaml.saml2.metadata.validator.EncryptionMethodSchemaValidator
3728: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$KEYS_FOR_ORPHANED_VALUES_RESPONSE_MESSAGEFactory
3729: 1 16 org.knopflerfish.framework.BundleClassLoader$1
3730: 1 16 org.opensaml.saml2.core.impl.AudienceBuilder
3731: 1 16 org.opensaml.saml2.core.validator.SessionIndexSchemaValidator
3732: 1 16 edu.internet2.middleware.shibboleth.common.xmlobject.impl.ShibbolethMetadataKeyAuthorityBuilder
3733: 1 16 com.tc.object.StandardDSOClientBuilder
3734: 1 16 org.opensaml.xml.signature.impl.X509DataBuilder
3735: 1 16 org.opensaml.saml2.metadata.validator.CompanySchemaValidator
3736: 1 16 org.opensaml.saml2.core.validator.AuthzDecisionQuerySchemaValidator
3737: 1 16 org.apache.xerces.impl.xs.models.XSEmptyCM
3738: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$REQUEST_ROOT_MESSAGEFactory
3739: 1 16 sun.reflect.GeneratedConstructorAccessor1228
3740: 1 16 sun.reflect.GeneratedConstructorAccessor74
3741: 1 16 org.joda.time.convert.ReadableIntervalConverter
3742: 1 16 org.opensaml.saml1.core.validator.ResponseSchemaValidator
3743: 1 16 org.opensaml.saml2.core.validator.EvidenceSchemaValidator
3744: 1 16 org.apache.xerces.impl.dv.xs.UnionDV
3745: 1 16 java.net.InetAddress$1
3746: 1 16 java.lang.reflect.ReflectAccess
3747: 1 16 sun.reflect.GeneratedMethodAccessor25
3748: 1 16 org.opensaml.saml1.core.impl.ResponseBuilder
3749: 1 16 sun.reflect.GeneratedConstructorAccessor125
3750: 1 16 sun.reflect.GeneratedMethodAccessor35
3751: 1 16 org.opensaml.saml2.core.validator.AttributeStatementSchemaValidator
3752: 1 16 com.tc.config.schema.setup.FatalIllegalConfigurationChangeHandler
3753: 1 16 org.apache.naming.resources.DirContextURLStreamHandlerFactory
3754: 1 16 com.tc.object.NullTraverseTest
3755: 1 16 org.opensaml.ws.soap.soap11.impl.FaultCodeBuilder
3756: 1 16 org.opensaml.xml.encryption.impl.KANonceBuilder
3757: 1 16 org.opensaml.saml1.core.validator.AttributeSchemaValidator
3758: 1 16 org.opensaml.xml.encryption.validator.EncryptionPropertiesSchemaValidator
3759: 1 16 org.joda.time.convert.ReadablePartialConverter
3760: 1 16 org.opensaml.xml.signature.validator.SignatureSchemaValidator
3761: 1 16 org.opensaml.xml.signature.validator.TransformSchemaValidator
3762: 1 16 sun.reflect.GeneratedMethodAccessor107
3763: 1 16 org.opensaml.saml2.core.validator.LogoutRequestSchemaValidator
3764: 1 16 org.opensaml.xml.signature.validator.X509SerialNumberSchemaValidator
3765: 1 16 sun.reflect.GeneratedConstructorAccessor63
3766: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor72
3767: 1 16 org.opensaml.xml.encryption.impl.CarriedKeyNameBuilder
3768: 1 16 org.apache.commons.httpclient.cookie.CookiePathComparator
3769: 1 16 org.opensaml.saml2.metadata.validator.SurNameSchemaValidator
3770: 1 16 sun.reflect.GeneratedMethodAccessor50
3771: 1 16 org.opensaml.xml.signature.validator.KeyValueSchemaValidator
3772: 1 16 sun.reflect.GeneratedMethodAccessor68
3773: 1 16 sun.reflect.GeneratedConstructorAccessor47
3774: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$BATCH_TRANSACTION_ACK_MESSAGEFactory
3775: 1 16 java.lang.System$2
3776: 1 16 sun.reflect.GeneratedMethodAccessor32
3777: 1 16 sun.reflect.GeneratedConstructorAccessor13
3778: 1 16 org.opensaml.xml.encryption.validator.CipherDataSchemaValidator
3779: 1 16 org.opensaml.xml.signature.impl.TransformsBuilder
3780: 1 16 sun.security.util.ByteArrayLexOrder
3781: 1 16 org.opensaml.saml2.metadata.validator.ServiceNameSchemaValidator
3782: 1 16 org.opensaml.saml2.core.validator.SubjectConfirmationSchemaValidator
3783: 1 16 sun.reflect.GeneratedMethodAccessor18
3784: 1 16 sun.reflect.GeneratedMethodAccessor9
3785: 1 16 org.joda.time.convert.StringConverter
3786: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$KEYS_FOR_ORPHANED_VALUES_MESSAGEFactory
3787: 1 16 org.opensaml.xml.signature.impl.PGPDataBuilder
3788: 1 16 org.apache.xerces.impl.dv.dtd.NMTOKENDatatypeValidator
3789: 1 16 org.opensaml.saml1.core.validator.AudienceRestrictionConditionSchemaValidator
3790: 1 16 sun.reflect.GeneratedConstructorAccessor1270
3791: 1 16 org.opensaml.xml.signature.impl.X509IssuerSerialBuilder
3792: 1 16 org.apache.velocity.runtime.log.NullLogChute
3793: 1 16 org.opensaml.saml2.metadata.validator.AssertionIDRequestServiceSchemaValidator
3794: 1 16 org.opensaml.saml2.core.impl.EncryptedAssertionBuilder
3795: 1 16 org.springframework.util.ReflectionUtils$3
3796: 1 16 sun.reflect.GeneratedConstructorAccessor42
3797: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor74
3798: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$LOCK_STAT_MESSAGEFactory
3799: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$OBJECT_ID_BATCH_REQUEST_MESSAGEFactory
3800: 1 16 sun.reflect.GeneratedConstructorAccessor14
3801: 1 16 sun.reflect.GeneratedMethodAccessor101
3802: 1 16 org.opensaml.saml1.core.impl.AssertionArtifactBuilder
3803: 1 16 com.tc.statistics.retrieval.actions.SRACacheObjectsEvicted
3804: 1 16 org.apache.xerces.impl.dv.xs.XSSimpleTypeDecl$2
3805: 1 16 org.apache.xerces.impl.xs.util.XSObjectListImpl$1
3806: 1 16 org.apache.xerces.impl.dv.xs.AnyAtomicDV
3807: 1 16 org.opensaml.xml.signature.impl.KeyValueBuilder
3808: 1 16 org.apache.xerces.impl.dv.xs.DoubleDV
3809: 1 16 org.opensaml.xml.encryption.impl.PBuilder
3810: 1 16 org.opensaml.xml.encryption.impl.OAEPparamsBuilder
3811: 1 16 org.opensaml.saml2.metadata.validator.NameIDMappingServiceSchemaValidator
3812: 1 16 org.opensaml.xml.signature.impl.RetrievalMethodBuilder
3813: 1 16 sun.reflect.GeneratedMethodAccessor64
3814: 1 16 org.opensaml.ws.wsaddressing.impl.ToBuilder
3815: 1 16 org.apache.xerces.impl.dv.dtd.IDDatatypeValidator
3816: 1 16 org.opensaml.saml1.core.validator.SubjectStatementSchemaValidator
3817: 1 16 sun.reflect.GeneratedConstructorAccessor1309
3818: 1 16 org.apache.xerces.impl.dv.xs.IDREFDV
3819: 1 16 org.opensaml.saml2.metadata.validator.NameIDFormatSchemaValidator
3820: 1 16 sun.reflect.GeneratedConstructorAccessor3
3821: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor32
3822: 1 16 com.tc.exception.ExceptionWrapperImpl
3823: 1 16 org.opensaml.xml.signature.impl.SeedBuilder
3824: 1 16 java.net.URLClassLoader$7
3825: 1 16 edu.internet2.middleware.shibboleth.common.xmlobject.impl.ShibbolethScopedValueBuilder
3826: 1 16 org.opensaml.samlext.samlpthrpty.impl.RespondToBuilder
3827: 1 16 com.tc.object.session.NullSessionManager
3828: 1 16 com.tc.net.protocol.delivery.OOOProtocolMessageFactory
3829: 1 16 org.opensaml.saml2.core.validator.AssertionIDRefSchemaValidator
3830: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor71
3831: 1 16 org.opensaml.xml.encryption.impl.QBuilder
3832: 1 16 org.opensaml.saml2.core.validator.GetCompleteSchemaValidator
3833: 1 16 sun.reflect.GeneratedMethodAccessor43
3834: 1 16 sun.reflect.GeneratedMethodAccessor48
3835: 1 16 sun.reflect.GeneratedMethodAccessor105
3836: 1 16 java.util.regex.Pattern$CharPropertyNames$5
3837: 1 16 org.opensaml.xml.schema.impl.XSBase64BinaryBuilder
3838: 1 16 org.opensaml.saml2.metadata.validator.SingleSignOnServiceSchemaValidator
3839: 1 16 org.opensaml.saml2.core.validator.AssertionSpecValidator
3840: 1 16 com.tc.aspectwerkz.expression.ast.SimpleCharStream
3841: 1 16 com.tc.net.protocol.transport.NullConnectionPolicy
3842: 1 16 org.opensaml.saml2.core.validator.ArtifactResolveSchemaValidator
3843: 1 16 org.opensaml.ws.wsaddressing.impl.RelatesToBuilder
3844: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor45
3845: 1 16 sun.reflect.GeneratedConstructorAccessor4
3846: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$NODE_META_DATA_MESSAGEFactory
3847: 1 16 org.opensaml.xml.signature.impl.SPKIDataBuilder
3848: 1 16 org.opensaml.saml2.metadata.impl.GivenNameBuilder
3849: 1 16 org.opensaml.xml.encryption.impl.PublicBuilder
3850: 1 16 org.opensaml.ws.wsfed.impl.AddressBuilder
3851: 1 16 org.apache.xml.security.utils.ElementCheckerImpl$InternedNsChecker
3852: 1 16 java.util.Hashtable$EmptyEnumerator
3853: 1 16 sun.reflect.GeneratedConstructorAccessor54
3854: 1 16 org.opensaml.saml1.core.validator.AttributeDesignatorSchemaValidator
3855: 1 16 org.opensaml.xml.encryption.impl.CipherReferenceBuilder
3856: 1 16 org.opensaml.saml1.core.validator.StatusCodeSchemaValidator
3857: 1 16 org.opensaml.saml2.core.validator.IssuerSchemaValidator
3858: 1 16 org.opensaml.saml2.metadata.validator.SPSSODescriptorSpecValidator
3859: 1 16 org.opensaml.ws.wsaddressing.impl.MessageIDBuilder
3860: 1 16 org.opensaml.xml.signature.impl.YBuilder
3861: 1 16 org.apache.xerces.impl.xs.util.XIntPool
3862: 1 16 java.lang.Terminator$1
3863: 1 16 org.opensaml.xml.signature.impl.X509IssuerNameBuilder
3864: 1 16 org.opensaml.saml2.metadata.validator.OrganizationURLSchemaValidator
3865: 1 16 org.opensaml.xml.encryption.impl.SeedBuilder
3866: 1 16 com.tc.aspectwerkz.expression.ast.ExpressionParserTokenManager
3867: 1 16 org.opensaml.xml.signature.impl.TransformBuilder
3868: 1 16 sun.reflect.GeneratedMethodAccessor16
3869: 1 16 org.opensaml.ws.wsaddressing.impl.SoapActionBuilder
3870: 1 16 org.opensaml.saml2.metadata.impl.EmailAddressBuilder
3871: 1 16 org.apache.catalina.connector.Tomcat55CookieWriterFactory
3872: 1 16 org.opensaml.ws.soap.soap11.impl.EnvelopeBuilder
3873: 1 16 javax.management.JMX
3874: 1 16 org.opensaml.saml2.metadata.impl.SurNameBuilder
3875: 1 16 sun.reflect.GeneratedMethodAccessor27
3876: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$NODE_META_DATA_RESPONSE_MESSAGEFactory
3877: 1 16 org.opensaml.ws.wsaddressing.impl.EndpointReferenceBuilder
3878: 1 16 org.opensaml.saml1.core.validator.SubjectConfirmationSchemaValidator
3879: 1 16 org.opensaml.ws.wsfed.impl.EndPointReferenceBuilder
3880: 1 16 org.opensaml.ws.soap.soap11.impl.FaultBuilder
3881: 1 16 org.opensaml.saml2.metadata.validator.AuthnQueryServiceSchemaValidator
3882: 1 16 sun.reflect.GeneratedMethodAccessor47
3883: 1 16 org.opensaml.samlext.saml2delrestrict.impl.DelegationRestrictionTypeBuilder
3884: 1 16 sun.reflect.GeneratedMethodAccessor13
3885: 1 16 org.opensaml.saml2.core.impl.GetCompleteBuilder
3886: 1 16 sun.reflect.GeneratedConstructorAccessor1234
3887: 1 16 org.apache.xerces.impl.dv.xs.Base64BinaryDV
3888: 1 16 org.opensaml.ws.wssecurity.impl.TimestampBuilder
3889: 1 16 org.opensaml.saml2.core.validator.AuthnContextDeclRefSchemaValidator
3890: 1 16 sun.reflect.GeneratedMethodAccessor109
3891: 1 16 com.sun.jndi.ldap.VersionHelper12
3892: 1 16 org.opensaml.saml2.core.validator.StatusMessageSchemaValidator
3893: 1 16 org.opensaml.xml.encryption.impl.EncryptionMethodBuilder
3894: 1 16 org.opensaml.saml2.core.validator.NameIDSchemaValidator
3895: 1 16 org.apache.log4j.or.DefaultRenderer
3896: 1 16 com.tc.object.tx.TimerSpecFactory
3897: 1 16 com.tc.aspectwerkz.transform.inlining.AsmNullAdapter$NullClassAdapter
3898: 1 16 org.opensaml.xml.signature.impl.GBuilder
3899: 1 16 org.opensaml.saml2.core.impl.IssuerBuilder
3900: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor43
3901: 1 16 com.tc.object.logging.NullInstrumentationLogger
3902: 1 16 com.sun.script.javascript.RhinoClassShutter
3903: 1 16 org.joda.time.convert.NullConverter
3904: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$CLIENT_JMX_READY_MESSAGEFactory
3905: 1 16 org.opensaml.xml.signature.impl.X509SerialNumberBuilder
3906: 1 16 org.opensaml.saml2.core.validator.AudienceRestrictionSchemaValidator
3907: 1 16 com.tc.plugins.ModulesLoader$1
3908: 1 16 sun.reflect.GeneratedConstructorAccessor90
3909: 1 16 org.knopflerfish.framework.ReferenceURLStreamHandler
3910: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor77
3911: 1 16 org.opensaml.xml.signature.impl.DSAKeyValueBuilder
3912: 1 16 org.opensaml.xml.signature.impl.X509CertificateBuilder
3913: 1 16 org.opensaml.saml1.core.validator.AttributeStatementSchemaValidator
3914: 1 16 com.tc.object.NonInstrumentedClasses
3915: 1 16 sun.reflect.GeneratedMethodAccessor12
3916: 1 16 sun.reflect.GeneratedMethodAccessor112
3917: 1 16 sun.reflect.GeneratedMethodAccessor6
3918: 1 16 org.opensaml.saml2.metadata.validator.OrganizationNameSchemaValidator
3919: 1 16 org.opensaml.saml2.metadata.impl.AuthnQueryServiceBuilder
3920: 1 16 sun.reflect.GeneratedConstructorAccessor52
3921: 1 16 org.opensaml.saml2.core.validator.NameIDMappingResponseSchemaValidator
3922: 1 16 org.opensaml.ws.wsaddressing.impl.MetadataBuilder
3923: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$REQUEST_MANAGED_OBJECT_MESSAGEFactory
3924: 1 16 sun.reflect.GeneratedConstructorAccessor6
3925: 1 16 org.opensaml.saml1.core.validator.AudienceSpecValidator
3926: 1 16 sun.reflect.GeneratedMethodAccessor19
3927: 1 16 org.opensaml.saml2.metadata.impl.NameIDMappingServiceBuilder
3928: 1 16 sun.nio.ch.FileDispatcher
3929: 1 16 org.opensaml.saml2.core.validator.ArtifactResponseSchemaValidator
3930: 1 16 sun.reflect.GeneratedConstructorAccessor64
3931: 1 16 org.opensaml.xml.encryption.impl.EncryptedDataBuilder
3932: 1 16 org.opensaml.saml2.metadata.validator.RequestedAttributeSchemaValidator
3933: 1 16 sun.reflect.GeneratedMethodAccessor20
3934: 1 16 org.apache.xerces.impl.dv.xs.EntityDV
3935: 1 16 sun.reflect.GeneratedMethodAccessor7
3936: 1 16 sun.security.rsa.RSAKeyFactory
3937: 1 16 org.opensaml.saml2.metadata.validator.AssertionConsumerServiceSchemaValidator
3938: 1 16 org.knopflerfish.framework.BundlePackages$3
3939: 1 16 org.opensaml.saml2.metadata.impl.OrganizationURLBuilder
3940: 1 16 org.opensaml.ws.soap.soap11.impl.HeaderBuilder
3941: 1 16 sun.reflect.generics.tree.VoidDescriptor
3942: 1 16 org.opensaml.ws.soap.soap11.impl.BodyBuilder
3943: 1 16 sun.reflect.GeneratedConstructorAccessor49
3944: 1 16 com.tc.aspectwerkz.transform.inlining.AsmNullAdapter$NullMethodAdapter
3945: 1 16 java.lang.ApplicationShutdownHooks$1
3946: 1 16 sun.reflect.GeneratedMethodAccessor29
3947: 1 16 org.opensaml.saml2.metadata.validator.IDPSSODescriptorSpecValidator
3948: 1 16 org.opensaml.saml2.metadata.validator.ContactPersonSchemaValidator
3949: 1 16 edu.internet2.middleware.shibboleth.common.log.LogbackConfigurationChangeListener
3950: 1 16 org.opensaml.saml2.core.validator.RequesterIDSchemaValidator
3951: 1 16 org.joda.time.DateTimeUtils$SystemMillisProvider
3952: 1 16 org.apache.xml.serializer.SecuritySupport12
3953: 1 16 org.eclipse.jdt.internal.compiler.CompilationResult$1
3954: 1 16 org.opensaml.xml.encryption.validator.ReferenceListSchemaValidator
3955: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor69
3956: 1 16 org.opensaml.xml.encryption.impl.TransformsBuilder
3957: 1 16 sun.reflect.GeneratedMethodAccessor57
3958: 1 16 org.joda.time.convert.DateConverter
3959: 1 16 org.opensaml.ws.wssecurity.impl.CreatedBuilder
3960: 1 16 org.opensaml.ws.wssecurity.impl.ReferenceBuilder
3961: 1 16 org.opensaml.ws.soap.soap11.impl.FaultStringBuilder
3962: 1 16 org.opensaml.saml2.metadata.validator.AttributeAuthorityDescriptorSchemaValidator
3963: 1 16 org.opensaml.saml1.core.impl.RespondWithBuilder
3964: 1 16 edu.internet2.middleware.shibboleth.common.xmlobject.impl.ShibbolethMetadataScopeBuilder
3965: 1 16 org.opensaml.xml.signature.impl.DigestMethodBuilder
3966: 1 16 java.lang.ref.Reference$Lock
3967: 1 16 org.opensaml.saml2.metadata.validator.AttributeAuthorityDescriptorSpecValidator
3968: 1 16 org.opensaml.saml2.metadata.validator.AdditionalMetadataLocationSchemaValidator
3969: 1 16 org.apache.xerces.impl.dv.xs.BooleanDV
3970: 1 16 sun.reflect.GeneratedConstructorAccessor1226
3971: 1 16 org.opensaml.ws.wssecurity.impl.IterationBuilder
3972: 1 16 sun.reflect.GeneratedConstructorAccessor45
3973: 1 16 com.tc.net.protocol.delivery.OnceAndOnlyOnceProtocolNetworkLayerFactoryImpl
3974: 1 16 org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder
3975: 1 16 org.opensaml.xml.signature.validator.RetrievalMethodSchemaValidator
3976: 1 16 org.opensaml.ws.wssecurity.impl.ExpiresBuilder
3977: 1 16 org.opensaml.xml.encryption.impl.KeySizeBuilder
3978: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor44
3979: 1 16 sun.reflect.GeneratedConstructorAccessor40
3980: 1 16 org.opensaml.common.impl.RandomIdentifierGenerator
3981: 1 16 sun.security.util.ByteArrayTagOrder
3982: 1 16 sun.reflect.GeneratedMethodAccessor54
3983: 1 16 sun.reflect.GeneratedSerializationConstructorAccessor34
3984: 1 16 org.opensaml.saml2.metadata.validator.IDPSSODescriptorSchemaValidator
3985: 1 16 sun.reflect.GeneratedConstructorAccessor1231
3986: 1 16 org.opensaml.saml2.core.validator.AttributeQuerySchemaValidator
3987: 1 16 org.opensaml.saml2.core.validator.AudienceSchemaValidator
3988: 1 16 org.opensaml.xml.encryption.impl.DataReferenceBuilder
3989: 1 16 com.tc.exception.ExceptionHelperImpl$NullExceptionHelper
3990: 1 16 org.springframework.web.context.support.WebApplicationContextUtils$1
3991: 1 16 sun.reflect.GeneratedMethodAccessor110
3992: 1 16 sun.reflect.GeneratedMethodAccessor42
3993: 1 16 com.tc.net.protocol.tcm.TCMessageFactoryImpl$OBJECTS_NOT_FOUND_RESPONSE_MESSAGEFactory
3994: 1 16 org.opensaml.saml2.core.impl.AuthnContextDeclBuilder
3995: 1 16 org.knopflerfish.framework.Util$1
3996: 1 16 org.opensaml.saml1.core.validator.AuthorizationDecisionStatementSchemaValidator
3997: 1 16 org.opensaml.ws.wssecurity.impl.NonceBuilder
3998: 1 16 sun.reflect.GeneratedConstructorAccessor44
3999: 1 16 sun.reflect.GeneratedConstructorAccessor29
4000: 1 16 org.opensaml.xml.signature.validator.X509IssuerSerialSchemaValidator
4001: 1 16 sun.reflect.GeneratedConstructorAccessor60
4002: 1 16 org.opensaml.ws.wssecurity.impl.UsernameBuilder
4003: 1 16 org.opensaml.saml2.metadata.validator.SingleSignOnServiceSpecValidator
4004: 1 16 org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder
4005: 1 16 sun.reflect.GeneratedSerializationConstructorAcce