projects / shibboleth / sp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e0bcbbc)
Revamp whitespace.
authorcantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Thu, 21 Feb 2008 22:08:07 +0000 (22:08 +0000)
committercantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Thu, 21 Feb 2008 22:08:07 +0000 (22:08 +0000)
git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@2743 cb58f699-b61c-0410-a6fe-9272a202ed29

configs/upgrade.xsl patch | blob | history

diff --git a/configs/upgrade.xsl b/configs/upgrade.xsl
index 64896fd..4956a98 100644 (file)
--- a/configs/upgrade.xsl
+++ b/configs/upgrade.xsl
@@ -11,21 +11,24 @@
     exclude-result-prefixes="oldconf cred saml1">
 
     <xsl:param name="idp"/>
     exclude-result-prefixes="oldconf cred saml1">
 
     <xsl:param name="idp"/>
+    
+    <xsl:variable name="spaces" select="string('                                                                                          ')"/>
 
 
-    <!-- Add a comment to the start of the output file. -->
     <xsl:template match="/">
     <xsl:template match="/">
-        <xsl:comment>
-            <xsl:text>&#160;Generated by upgrade utility: check carefully before deploying.&#160;</xsl:text>
-        </xsl:comment>
         <xsl:apply-templates/>
     </xsl:template>
     
     <!--Force UTF-8 encoding for the output.-->
         <xsl:apply-templates/>
     </xsl:template>
     
     <!--Force UTF-8 encoding for the output.-->
-    <xsl:output omit-xml-declaration="no" method="xml" encoding="UTF-8" indent="yes"/>
+    <xsl:output omit-xml-declaration="no" method="xml" encoding="UTF-8"/>
 
     <xsl:template match="oldconf:SPConfig">
 
     <xsl:template match="oldconf:SPConfig">
+        <xsl:text>&#10;</xsl:text>
         <SPConfig logger="{@logger}" clockSkew="{@clockSkew}">
             <xsl:text>&#10;</xsl:text>
         <SPConfig logger="{@logger}" clockSkew="{@clockSkew}">
             <xsl:text>&#10;</xsl:text>
+            <xsl:comment>
+                <xsl:text> Generated by upgrade utility: check carefully before deploying. </xsl:text>
+            </xsl:comment>
+            <xsl:text>&#10;&#10;</xsl:text>
             <xsl:apply-templates select="oldconf:Global"/>
             <xsl:text>&#10;</xsl:text>
             <xsl:apply-templates select="oldconf:Local"/>
             <xsl:apply-templates select="oldconf:Global"/>
             <xsl:text>&#10;</xsl:text>
             <xsl:apply-templates select="oldconf:Local"/>
@@ -33,319 +36,400 @@
             <xsl:apply-templates select="oldconf:Global/oldconf:UnixListener"/>
             <xsl:apply-templates select="oldconf:Global/oldconf:TCPListener"/>
             <xsl:text>&#10;</xsl:text>
             <xsl:apply-templates select="oldconf:Global/oldconf:UnixListener"/>
             <xsl:apply-templates select="oldconf:Global/oldconf:TCPListener"/>
             <xsl:text>&#10;</xsl:text>
-   &#160;<xsl:comment>
-           <xsl:text>&#160;This set of components stores sessions and other persistent data in daemon memory.&#160;</xsl:text>
-       </xsl:comment>
-   &#160;<StorageService type="Memory" id="mem" cleanupInterval="900"/>
-   &#160;<SessionCache type="StorageService" StorageService="mem" cacheTimeout="{oldconf:Global/oldconf:MemorySessionCache/@cacheTimeout}" inprocTimeout="900" cleanupInterval="900"/>
-   &#160;<ReplayCache StorageService="mem"/>
-   &#160;<ArtifactMap artifactTTL="180"/>
-           <xsl:text>&#10;</xsl:text>
-   &#160;<xsl:comment>
-           <xsl:text>&#160;This set of components stores sessions and other persistent data in an ODBC database.&#160;</xsl:text>
-       </xsl:comment>
-   &#160;<xsl:comment>
-            <xsl:text>
-   &#160;&lt;StorageService type="ODBC" id="db" cleanupInterval="900"&gt;
-       &#160;&lt;ConnectionString&gt;DRIVER=drivername;SERVER=dbserver;UID=shibboleth;PWD=password;DATABASE=shibboleth;APP=Shibboleth&lt;/ConnectionString&gt;
-   &#160;&lt;/StorageService&gt;
-   &#160;&lt;SessionCache type="StorageService" StorageService="db" cacheTimeout="3600" inprocTimeout="900" cleanupInterval="900"/&gt;
-   &#160;&lt;ReplayCache StorageService="db"/&gt;
-   &#160;&lt;ArtifactMap StorageService="db" artifactTTL="180"/&gt;
+            <xsl:text>    </xsl:text>
+            <xsl:comment>
+                <xsl:text> This set of components stores sessions and other persistent data in daemon memory. </xsl:text>
+            </xsl:comment>
+            <xsl:text>    </xsl:text>
+            <StorageService type="Memory" id="mem" cleanupInterval="900"/>
+            <xsl:text>&#10;    </xsl:text>
+            <SessionCache type="StorageService" StorageService="mem" cacheTimeout="{oldconf:Global/oldconf:MemorySessionCache/@cacheTimeout}" inprocTimeout="900" cleanupInterval="900"/>
+            <xsl:text>&#10;    </xsl:text>
+            <ReplayCache StorageService="mem"/>
+            <xsl:text>&#10;    </xsl:text>
+            <ArtifactMap artifactTTL="180"/>
+            <xsl:text>&#10;&#10;</xsl:text>
+            <xsl:text>    </xsl:text>
+            <xsl:comment>
+                <xsl:text> This set of components stores sessions and other persistent data in an ODBC database. </xsl:text>
+            </xsl:comment>
+            <xsl:text>    </xsl:text>
+            <xsl:comment>
+                <xsl:text>
+    &lt;StorageService type="ODBC" id="db" cleanupInterval="900"&gt;
+        &lt;ConnectionString&gt;DRIVER=drivername;SERVER=dbserver;UID=shibboleth;PWD=password;DATABASE=shibboleth;APP=Shibboleth&lt;/ConnectionString&gt;
+    &lt;/StorageService&gt;
+    &lt;SessionCache type="StorageService" StorageService="db" cacheTimeout="3600" inprocTimeout="900" cleanupInterval="900"/&gt;
+    &lt;ReplayCache StorageService="db"/&gt;
+    &lt;ArtifactMap StorageService="db" artifactTTL="180"/&gt;
     </xsl:text>
     </xsl:text>
-       </xsl:comment>
+            </xsl:comment>
             <xsl:text>&#10;</xsl:text>
             <xsl:apply-templates select="oldconf:Local/oldconf:RequestMapProvider"/>
             <xsl:text>&#10;</xsl:text>
             <xsl:apply-templates select="oldconf:Applications"/>
 
             <xsl:text>&#10;</xsl:text>
             <xsl:apply-templates select="oldconf:Local/oldconf:RequestMapProvider"/>
             <xsl:text>&#10;</xsl:text>
             <xsl:apply-templates select="oldconf:Applications"/>
 
-   &#160;<xsl:comment>
-       <xsl:text>&#160;Each policy defines a set of rules to use to secure messages.&#160;</xsl:text>
-    </xsl:comment>
-   &#160;<SecurityPolicies>
-       &#160;<xsl:comment>
-           <xsl:text>&#160;The predefined policy enforces replay/freshness and permits signing and client TLS.&#160;</xsl:text>
-        </xsl:comment>
-       &#160;<Policy id="default" validate="false">
-           &#160;<Rule type="MessageFlow" checkReplay="true" expires="60"/>
-           &#160;<Rule type="ClientCertAuth" errorFatal="true"/>
-           &#160;<Rule type="XMLSigning" errorFatal="true"/>
-           &#160;<Rule type="SimpleSigning" errorFatal="true"/>
-       &#160;</Policy>
-   &#160;</SecurityPolicies>
+            <xsl:text>&#10;&#10;    </xsl:text>
+            <xsl:comment>
+                <xsl:text> Each policy defines a set of rules to use to secure messages. </xsl:text>
+            </xsl:comment>
+            <xsl:text>&#10;    </xsl:text>
+            <SecurityPolicies>
+                <xsl:text>&#10;        </xsl:text>
+                <xsl:comment>
+                    <xsl:text> The predefined policy enforces replay/freshness and permits signing and client TLS. </xsl:text>
+                </xsl:comment>
+                <xsl:text>&#10;        </xsl:text>
+                <Policy id="default" validate="false">
+                    <xsl:text>&#10;            </xsl:text>
+                    <Rule type="MessageFlow" checkReplay="true" expires="60"/>
+                    <xsl:text>&#10;            </xsl:text>
+                    <Rule type="ClientCertAuth" errorFatal="true"/>
+                    <xsl:text>&#10;            </xsl:text>
+                    <Rule type="XMLSigning" errorFatal="true"/>
+                    <xsl:text>&#10;            </xsl:text>
+                    <Rule type="SimpleSigning" errorFatal="true"/>
+                    <xsl:text>&#10;        </xsl:text>
+                </Policy>
+                <xsl:text>&#10;    </xsl:text>
+            </SecurityPolicies>
+            <xsl:text>&#10;&#10;</xsl:text>
         </SPConfig>
     </xsl:template>
     
     <!-- Turn <Global> into <OutOfProcess> with the ODBC extension commented out. -->
     <xsl:template match="oldconf:Global">
         </SPConfig>
     </xsl:template>
     
     <!-- Turn <Global> into <OutOfProcess> with the ODBC extension commented out. -->
     <xsl:template match="oldconf:Global">
-   &#160;<OutOfProcess logger="{@logger}">
-       &#160;<xsl:comment>
-               <xsl:text>
-       &#160;&lt;Extensions&gt;
-           &#160;&lt;Library path="odbc-store.so" fatal="true"/&gt;
+        <xsl:text>    </xsl:text>
+        <OutOfProcess logger="{@logger}">
+            <xsl:text>&#10;        </xsl:text>
+            <xsl:comment>
+                <xsl:text>
+        &lt;Extensions&gt;
+           &lt;Library path="odbc-store.so" fatal="true"/&gt;
         &lt;/Extensions&gt;
         </xsl:text>
         &lt;/Extensions&gt;
         </xsl:text>
-        </xsl:comment>
-   &#160;</OutOfProcess>
+            </xsl:comment>
+            <xsl:text>&#10;    </xsl:text>
+        </OutOfProcess>
+        <xsl:text>&#10;</xsl:text>
     </xsl:template>
 
     <!-- Turn <Local> into <InProcess> with the <ISAPI> element up a level. -->
     <xsl:template match="oldconf:Local">
     </xsl:template>
 
     <!-- Turn <Local> into <InProcess> with the <ISAPI> element up a level. -->
     <xsl:template match="oldconf:Local">
-   &#160;<InProcess logger="{@logger}">
-        <xsl:if test="@unsetHeaderValue">
-            <xsl:attribute name="unsetHeaderValue"><xsl:value-of select="@unsetHeaderValue"/></xsl:attribute>
-        </xsl:if>
-        <xsl:apply-templates select="oldconf:Implementation/oldconf:ISAPI"/>
-   &#160;</InProcess>
+        <xsl:text>    </xsl:text>
+        <InProcess logger="{@logger}">
+            <xsl:if test="@unsetHeaderValue">
+                <xsl:attribute name="unsetHeaderValue"><xsl:value-of select="@unsetHeaderValue"/></xsl:attribute>
+            </xsl:if>
+            <xsl:text>&#10;</xsl:text>
+            <xsl:apply-templates select="oldconf:Implementation/oldconf:ISAPI"/>
+            <xsl:text>    </xsl:text>
+        </InProcess>
+        <xsl:text>&#10;</xsl:text>
     </xsl:template>
     <xsl:template match="oldconf:ISAPI">
     </xsl:template>
     <xsl:template match="oldconf:ISAPI">
-       &#160;<ISAPI>
-           <xsl:apply-templates select="@*"/>
-           <xsl:for-each select="oldconf:Site">
-           &#160;<Site>
-               <xsl:apply-templates select="@*"/>
-               <xsl:for-each select="oldconf:Alias">
-              &#160;<Alias><xsl:value-of select="text()"/></Alias>
-               </xsl:for-each>
-           &#160;</Site>
-           </xsl:for-each>
-       &#160;</ISAPI>
+        <xsl:text>        </xsl:text>
+        <ISAPI>
+            <xsl:apply-templates select="@*"/>
+            <xsl:for-each select="oldconf:Site">
+                <xsl:text>&#10;            </xsl:text>
+                <Site>
+                    <xsl:apply-templates select="@*"/>
+                    <xsl:for-each select="oldconf:Alias">
+                        <xsl:text>&#10;                </xsl:text>
+                        <Alias><xsl:value-of select="text()"/></Alias>
+                    </xsl:for-each>
+                    <xsl:text>&#10;            </xsl:text>
+                </Site>
+            </xsl:for-each>
+            <xsl:text>&#10;        </xsl:text>
+        </ISAPI>
+        <xsl:text>&#10;</xsl:text>
     </xsl:template>
 
     <!-- Pull in listeners up to the top level. -->
     <xsl:template match="oldconf:UnixListener">
     </xsl:template>
 
     <!-- Pull in listeners up to the top level. -->
     <xsl:template match="oldconf:UnixListener">
-   &#160;<UnixListener address="shibd.sock"/>
+        <xsl:text>    </xsl:text>
+        <UnixListener address="shibd.sock"/>
+        <xsl:text>&#10;</xsl:text>
     </xsl:template>
     <xsl:template match="oldconf:TCPListener">
     </xsl:template>
     <xsl:template match="oldconf:TCPListener">
-   &#160;<TCPListener address="{@address}" port="{@port}" acl="{@acl}"/>
+        <xsl:text>    </xsl:text>
+        <TCPListener address="{@address}" port="{@port}" acl="{@acl}"/>
+        <xsl:text>&#10;</xsl:text>
     </xsl:template>
 
     <!-- Transplant old RequestMap into the new namespace, but just copy all the settings. -->
     <xsl:template match="oldconf:RequestMapProvider">
     </xsl:template>
 
     <!-- Transplant old RequestMap into the new namespace, but just copy all the settings. -->
     <xsl:template match="oldconf:RequestMapProvider">
-   &#160;<RequestMapper type="Native">
-       <xsl:apply-templates select="./*"/>
-   &#160;</RequestMapper>
+        <xsl:text>    </xsl:text>
+        <RequestMapper type="Native">
+            <xsl:text>&#10;</xsl:text>
+            <xsl:apply-templates select="./*">
+                <xsl:with-param name="indent">8</xsl:with-param>
+            </xsl:apply-templates>
+            <xsl:text>    </xsl:text>
+        </RequestMapper>
+        <xsl:text>&#10;</xsl:text>
     </xsl:template>
 
     <xsl:template match="oldconf:Applications">
     </xsl:template>
 
     <xsl:template match="oldconf:Applications">
-   &#160;<ApplicationDefaults id="{@id}" policyId="default"
-           entityID="{@providerId}" homeURL="{@homeURL}"
-           REMOTE_USER="eppn persistent-id targeted-id"
-           signing="false" encryption="false">
-        <xsl:attribute name="timeout"><xsl:value-of select="../oldconf:Global/oldconf:MemorySessionCache/@AATimeout"/></xsl:attribute>
-        <xsl:attribute name="connectTimeout"><xsl:value-of select="../oldconf:Global/oldconf:MemorySessionCache/@AAConnectTimeout"/></xsl:attribute>
-        <xsl:if test="oldconf:CredentialUse/@TLS!=../oldconf:CredentialsProvider/cred:Credentials/cred:FileResolver[1]/@Id">
-            <xsl:attribute name="keyName"><xsl:value-of select="oldconf:CredentialUse/@TLS"/></xsl:attribute>
-        </xsl:if>
-        <xsl:if test="oldconf:CredentialUse/@signedAssertions">
-            <xsl:attribute name="requireSignedAssertions"><xsl:value-of select="oldconf:CredentialUse/@signedAssertions"/></xsl:attribute>   
-        </xsl:if>
-        <xsl:text>&#10;</xsl:text>
-        <xsl:apply-templates select="oldconf:Sessions"/>
-        <xsl:text>&#10;</xsl:text>
-        <xsl:apply-templates select="oldconf:Errors"/>
-        <xsl:text>&#10;</xsl:text>
-        <xsl:apply-templates select="oldconf:CredentialUse"/>
-        <xsl:text>&#10;</xsl:text>
-       &#160;<MetadataProvider type="Chaining">
-        <xsl:for-each select="oldconf:MetadataProvider|oldconf:FederationProvider">
-           &#160;<MetadataProvider type="XML" file="{@uri}"/>
-        </xsl:for-each>
-       &#160;</MetadataProvider>
-
-       &#160;<xsl:comment>
-           <xsl:text>&#160;Chain the two built-in trust engines together.&#160;</xsl:text>
-        </xsl:comment>
-       &#160;<TrustEngine type="Chaining">
-           &#160;<TrustEngine type="ExplicitKey"/>
-           &#160;<TrustEngine type="PKIX"/>
-       &#160;</TrustEngine>
-
-       &#160;<xsl:comment>
-           <xsl:text>&#160;Map to extract attributes from SAML assertions.&#160;</xsl:text>
-       </xsl:comment>
-       &#160;<AttributeExtractor type="XML" path="attribute-map.xml"/>
-        
-       &#160;<xsl:comment>
-           <xsl:text>&#160;Use a SAML query if no attributes are supplied during SSO.&#160;</xsl:text>
-       </xsl:comment>
-       &#160;<AttributeResolver type="Query"/>
-
-       &#160;<xsl:comment>
-           <xsl:text>&#160;Default filtering policy for recognized attributes, lets other data pass.&#160;</xsl:text>
-       </xsl:comment>
-       &#160;<AttributeFilter type="XML" path="attribute-policy.xml"/>
-
-        <xsl:text>&#10;</xsl:text>
-       
-        <!-- Step up and pull in credentials from the top level. -->
-        <xsl:apply-templates select="../oldconf:CredentialsProvider"/>
-       
-        <xsl:for-each select="oldconf:Application">
-           &#160;<ApplicationOverride>
-            <xsl:apply-templates select="@*"/>
+        <xsl:text>    </xsl:text>
+        <ApplicationDefaults id="{@id}" policyId="default" entityID="{@providerId}" homeURL="{@homeURL}" REMOTE_USER="eppn persistent-id targeted-id" signing="false" encryption="false">
+            <xsl:attribute name="timeout"><xsl:value-of select="../oldconf:Global/oldconf:MemorySessionCache/@AATimeout"/></xsl:attribute>
+            <xsl:attribute name="connectTimeout"><xsl:value-of select="../oldconf:Global/oldconf:MemorySessionCache/@AAConnectTimeout"/></xsl:attribute>
+            <xsl:if test="oldconf:CredentialUse/@TLS!=../oldconf:CredentialsProvider/cred:Credentials/cred:FileResolver[1]/@Id">
+                <xsl:attribute name="keyName"><xsl:value-of select="oldconf:CredentialUse/@TLS"/></xsl:attribute>
+            </xsl:if>
+            <xsl:if test="oldconf:CredentialUse/@signedAssertions">
+                <xsl:attribute name="requireSignedAssertions"><xsl:value-of select="oldconf:CredentialUse/@signedAssertions"/></xsl:attribute>   
+            </xsl:if>
+            <xsl:text>&#10;&#10;</xsl:text>
             <xsl:apply-templates select="oldconf:Sessions"/>
             <xsl:apply-templates select="oldconf:Sessions"/>
+            <xsl:text>&#10;</xsl:text>
             <xsl:apply-templates select="oldconf:Errors"/>
             <xsl:apply-templates select="oldconf:Errors"/>
+            <xsl:text>&#10;</xsl:text>
             <xsl:apply-templates select="oldconf:CredentialUse"/>
             <xsl:apply-templates select="oldconf:CredentialUse"/>
-            <xsl:if test="count(oldconf:MetadataProvider) + count(oldconf:FederationProvider) > 0">
-               &#160;<MetadataProvider type="Chaining">
+            <xsl:text>&#10;        </xsl:text>
+            <MetadataProvider type="Chaining">
                 <xsl:for-each select="oldconf:MetadataProvider|oldconf:FederationProvider">
                 <xsl:for-each select="oldconf:MetadataProvider|oldconf:FederationProvider">
-                   &#160;<MetadataProvider type="XML" file="{@uri}"/>
+                    <xsl:text>&#10;            </xsl:text>
+                    <MetadataProvider type="XML" file="{@uri}"/>
                 </xsl:for-each>
                 </xsl:for-each>
-                &#160;</MetadataProvider>
-            </xsl:if>
-           &#160;</ApplicationOverride>
-        </xsl:for-each>
+                <xsl:text>&#10;        </xsl:text>
+            </MetadataProvider>
+            <xsl:text>&#10;&#10;        </xsl:text>
+            <xsl:comment>
+                <xsl:text> Chain the two built-in trust engines together. </xsl:text>
+            </xsl:comment>
+            <xsl:text>&#10;        </xsl:text>
+            <TrustEngine type="Chaining">
+                <xsl:text>&#10;            </xsl:text>
+                <TrustEngine type="ExplicitKey"/>
+                <xsl:text>&#10;            </xsl:text>
+                <TrustEngine type="PKIX"/>
+                <xsl:text>&#10;        </xsl:text>
+            </TrustEngine>
+            <xsl:text>&#10;&#10;        </xsl:text>
+            <xsl:comment>
+                <xsl:text> Map to extract attributes from SAML assertions. </xsl:text>
+            </xsl:comment>
+            <xsl:text>&#10;        </xsl:text>
+            <AttributeExtractor type="XML" path="attribute-map.xml"/>
+            <xsl:text>&#10;&#10;        </xsl:text>
+            <xsl:comment>
+                <xsl:text> Use a SAML query if no attributes are supplied during SSO. </xsl:text>
+            </xsl:comment>
+            <xsl:text>&#10;        </xsl:text>
+            <AttributeResolver type="Query"/>
+            <xsl:text>&#10;&#10;        </xsl:text>
+            <xsl:comment>
+                <xsl:text> Default filtering policy for recognized attributes, lets other data pass. </xsl:text>
+            </xsl:comment>
+            <xsl:text>&#10;        </xsl:text>
+            <AttributeFilter type="XML" path="attribute-policy.xml"/>
+            <xsl:text>&#10;&#10;</xsl:text>
        
        
-   &#160;</ApplicationDefaults>
+            <!-- Step up and pull in credentials from the top level. -->
+            <xsl:apply-templates select="../oldconf:CredentialsProvider"/>
+       
+            <xsl:for-each select="oldconf:Application">
+                <xsl:text>&#10;        </xsl:text>
+                <ApplicationOverride>
+                    <xsl:apply-templates select="@*"/>
+                    <xsl:apply-templates select="oldconf:Sessions"/>
+                    <xsl:apply-templates select="oldconf:Errors"/>
+                    <xsl:apply-templates select="oldconf:CredentialUse"/>
+                    <xsl:if test="count(oldconf:MetadataProvider) + count(oldconf:FederationProvider) > 0">
+                        <xsl:text>&#10;            </xsl:text>
+                        <MetadataProvider type="Chaining">
+                        <xsl:for-each select="oldconf:MetadataProvider|oldconf:FederationProvider">
+                            <xsl:text>&#10;                </xsl:text>
+                            <MetadataProvider type="XML" file="{@uri}"/>
+                        </xsl:for-each>
+                        <xsl:text>&#10;            </xsl:text>
+                        </MetadataProvider>
+                    </xsl:if>
+                    <xsl:text>&#10;&#10;        </xsl:text>
+                </ApplicationOverride>
+            </xsl:for-each>
+       
+            <xsl:text>&#10;&#10;    </xsl:text>
+        </ApplicationDefaults>
     </xsl:template>
     
     <xsl:template match="oldconf:Sessions">
     </xsl:template>
     
     <xsl:template match="oldconf:Sessions">
-       &#160;<Sessions exportLocation="http://localhost/{@handlerURL}/GetAssertion">
-        <xsl:apply-templates select="@*"/>
-
-           &#160;<xsl:comment>
-            <xsl:text>
-           &#160;SessionInitiators handle session requests and relay them to a Discovery page,
-           &#160;or to an IdP if possible. Automatic session setup will use the default or first
-           &#160;element (or requireSessionWith can specify a specific one to use).
+        <xsl:text>        </xsl:text>
+        <Sessions exportLocation="http://localhost/{@handlerURL}/GetAssertion">
+            <xsl:apply-templates select="@*"/>
+            <xsl:text>&#10;&#10;            </xsl:text>
+            <xsl:comment>
+                <xsl:text>
+            SessionInitiators handle session requests and relay them to a Discovery page,
+            or to an IdP if possible. Automatic session setup will use the default or first
+            element (or requireSessionWith can specify a specific one to use).
             </xsl:text>
             </xsl:text>
-           </xsl:comment>
-        <xsl:for-each select="oldconf:SessionInitiator">
-            <xsl:text>&#10;</xsl:text>
-            <xsl:apply-templates select="."/>
-        </xsl:for-each>
-
-           &#160;<xsl:comment>
-            <xsl:text>
-           &#160;md:AssertionConsumerService locations handle specific SSO protocol bindings,
-           &#160;such as SAML 2.0 POST or SAML 1.1 Artifact. The isDefault and index attributes
-           &#160;are used when sessions are initiated to determine how to tell the IdP where and
-           &#160;how to return the response.
+            </xsl:comment>
+            <xsl:for-each select="oldconf:SessionInitiator">
+                <xsl:text>&#10;</xsl:text>
+                <xsl:apply-templates select="."/>
+            </xsl:for-each>
+            <xsl:text>&#10;            </xsl:text>
+            <xsl:comment>
+                <xsl:text>
+            md:AssertionConsumerService locations handle specific SSO protocol bindings,
+            such as SAML 2.0 POST or SAML 1.1 Artifact. The isDefault and index attributes
+            are used when sessions are initiated to determine how to tell the IdP where and
+            how to return the response.
             </xsl:text>
             </xsl:text>
-           </xsl:comment>
-           &#160;<md:AssertionConsumerService Location="/SAML2/POST" index="1"
-                Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
-           &#160;<md:AssertionConsumerService Location="/SAML2/POST-SimpleSign" index="2"
-                Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"/>
-           &#160;<md:AssertionConsumerService Location="/SAML2/Artifact" index="3"
-                Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
-           &#160;<md:AssertionConsumerService Location="/SAML2/ECP" index="4"
-                Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"/>
-           &#160;<md:AssertionConsumerService Location="/SAML/POST" index="5"
-                Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
-           &#160;<md:AssertionConsumerService Location="/SAML/Artifact" index="6"
-                Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>
+            </xsl:comment>
+            <xsl:text>&#10;            </xsl:text>
+            <md:AssertionConsumerService Location="/SAML2/POST" index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
+            <xsl:text>&#10;            </xsl:text>
+            <md:AssertionConsumerService Location="/SAML2/POST-SimpleSign" index="2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"/>
+            <xsl:text>&#10;            </xsl:text>
+            <md:AssertionConsumerService Location="/SAML2/Artifact" index="3" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
+            <xsl:text>&#10;            </xsl:text>
+            <md:AssertionConsumerService Location="/SAML2/ECP" index="4" Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"/>
+            <xsl:text>&#10;            </xsl:text>
+            <md:AssertionConsumerService Location="/SAML/POST" index="5" Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
+            <xsl:text>&#10;            </xsl:text>
+            <md:AssertionConsumerService Location="/SAML/Artifact" index="6" Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>
+            <xsl:text>&#10;&#10;            </xsl:text>
 
 
-           <!-- Turn the old local SLO location into the new LogoutInitiator location. -->
-           <xsl:variable name="LogoutLocation">
-               <xsl:choose>
-                   <xsl:when test="md:SingleLogoutService[1]">
-                       <xsl:value-of select="md:SingleLogoutService[1]/@Location"/>
-                   </xsl:when>
-                   <xsl:otherwise>/Logout</xsl:otherwise>
-               </xsl:choose>
-           </xsl:variable>
+            <!-- Turn the old local SLO location into the new LogoutInitiator location. -->
+            <xsl:variable name="LogoutLocation">
+                <xsl:choose>
+                    <xsl:when test="md:SingleLogoutService[1]">
+                        <xsl:value-of select="md:SingleLogoutService[1]/@Location"/>
+                    </xsl:when>
+                    <xsl:otherwise>/Logout</xsl:otherwise>
+                </xsl:choose>
+            </xsl:variable>
            
            
-           &#160;<xsl:comment>
-           <xsl:text>&#160;LogoutInitiators enable SP-initiated local or global/single logout of sessions.&#160;</xsl:text>
-           </xsl:comment>
-           &#160;<LogoutInitiator type="Chaining" Location="{$LogoutLocation}" relayState="cookie">
-               &#160;<LogoutInitiator type="SAML2" template="bindingTemplate.html"/>
-               &#160;<LogoutInitiator type="Local"/>
-           &#160;</LogoutInitiator>
+            <xsl:comment>
+            <xsl:text> LogoutInitiators enable SP-initiated local or global/single logout of sessions. </xsl:text>
+            </xsl:comment>
+            <xsl:text>&#10;            </xsl:text>
+            <LogoutInitiator type="Chaining" Location="{$LogoutLocation}" relayState="cookie">
+                <xsl:text>&#10;                </xsl:text>
+                <LogoutInitiator type="SAML2" template="bindingTemplate.html"/>
+                <xsl:text>&#10;                </xsl:text>
+                <LogoutInitiator type="Local"/>
+                <xsl:text>&#10;            </xsl:text>
+            </LogoutInitiator>
+            <xsl:text>&#10;&#10;            </xsl:text>
 
 
-           &#160;<xsl:comment>
-           <xsl:text>&#160;md:SingleLogoutService locations handle single logout (SLO) protocol messages.&#160;</xsl:text>
-           </xsl:comment>
-           &#160;<md:SingleLogoutService Location="/SLO/SOAP"
-                Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
-           &#160;<md:SingleLogoutService Location="/SLO/Redirect" conf:template="bindingTemplate.html"
-                Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
-           &#160;<md:SingleLogoutService Location="/SLO/POST" conf:template="bindingTemplate.html"
-                Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
-           &#160;<md:SingleLogoutService Location="/SLO/Artifact" conf:template="bindingTemplate.html"
-                Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
+            <xsl:comment>
+            <xsl:text> md:SingleLogoutService locations handle single logout (SLO) protocol messages. </xsl:text>
+            </xsl:comment>
+            <xsl:text>&#10;            </xsl:text>
+            <md:SingleLogoutService Location="/SLO/SOAP" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
+            <xsl:text>&#10;            </xsl:text>
+            <md:SingleLogoutService Location="/SLO/Redirect" conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
+            <xsl:text>&#10;            </xsl:text>
+            <md:SingleLogoutService Location="/SLO/POST" conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
+            <xsl:text>&#10;            </xsl:text>
+            <md:SingleLogoutService Location="/SLO/Artifact" conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
+            <xsl:text>&#10;&#10;            </xsl:text>
 
 
-           &#160;<xsl:comment>
-           <xsl:text>&#160;md:ManageNameIDService locations handle NameID management (NIM) protocol messages.&#160;</xsl:text>
-           </xsl:comment>
-           &#160;<md:ManageNameIDService Location="/NIM/SOAP"
-                Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
-           &#160;<md:ManageNameIDService Location="/NIM/Redirect" conf:template="bindingTemplate.html"
-                Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
-           &#160;<md:ManageNameIDService Location="/NIM/POST" conf:template="bindingTemplate.html"
-                Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
-           &#160;<md:ManageNameIDService Location="/NIM/Artifact" conf:template="bindingTemplate.html"
-                Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
+            <xsl:comment>
+            <xsl:text> md:ManageNameIDService locations handle NameID management (NIM) protocol messages. </xsl:text>
+            </xsl:comment>
+            <xsl:text>&#10;            </xsl:text>
+            <md:ManageNameIDService Location="/NIM/SOAP" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
+            <xsl:text>&#10;            </xsl:text>
+            <md:ManageNameIDService Location="/NIM/Redirect" conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
+            <xsl:text>&#10;            </xsl:text>
+            <md:ManageNameIDService Location="/NIM/POST" conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
+            <xsl:text>&#10;            </xsl:text>
+            <md:ManageNameIDService Location="/NIM/Artifact" conf:template="bindingTemplate.html" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
+            <xsl:text>&#10;&#10;            </xsl:text>
 
 
-           &#160;<xsl:comment>
+            <xsl:comment>
             <xsl:text>
             <xsl:text>
-           &#160;md:ArtifactResolutionService locations resolve artifacts issued when using the
-           &#160;SAML 2.0 HTTP-Artifact binding on outgoing messages, generally uses SOAP.
+            md:ArtifactResolutionService locations resolve artifacts issued when using the
+            SAML 2.0 HTTP-Artifact binding on outgoing messages, generally uses SOAP.
             </xsl:text>
             </xsl:text>
-           </xsl:comment>
-           &#160;<md:ArtifactResolutionService Location="/Artifact/SOAP" index="1"
-                Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
+            </xsl:comment>
+            <xsl:text>&#10;            </xsl:text>
+            <md:ArtifactResolutionService Location="/Artifact/SOAP" index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
+            <xsl:text>&#10;&#10;            </xsl:text>
 
 
-           &#160;<xsl:comment>
-           <xsl:text>&#160;Extension service that generates "approximate" metadata based on SP configuration.&#160;</xsl:text>
-           </xsl:comment>
-           &#160;<Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
+            <xsl:comment>
+            <xsl:text> Extension service that generates "approximate" metadata based on SP configuration. </xsl:text>
+            </xsl:comment>
+            <xsl:text>&#10;            </xsl:text>
+            <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
+            <xsl:text>&#10;&#10;            </xsl:text>
            
            
-           &#160;<xsl:comment>
-           <xsl:text>&#160;Status reporting service.&#160;</xsl:text>
-           </xsl:comment>
-           &#160;<Handler type="Status" Location="Status" acl="127.0.0.1"/>
+            <xsl:comment>
+            <xsl:text> Status reporting service. </xsl:text>
+            </xsl:comment>
+            <xsl:text>&#10;            </xsl:text>
+            <Handler type="Status" Location="Status" acl="127.0.0.1"/>
+            <xsl:text>&#10;&#10;            </xsl:text>
 
 
-           &#160;<xsl:comment>
-           <xsl:text>&#160;Session diagnostic service.&#160;</xsl:text>
-           </xsl:comment>
-           &#160;<Handler type="Session" Location="/Session"/>
-           
-       &#160;</Sessions>
+            <xsl:comment>
+            <xsl:text> Session diagnostic service. </xsl:text>
+            </xsl:comment>
+            <xsl:text>&#10;            </xsl:text>
+            <Handler type="Session" Location="/Session"/>
+            <xsl:text>&#10;        </xsl:text>
+        </Sessions>
+        <xsl:text>&#10;</xsl:text>
     </xsl:template>
     
     <xsl:template match="oldconf:SessionInitiator">
     </xsl:template>
     
     <xsl:template match="oldconf:SessionInitiator">
-           &#160;<SessionInitiator type="Chaining" Location="{@Location}" acsByIndex="false" relayState="cookie">
-               <xsl:if test="@id">
-                   <xsl:attribute name="id"><xsl:value-of select="@id"/></xsl:attribute>
-               </xsl:if>
-               <xsl:if test="@isDefault">
-                   <xsl:attribute name="isDefault"><xsl:value-of select="@isDefault"/></xsl:attribute>
-               </xsl:if>
-               <xsl:if test="@Location=../oldconf:SessionInitiator[1]/@Location">
-                   <xsl:if test="$idp">
-                       <xsl:attribute name="entityID"><xsl:value-of select="$idp"/></xsl:attribute>
-                   </xsl:if>
-               </xsl:if>
-               &#160;<SessionInitiator type="SAML2" defaultACSIndex="1" ECP="true" template="bindingTemplate.html"/>
-               &#160;<SessionInitiator type="Shib1" defaultACSIndex="4"/>
-               <xsl:if test="@wayfURL">
-                   <xsl:if test="@wayfBinding='urn:mace:shibboleth:1.0:profiles:AuthnRequest'">
-               &#160;<SessionInitiator type="WAYF" URL="{@wayfURL}"/>
-                   </xsl:if>
-               </xsl:if>
-           &#160;</SessionInitiator>
+        <xsl:text>            </xsl:text>
+        <SessionInitiator type="Chaining" Location="{@Location}" acsByIndex="false" relayState="cookie">
+            <xsl:if test="@id">
+                <xsl:attribute name="id"><xsl:value-of select="@id"/></xsl:attribute>
+            </xsl:if>
+            <xsl:if test="@isDefault">
+                <xsl:attribute name="isDefault"><xsl:value-of select="@isDefault"/></xsl:attribute>
+            </xsl:if>
+            <xsl:if test="@Location=../oldconf:SessionInitiator[1]/@Location">
+                <xsl:if test="$idp">
+                    <xsl:attribute name="entityID"><xsl:value-of select="$idp"/></xsl:attribute>
+                </xsl:if>
+            </xsl:if>
+            <xsl:text>&#10;                </xsl:text>
+            <SessionInitiator type="SAML2" defaultACSIndex="1" ECP="true" template="bindingTemplate.html"/>
+            <xsl:text>&#10;                </xsl:text>
+            <SessionInitiator type="Shib1" defaultACSIndex="4"/>
+            <xsl:text>&#10;</xsl:text>
+            <xsl:if test="@wayfURL">
+                <xsl:if test="@wayfBinding='urn:mace:shibboleth:1.0:profiles:AuthnRequest'">
+                    <xsl:text>                </xsl:text>
+                    <SessionInitiator type="WAYF" URL="{@wayfURL}"/>
+                    <xsl:text>&#10;</xsl:text>
+                </xsl:if>
+            </xsl:if>
+            <xsl:text>            </xsl:text>
+        </SessionInitiator>
+        <xsl:text>&#10;</xsl:text>
     </xsl:template>
     
     <!-- Map <Errors> element across, adding logout templates. -->
     <xsl:template match="oldconf:Errors">
     </xsl:template>
     
     <!-- Map <Errors> element across, adding logout templates. -->
     <xsl:template match="oldconf:Errors">
-       &#160;<Errors>
-       <xsl:apply-templates select="@*"/>
-       <xsl:attribute name="localLogout">localLogout.html</xsl:attribute>
-       <xsl:attribute name="globalLogout">globalLogout.html</xsl:attribute>
-       &#160;</Errors>
+        <xsl:text>        </xsl:text>
+        <Errors>
+            <xsl:apply-templates select="@*"/>
+            <xsl:attribute name="localLogout">localLogout.html</xsl:attribute>
+            <xsl:attribute name="globalLogout">globalLogout.html</xsl:attribute>
+            <xsl:text>&#10;        </xsl:text>
+        </Errors>
+        <xsl:text>&#10;</xsl:text>
     </xsl:template>
     
     <!-- Map <CredentialUse> element content into relying party overrides. -->
     <xsl:template match="oldconf:CredentialUse">
         <xsl:for-each select="oldconf:RelyingParty">
     </xsl:template>
     
     <!-- Map <CredentialUse> element content into relying party overrides. -->
     <xsl:template match="oldconf:CredentialUse">
         <xsl:for-each select="oldconf:RelyingParty">
-       &#160;<RelyingParty Name="{@Name}">
-           <xsl:if test="@TLS">
-               <xsl:attribute name="keyName"><xsl:value-of select="@TLS"/></xsl:attribute>
-           </xsl:if>
-       &#160;</RelyingParty>
+            <xsl:if test="@TLS">
+                <xsl:text>        </xsl:text>
+                <RelyingParty Name="{@Name}" keyName="{@TLS}"/>
+                <xsl:text>&#10;</xsl:text>
+            </xsl:if>
         </xsl:for-each>
     </xsl:template>
 
         </xsl:for-each>
     </xsl:template>
 
@@ -353,33 +437,54 @@
     <xsl:template match="oldconf:CredentialsProvider">
         <xsl:choose>
             <xsl:when test="count(//cred:FileResolver) > 1">
     <xsl:template match="oldconf:CredentialsProvider">
         <xsl:choose>
             <xsl:when test="count(//cred:FileResolver) > 1">
-       &#160;<CredentialResolver type="Chaining">
-                <xsl:apply-templates select="//cred:FileResolver"/>
-       &#160;</CredentialResolver>
+                <xsl:text>        </xsl:text>
+                <CredentialResolver type="Chaining">
+                    <xsl:text>&#10;</xsl:text>
+                    <xsl:apply-templates select="//cred:FileResolver">
+                        <xsl:with-param name="indent">12</xsl:with-param>
+                    </xsl:apply-templates>
+                    <xsl:text>        </xsl:text>
+                </CredentialResolver>
+                <xsl:text>&#10;</xsl:text>
             </xsl:when>
             <xsl:otherwise>
             </xsl:when>
             <xsl:otherwise>
-               <xsl:apply-templates select="//cred:FileResolver"/>
+                <xsl:apply-templates select="//cred:FileResolver">
+                    <xsl:with-param name="indent">8</xsl:with-param>
+                </xsl:apply-templates>
             </xsl:otherwise>
         </xsl:choose>
     </xsl:template>
     <xsl:template match="cred:FileResolver">
             </xsl:otherwise>
         </xsl:choose>
     </xsl:template>
     <xsl:template match="cred:FileResolver">
-       &#160;<CredentialResolver type="File" key="{cred:Key/cred:Path/text()}" certificate="{cred:Certificate/cred:Path/text()}" keyName="{@Id}"/>
+        <xsl:param name="indent"/>
+        <xsl:value-of select="substring($spaces,0,$indent)"/>
+        <CredentialResolver type="File" key="{cred:Key/cred:Path/text()}" certificate="{cred:Certificate/cred:Path/text()}" keyName="{@Id}"/>
+        <xsl:text>&#10;</xsl:text>
     </xsl:template>
 
     <!-- Generic rule to pass through all element node content while converting the namespace. -->
     <xsl:template match="oldconf:RequestMap|oldconf:Host|oldconf:HostRegex|oldconf:Path|oldconf:PathRegex|oldconf:htaccess|oldconf:AccessControl|oldconf:AND|oldconf:OR|oldconf:NOT">
     </xsl:template>
 
     <!-- Generic rule to pass through all element node content while converting the namespace. -->
     <xsl:template match="oldconf:RequestMap|oldconf:Host|oldconf:HostRegex|oldconf:Path|oldconf:PathRegex|oldconf:htaccess|oldconf:AccessControl|oldconf:AND|oldconf:OR|oldconf:NOT">
-       &#160;<xsl:element name="{name()}">
+        <xsl:param name="indent"/>
+        <xsl:value-of select="substring($spaces,0,$indent)"/>
+        <xsl:element name="{name()}">
             <xsl:apply-templates select="@*"/>
             <xsl:apply-templates select="@*"/>
-            <xsl:apply-templates select="./*"/>
-       &#160;</xsl:element>
+            <xsl:text>&#10;</xsl:text>
+            <xsl:apply-templates select="./*">
+                <xsl:with-param name="indent" select="$indent + 4"/>
+            </xsl:apply-templates>
+            <xsl:value-of select="substring($spaces,0,$indent)"/>
+        </xsl:element>
+        <xsl:text>&#10;</xsl:text>
     </xsl:template>
 
     <!-- Generic rule to pass through all attributes plus text content while converting the namespace. -->
     <xsl:template match="oldconf:Rule">
     </xsl:template>
 
     <!-- Generic rule to pass through all attributes plus text content while converting the namespace. -->
     <xsl:template match="oldconf:Rule">
-       &#160;<xsl:element name="{name()}">
+        <xsl:param name="indent"/>
+        <xsl:value-of select="substring($spaces,0,$indent)"/>
+        <xsl:element name="{name()}">
             <xsl:apply-templates select="@*"/>
             <xsl:value-of select="text()"/>
             <xsl:apply-templates select="@*"/>
             <xsl:value-of select="text()"/>
-       &#160;</xsl:element>
+        </xsl:element>
+        <xsl:text>&#10;</xsl:text>
     </xsl:template>
 
     <!-- Generic rule to pass through an attribute unmodified. -->
     </xsl:template>
 
     <!-- Generic rule to pass through an attribute unmodified. -->
Shibboleth SP