cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1500029 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/ services/sts/sts-core/src/main/java/org/apache/cxf/sts/ services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/ services/sts/s...
Date Fri, 05 Jul 2013 14:54:56 GMT
Author: coheigea
Date: Fri Jul  5 14:54:56 2013
New Revision: 1500029

URL: http://svn.apache.org/r1500029
Log:
[CXF-3883] - Merged Oli's 2.7.x patch to trunk

Added:
    cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/CustomIdentityMapper.java
    cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/SAMLRealmCNCodec.java
    cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/UriRealmParser.java
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/STSPropertiesMBean.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/StaticSTSProperties.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
    cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java
    cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml
    cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1500029&r1=1500028&r2=1500029&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Fri Jul  5 14:54:56 2013
@@ -957,6 +957,21 @@ public abstract class AbstractBindingBui
         //
         Object o = message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER);
     
+        if (o == null && message.getContextualProperty(SecurityConstants.TOKEN) != null) {
+            SecurityToken securityToken = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
+            Element tokenElement = (Element)securityToken.getToken();
+            String namespace = tokenElement.getNamespaceURI();
+            String localname = tokenElement.getLocalName();
+            SamlTokenType tokenType = token.getSamlTokenType();
+            if ((tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11)
+                && WSConstants.SAML_NS.equals(namespace) && "Assertion".equals(localname)) {
+                return new SamlAssertionWrapper(tokenElement);
+            } else if (tokenType == SamlTokenType.WssSamlV20Token11
+                && WSConstants.SAML2_NS.equals(namespace) && "Assertion".equals(localname)) {
+                return new SamlAssertionWrapper(tokenElement);
+            }
+        }
+        
         CallbackHandler handler = null;
         if (o instanceof CallbackHandler) {
             handler = (CallbackHandler)o;

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/STSPropertiesMBean.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/STSPropertiesMBean.java?rev=1500029&r1=1500028&r2=1500029&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/STSPropertiesMBean.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/STSPropertiesMBean.java Fri Jul  5 14:54:56 2013
@@ -26,6 +26,7 @@ import javax.security.auth.callback.Call
 import org.apache.cxf.sts.service.EncryptionProperties;
 import org.apache.cxf.sts.token.realm.Relationship;
 import org.apache.cxf.sts.token.realm.RelationshipResolver;
+import org.apache.cxf.sts.token.realm.SAMLRealmCodec;
 import org.apache.cxf.ws.security.sts.provider.STSException;
 import org.apache.wss4j.common.crypto.Crypto;
 
@@ -181,4 +182,16 @@ public interface STSPropertiesMBean {
      */    
     RelationshipResolver getRelationshipResolver();
     
+    /**
+     * Get the SAML Realm Codec object to use.
+     * @return the SAMLRealmCodec object to use.
+     */
+    SAMLRealmCodec getSamlRealmCodec();
+
+    /**
+     * Set the SAML Realm Codec object to use.
+     * @param samlRealmCodec the SAMLRealmCodec object to use.
+     */
+    void setSamlRealmCodec(SAMLRealmCodec samlRealmCodec);
+
 }

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/StaticSTSProperties.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/StaticSTSProperties.java?rev=1500029&r1=1500028&r2=1500029&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/StaticSTSProperties.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/StaticSTSProperties.java Fri Jul  5 14:54:56 2013
@@ -35,6 +35,7 @@ import org.apache.cxf.resource.ResourceM
 import org.apache.cxf.sts.service.EncryptionProperties;
 import org.apache.cxf.sts.token.realm.Relationship;
 import org.apache.cxf.sts.token.realm.RelationshipResolver;
+import org.apache.cxf.sts.token.realm.SAMLRealmCodec;
 import org.apache.cxf.ws.security.sts.provider.STSException;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
@@ -63,6 +64,7 @@ public class StaticSTSProperties impleme
     private IdentityMapper identityMapper;
     private List<Relationship> relationships;
     private RelationshipResolver relationshipResolver;
+    private SAMLRealmCodec samlRealmCodec;
 
     /**
      * Load the CallbackHandler, Crypto objects, if necessary.
@@ -387,5 +389,12 @@ public class StaticSTSProperties impleme
     public RelationshipResolver getRelationshipResolver() {
         return relationshipResolver;      
     }
-    
+
+    public SAMLRealmCodec getSamlRealmCodec() {
+        return samlRealmCodec;
+    }
+
+    public void setSamlRealmCodec(SAMLRealmCodec samlRealmCodec) {
+        this.samlRealmCodec = samlRealmCodec;
+    }
 }

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java?rev=1500029&r1=1500028&r2=1500029&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java Fri Jul  5 14:54:56 2013
@@ -19,14 +19,18 @@
 
 package org.apache.cxf.sts.operation;
 
+import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import javax.xml.bind.JAXBElement;
 import javax.xml.ws.WebServiceContext;
+import javax.xml.ws.handler.MessageContext;
 
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.sts.QNameConstants;
 import org.apache.cxf.sts.claims.RequestClaimCollection;
 import org.apache.cxf.sts.event.STSIssueFailureEvent;
@@ -56,6 +60,12 @@ import org.apache.cxf.ws.security.sts.pr
 import org.apache.cxf.ws.security.sts.provider.operation.IssueOperation;
 import org.apache.cxf.ws.security.sts.provider.operation.IssueSingleOperation;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.principal.SAMLTokenPrincipal;
+import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
 import org.springframework.context.ApplicationEvent;
 
 /**
@@ -113,7 +123,28 @@ public class TokenIssueOperation extends
             TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
             String tokenType = tokenRequirements.getTokenType();
     
-    
+            if (stsProperties.getSamlRealmCodec() != null) {
+                SamlAssertionWrapper assertion = fetchSAMLAssertionFromWSSecuritySAMLToken(context);
+
+                if (assertion != null) {
+                    String wssecRealm = stsProperties.getSamlRealmCodec().getRealmFromToken(assertion);
+                    SAMLTokenPrincipal samlPrincipal = new SAMLTokenPrincipalImpl(assertion);
+                    if (LOG.isLoggable(Level.FINE)) {
+                        LOG.fine("SAML token realm of user '" + samlPrincipal.getName() + "' is " + wssecRealm);
+                    }
+
+                    ReceivedToken wssecToken = new ReceivedToken(assertion.getElement());
+                    wssecToken.setState(STATE.VALID);
+                    TokenValidatorResponse tokenResponse = new TokenValidatorResponse();
+                    tokenResponse.setPrincipal(samlPrincipal);
+                    tokenResponse.setToken(wssecToken);
+                    tokenResponse.setTokenRealm(wssecRealm);
+                    tokenResponse.setAdditionalProperties(new HashMap<String, Object>());
+                    processValidToken(providerParameters, wssecToken, tokenResponse);
+                    providerParameters.setPrincipal(wssecToken.getPrincipal());
+                }
+            }
+
             // Validate OnBehalfOf token if present
             if (providerParameters.getTokenRequirements().getOnBehalfOf() != null) {
                 ReceivedToken validateTarget = providerParameters.getTokenRequirements().getOnBehalfOf();
@@ -323,6 +354,36 @@ public class TokenIssueOperation extends
 
         return response;
     }
+    
+    /**
+     * Method to fetch SAML assertion from the WS-Security header
+     */
+    private static SamlAssertionWrapper fetchSAMLAssertionFromWSSecuritySAMLToken(
+        WebServiceContext wsContext
+    ) {
+        MessageContext messageContext = wsContext.getMessageContext();
+        final List<WSHandlerResult> handlerResults = 
+            CastUtils.cast((List<?>) messageContext.get(WSHandlerConstants.RECV_RESULTS));
+
+        if (handlerResults != null && handlerResults.size() > 0) {
+            WSHandlerResult handlerResult = handlerResults.get(0);
+            List<WSSecurityEngineResult> engineResults = handlerResult.getResults();
+
+            for (WSSecurityEngineResult engineResult : engineResults) {
+                /*
+                   Integer actInt = (Integer)engineResult.get(WSSecurityEngineResult.TAG_ACTION);
+                    String id = (String)engineResult.get(WSSecurityEngineResult.TAG_ID);
+                    Element tokenElement = 
+                        (Element)engineResult.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
+                 */
+                Object token = engineResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+                if (token instanceof SamlAssertionWrapper) {
+                    return (SamlAssertionWrapper)token;
+                }
+            }
+        }
+        return null;
+    }
 
     /**
      * Construct a token containing the secret to return to the client. The secret is returned in a 

Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/CustomIdentityMapper.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/CustomIdentityMapper.java?rev=1500029&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/CustomIdentityMapper.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/CustomIdentityMapper.java Fri Jul  5 14:54:56 2013
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.common;
+
+import java.security.Principal;
+
+import org.apache.cxf.sts.IdentityMapper;
+import org.apache.wss4j.common.principal.CustomTokenPrincipal;
+
+/**
+ * A test implementation of IdentityMapper.
+ */
+public class CustomIdentityMapper implements IdentityMapper {
+
+    /**
+     * Map a principal in the source realm to the target realm
+     * @param sourceRealm the source realm of the Principal
+     * @param sourcePrincipal the principal in the source realm
+     * @param targetRealm the target realm of the Principal
+     * @return the principal in the target realm
+     */
+    public Principal mapPrincipal(String sourceRealm, Principal sourcePrincipal, String targetRealm) {
+        if ("a-issuer".equals(sourceRealm)) {
+            String name = sourcePrincipal.getName().toUpperCase();
+            return new CustomTokenPrincipal(name);
+        } else if ("b-issuer".equals(sourceRealm)) {
+            String name = sourcePrincipal.getName().toLowerCase();
+            return new CustomTokenPrincipal(name);
+        }
+        return null;
+    }
+
+}

Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/SAMLRealmCNCodec.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/SAMLRealmCNCodec.java?rev=1500029&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/SAMLRealmCNCodec.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/SAMLRealmCNCodec.java Fri Jul  5 14:54:56 2013
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.common;
+
+import org.apache.cxf.sts.token.realm.SAMLRealmCodec;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+
+public class SAMLRealmCNCodec implements SAMLRealmCodec {
+
+    @Override
+    public String getRealmFromToken(SamlAssertionWrapper assertion) {
+        return assertion.getIssuerString();
+    }
+}
+

Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/UriRealmParser.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/UriRealmParser.java?rev=1500029&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/UriRealmParser.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/UriRealmParser.java Fri Jul  5 14:54:56 2013
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.common;
+
+import java.util.StringTokenizer;
+
+import javax.xml.ws.WebServiceContext;
+
+import org.apache.cxf.sts.RealmParser;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+
+public class UriRealmParser implements RealmParser {
+
+    @Override
+    public String parseRealm(WebServiceContext context) throws STSException {
+        
+
+        String realm = null;
+        try {
+            String url = (String)context.getMessageContext().get("org.apache.cxf.request.url");
+            
+            StringTokenizer st = new StringTokenizer(url, "/");
+            
+            int count = st.countTokens();
+            if (count <= 4) {
+                return null;
+            }
+            count--;
+            for (int i = 0; i < count; i++) {
+                realm = st.nextToken();
+            }
+        } catch (Exception ex) {
+          // No realm found  
+        }
+        return realm;
+
+    }
+
+}

Modified: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java?rev=1500029&r1=1500028&r2=1500029&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java Fri Jul  5 14:54:56 2013
@@ -23,8 +23,10 @@ import java.security.cert.X509Certificat
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Properties;
 
 import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 
@@ -33,6 +35,20 @@ import org.w3c.dom.Element;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.jaxws.context.WebServiceContextImpl;
+import org.apache.cxf.jaxws.context.WrappedMessageContext;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.service.EncryptionProperties;
+import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.cxf.sts.token.provider.TokenProviderResponse;
+import org.apache.cxf.sts.token.realm.SAMLRealm;
+import org.apache.cxf.systest.sts.common.CommonCallbackHandler;
 import org.apache.cxf.systest.sts.common.SecurityTestUtil;
 import org.apache.cxf.systest.sts.deployment.STSServer;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
@@ -42,9 +58,12 @@ import org.apache.cxf.ws.security.trust.
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.principal.CustomTokenPrincipal;
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDocInfo;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.handler.RequestData;
@@ -240,7 +259,7 @@ public class IssueUnitTest extends Abstr
         // Get a token
         SecurityToken token = 
             requestSecurityToken(
-                SAML2_TOKEN_TYPE, BEARER_KEYTYPE, bst.getElement(), bus, DEFAULT_ADDRESS, null
+                SAML2_TOKEN_TYPE, BEARER_KEYTYPE, bst.getElement(), bus, DEFAULT_ADDRESS, null, null, null, null
             );
         assertTrue(SAML2_TOKEN_TYPE.equals(token.getTokenType()));
         assertTrue(token.getToken() != null);
@@ -361,13 +380,83 @@ public class IssueUnitTest extends Abstr
         bus.shutdown(true);
     }
     
+  //CHECKSTYLE:OFF
+    @org.junit.Test
+    public void testSAMLinWSSecToOtherRealm() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = IssueUnitTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        CallbackHandler callbackHandler = new CommonCallbackHandler();
+        
+        //Create SAML token
+        Element samlToken = 
+            createSAMLAssertion(WSConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey",
+                    callbackHandler, null, "alice", "a-issuer");
+        
+        String id = null;
+        QName elName = DOMUtils.getElementQName(samlToken);
+        if (elName.equals(new QName(WSConstants.SAML_NS, "Assertion"))
+            && samlToken.hasAttributeNS(null, "AssertionID")) {
+            id = samlToken.getAttributeNS(null, "AssertionID");
+        } else if (elName.equals(new QName(WSConstants.SAML2_NS, "Assertion"))
+            && samlToken.hasAttributeNS(null, "ID")) {
+            id = samlToken.getAttributeNS(null, "ID");
+        }
+        if (id == null) {
+            id = samlToken.getAttributeNS(WSConstants.WSU_NS, "Id");
+        }
+                
+        SecurityToken wstoken = new SecurityToken(id, samlToken, null, null);
+        Map<String, Object> properties = new HashMap<String, Object>();
+        properties.put(SecurityConstants.TOKEN, wstoken);
+        properties.put(SecurityConstants.TOKEN_ID, wstoken.getId());
+        
+        // Get a token
+        
+        SecurityToken token = 
+            requestSecurityToken(SAML2_TOKEN_TYPE, BEARER_KEYTYPE, null,
+                    bus, DEFAULT_ADDRESS, null, properties, "b-issuer", "Transport_SAML_Port");
+        
+        /*
+        SecurityToken token = 
+                requestSecurityToken(SAML2_TOKEN_TYPE, BEARER_KEYTYPE, null,
+                        bus, DEFAULT_ADDRESS, null, properties, "b-issuer", null);
+                        */
+        assertTrue(SAML2_TOKEN_TYPE.equals(token.getTokenType()));
+        assertTrue(token.getToken() != null);
+        
+        List<WSSecurityEngineResult> results = processToken(token);
+        assertTrue(results != null && results.size() == 1);
+        SamlAssertionWrapper assertion = 
+            (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(assertion != null);
+        assertTrue(assertion.isSigned());
+        
+        List<String> methods = assertion.getConfirmationMethods();
+        String confirmMethod = null;
+        if (methods != null && methods.size() > 0) {
+            confirmMethod = methods.get(0);
+        }
+        assertTrue(confirmMethod.contains("bearer"));
+        
+        assertTrue("b-issuer".equals(assertion.getIssuerString()));
+        String subjectName = assertion.getSaml2().getSubject().getNameID().getValue();
+        assertTrue("Subject must be ALICE instead of " + subjectName, "ALICE".equals(subjectName));
+        
+    }
+    
     private SecurityToken requestSecurityToken(
         String tokenType, 
         String keyType, 
         Bus bus,
         String endpointAddress
     ) throws Exception {
-        return requestSecurityToken(tokenType, keyType, null, bus, endpointAddress, null);
+        return requestSecurityToken(tokenType, keyType, null, bus, endpointAddress, null, null, null, null);
     }
     
     private SecurityToken requestSecurityToken(
@@ -377,7 +466,7 @@ public class IssueUnitTest extends Abstr
         String endpointAddress,
         String context
     ) throws Exception {
-        return requestSecurityToken(tokenType, keyType, null, bus, endpointAddress, context);
+        return requestSecurityToken(tokenType, keyType, null, bus, endpointAddress, context, null, null, null);
     }
     
     private SecurityToken requestSecurityToken(
@@ -386,23 +475,38 @@ public class IssueUnitTest extends Abstr
         Element supportingToken,
         Bus bus,
         String endpointAddress,
-        String context
+        String context,
+        Map<String, Object> msgProperties,
+        String realmUri,
+        String wsdlPort
     ) throws Exception {
         STSClient stsClient = new STSClient(bus);
         String port = "8443";
         if (standalone) {
             port = STSPORT;
         }
-        stsClient.setWsdlLocation("https://localhost:" + port + "/SecurityTokenService/Transport?wsdl");
+        if (realmUri != null) {
+            stsClient.setWsdlLocation("https://localhost:" + port + "/SecurityTokenService/" + realmUri
+                                      + "/Transport?wsdl");
+        } else {
+            stsClient.setWsdlLocation("https://localhost:" + port + "/SecurityTokenService/Transport?wsdl");
+        }
         stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
-        stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
-        
-        Map<String, Object> properties = new HashMap<String, Object>();
-        properties.put(SecurityConstants.USERNAME, "alice");
-        properties.put(
-            SecurityConstants.CALLBACK_HANDLER, 
-            "org.apache.cxf.systest.sts.common.CommonCallbackHandler"
-        );
+        if (wsdlPort != null) {
+            stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}" + wsdlPort);
+        } else {
+            stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
+        }
+
+        Map<String, Object> properties = msgProperties;
+        if (properties == null) {
+            properties = new HashMap<String, Object>();
+            properties.put(SecurityConstants.USERNAME, "alice");
+            properties.put(
+                SecurityConstants.CALLBACK_HANDLER, 
+                "org.apache.cxf.systest.sts.common.CommonCallbackHandler"
+            );
+        }
         properties.put(SecurityConstants.IS_BSP_COMPLIANT, "false");
         
         if (PUBLIC_KEY_KEYTYPE.equals(keyType)) {
@@ -424,6 +528,79 @@ public class IssueUnitTest extends Abstr
         return stsClient.requestSecurityToken(endpointAddress);
     }
     
+    private Properties getEncryptionProperties() {
+        Properties properties = new Properties();
+        properties.put(
+            "org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin"
+        );
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.password", "stsspass");
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.file", "stsstore.jks");
+
+        return properties;
+    }
+            
+    /*
+     * Mock up an SAML assertion element
+     */
+    private Element createSAMLAssertion(
+        String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler,
+        Map<String, SAMLRealm> realms, String user, String issuer
+    ) throws WSSecurityException {
+        SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
+        samlTokenProvider.setRealmMap(realms);
+
+        TokenProviderParameters providerParameters = 
+            createProviderParameters(
+                tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername,
+                callbackHandler, user, issuer
+            );
+        if (realms != null) {
+            providerParameters.setRealm("A");
+        }
+        TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+
+        return providerResponse.getToken();
+    }
+            
+    private TokenProviderParameters createProviderParameters(
+        String tokenType, String keyType, Crypto crypto, 
+        String signatureUsername, CallbackHandler callbackHandler,
+        String username, String issuer
+    ) throws WSSecurityException {
+        TokenProviderParameters parameters = new TokenProviderParameters();
+
+        TokenRequirements tokenRequirements = new TokenRequirements();
+        tokenRequirements.setTokenType(tokenType);
+        parameters.setTokenRequirements(tokenRequirements);
+
+        KeyRequirements keyRequirements = new KeyRequirements();
+        keyRequirements.setKeyType(keyType);
+        parameters.setKeyRequirements(keyRequirements);
+
+        parameters.setPrincipal(new CustomTokenPrincipal(username));
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        parameters.setWebServiceContext(webServiceContext);
+
+        parameters.setAppliesToAddress("http://dummy-service.com/dummy");
+
+        // Add STSProperties object
+        StaticSTSProperties stsProperties = new StaticSTSProperties();
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setSignatureUsername(signatureUsername);
+        stsProperties.setCallbackHandler(callbackHandler);
+        stsProperties.setIssuer(issuer);
+        parameters.setStsProperties(stsProperties);
+
+        parameters.setEncryptionProperties(new EncryptionProperties());
+
+        return parameters;
+    }
+
     private SecurityToken requestSecurityTokenTTL(
             String tokenType, 
             String keyType,

Modified: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml?rev=1500029&r1=1500028&r2=1500029&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport.xml Fri Jul  5 14:54:56 2013
@@ -47,66 +47,166 @@
         </cxf:features>
     </cxf:bus>
 
+    <bean id="transportSTSProviderBean2"
+        class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+        <property name="issueOperation" ref="transportIssueDelegate" />
+        <property name="validateOperation" ref="transportValidateDelegate" />
+    </bean>
+
+    <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+        <property name="tokenProviders" ref="transportTokenProviders" />
+        <property name="tokenValidators" ref="transportTokenValidators" />
+        <property name="services" ref="transportService" />
+        <property name="stsProperties" ref="transportSTSProperties" />
+    </bean>
+
+    <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
+        <property name="tokenValidators" ref="transportTokenValidators" />
+        <property name="stsProperties" ref="transportSTSProperties" />
+    </bean>
+
+    <util:list id="transportTokenValidators">
+        <ref bean="transportSamlTokenValidator" />
+    </util:list>
+
+    <util:list id="transportTokenProviders">
+        <ref bean="transportSamlTokenProvider" />
+    </util:list>
+
+
     <bean id="transportSTSProviderBean"
-	    class="org.apache.cxf.sts.provider.DefaultSecurityTokenServiceProvider">
-	    <property name="services" ref="transportService" />
-		<property name="stsProperties" ref="transportSTSProperties" />
-    </bean>
-
-	<bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
-		<property name="endpoints" ref="transportEndpoints" />
-	</bean>
-
-	<util:list id="transportEndpoints">
-		<value>https://localhost:(\d)*/doubleit/services/doubleittransport.*
-		</value>
-	</util:list>
-
-	<bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
-		<property name="signaturePropertiesFile" value="stsKeystore.properties" />
-		<property name="signatureUsername" value="mystskey" />
-		<property name="callbackHandlerClass"
-			value="org.apache.cxf.systest.sts.common.CommonCallbackHandler" />
-		<property name="encryptionPropertiesFile" value="stsKeystore.properties" />
-		<property name="issuer" value="DoubleItSTSIssuer" />
-		<property name="encryptionUsername" value="myservicekey" />
-	</bean>
-
-	<jaxws:endpoint id="transportSTS" implementor="#transportSTSProviderBean"
-		address="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/Transport"
-		wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl"
-		xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
-		serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port"
+        class="org.apache.cxf.sts.provider.DefaultSecurityTokenServiceProvider">
+        <property name="services" ref="transportService" />
+        <property name="stsProperties" ref="transportSTSProperties" />
+    </bean>
+
+ 
+    <bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
+        <property name="endpoints" ref="transportEndpoints" />
+    </bean>
+
+    <util:list id="transportEndpoints">
+        <value>https://localhost:(\d)*/doubleit/services/doubleittransport.*
+        </value>
+    </util:list>
+    
+    <bean id="transportSamlTokenValidator" class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
+        <property name="samlRealmCodec" ref="samlRealmCodec" />
+    </bean>
+    
+    <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
+        <property name="realmMap" ref="realms"/>
+    </bean>
+    
+    <bean id="realmA"
+        class="org.apache.cxf.sts.token.realm.SAMLRealm">
+        <property name="issuer" value="a-issuer"/>
+    </bean>
+    
+    <bean id="realmB"
+        class="org.apache.cxf.sts.token.realm.SAMLRealm">
+        <property name="issuer" value="b-issuer"/>
+    </bean>
+    
+    <util:map id="realms">
+        <entry key="a-issuer" value-ref="realmA"/>
+        <entry key="b-issuer" value-ref="realmB"/>
+    </util:map>
+    
+    
+    <bean id="samlRealmCodec" class="org.apache.cxf.systest.sts.common.SAMLRealmCNCodec" />
+    
+    <bean id="customRealmParser" class="org.apache.cxf.systest.sts.common.UriRealmParser" />
+    
+    <bean id="identityMapper" class="org.apache.cxf.systest.sts.common.CustomIdentityMapper" />
+    
+    <util:list id="relationships">
+        <bean class="org.apache.cxf.sts.token.realm.Relationship">
+            <property name="sourceRealm" value="a-issuer" />
+            <property name="targetRealm" value="b-issuer"/>
+            <property name="identityMapper" ref="identityMapper" />
+            <property name="type" value="FederatedIdentity" />
+        </bean>
+    </util:list>
+
+    <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+        <property name="signaturePropertiesFile" value="stsKeystore.properties" />
+        <property name="signatureUsername" value="mystskey" />
+        <property name="callbackHandlerClass"
+            value="org.apache.cxf.systest.sts.common.CommonCallbackHandler" />
+        <property name="encryptionPropertiesFile" value="stsKeystore.properties" />
+        <property name="issuer" value="DoubleItSTSIssuer" />
+        <property name="encryptionUsername" value="myservicekey" />
+
+        <property name="realmParser" ref="customRealmParser"/>
+
+        <property name="relationships" ref="relationships" />
+        <property name="samlRealmCodec" ref="samlRealmCodec" />
+    </bean>
+
+    <jaxws:endpoint id="transportSTS" implementor="#transportSTSProviderBean"
+        address="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/Transport"
+        wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl"
+        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+        serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port"
+                depends-on="ClientAuthHttpsSettings">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.sts.common.CommonCallbackHandler" />
+        </jaxws:properties>
+    </jaxws:endpoint>
+    
+    
+    <jaxws:endpoint id="transportSTS-realmB" implementor="#transportSTSProviderBean2"
+        address="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/b-issuer/Transport"
+        wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl"
+        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+        serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_SAML_Port"
+                depends-on="ClientAuthHttpsSettings">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.sts.common.CommonCallbackHandler" />
+            <entry key="ws-security.signature.properties" value="stsKeystore.properties"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <!--
+    <jaxws:endpoint id="transportSTS-realmB" implementor="#transportSTSProviderBean2"
+        address="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/b-issuer/Transport"
+        wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl"
+        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+        serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port"
                 depends-on="ClientAuthHttpsSettings">
-		<jaxws:properties>
-			<entry key="ws-security.callback-handler"
-				value="org.apache.cxf.systest.sts.common.CommonCallbackHandler" />
-		</jaxws:properties>
-	</jaxws:endpoint>
-
-	<httpj:engine-factory id="ClientAuthHttpsSettings"
-		bus="cxf">
-		<httpj:engine port="${testutil.ports.STSServer}">
-			<httpj:tlsServerParameters>
-				<sec:keyManagers keyPassword="skpass">
-					<sec:keyStore type="jks" password="sspass" resource="servicestore.jks" />
-				</sec:keyManagers>
-				<sec:trustManagers>
-					<sec:keyStore type="jks" password="stsspass" resource="stsstore.jks" />
-				</sec:trustManagers>
-				<sec:cipherSuitesFilter>
-					<sec:include>.*_EXPORT_.*</sec:include>
-					<sec:include>.*_EXPORT1024_.*</sec:include>
-					<sec:include>.*_WITH_DES_.*</sec:include>
-					<sec:include>.*_WITH_AES_.*</sec:include>
-					<sec:include>.*_WITH_NULL_.*</sec:include>
-					<sec:exclude>.*_DH_anon_.*</sec:exclude>
-				</sec:cipherSuitesFilter>
-				<sec:clientAuthentication want="false"
-					required="false" />
-			</httpj:tlsServerParameters>
-		</httpj:engine>
-	</httpj:engine-factory>
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.sts.common.CommonCallbackHandler" />
+            <entry key="ws-security.signature.properties" value="stsKeystore.properties"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    --> 
+
+    <httpj:engine-factory id="ClientAuthHttpsSettings"
+        bus="cxf">
+        <httpj:engine port="${testutil.ports.STSServer}">
+            <httpj:tlsServerParameters>
+                <sec:keyManagers keyPassword="skpass">
+                    <sec:keyStore type="jks" password="sspass" resource="servicestore.jks" />
+                </sec:keyManagers>
+                <sec:trustManagers>
+                    <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks" />
+                </sec:trustManagers>
+                <sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+                <sec:clientAuthentication want="false"
+                    required="false" />
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
         
 </beans>
 

Modified: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl?rev=1500029&r1=1500028&r2=1500029&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl Fri Jul  5 14:54:56 2013
@@ -107,298 +107,372 @@
 
   <wsdl:binding name="UT_Binding" type="wstrust:STS">
     <wsp:PolicyReference URI="#UT_policy" />
-  	<soap:binding style="document"
-  		transport="http://schemas.xmlsoap.org/soap/http" />
-  	<wsdl:operation name="Issue">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
-  		<wsdl:input>
-  		    <wsp:PolicyReference
+    <soap:binding style="document"
+        transport="http://schemas.xmlsoap.org/soap/http" />
+    <wsdl:operation name="Issue">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+        <wsdl:input>
+            <wsp:PolicyReference
                URI="#Input_policy" />
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  		    <wsp:PolicyReference
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <wsp:PolicyReference
                URI="#Output_policy" />
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="Validate">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
-  		<wsdl:input>
-  		    <wsp:PolicyReference
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="Validate">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+        <wsdl:input>
+            <wsp:PolicyReference
                URI="#Input_policy" />
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  		    <wsp:PolicyReference
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <wsp:PolicyReference
                URI="#Output_policy" />
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="Cancel">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
-  		<wsdl:input>
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="Renew">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
-  		<wsdl:input>
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="KeyExchangeToken">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
-  		<wsdl:input>
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="RequestCollection">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
-  		<wsdl:input>
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="Cancel">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="Renew">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="KeyExchangeToken">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="RequestCollection">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
   </wsdl:binding>
   
   <wsdl:binding name="UTEncrypted_Binding" type="wstrust:STS">
     <wsp:PolicyReference URI="#UTEncrypted_policy" />
-  	<soap:binding style="document"
-  		transport="http://schemas.xmlsoap.org/soap/http" />
-  	<wsdl:operation name="Issue">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
-  		<wsdl:input>
-  		    <wsp:PolicyReference
+    <soap:binding style="document"
+        transport="http://schemas.xmlsoap.org/soap/http" />
+    <wsdl:operation name="Issue">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+        <wsdl:input>
+            <wsp:PolicyReference
                URI="#Input_policy" />
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  		    <wsp:PolicyReference
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <wsp:PolicyReference
                URI="#Output_policy" />
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="Validate">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
-  		<wsdl:input>
-  		    <wsp:PolicyReference
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="Validate">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+        <wsdl:input>
+            <wsp:PolicyReference
                URI="#Input_policy" />
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  		    <wsp:PolicyReference
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <wsp:PolicyReference
                URI="#Output_policy" />
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="Cancel">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
-  		<wsdl:input>
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="Renew">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
-  		<wsdl:input>
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="KeyExchangeToken">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
-  		<wsdl:input>
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="RequestCollection">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
-  		<wsdl:input>
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="Cancel">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="Renew">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="KeyExchangeToken">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="RequestCollection">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
   </wsdl:binding>
   
   <wsdl:binding name="X509_Binding" type="wstrust:STS">
     <wsp:PolicyReference URI="#X509_policy" />
-  	<soap:binding style="document"
-  		transport="http://schemas.xmlsoap.org/soap/http" />
-  	<wsdl:operation name="Issue">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
-  		<wsdl:input>
-  		    <wsp:PolicyReference
+    <soap:binding style="document"
+        transport="http://schemas.xmlsoap.org/soap/http" />
+    <wsdl:operation name="Issue">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+        <wsdl:input>
+            <wsp:PolicyReference
                URI="#Input_policy" />
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  		    <wsp:PolicyReference
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <wsp:PolicyReference
                URI="#Output_policy" />
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="Validate">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
-  		<wsdl:input>
-  		    <wsp:PolicyReference
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="Validate">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+        <wsdl:input>
+            <wsp:PolicyReference
                URI="#Input_policy" />
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  		    <wsp:PolicyReference
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <wsp:PolicyReference
                URI="#Output_policy" />
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="Cancel">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
-  		<wsdl:input>
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="Renew">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
-  		<wsdl:input>
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="KeyExchangeToken">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
-  		<wsdl:input>
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="RequestCollection">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
-  		<wsdl:input>
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="Cancel">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="Renew">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="KeyExchangeToken">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="RequestCollection">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
   </wsdl:binding>
   
   <wsdl:binding name="Transport_Binding" type="wstrust:STS">
     <wsp:PolicyReference URI="#Transport_policy" />
-  	<soap:binding style="document"
-  		transport="http://schemas.xmlsoap.org/soap/http" />
-  	<wsdl:operation name="Issue">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
-  		<wsdl:input>
-  		    <wsp:PolicyReference
+    <soap:binding style="document"
+        transport="http://schemas.xmlsoap.org/soap/http" />
+    <wsdl:operation name="Issue">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+        <wsdl:input>
+            <wsp:PolicyReference
                URI="#Input_policy" />
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  		    <wsp:PolicyReference
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <wsp:PolicyReference
                URI="#Output_policy" />
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="Validate">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
-  		<wsdl:input>
-  		    <wsp:PolicyReference
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="Validate">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+        <wsdl:input>
+            <wsp:PolicyReference
                URI="#Input_policy" />
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  		    <wsp:PolicyReference
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <wsp:PolicyReference
                URI="#Output_policy" />
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="Cancel">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
-  		<wsdl:input>
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="Renew">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
-  		<wsdl:input>
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="KeyExchangeToken">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
-  		<wsdl:input>
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
-  	<wsdl:operation name="RequestCollection">
-  		<soap:operation
-  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
-  		<wsdl:input>
-  			<soap:body use="literal" />
-  		</wsdl:input>
-  		<wsdl:output>
-  			<soap:body use="literal" />
-  		</wsdl:output>
-  	</wsdl:operation>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="Cancel">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="Renew">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="KeyExchangeToken">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="RequestCollection">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+  </wsdl:binding>
+  
+  <wsdl:binding name="Transport_SAML_Binding" type="wstrust:STS">
+    <wsp:PolicyReference URI="#Transport_SAML_policy" />
+    <soap:binding style="document"
+        transport="http://schemas.xmlsoap.org/soap/http" />
+    <wsdl:operation name="Issue">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+        <wsdl:input>
+            <wsp:PolicyReference
+               URI="#Input_policy" />
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <wsp:PolicyReference
+               URI="#Output_policy" />
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="Validate">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+        <wsdl:input>
+            <wsp:PolicyReference
+               URI="#Input_policy" />
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <wsp:PolicyReference
+               URI="#Output_policy" />
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="Cancel">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="Renew">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="KeyExchangeToken">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="RequestCollection">
+        <soap:operation
+            soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+        <wsdl:input>
+            <soap:body use="literal" />
+        </wsdl:input>
+        <wsdl:output>
+            <soap:body use="literal" />
+        </wsdl:output>
+    </wsdl:operation>
   </wsdl:binding>
   
   <wsdl:service name="SecurityTokenService">
@@ -411,7 +485,10 @@
       <wsdl:port name="Transport_Port" binding="tns:Transport_Binding">
          <soap:address location="https://localhost:8443/SecurityTokenService/Transport" />
       </wsdl:port>
-       <wsdl:port name="UTEncrypted_Port" binding="tns:UTEncrypted_Binding">
+      <wsdl:port name="Transport_SAML_Port" binding="tns:Transport_SAML_Binding">
+         <soap:address location="https://localhost:8443/SecurityTokenService/Transport" />
+      </wsdl:port>       
+      <wsdl:port name="UTEncrypted_Port" binding="tns:UTEncrypted_Binding">
          <soap:address location="http://localhost:8080/SecurityTokenService/UTEncrypted" />
       </wsdl:port>
   </wsdl:service>
@@ -611,66 +688,166 @@
          </wsp:All>
       </wsp:ExactlyOne>
     </wsp:Policy>
-    
+
     <wsp:Policy wsu:Id="Transport_policy">
-      <wsp:ExactlyOne>
-         <wsp:All>
-            <wsap10:UsingAddressing/>
-            <sp:TransportBinding
-               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
-               <wsp:Policy>
-                  <sp:TransportToken>
-                     <wsp:Policy>
-                        <sp:HttpsToken>
-                            <wsp:Policy/>
-                        </sp:HttpsToken>
-                     </wsp:Policy>
-                  </sp:TransportToken>
-                  <sp:AlgorithmSuite>
-                     <wsp:Policy>
-                        <sp:Basic128 />
-                     </wsp:Policy>
-                  </sp:AlgorithmSuite>
-                  <sp:Layout>
-                     <wsp:Policy>
-                        <sp:Lax />
-                     </wsp:Policy>
-                  </sp:Layout>
-                  <sp:IncludeTimestamp />
-               </wsp:Policy>
-            </sp:TransportBinding>
-            <sp:SignedSupportingTokens
-               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
-               <wsp:Policy>
-                  <sp:UsernameToken
-                     sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
-                     <wsp:Policy>
-                        <sp:WssUsernameToken10 />
-                     </wsp:Policy>
-                  </sp:UsernameToken>
-               </wsp:Policy>
-            </sp:SignedSupportingTokens>
-            <sp:Wss11
-               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
-               <wsp:Policy>
-                  <sp:MustSupportRefKeyIdentifier />
-                  <sp:MustSupportRefIssuerSerial />
-                  <sp:MustSupportRefThumbprint />
-                  <sp:MustSupportRefEncryptedKey />
-               </wsp:Policy>
-            </sp:Wss11>
-            <sp:Trust13
-               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
-               <wsp:Policy>
-                  <sp:MustSupportIssuedTokens />
-                  <sp:RequireClientEntropy />
-                  <sp:RequireServerEntropy />
-               </wsp:Policy>
-            </sp:Trust13>
-         </wsp:All>
-      </wsp:ExactlyOne>
-   </wsp:Policy>
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <wsap10:UsingAddressing />
+                <sp:TransportBinding
+                    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <sp:TransportToken>
+                            <wsp:Policy>
+                                <sp:HttpsToken>
+                                    <wsp:Policy />
+                                </sp:HttpsToken>
+                            </wsp:Policy>
+                        </sp:TransportToken>
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:Basic128 />
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Lax />
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:IncludeTimestamp />
+                    </wsp:Policy>
+                </sp:TransportBinding>
+                <!-- <sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> 
+                    <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> 
+                    <wsp:Policy> <sp:WssUsernameToken10 /> </wsp:Policy> </sp:UsernameToken> 
+                    </wsp:Policy> </sp:SignedSupportingTokens> -->
+                <sp:SignedSupportingTokens
+                    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <wsp:ExactlyOne>
+                            <wsp:All>
+                                <wsp:Policy>
+                                    <sp:UsernameToken
+                                        sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                                        <wsp:Policy>
+                                            <sp:WssUsernameToken10 />
+                                        </wsp:Policy>
+                                    </sp:UsernameToken>
+                                </wsp:Policy>
+                            </wsp:All>
+                            <wsp:All>
+                                <wsp:Policy>
+                                    <sp:SamlToken
+                                        sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                                        <wsp:Policy>
+                                            <sp:WssSamlV20Token11 />
+                                        </wsp:Policy>
+                                    </sp:SamlToken>
+                                </wsp:Policy>
+                            </wsp:All>
+                        </wsp:ExactlyOne>
+                    </wsp:Policy>
+                </sp:SignedSupportingTokens>
+                <sp:Wss11
+                    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <sp:MustSupportRefKeyIdentifier />
+                        <sp:MustSupportRefIssuerSerial />
+                        <sp:MustSupportRefThumbprint />
+                        <sp:MustSupportRefEncryptedKey />
+                    </wsp:Policy>
+                </sp:Wss11>
+                <sp:Trust13
+                    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <sp:MustSupportIssuedTokens />
+                        <sp:RequireClientEntropy />
+                        <sp:RequireServerEntropy />
+                    </wsp:Policy>
+                </sp:Trust13>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
    
+   <wsp:Policy wsu:Id="Transport_SAML_policy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <wsap10:UsingAddressing />
+                <sp:TransportBinding
+                    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <sp:TransportToken>
+                            <wsp:Policy>
+                                <sp:HttpsToken>
+                                    <wsp:Policy />
+                                </sp:HttpsToken>
+                            </wsp:Policy>
+                        </sp:TransportToken>
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:Basic128 />
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Lax />
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:IncludeTimestamp />
+                    </wsp:Policy>
+                </sp:TransportBinding>
+                <!-- <sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> 
+                    <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> 
+                    <wsp:Policy> <sp:WssUsernameToken10 /> </wsp:Policy> </sp:UsernameToken> 
+                    </wsp:Policy> </sp:SignedSupportingTokens> -->
+                <sp:SignedSupportingTokens
+                    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <wsp:ExactlyOne>
+<!--                         
+                            <wsp:All>
+                                <wsp:Policy>
+                                    <sp:UsernameToken
+                                        sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                                        <wsp:Policy>
+                                            <sp:WssUsernameToken10 />
+                                        </wsp:Policy>
+                                    </sp:UsernameToken>
+                                </wsp:Policy>
+                            </wsp:All>
+ -->                            
+                            <wsp:All>
+                                <wsp:Policy>
+                                    <sp:SamlToken
+                                        sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                                        <wsp:Policy>
+                                            <sp:WssSamlV20Token11 />
+                                        </wsp:Policy>
+                                    </sp:SamlToken>
+                                </wsp:Policy>
+                            </wsp:All>
+                        </wsp:ExactlyOne>
+                    </wsp:Policy>
+                </sp:SignedSupportingTokens>
+                <sp:Wss11
+                    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <sp:MustSupportRefKeyIdentifier />
+                        <sp:MustSupportRefIssuerSerial />
+                        <sp:MustSupportRefThumbprint />
+                        <sp:MustSupportRefEncryptedKey />
+                    </wsp:Policy>
+                </sp:Wss11>
+                <sp:Trust13
+                    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <sp:MustSupportIssuedTokens />
+                        <sp:RequireClientEntropy />
+                        <sp:RequireServerEntropy />
+                    </wsp:Policy>
+                </sp:Trust13>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
    <wsp:Policy wsu:Id="Input_policy">
       <wsp:ExactlyOne>
          <wsp:All>



Mime
View raw message