cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1348749 - in /cxf/fediz/trunk/plugins/core/src: main/java/org/apache/cxf/fediz/core/ main/java/org/apache/cxf/fediz/core/config/ main/resources/schemas/ test/java/org/apache/cxf/fediz/core/ test/java/org/apache/cxf/fediz/core/config/ test/...
Date Mon, 11 Jun 2012 08:42:51 GMT
Author: owulff
Date: Mon Jun 11 08:42:51 2012
New Revision: 1348749

URL: http://svn.apache.org/viewvc?rev=1348749&view=rev
Log:
[FEDIZ-1] WS-Federation Metadata document published at runtime in RP. Thanks for patch Juerg

Added:
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
    cxf/fediz/trunk/plugins/core/src/test/resources/fediz_meta_test_config.xml
Modified:
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
    cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java?rev=1348749&r1=1348748&r2=1348749&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
Mon Jun 11 08:42:51 2012
@@ -211,6 +211,13 @@ public final class FederationConstants {
     
     public static final String WS_TRUST_2005_02_NS = "http://schemas.xmlsoap.org/ws/2005/02/trust";
     
+    public static final String SAML2_METADATA_NS = "urn:oasis:names:tc:SAML:2.0:metadata";
+    
+    public static final String WS_FEDERATION_NS = "http://docs.oasis-open.org/wsfed/federation/200706";
+    
+    public static final String WS_ADDRESSING_NS = "http://www.w3.org/2005/08/addressing";
+    
+    public static final String SCHEMA_INSTANCE_NS = "http://www.w3.org/2001/XMLSchema-instance";
 
     
     private FederationConstants() {
         

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java?rev=1348749&r1=1348748&r2=1348749&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java
Mon Jun 11 08:42:51 2012
@@ -20,14 +20,17 @@
 package org.apache.cxf.fediz.core;
 
 import javax.servlet.http.HttpServletRequest;
-
+import org.w3c.dom.Document;
 import org.apache.cxf.fediz.core.config.FederationContext;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 
+
 public interface FederationProcessor {
 
     FederationResponse processRequest(FederationRequest request, FederationContext config)
throws ProcessingException;
     
     String createSignInRequest(HttpServletRequest request, FederationContext config) throws
ProcessingException;
 
+    Document getMetaData(FederationContext config) throws ProcessingException;
+
 }

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java?rev=1348749&r1=1348748&r2=1348749&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
Mon Jun 11 08:42:51 2012
@@ -38,6 +38,7 @@ import org.apache.cxf.fediz.core.config.
 import org.apache.cxf.fediz.core.config.FederationProtocol;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 import org.apache.cxf.fediz.core.exception.ProcessingException.TYPE;
+import org.apache.cxf.fediz.core.metadata.MetadataWriter;
 import org.apache.cxf.fediz.core.spi.HomeRealmCallback;
 import org.apache.cxf.fediz.core.spi.IDPCallback;
 import org.apache.cxf.fediz.core.spi.WAuthCallback;
@@ -72,7 +73,12 @@ public class FederationProcessorImpl imp
         }
         return response;
     }
+    
 
+    public Document getMetaData(FederationContext config) throws ProcessingException {
+        return new MetadataWriter().getMetaData(config);
+    }
+    
     protected FederationResponse processSignInRequest(
             FederationRequest request, FederationContext config)
         throws ProcessingException {

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java?rev=1348749&r1=1348748&r2=1348749&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
Mon Jun 11 08:42:51 2012
@@ -32,6 +32,7 @@ import org.apache.cxf.fediz.core.TokenRe
 import org.apache.cxf.fediz.core.config.jaxb.CertificateStores;
 import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
 import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
+import org.apache.cxf.fediz.core.config.jaxb.KeyManagersType;
 import org.apache.cxf.fediz.core.config.jaxb.KeyStoreType;
 import org.apache.cxf.fediz.core.config.jaxb.ProtocolType;
 import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
@@ -58,6 +59,7 @@ public class FederationContext implement
     private TokenReplayCache<String> replayCache;
     private FederationProtocol protocol;
     private List<TrustManager> certificateStores;
+    private KeyManager keyManager;
     
 
     public FederationContext(ContextConfig config) {
@@ -100,7 +102,7 @@ public class FederationContext implement
                 tm.setCrypto(crypto);
                 certificateStores.add(tm);
             } catch (WSSecurityException e) {
-                LOG.error("Failed to load keystore '" + tm.getName() + "'");
+                LOG.error("Failed to load keystore '" + tm.getName() + "'", e);
                 throw new IllegalConfigurationException("Failed to load keystore '" + tm.getName()
+ "'");
             }
         }
@@ -130,6 +132,30 @@ public class FederationContext implement
         return protocol;
     }
     
+    
+    
+    public KeyManager getSigningKey() {
+        //return new KeyManager(config.getSigningKey());
+        
+        if (keyManager != null) {
+            return keyManager;
+        }
+        keyManager = new KeyManager(config.getSigningKey());
+        Properties sigProperties = createCryptoProperties(config.getSigningKey());
+        Crypto crypto;
+        try {
+            crypto = CryptoFactory.getInstance(sigProperties);
+            keyManager.setCrypto(crypto);
+        } catch (WSSecurityException e) {
+            keyManager = null;
+            LOG.error("Failed to load keystore '" + keyManager.getName() + "'", e);
+            throw new IllegalConfigurationException("Failed to load keystore '" + keyManager.getName()
+ "'");
+        }
+        
+        return keyManager; 
+        
+    }
+
     @SuppressWarnings("unchecked")
     public TokenReplayCache<String> getTokenReplayCache() {
         if (replayCache != null) {
@@ -222,5 +248,44 @@ public class FederationContext implement
               trustStoreFile);
         return p;
     }
+    
+    private Properties createCryptoProperties(KeyManagersType km) {
+        String keyStoreFile = null;
+        String keyStorePw = null;
+        String keyType = "jks";
+        KeyStoreType ks = km.getKeyStore();
+        if (ks.getFile() != null && !ks.getFile().isEmpty()) {
+            keyStoreFile = ks.getFile();
+            keyStorePw = ks.getPassword();
+        } else {
+            throw new IllegalStateException("No certificate store configured");
+        }
+        File f = new File(keyStoreFile);
+        if (!f.exists() && getRelativePath() != null && !getRelativePath().isEmpty())
{
+            keyStoreFile = getRelativePath().concat(File.separator + keyStoreFile);
+        }
+        
+        if (keyStoreFile == null || keyStoreFile.isEmpty()) {
+            throw new NullPointerException("truststoreFile not configured");
+        }
+        if (keyStorePw == null || keyStorePw.isEmpty()) {
+            throw new NullPointerException("trustStorePw not configured");
+        }
+        if (ks.getType() != null) {
+            keyType = ks.getType();
+        }
+        
+        Properties p = new Properties();
+        p.put("org.apache.ws.security.crypto.provider",
+                "org.apache.ws.security.components.crypto.Merlin");
+        p.put("org.apache.ws.security.crypto.merlin.keystore.type", keyType);
+        p.put("org.apache.ws.security.crypto.merlin.keystore.password",
+              keyStorePw);
+        p.put("org.apache.ws.security.crypto.merlin.keystore.file",
+              keyStoreFile);
+        return p;
+    }
+    
+    
 
 }

Added: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java?rev=1348749&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
(added)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
Mon Jun 11 08:42:51 2012
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core.config;
+
+import org.apache.cxf.fediz.core.config.jaxb.KeyManagersType;
+import org.apache.ws.security.components.crypto.Crypto;
+
+public class KeyManager {
+    
+    private KeyManagersType keyManagerType;
+    private Crypto crypto;
+    private String name;
+
+    public KeyManager(KeyManagersType keyManager) {
+        super();
+        this.keyManagerType = keyManager;
+    }
+    
+    public String getName() {
+        if (name != null) {
+            return name;
+        }
+        if (keyManagerType.getKeyStore().getFile() != null) {
+            name = keyManagerType.getKeyStore().getFile();
+        } else if (keyManagerType.getKeyStore().getUrl() != null) {
+            name = keyManagerType.getKeyStore().getUrl();
+        } else if (keyManagerType.getKeyStore().getResource() != null) {
+            name = keyManagerType.getKeyStore().getResource();
+        }
+        return name;
+    }
+    
+    public Crypto getCrypto() {
+        return crypto;
+    }
+
+    public void setCrypto(Crypto crypto) {
+        this.crypto = crypto;
+    }
+
+    public String getKeyAlias() {
+        return keyManagerType.getKeyAlias();
+    }
+    
+    public String getKeyPassword() {
+        return keyManagerType.getKeyPassword();
+    }
+    
+
+}

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java?rev=1348749&r1=1348748&r2=1348749&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
Mon Jun 11 08:42:51 2012
@@ -23,6 +23,7 @@ import org.apache.cxf.fediz.core.config.
 import org.apache.ws.security.components.crypto.Crypto;
 
 public class TrustManager {
+    
     private TrustManagersType trustManagerType;
     private Crypto crypto;
     private String name;

Modified: cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd?rev=1348749&r1=1348748&r2=1348749&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd (original)
+++ cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd Mon Jun 11 08:42:51
2012
@@ -18,6 +18,7 @@
 				<xs:element ref="maximumClockSkew" />
 				<xs:element ref="tokenReplayCache" />
 				<xs:element ref="serviceCertificate" />
+				<xs:element ref="signingKey" />
 				<xs:element ref="trustedIssuers" />
 				<xs:element ref="protocol" />
 			</xs:sequence>
@@ -82,6 +83,7 @@
 
 	<!-- keystore type -->
 	<xs:element name="serviceCertificate" type="KeyManagersType" />
+	<xs:element name="signingKey" type="KeyManagersType" />
 
 	<xs:element name="protocol" type="protocolType" />
 
@@ -371,6 +373,15 @@
                 </xs:documentation>
 			</xs:annotation>
 		</xs:attribute>
+		<xs:attribute name="keyAlias" type="xs:string">
+			<xs:annotation>
+				<xs:documentation>
+					This attribute contains the alias of the selected 
+					key within the keystore.
+                </xs:documentation>
+			</xs:annotation>
+		</xs:attribute>
+		
 		<xs:attribute name="provider" type="xs:string">
 			<xs:annotation>
 				<xs:documentation>

Added: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java?rev=1348749&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
(added)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
Mon Jun 11 08:42:51 2012
@@ -0,0 +1,118 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core;
+
+import java.io.File;
+import java.net.URL;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Document;
+
+import junit.framework.Assert;
+
+import org.apache.cxf.fediz.common.SecurityTestUtil;
+import org.apache.cxf.fediz.core.config.FederationConfigurator;
+import org.apache.cxf.fediz.core.config.FederationContext;
+import org.apache.cxf.fediz.core.exception.ProcessingException;
+import org.apache.cxf.fediz.core.util.DOMUtils;
+
+import org.junit.AfterClass;
+
+import static org.junit.Assert.fail;
+
+public class FederationMetaDataTest {
+    private static final String CONFIG_FILE = "fediz_meta_test_config.xml";
+    
+    @AfterClass
+    public static void cleanup() {
+        SecurityTestUtil.cleanup();
+    }
+    
+
+    private FederationContext loadConfig(String context) {
+        try {
+            FederationConfigurator configurator = new FederationConfigurator();
+            final URL resource = Thread.currentThread().getContextClassLoader()
+                    .getResource(CONFIG_FILE);
+            File f = new File(resource.toURI());
+            configurator.loadConfig(f);
+            return configurator.getFederationContext(context);
+        } catch (Exception e) {
+            e.printStackTrace();
+            return null;
+        }
+    }
+    
+
+    @org.junit.Test
+    public void validateMetaDataWithAlias() throws ProcessingException {
+
+        FederationContext config = loadConfig("ROOT");
+
+        FederationProcessor wfProc = new FederationProcessorImpl();
+        Document doc = wfProc.getMetaData(config);
+        Assert.assertNotNull(doc);
+        
+        try {
+            DOMUtils.writeXml(doc, System.out);
+        } catch (TransformerException e) {
+            fail("Exception not expected: " + e.getMessage()); 
+        }
+        
+    }
+
+    @org.junit.Test
+    public void validateMetaDataNoAlias() throws ProcessingException {
+
+        try {
+            FederationContext config = loadConfig("ROOT_NO_KEY");
+
+            FederationProcessor wfProc = new FederationProcessorImpl();
+            Document doc;
+           
+            doc = wfProc.getMetaData(config);
+            Assert.assertNull(doc);          
+        } catch (ProcessingException ex) {
+            //Expected as signing store contains more than one certificate
+        }
+
+        
+    }
+    
+    @org.junit.Test
+    public void validateMetaDataNoSigningKey() throws ProcessingException {
+
+        FederationContext config = loadConfig("ROOT_NO_SIGNINGKEY");
+
+        FederationProcessor wfProc = new FederationProcessorImpl();
+        Document doc = wfProc.getMetaData(config);
+        Assert.assertNotNull(doc);
+        
+        try {
+            DOMUtils.writeXml(doc, System.out);
+        } catch (TransformerException e) {
+            fail("Exception not expected: " + e.getMessage()); 
+        }
+        
+    }
+   
+
+}

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java?rev=1348749&r1=1348748&r2=1348749&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
Mon Jun 11 08:42:51 2012
@@ -39,6 +39,7 @@ import org.apache.cxf.fediz.core.config.
 import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
 import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
 import org.apache.cxf.fediz.core.config.jaxb.FedizConfig;
+import org.apache.cxf.fediz.core.config.jaxb.KeyManagersType;
 import org.apache.cxf.fediz.core.config.jaxb.KeyStoreType;
 import org.apache.cxf.fediz.core.config.jaxb.TokenValidators;
 import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
@@ -69,6 +70,9 @@ public class FedizConfigurationWriterTes
     private static final String JKS_TYPE = "JKS";
 
     private static final String KEYSTORE_PASSWORD = "stsspass";
+    private static final String KEY_PASSWORD = "stskpass";
+    private static final String KEY_ALIAS = "mystskey";
+    
     private static final String AUDIENCE_URI_1 = "http://host_one:port/url";
 
     private static final String AUTH_TYPE_VALUE = "some auth type";
@@ -78,6 +82,8 @@ public class FedizConfigurationWriterTes
 
     private static final String CONFIG_FILE = "./target/fediz_test_config.xml";
     
+    
+    
     @AfterClass
     public static void cleanup() {
         SecurityTestUtil.cleanup();
@@ -96,6 +102,18 @@ public class FedizConfigurationWriterTes
         FederationProtocolType protocol = new FederationProtocolType();
         config.setProtocol(protocol);
 
+        KeyManagersType sigManager = new KeyManagersType();
+        sigManager.setKeyPassword(KEY_PASSWORD);
+        sigManager.setKeyAlias(KEY_ALIAS);
+        
+        KeyStoreType sigStore = new KeyStoreType();
+        sigStore.setType(JKS_TYPE);
+        sigStore.setPassword(KEYSTORE_PASSWORD);//integrity password
+        sigStore.setFile(KEYSTORE_FILE);
+        sigManager.setKeyStore(sigStore);
+        
+        config.setSigningKey(sigManager);
+        
         TrustedIssuers trustedIssuers = new TrustedIssuers();
              
         TrustedIssuerType trustedIssuer = new TrustedIssuerType();

Added: cxf/fediz/trunk/plugins/core/src/test/resources/fediz_meta_test_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/fediz_meta_test_config.xml?rev=1348749&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/resources/fediz_meta_test_config.xml (added)
+++ cxf/fediz/trunk/plugins/core/src/test/resources/fediz_meta_test_config.xml Mon Jun 11
08:42:51 2012
@@ -0,0 +1,108 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<FedizConfig>
+	<contextConfig name="ROOT">
+		<audienceUris>
+			<audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
+		</audienceUris>
+		<certificateStores>
+			<trustManager>
+				<keyStore file="stsstore.jks" password="stsspass"
+					type="JKS" />
+			</trustManager>
+		</certificateStores>
+		<trustedIssuers>
+			<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
+				name="DoubleItSTSIssuer" />
+		</trustedIssuers>
+		<maximumClockSkew>1000</maximumClockSkew>
+		<signingKey keyAlias="mystskey" keyPassword="stskpass">
+			<keyStore file="stsstore.jks" password="stsspass" type="JKS" />
+		</signingKey>
+		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+			xsi:type="federationProtocolType" version="1.2">
+			<realm>http://Server:Port/value from protocol.realm config property </realm>
+			<issuer>http://Server:Port/value from protocol.issuer config property</issuer>
+			<roleDelimiter>;</roleDelimiter>
+			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+			<authenticationType value="some auth type" type="String" />
+			<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+			<freshness>10000</freshness>
+			<reply>reply value</reply>
+			<request>REQUEST</request>
+			<claimTypesRequested>
+				<claimType type="a particular claim type" optional="true" />
+				<claimType type="another optional claim type" optional="true" />
+				<claimType type="and an mandatory claim type" optional="false" />
+			</claimTypesRequested>
+		</protocol>
+	</contextConfig>
+	<contextConfig name="ROOT_NO_KEY">
+		<audienceUris>
+			<audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
+		</audienceUris>
+		<certificateStores>
+			<trustManager>
+				<keyStore file="stsstore.jks" password="stsspass"
+					type="JKS" />
+			</trustManager>
+		</certificateStores>
+		<trustedIssuers>
+			<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
+				name="DoubleItSTSIssuer" />
+		</trustedIssuers>
+		<maximumClockSkew>1000</maximumClockSkew>
+		<signingKey keyPassword="stskpass">
+			<keyStore file="stsstore.jks" password="stsspass" type="JKS" />
+		</signingKey>
+		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+			xsi:type="federationProtocolType" version="1.2">
+			<realm>http://Server:Port/value from protocol.realm config property </realm>
+			<issuer>http://Server:Port/value from protocol.issuer config property</issuer>
+			<roleDelimiter>;</roleDelimiter>
+			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+			<authenticationType value="some auth type" type="String" />
+			<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+			<freshness>10000</freshness>
+			<reply>reply value</reply>
+			<request>REQUEST</request>
+			<claimTypesRequested>
+				<claimType type="a particular claim type" optional="true" />
+				<claimType type="another optional claim type" optional="true" />
+				<claimType type="and an mandatory claim type" optional="false" />
+			</claimTypesRequested>
+		</protocol>
+	</contextConfig>
+	<contextConfig name="ROOT_NO_SIGNINGKEY">
+		<audienceUris>
+			<audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
+		</audienceUris>
+		<certificateStores>
+			<trustManager>
+				<keyStore file="stsstore.jks" password="stsspass"
+					type="JKS" />
+			</trustManager>
+		</certificateStores>
+		<trustedIssuers>
+			<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
+				name="DoubleItSTSIssuer" />
+		</trustedIssuers>
+		<maximumClockSkew>1000</maximumClockSkew>
+		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+			xsi:type="federationProtocolType" version="1.2">
+			<realm>http://Server:Port/value from protocol.realm config property </realm>
+			<issuer>http://Server:Port/value from protocol.issuer config property</issuer>
+			<roleDelimiter>;</roleDelimiter>
+			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+			<authenticationType value="some auth type" type="String" />
+			<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+			<freshness>10000</freshness>
+			<reply>reply value</reply>
+			<request>REQUEST</request>
+			<claimTypesRequested>
+				<claimType type="a particular claim type" optional="true" />
+				<claimType type="another optional claim type" optional="true" />
+				<claimType type="and an mandatory claim type" optional="false" />
+			</claimTypesRequested>
+		</protocol>
+	</contextConfig>
+</FedizConfig>
\ No newline at end of file



Mime
View raw message