samltest/data/saml2/core/impl/ResponseChildElements.xml | 2 1 + 1 - 0 !
samltest/data/signature/SAML2Assertion.xml | 8 4 + 4 - 0 !
2 files changed, 5 insertions(+), 5 deletions(-)

 update saml2 signatures to rsa-sha256

The default signature algorithm changed to RSA-SHA256 in XMLTooling 3.3
[1], so the control XML files in the OpenSAML test suite must follow [2].
The "Not yet signed" ResponseChildElements.xml was edited manually,
while SAML2Assertion.xml was re-signed in the build tree via

../samlsign/samlsign -s -k ./data/key.pem -c ./data/cert.pem -f ./data/signature/SAML2Assertion.xml

[1] https://shibboleth.atlassian.net/browse/CPPXT-162
[2] https://shibboleth.atlassian.net/browse/CPPOST-125

samltest/signature/SAML1AssertionTest.h | 1 1 + 0 - 0 !
samltest/signature/SAML1RequestTest.h | 1 1 + 0 - 0 !
samltest/signature/SAML1ResponseTest.h | 1 1 + 0 - 0 !
3 files changed, 3 insertions(+)

 skip saml1 tests depending on the old rsa-sha1 default signature

I do not know how to re-sign SAML1 data with RSA-SHA256.

samltest/data/incommon.pem | 60 26 + 34 - 0 !
samltest/data/saml2/metadata/HTTPMetadataProvider.xml | 2 1 + 1 - 0 !
2 files changed, 27 insertions(+), 35 deletions(-)

 use the new incommon metadata source

The legacy metadata expired on 2025-04-15, leading to failures in the
XMLMetadataProviderTest samltest suite.  The new URL and certificate
was taken from the
https://spaces.at.internet2.edu/display/MDQ/how-to-locate-metadata-with-mdq
page.

doxygen.cfg | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 disable short_names in doxygen to gain reproducibility

samltest/data/binding/example-metadata.xml | 2 1 + 1 - 0 !
samltest/data/saml1/profile/SAML1Assertion.xml | 2 1 + 1 - 0 !
samltest/data/saml2/profile/SAML2Assertion.xml | 4 2 + 2 - 0 !
3 files changed, 4 insertions(+), 4 deletions(-)

 extend test metadata/assertion validity to 2031

It would be better to use dynamic expiration dates, but this small
change fixes the problem for forky.

Closes: #1127130