cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1535508 - in /cxf/fediz/trunk/services/sts: ./ src/main/resources/ src/main/webapp/WEB-INF/ src/main/webapp/WEB-INF/wsdl/ src/realms/resources/ src/realms/webapp/WEB-INF/ src/realms/webapp/WEB-INF/wsdl/
Date Thu, 24 Oct 2013 19:41:01 GMT
Author: owulff
Date: Thu Oct 24 19:41:00 2013
New Revision: 1535508

URL: http://svn.apache.org/r1535508
Log:
Refactored STS to support two realms by default

Added:
    cxf/fediz/trunk/services/sts/src/main/resources/realma.cert
      - copied, changed from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert
    cxf/fediz/trunk/services/sts/src/main/resources/realmb.cert
      - copied, changed from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert
    cxf/fediz/trunk/services/sts/src/main/resources/stsKeystoreA.properties
      - copied, changed from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties
    cxf/fediz/trunk/services/sts/src/main/resources/stsKeystoreB.properties
      - copied, changed from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties
    cxf/fediz/trunk/services/sts/src/main/resources/stsTruststore.properties
      - copied, changed from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties
    cxf/fediz/trunk/services/sts/src/main/resources/stsrealm_a.jks
      - copied, changed from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks
    cxf/fediz/trunk/services/sts/src/main/resources/stsrealm_b.jks
      - copied, changed from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks
    cxf/fediz/trunk/services/sts/src/main/resources/ststrust.jks
      - copied, changed from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks
Removed:
    cxf/fediz/trunk/services/sts/src/main/resources/stsKeystore.properties
    cxf/fediz/trunk/services/sts/src/main/resources/stsstore.jks
    cxf/fediz/trunk/services/sts/src/realms/resources/log4j.properties
    cxf/fediz/trunk/services/sts/src/realms/resources/org.apache.cxf.Logger
    cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert
    cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert
    cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties
    cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties
    cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties
    cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks
    cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks
    cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks
    cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/cxf-transport.xml
    cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/passwords.xml
    cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml
    cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
    cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/wsdl/ws-trust-1.4.wsdl
Modified:
    cxf/fediz/trunk/services/sts/pom.xml
    cxf/fediz/trunk/services/sts/src/main/resources/log4j.properties
    cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
    cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/file.xml
    cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/passwords.xml
    cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/userClaims.xml
    cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl

Modified: cxf/fediz/trunk/services/sts/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/pom.xml?rev=1535508&r1=1535507&r2=1535508&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/pom.xml (original)
+++ cxf/fediz/trunk/services/sts/pom.xml Thu Oct 24 19:41:00 2013
@@ -81,106 +81,6 @@
 
 	<build>
 		<plugins>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-war-plugin</artifactId>
-				<version>2.1.1</version>
-				<configuration>
-					<webResources>
-						<resource>
-							<directory>src/main/webapp</directory>
-							<filtering>true</filtering>
-							<includes>
-								<include>**/cxf-transport.xml</include>
-							</includes>
-						</resource>
-						<resource>
-							<directory>src/main/webapp</directory>
-							<filtering>false</filtering>
-							<excludes>
-								<exclude>**/cxf-transport.xml</exclude>
-							</excludes>
-						</resource>
-					</webResources>
-				</configuration>
-			</plugin>
-			<plugin>
-				<artifactId>maven-surefire-plugin</artifactId>
-				<version>2.14</version>
-				<executions>
-					<execution>
-						<id>default-test</id>
-						<phase>test</phase>
-						<goals>
-							<goal>test</goal>
-						</goals>
-						<configuration>
-							<excludes>
-								<exclude>**/realms/**/IT*Test.java</exclude>
-							</excludes>
-						</configuration>
-					</execution>
-				</executions>
-			</plugin>
-			<plugin>
-				<!--for mvn tomcat:deploy/:undeploy/:redeploy -->
-				<groupId>org.codehaus.mojo</groupId>
-				<artifactId>tomcat-maven-plugin</artifactId>
-				<version>1.1</version>
-				<configuration>
-					<server>myTomcat</server>
-					<url>http://localhost:9080/manager/text</url>
-					<path>/${project.build.finalName}</path>
-				</configuration>
-			</plugin>
-		</plugins>
-
-		<!-- Name of the generated WAR file -->
-		<finalName>fediz-idp-sts</finalName>
-	</build>
-
-	<profiles>
-		<profile>
-			<id>ldap</id>
-			<properties>
-				<adapter.resource>ldap</adapter.resource>
-			</properties>
-			<dependencyManagement>
-				<dependencies>
-					<!-- spring-ldap-core uses 3.0.5 -->
-					<dependency>
-						<groupId>org.springframework</groupId>
-						<artifactId>spring-tx</artifactId>
-						<version>${spring.version}</version>
-					</dependency>
-				</dependencies>
-			</dependencyManagement>
-			<dependencies>
-				<dependency>
-					<groupId>org.springframework.ldap</groupId>
-					<artifactId>spring-ldap-core</artifactId>
-					<version>1.3.1.RELEASE</version>
-				</dependency>
-			</dependencies>
-		</profile>
-
-		<profile>
-			<id>realms</id>
-			<activation>
-				<activeByDefault>true</activeByDefault>
-			</activation>
-			<properties>
-
-			</properties>
-			<build>
-				<plugins>
-					<plugin>
-						<groupId>org.apache.maven.plugins</groupId>
-						<artifactId>maven-resources-plugin</artifactId>
-						<configuration>
-							<overwrite>true</overwrite>
-						</configuration>
-					</plugin>
 
 					<plugin>
 						<groupId>org.apache.maven.plugins</groupId>
@@ -189,14 +89,14 @@
 						<configuration>
 							<webResources>
 								<resource>
-									<directory>src/realms/webapp</directory>
+									<directory>src/main/webapp</directory>
 									<filtering>true</filtering>
 									<includes>
 										<include>**/cxf-transport.xml</include>
 									</includes>
 								</resource>
 								<resource>
-									<directory>src/realms/webapp</directory>
+									<directory>src/main/webapp</directory>
 									<filtering>false</filtering>
 									<excludes>
 										<exclude>**/cxf-transport.xml</exclude>
@@ -358,14 +258,65 @@
 							</execution>
 						</executions>
 					</plugin>
-				</plugins>
-				<resources>
-					<resource>
-						<directory>src/realms/resources</directory>
-					</resource>
-				</resources>
-			</build>
-		</profile>
 
+			<plugin>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<version>2.14</version>
+				<executions>
+					<execution>
+						<id>default-test</id>
+						<phase>test</phase>
+						<goals>
+							<goal>test</goal>
+						</goals>
+						<configuration>
+							<excludes>
+								<exclude>**/realms/**/IT*Test.java</exclude>
+							</excludes>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+			<plugin>
+				<!--for mvn tomcat:deploy/:undeploy/:redeploy -->
+				<groupId>org.codehaus.mojo</groupId>
+				<artifactId>tomcat-maven-plugin</artifactId>
+				<version>1.1</version>
+				<configuration>
+					<server>myTomcat</server>
+					<url>http://localhost:9080/manager/text</url>
+					<path>/${project.build.finalName}</path>
+				</configuration>
+			</plugin>
+		</plugins>
+
+		<!-- Name of the generated WAR file -->
+		<finalName>fediz-idp-sts</finalName>
+	</build>
+
+	<profiles>
+		<profile>
+			<id>ldap</id>
+			<properties>
+				<adapter.resource>ldap</adapter.resource>
+			</properties>
+			<dependencyManagement>
+				<dependencies>
+					<!-- spring-ldap-core uses 3.0.5 -->
+					<dependency>
+						<groupId>org.springframework</groupId>
+						<artifactId>spring-tx</artifactId>
+						<version>${spring.version}</version>
+					</dependency>
+				</dependencies>
+			</dependencyManagement>
+			<dependencies>
+				<dependency>
+					<groupId>org.springframework.ldap</groupId>
+					<artifactId>spring-ldap-core</artifactId>
+					<version>1.3.1.RELEASE</version>
+				</dependency>
+			</dependencies>
+		</profile>
 	</profiles>
 </project>

Modified: cxf/fediz/trunk/services/sts/src/main/resources/log4j.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/log4j.properties?rev=1535508&r1=1535507&r2=1535508&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/resources/log4j.properties (original)
+++ cxf/fediz/trunk/services/sts/src/main/resources/log4j.properties Thu Oct 24 19:41:00 2013
@@ -26,7 +26,6 @@ log4j.appender.LOGFILE.layout.Conversion
 log4j.appender.AUDIT=org.apache.log4j.FileAppender
 log4j.appender.AUDIT.File=${catalina.base}/logs/audit.log
 log4j.appender.AUDIT.Append=true
-log4j.appender.AUDIT.Threshold=INFO
+log4j.appender.AUDIT.Threshold=DEBUG
 log4j.appender.AUDIT.layout=org.apache.cxf.sts.event.LoggerPatternLayoutLog4J
 log4j.appender.AUDIT.layout.ConversionPattern=%m%n
-

Copied: cxf/fediz/trunk/services/sts/src/main/resources/realma.cert (from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/realma.cert?p2=cxf/fediz/trunk/services/sts/src/main/resources/realma.cert&p1=cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert&r1=1535507&r2=1535508&rev=1535508&view=diff
==============================================================================
    (empty)

Copied: cxf/fediz/trunk/services/sts/src/main/resources/realmb.cert (from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/realmb.cert?p2=cxf/fediz/trunk/services/sts/src/main/resources/realmb.cert&p1=cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert&r1=1535507&r2=1535508&rev=1535508&view=diff
==============================================================================
    (empty)

Copied: cxf/fediz/trunk/services/sts/src/main/resources/stsKeystoreA.properties (from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/stsKeystoreA.properties?p2=cxf/fediz/trunk/services/sts/src/main/resources/stsKeystoreA.properties&p1=cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties&r1=1535507&r2=1535508&rev=1535508&view=diff
==============================================================================
    (empty)

Copied: cxf/fediz/trunk/services/sts/src/main/resources/stsKeystoreB.properties (from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/stsKeystoreB.properties?p2=cxf/fediz/trunk/services/sts/src/main/resources/stsKeystoreB.properties&p1=cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties&r1=1535507&r2=1535508&rev=1535508&view=diff
==============================================================================
    (empty)

Copied: cxf/fediz/trunk/services/sts/src/main/resources/stsTruststore.properties (from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/stsTruststore.properties?p2=cxf/fediz/trunk/services/sts/src/main/resources/stsTruststore.properties&p1=cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties&r1=1535507&r2=1535508&rev=1535508&view=diff
==============================================================================
    (empty)

Copied: cxf/fediz/trunk/services/sts/src/main/resources/stsrealm_a.jks (from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/stsrealm_a.jks?p2=cxf/fediz/trunk/services/sts/src/main/resources/stsrealm_a.jks&p1=cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks&r1=1535507&r2=1535508&rev=1535508&view=diff
==============================================================================
    (empty)

Copied: cxf/fediz/trunk/services/sts/src/main/resources/stsrealm_b.jks (from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/stsrealm_b.jks?p2=cxf/fediz/trunk/services/sts/src/main/resources/stsrealm_b.jks&p1=cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks&r1=1535507&r2=1535508&rev=1535508&view=diff
==============================================================================
    (empty)

Copied: cxf/fediz/trunk/services/sts/src/main/resources/ststrust.jks (from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/ststrust.jks?p2=cxf/fediz/trunk/services/sts/src/main/resources/ststrust.jks&p1=cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks&r1=1535507&r2=1535508&rev=1535508&view=diff
==============================================================================
    (empty)

Modified: cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml?rev=1535508&r1=1535507&r2=1535508&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml (original)
+++ cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml Thu Oct 24 19:41:00 2013
@@ -1,4 +1,3 @@
-<?xml version="1.0" encoding="UTF-8"?>
 <beans xmlns="http://www.springframework.org/schema/beans"
 	xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws"
 	xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -18,35 +17,37 @@
         http://cxf.apache.org/configuration/security
         http://cxf.apache.org/schemas/configuration/security.xsd">
 
-	<cxf:bus>
-		<cxf:features>
-			<cxf:logging />
-		</cxf:features>
-	</cxf:bus>
+	<import resource="classpath:META-INF/cxf/cxf.xml" />
 	
+	<bean id="loggerListener" class="org.apache.cxf.sts.event.LoggerListener" />
+
 	<!--
 		Per default the resource <file.xml> is imported.
 		If built with Maven Profile 'ldap', the resource <ldap.xml> is imported
 	-->
 	<import resource="${adapter.resource}.xml" />
+
+	<cxf:bus>
+		<cxf:features>
+			<cxf:logging />
+		</cxf:features>
+	</cxf:bus>
 	
-	<bean id="loggerListener" class="org.apache.cxf.sts.event.LoggerListener" />
-	
+	<bean id="samlDelegationHandler" 
+	      class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" />
+
 	<bean id="transportSTSProviderBean"
 		class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
 		<property name="issueOperation" ref="transportIssueDelegate" />
 		<property name="validateOperation" ref="transportValidateDelegate" />
 	</bean>
-	
-	<bean id="samlDelegationHandler" 
-	      class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" />
 
 	<bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
 		<property name="tokenProviders" ref="transportTokenProviders" />
-		<property name="tokenValidators" ref="transportTokenValidators" />
 		<property name="services" ref="transportService" />
 		<property name="stsProperties" ref="transportSTSProperties" />
 		<property name="claimsManager" ref="claimsManager" />
+		<property name="tokenValidators" ref="transportTokenValidators" />
 		<property name="eventListener" ref="loggerListener" />
 		<property name="delegationHandlers" ref="samlDelegationHandler" />
 	</bean>
@@ -56,7 +57,23 @@
 		<property name="stsProperties" ref="transportSTSProperties" />
 		<property name="eventListener" ref="loggerListener" />
 	</bean>
-
+    
+    <util:list id="relationships">
+		<bean class="org.apache.cxf.sts.token.realm.Relationship">
+			<property name="sourceRealm" value="REALMA" />
+			<property name="targetRealm" value="REALMB"/>
+			<property name="identityMapper" ref="identityMapper" />
+			<property name="type" value="FederatedIdentity" />
+		</bean>
+		<bean class="org.apache.cxf.sts.token.realm.Relationship">
+			<property name="sourceRealm" value="REALMB" />
+			<property name="targetRealm" value="REALMA"/>
+			<property name="identityMapper" ref="identityMapper" />
+			<property name="type" value="FederatedIdentity" />
+		</bean>		
+	</util:list>
+ 
+ 
 	<util:list id="transportTokenProviders">
 		<ref bean="transportSamlTokenProvider" />
 	</util:list>
@@ -65,38 +82,69 @@
 		<ref bean="transportSamlTokenValidator" />
 	</util:list>
 
+
+	<bean id="realmA"
+        class="org.apache.cxf.sts.token.realm.SAMLRealm">
+        <property name="issuer" value="STS Realm A"/>
+        <property name="signaturePropertiesFile" value="stsKeystoreA.properties" />
+        <property name="callbackHandlerClass" value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
+    </bean>
+    
+    <bean id="realmB"
+        class="org.apache.cxf.sts.token.realm.SAMLRealm">
+        <property name="issuer" value="STS Realm B"/>
+        <property name="signaturePropertiesFile" value="stsKeystoreB.properties" />
+        <property name="callbackHandlerClass" value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
+    </bean>
+    
+    <util:map id="realms">
+        <entry key="REALMA" value-ref="realmA"/>
+        <entry key="REALMB" value-ref="realmB"/>
+    </util:map>
+
+
 	<bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
 		<property name="attributeStatementProviders" ref="attributeStatementProvidersList" />
+		<property name="realmMap" ref="realms" />
 		<property name="conditionsProvider" ref="conditionsProvider" />
 	</bean>
-
+	
 	<bean id="conditionsProvider"
 		class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
 		<property name="lifetime" value="1200" />
 		<property name="acceptClientLifetime" value="true" />
 	</bean>
 
-	<bean id="transportSamlTokenValidator" class="org.apache.cxf.sts.token.validator.SAMLTokenValidator" />
-
-
-	<bean id="transportX509TokenValidator" class="org.apache.cxf.sts.token.validator.X509TokenValidator" />
-
-
-	<bean id="transportUsernameTokenValidator"
-		class="org.apache.cxf.sts.token.validator.UsernameTokenValidator" />
-
-
 	<util:list id="attributeStatementProvidersList">
-		<ref bean="claimsAttributeProvider" />
+		<ref bean="claimAttributeProvider" />
 	</util:list>
 
-	<bean id="claimsAttributeProvider"
-		class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider" />
+	<bean id="claimAttributeProvider"
+		class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider">
+	</bean>
 
 	<bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
 		<property name="claimHandlers" ref="claimHandlerList" />
 	</bean>
 
+
+	
+	<bean id="identityMapper" class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" />
+	
+	<bean id="samlRealmCodec" class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" />
+	
+	<bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser"/>
+	
+
+	
+	<bean id="transportSamlTokenValidator" class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
+	    <property name="samlRealmCodec" ref="samlRealmCodec" />
+	</bean>
+	
+	<bean id="transportUsernameTokenValidator"
+		class="org.apache.cxf.sts.token.validator.UsernameTokenValidator">
+	</bean>
+
 	<bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
 		<property name="endpoints" ref="transportEndpoints" />
 	</bean>
@@ -104,24 +152,39 @@
 	<util:list id="transportEndpoints">
 		<value>.*</value>
 	</util:list>
-
+	  
 	<bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
-		<property name="signaturePropertiesFile" value="stsKeystore.properties" />
-		<property name="signatureUsername" value="mystskey" />
 		<property name="callbackHandlerClass"
 			value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
-		<property name="encryptionPropertiesFile" value="stsKeystore.properties" />
 		<property name="issuer" value="Fediz STS" />
-		<property name="encryptionUsername" value="myservicekey" />
+		<property name="realmParser" ref="customRealmParser"/>
+		<property name="signaturePropertiesFile" value="stsTruststore.properties" />
+		<property name="relationships" ref="relationships" />
 	</bean>
 	
-	<jaxws:endpoint id="transportSTS2" implementor="#transportSTSProviderBean"
-		address="/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+	
+	<jaxws:endpoint id="transportSTSRealmA" implementor="#transportSTSProviderBean"
+		address="/REALMA/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
 		xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
 		serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
 		<jaxws:properties>
 		</jaxws:properties>
-	</jaxws:endpoint>	
+	</jaxws:endpoint>
+	
+
+
+	<jaxws:endpoint id="transportSTSRealmB" implementor="#transportSTSProviderBean"
+		address="/REALMB/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+		xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+		serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
+		<jaxws:properties>
+		</jaxws:properties>
+	</jaxws:endpoint>
+
+
+
+
 
+ 
 </beans>
 

Modified: cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/file.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/file.xml?rev=1535508&r1=1535507&r2=1535508&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/file.xml (original)
+++ cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/file.xml Thu Oct 24 19:41:00 2013
@@ -14,27 +14,49 @@
     <import resource="userClaims.xml" />
     <import resource="passwords.xml" />
     
+
     <util:list id="claimHandlerList">
-		<ref bean="claimsHandler" />
-	</util:list>
+        <ref bean="claimsHandlerA" />
+        <ref bean="claimsHandlerB" />
+    </util:list>
     
-	<bean id="claimsHandler" class="org.apache.cxf.fediz.service.sts.FileClaimsHandler">
-		<property name="userClaims" ref="userClaims" />
-		<property name="supportedClaims" ref="supportedClaims" />
-	</bean>
+    <bean id="claimsHandlerA" class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler">
+        <property name="userClaims" ref="userClaimsREALMA" />
+        <property name="supportedClaims" ref="supportedClaims" />
+        <property name="realm" value="REALMA" />
+    </bean>
+	
+    <bean id="claimsHandlerB" class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler">
+        <property name="userClaims" ref="userClaimsREALMB" />
+        <property name="supportedClaims" ref="supportedClaims" />
+        <property name="realm" value="REALMB" />
+    </bean>
 
-	<bean id="upCallBackHandler"
-		class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
-		<property name="passwords" ref="passwords" />
-	</bean>
+    
+    <bean id="upCallBackHandlerRealmA" class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
+        <property name="passwords" ref="REALMA" />
+    </bean>
+
+    <bean id="upCallBackHandlerRealmB" class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
+        <property name="passwords" ref="REALMB" />
+    </bean>
 	
-	<jaxws:endpoint id="transportSTS1" implementor="#transportSTSProviderBean"
-		address="/STSService" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
-		xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
-		serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
-		<jaxws:properties>
-			<entry key="ws-security.callback-handler" value-ref="upCallBackHandler" />
-		</jaxws:properties>
-	</jaxws:endpoint>
+    <jaxws:endpoint id="transportSTSRealmAUT" implementor="#transportSTSProviderBean"
+        address="/REALMA/STSServiceTransportUT" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+        serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmA" />
+        </jaxws:properties>
+    </jaxws:endpoint>
+
+    <jaxws:endpoint id="transportSTSRealmBUT" implementor="#transportSTSProviderBean"
+        address="/REALMB/STSServiceTransportUT" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+        serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmB" />
+        </jaxws:properties>
+    </jaxws:endpoint>
 
-</beans>
\ No newline at end of file
+</beans>

Modified: cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/passwords.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/passwords.xml?rev=1535508&r1=1535507&r2=1535508&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/passwords.xml (original)
+++ cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/passwords.xml Thu Oct 24 19:41:00 2013
@@ -8,7 +8,7 @@
         http://www.springframework.org/schema/util/spring-util-2.0.xsd">
 
 
-	<util:map id="passwords">
+	<util:map id="REALMA">
 		<entry key="alice"
 			value="ecila" />
 		<entry key="bob"
@@ -16,5 +16,14 @@
 		<entry key="ted"
 			value="det" />
 	</util:map>
+	
+	<util:map id="REALMB">
+		<entry key="ALICE"
+			value="ECILA" />
+		<entry key="BOB"
+			value="BOB" />
+		<entry key="TED"
+			value="DET" />
+	</util:map>
 
 </beans>
\ No newline at end of file

Modified: cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/userClaims.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/userClaims.xml?rev=1535508&r1=1535507&r2=1535508&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/userClaims.xml (original)
+++ cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/userClaims.xml Thu Oct 24 19:41:00 2013
@@ -7,45 +7,88 @@
         http://www.springframework.org/schema/util
         http://www.springframework.org/schema/util/spring-util-2.0.xsd">
 
-	<util:map id="userClaims">
+	<util:map id="userClaimsREALMA">
 		<entry key="alice"
-			value-ref="aliceClaims" />
+			value-ref="REALMA_aliceClaims" />
 		<entry key="bob"
-			value-ref="bobClaims" />
+			value-ref="REALMA_bobClaims" />
 		<entry key="ted"
-			value-ref="tedClaims" />
+			value-ref="REALMA_tedClaims" />
 	</util:map>
 	
-	<util:map id="aliceClaims">
+	<util:map id="REALMA_aliceClaims">
 		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
 			value="Alice" />
 		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
 			value="Smith" />
 		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
-			value="alice@mycompany.org" />
+			value="alice@realma.org" />
 		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
 			value="User" />
 			
 	</util:map>
 	
-	<util:map id="bobClaims">
+	<util:map id="REALMA_bobClaims">
 		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
 			value="Bob" />
 		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
 			value="Windsor" />
 		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
-			value="bobwindsor@idp.org" />
+			value="bobwindsor@realma.org" />
 		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
 			value="User,Manager,Admin" />
 	</util:map>
 	
-	<util:map id="tedClaims">
+	<util:map id="REALMA_tedClaims">
 		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
 			value="Ted" />
 		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
 			value="Cooper" />
 		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
-			value="tcooper@hereiam.org" />
+			value="tcooper@realma.org" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+			value="" />			
+	</util:map>
+	
+	<util:map id="userClaimsREALMB">
+		<entry key="ALICE"
+			value-ref="REALMB_aliceClaims" />
+		<entry key="BOB"
+			value-ref="REALMB_bobClaims" />
+		<entry key="TED"
+			value-ref="REALMB_tedClaims" />
+	</util:map>
+	
+	<util:map id="REALMB_aliceClaims">
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+			value="Alice" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+			value="Smith" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+			value="alice@realmb.org" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+			value="USER" />
+			
+	</util:map>
+	
+	<util:map id="REALMB_bobClaims">
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+			value="Bob" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+			value="Windsor" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+			value="bobwindsor@realmb.org" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+			value="USER,MANAGER,ADMIN" />
+	</util:map>
+	
+	<util:map id="REALMB_tedClaims">
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+			value="Ted" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+			value="Cooper" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+			value="tcooper@realmb.org" />
 		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
 			value="" />			
 	</util:map>

Modified: cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl?rev=1535508&r1=1535507&r2=1535508&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl (original)
+++ cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl Thu Oct 24 19:41:00 2013
@@ -4,169 +4,748 @@
         xmlns:tns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
         xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
         xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
-        xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
+        xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
         xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl"
         xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
         xmlns:wsp="http://www.w3.org/ns/ws-policy">
 
   <wsdl:import namespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" location="ws-trust-1.4.wsdl"/>
 
+  <wsdl:binding name="UT_Binding" type="wstrust:STS">
+    <wsp:PolicyReference URI="#UT_policy" />
+  	<soap:binding style="document"
+  		transport="http://schemas.xmlsoap.org/soap/http" />
+  	<wsdl:operation name="Issue">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+  		<wsdl:input>
+  		    <wsp:PolicyReference
+               URI="#Input_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  		    <wsp:PolicyReference
+               URI="#Output_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="Validate">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+  		<wsdl:input>
+  		    <wsp:PolicyReference
+               URI="#Input_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  		    <wsp:PolicyReference
+               URI="#Output_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="Cancel">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="Renew">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="KeyExchangeToken">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="RequestCollection">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  </wsdl:binding>
+  
+  <wsdl:binding name="UTEncrypted_Binding" type="wstrust:STS">
+    <wsp:PolicyReference URI="#UTEncrypted_policy" />
+  	<soap:binding style="document"
+  		transport="http://schemas.xmlsoap.org/soap/http" />
+  	<wsdl:operation name="Issue">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+  		<wsdl:input>
+  		    <wsp:PolicyReference
+               URI="#Input_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  		    <wsp:PolicyReference
+               URI="#Output_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="Validate">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+  		<wsdl:input>
+  		    <wsp:PolicyReference
+               URI="#Input_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  		    <wsp:PolicyReference
+               URI="#Output_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="Cancel">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="Renew">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="KeyExchangeToken">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="RequestCollection">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  </wsdl:binding>
+  
+  <wsdl:binding name="X509_Binding" type="wstrust:STS">
+    <wsp:PolicyReference URI="#X509_policy" />
+  	<soap:binding style="document"
+  		transport="http://schemas.xmlsoap.org/soap/http" />
+  	<wsdl:operation name="Issue">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+  		<wsdl:input>
+  		    <wsp:PolicyReference
+               URI="#Input_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  		    <wsp:PolicyReference
+               URI="#Output_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="Validate">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+  		<wsdl:input>
+  		    <wsp:PolicyReference
+               URI="#Input_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  		    <wsp:PolicyReference
+               URI="#Output_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="Cancel">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="Renew">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="KeyExchangeToken">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="RequestCollection">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  </wsdl:binding>
+  
   <wsdl:binding name="Transport_Binding" type="wstrust:STS">
     <wsp:PolicyReference URI="#Transport_policy" />
-  	<soap12:binding style="document"
+  	<soap:binding style="document"
   		transport="http://schemas.xmlsoap.org/soap/http" />
   	<wsdl:operation name="Issue">
-  		<soap12:operation
+  		<soap:operation
   			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
   		<wsdl:input>
   		    <wsp:PolicyReference
                URI="#Input_policy" />
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:input>
   		<wsdl:output>
   		    <wsp:PolicyReference
                URI="#Output_policy" />
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:output>
   	</wsdl:operation>
   	<wsdl:operation name="Validate">
-  		<soap12:operation
+  		<soap:operation
   			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
   		<wsdl:input>
   		    <wsp:PolicyReference
                URI="#Input_policy" />
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:input>
   		<wsdl:output>
   		    <wsp:PolicyReference
                URI="#Output_policy" />
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:output>
   	</wsdl:operation>
   	<wsdl:operation name="Cancel">
-  		<soap12:operation
+  		<soap:operation
   			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
   		<wsdl:input>
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:input>
   		<wsdl:output>
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:output>
   	</wsdl:operation>
   	<wsdl:operation name="Renew">
-  		<soap12:operation
+  		<soap:operation
   			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
   		<wsdl:input>
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:input>
   		<wsdl:output>
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:output>
   	</wsdl:operation>
   	<wsdl:operation name="KeyExchangeToken">
-  		<soap12:operation
+  		<soap:operation
   			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
   		<wsdl:input>
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:input>
   		<wsdl:output>
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:output>
   	</wsdl:operation>
   	<wsdl:operation name="RequestCollection">
-  		<soap12:operation
+  		<soap:operation
   			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
   		<wsdl:input>
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:input>
   		<wsdl:output>
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:output>
   	</wsdl:operation>
   </wsdl:binding>
   <wsdl:binding name="TransportUT_Binding" type="wstrust:STS">
     <wsp:PolicyReference URI="#TransportUT_policy" />
-  	<soap12:binding style="document"
+  	<soap:binding style="document"
   		transport="http://schemas.xmlsoap.org/soap/http" />
   	<wsdl:operation name="Issue">
-  		<soap12:operation
+  		<soap:operation
   			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
   		<wsdl:input>
   		    <wsp:PolicyReference
                URI="#Input_policy" />
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:input>
   		<wsdl:output>
   		    <wsp:PolicyReference
                URI="#Output_policy" />
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:output>
   	</wsdl:operation>
   	<wsdl:operation name="Validate">
-  		<soap12:operation
+  		<soap:operation
   			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
   		<wsdl:input>
   		    <wsp:PolicyReference
                URI="#Input_policy" />
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:input>
   		<wsdl:output>
   		    <wsp:PolicyReference
                URI="#Output_policy" />
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:output>
   	</wsdl:operation>
   	<wsdl:operation name="Cancel">
-  		<soap12:operation
+  		<soap:operation
   			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
   		<wsdl:input>
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:input>
   		<wsdl:output>
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:output>
   	</wsdl:operation>
   	<wsdl:operation name="Renew">
-  		<soap12:operation
+  		<soap:operation
   			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
   		<wsdl:input>
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:input>
   		<wsdl:output>
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:output>
   	</wsdl:operation>
   	<wsdl:operation name="KeyExchangeToken">
-  		<soap12:operation
+  		<soap:operation
   			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
   		<wsdl:input>
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:input>
   		<wsdl:output>
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:output>
   	</wsdl:operation>
   	<wsdl:operation name="RequestCollection">
-  		<soap12:operation
+  		<soap:operation
   			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
   		<wsdl:input>
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:input>
   		<wsdl:output>
-  			<soap12:body use="literal" />
+  			<soap:body use="literal" />
   		</wsdl:output>
   	</wsdl:operation>
   </wsdl:binding>
+  <wsdl:binding name="TransportKerberos_Binding" type="wstrust:STS">
+    <wsp:PolicyReference URI="#TransportKerberos_policy" />
+  	<soap:binding style="document"
+  		transport="http://schemas.xmlsoap.org/soap/http" />
+  	<wsdl:operation name="Issue">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+  		<wsdl:input>
+  		    <wsp:PolicyReference
+               URI="#Input_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  		    <wsp:PolicyReference
+               URI="#Output_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="Validate">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+  		<wsdl:input>
+  		    <wsp:PolicyReference
+               URI="#Input_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  		    <wsp:PolicyReference
+               URI="#Output_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="Cancel">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="Renew">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="KeyExchangeToken">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="RequestCollection">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  </wsdl:binding>
+  <wsdl:binding name="TransportSaml_Binding" type="wstrust:STS">
+    <wsp:PolicyReference URI="#TransportSaml_policy" />
+  	<soap:binding style="document"
+  		transport="http://schemas.xmlsoap.org/soap/http" />
+  	<wsdl:operation name="Issue">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+  		<wsdl:input>
+  		    <wsp:PolicyReference
+               URI="#Input_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  		    <wsp:PolicyReference
+               URI="#Output_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="Validate">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+  		<wsdl:input>
+  		    <wsp:PolicyReference
+               URI="#Input_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  		    <wsp:PolicyReference
+               URI="#Output_policy" />
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="Cancel">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="Renew">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="KeyExchangeToken">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  	<wsdl:operation name="RequestCollection">
+  		<soap:operation
+  			soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+  		<wsdl:input>
+  			<soap:body use="literal" />
+  		</wsdl:input>
+  		<wsdl:output>
+  			<soap:body use="literal" />
+  		</wsdl:output>
+  	</wsdl:operation>
+  </wsdl:binding> 
   <wsdl:service name="SecurityTokenService">
+      <wsdl:port name="UT_Port" binding="tns:UT_Binding">
+         <soap:address location="http://localhost:8080/jaxws-sts/sts" />
+      </wsdl:port>
+      <wsdl:port name="X509_Port" binding="tns:X509_Binding">
+         <soap:address location="http://localhost:8080/jaxws-sts/sts" />
+      </wsdl:port>
       <wsdl:port name="Transport_Port" binding="tns:Transport_Binding">
-         <soap12:address location="http://localhost:8080/jaxws-sts/sts" />
+         <soap:address location="http://localhost:8080/jaxws-sts/sts" />
+      </wsdl:port>
+       <wsdl:port name="UTEncrypted_Port" binding="tns:UTEncrypted_Binding">
+         <soap:address location="http://localhost:8080/jaxws-sts/sts" />
       </wsdl:port>
        <wsdl:port name="TransportUT_Port" binding="tns:TransportUT_Binding">
-         <soap12:address location="http://localhost:8080/jaxws-sts/sts" />
+         <soap:address location="http://localhost:8080/jaxws-sts/sts" />
       </wsdl:port>      
+      <wsdl:port name="TransportKerberos_Port" binding="tns:TransportKerberos_Binding">
+         <soap:address location="http://localhost:8080/jaxws-sts/sts" />
+      </wsdl:port>
+      <wsdl:port name="TransportSaml_Port" binding="tns:TransportSaml_Binding">
+         <soap:address location="http://localhost:8080/jaxws-sts/sts" />
+      </wsdl:port>       
   </wsdl:service>
   
-  <wsp:Policy wsu:Id="TransportUT_policy">
+  <wsp:Policy wsu:Id="UT_policy">
+      <wsp:ExactlyOne>
+         <wsp:All>
+            <wsap10:UsingAddressing/>
+            <sp:SymmetricBinding
+               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+               <wsp:Policy>
+                  <sp:ProtectionToken>
+                     <wsp:Policy>
+                        <sp:X509Token
+                           sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                           <wsp:Policy>
+                              <sp:RequireDerivedKeys />
+                              <sp:RequireThumbprintReference />
+                              <sp:WssX509V3Token10 />
+                           </wsp:Policy>
+                        </sp:X509Token>
+                     </wsp:Policy>
+                  </sp:ProtectionToken>
+                  <sp:AlgorithmSuite>
+                     <wsp:Policy>
+                        <sp:Basic256 />
+                     </wsp:Policy>
+                  </sp:AlgorithmSuite>
+                  <sp:Layout>
+                     <wsp:Policy>
+                        <sp:Lax />
+                     </wsp:Policy>
+                  </sp:Layout>
+                  <sp:IncludeTimestamp />
+                  <sp:EncryptSignature />
+                  <sp:OnlySignEntireHeadersAndBody />
+               </wsp:Policy>
+            </sp:SymmetricBinding>
+            <sp:SignedSupportingTokens
+               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+               <wsp:Policy>
+                  <sp:UsernameToken
+                     sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                     <wsp:Policy>
+                        <sp:WssUsernameToken10 />
+                     </wsp:Policy>
+                  </sp:UsernameToken>
+               </wsp:Policy>
+            </sp:SignedSupportingTokens>
+            <sp:Wss11
+               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+               <wsp:Policy>
+                  <sp:MustSupportRefKeyIdentifier />
+                  <sp:MustSupportRefIssuerSerial />
+                  <sp:MustSupportRefThumbprint />
+                  <sp:MustSupportRefEncryptedKey />
+               </wsp:Policy>
+            </sp:Wss11>
+            <sp:Trust13
+               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+               <wsp:Policy>
+                  <sp:MustSupportIssuedTokens />
+                  <sp:RequireClientEntropy />
+                  <sp:RequireServerEntropy />
+               </wsp:Policy>
+            </sp:Trust13>
+         </wsp:All>
+      </wsp:ExactlyOne>
+   </wsp:Policy>
+   
+   <wsp:Policy wsu:Id="UTEncrypted_policy">
+      <wsp:ExactlyOne>
+         <wsp:All>
+            <wsap10:UsingAddressing/>
+            <sp:SymmetricBinding
+               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+               <wsp:Policy>
+                  <sp:ProtectionToken>
+                     <wsp:Policy>
+                        <sp:X509Token
+                           sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                           <wsp:Policy>
+                              <sp:RequireDerivedKeys />
+                              <sp:RequireThumbprintReference />
+                              <sp:WssX509V3Token10 />
+                           </wsp:Policy>
+                        </sp:X509Token>
+                     </wsp:Policy>
+                  </sp:ProtectionToken>
+                  <sp:AlgorithmSuite>
+                     <wsp:Policy>
+                        <sp:Basic256 />
+                     </wsp:Policy>
+                  </sp:AlgorithmSuite>
+                  <sp:Layout>
+                     <wsp:Policy>
+                        <sp:Lax />
+                     </wsp:Policy>
+                  </sp:Layout>
+                  <sp:IncludeTimestamp />
+                  <sp:EncryptSignature />
+                  <sp:OnlySignEntireHeadersAndBody />
+               </wsp:Policy>
+            </sp:SymmetricBinding>
+            <sp:SignedSupportingTokens
+               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+               <wsp:Policy>
+                  <sp:UsernameToken
+                     sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                     <wsp:Policy>
+                        <sp:WssUsernameToken10 />
+                     </wsp:Policy>
+                  </sp:UsernameToken>
+               </wsp:Policy>
+            </sp:SignedSupportingTokens>
+            <sp:Wss11
+               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+               <wsp:Policy>
+                  <sp:MustSupportRefKeyIdentifier />
+                  <sp:MustSupportRefIssuerSerial />
+                  <sp:MustSupportRefThumbprint />
+                  <sp:MustSupportRefEncryptedKey />
+               </wsp:Policy>
+            </sp:Wss11>
+            <sp:Trust13
+               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+               <wsp:Policy>
+                  <sp:MustSupportIssuedTokens />
+                  <sp:RequireClientEntropy />
+                  <sp:RequireServerEntropy />
+               </wsp:Policy>
+            </sp:Trust13>
+         </wsp:All>
+      </wsp:ExactlyOne>
+   </wsp:Policy>
+   
+   <wsp:Policy wsu:Id="X509_policy">
+      <wsp:ExactlyOne>
+         <wsp:All>
+            <wsap10:UsingAddressing/>
+            <sp:AsymmetricBinding
+               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+               <wsp:Policy>
+                  <sp:InitiatorToken>
+                     <wsp:Policy>
+                        <sp:X509Token
+                           sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                           <wsp:Policy>
+                              <sp:WssX509V3Token10 />
+                           </wsp:Policy>
+                        </sp:X509Token>
+                     </wsp:Policy>
+                  </sp:InitiatorToken>
+                  <sp:RecipientToken>
+                     <wsp:Policy>
+                        <sp:X509Token
+                           sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                           <wsp:Policy>
+                              <sp:WssX509V3Token10 />
+                              <sp:RequireIssuerSerialReference />
+                           </wsp:Policy>
+                        </sp:X509Token>
+                     </wsp:Policy>
+                  </sp:RecipientToken>
+                  <sp:AlgorithmSuite>
+                     <wsp:Policy>
+                        <sp:TripleDes />
+                     </wsp:Policy>
+                  </sp:AlgorithmSuite>
+                  <sp:Layout>
+                     <wsp:Policy>
+                        <sp:Lax />
+                     </wsp:Policy>
+                  </sp:Layout>
+                  <sp:IncludeTimestamp />
+                  <sp:EncryptSignature />
+                  <sp:OnlySignEntireHeadersAndBody />
+               </wsp:Policy>
+            </sp:AsymmetricBinding>
+            <sp:Wss11
+               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+               <wsp:Policy>
+                  <sp:MustSupportRefKeyIdentifier />
+                  <sp:MustSupportRefIssuerSerial />
+                  <sp:MustSupportRefThumbprint />
+                  <sp:MustSupportRefEncryptedKey />
+               </wsp:Policy>
+            </sp:Wss11>
+            <sp:Trust13
+               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+               <wsp:Policy>
+                  <sp:MustSupportIssuedTokens />
+                  <sp:RequireClientEntropy />
+                  <sp:RequireServerEntropy />
+               </wsp:Policy>
+            </sp:Trust13>
+         </wsp:All>
+      </wsp:ExactlyOne>
+    </wsp:Policy>
+
+    <wsp:Policy wsu:Id="Transport_policy">
       <wsp:ExactlyOne>
          <wsp:All>
             <!--<wsap10:UsingAddressing/>-->
@@ -175,7 +754,55 @@
                <wsp:Policy>
                   <sp:TransportToken>
                      <wsp:Policy>
-                        <sp:HttpsToken>
+                        <sp:HttpsToken RequireClientCertificate="false">
+                            <wsp:Policy/>
+                        </sp:HttpsToken>
+                     </wsp:Policy>
+                  </sp:TransportToken>
+                  <sp:AlgorithmSuite>
+                     <wsp:Policy>
+                        <sp:TripleDes />
+                     </wsp:Policy>
+                  </sp:AlgorithmSuite>
+                  <sp:Layout>
+                     <wsp:Policy>
+                        <sp:Lax />
+                     </wsp:Policy>
+                  </sp:Layout>
+                  <!--<sp:IncludeTimestamp />-->
+               </wsp:Policy>
+            </sp:TransportBinding>
+            <sp:Wss11
+               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+               <wsp:Policy>
+                  <sp:MustSupportRefKeyIdentifier />
+                  <sp:MustSupportRefIssuerSerial />
+                  <sp:MustSupportRefThumbprint />
+                  <sp:MustSupportRefEncryptedKey />
+               </wsp:Policy>
+            </sp:Wss11>
+            <sp:Trust13
+               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+               <wsp:Policy>
+                  <sp:MustSupportIssuedTokens />
+                  <sp:RequireClientEntropy />
+                  <sp:RequireServerEntropy />
+               </wsp:Policy>
+            </sp:Trust13>
+         </wsp:All>
+      </wsp:ExactlyOne>
+   </wsp:Policy>
+    
+    <wsp:Policy wsu:Id="TransportUT_policy">
+      <wsp:ExactlyOne>
+         <wsp:All>
+            <!--<wsap10:UsingAddressing/>-->
+            <sp:TransportBinding
+               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+               <wsp:Policy>
+                  <sp:TransportToken>
+                     <wsp:Policy>
+                        <sp:HttpsToken RequireClientCertificate="false">
                             <wsp:Policy/>
                         </sp:HttpsToken>
                      </wsp:Policy>
@@ -225,7 +852,7 @@
       </wsp:ExactlyOne>
    </wsp:Policy>
 
-    <wsp:Policy wsu:Id="Transport_policy">
+    <wsp:Policy wsu:Id="TransportKerberos_policy">
       <wsp:ExactlyOne>
          <wsp:All>
             <!--<wsap10:UsingAddressing/>-->
@@ -234,7 +861,7 @@
                <wsp:Policy>
                   <sp:TransportToken>
                      <wsp:Policy>
-                        <sp:HttpsToken>
+                        <sp:HttpsToken RequireClientCertificate="false">
                             <wsp:Policy/>
                         </sp:HttpsToken>
                      </wsp:Policy>
@@ -252,6 +879,18 @@
                   <!--<sp:IncludeTimestamp />-->
                </wsp:Policy>
             </sp:TransportBinding>
+            <sp:SupportingTokens
+               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+               <wsp:Policy>
+                  <sp:KerberosToken
+                      sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                      <wsp:Policy>
+                          <!--<sp:WssKerberosV5ApReqToken11/>-->
+                          <sp:WssGssKerberosV5ApReqToken11/>
+                      </wsp:Policy>
+                  </sp:KerberosToken>                  
+               </wsp:Policy>
+            </sp:SupportingTokens>
             <sp:Wss11
                xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                <wsp:Policy>
@@ -272,7 +911,57 @@
          </wsp:All>
       </wsp:ExactlyOne>
    </wsp:Policy>
+   
 
+   <wsp:Policy wsu:Id="TransportSaml_policy">
+		<wsp:ExactlyOne>
+			<wsp:All>
+				<sp:TransportBinding
+					xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+					<wsp:Policy>
+						<sp:TransportToken>
+							<wsp:Policy>
+								<sp:HttpsToken RequireClientCertificate="false">
+									<wsp:Policy/>
+								</sp:HttpsToken>
+							</wsp:Policy>
+						</sp:TransportToken>
+						<sp:AlgorithmSuite>
+							<wsp:Policy>
+								<sp:TripleDes />
+							</wsp:Policy>
+						</sp:AlgorithmSuite>
+						<sp:Layout>
+							<wsp:Policy>
+								<sp:Lax />
+							</wsp:Policy>
+						</sp:Layout>
+						<sp:IncludeTimestamp />
+					</wsp:Policy>
+				</sp:TransportBinding>
+				<sp:SupportingTokens
+					xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+					<wsp:Policy>
+                        <sp:SamlToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                            <wsp:Policy>
+                                <sp:WssSamlV20Token11/>
+                            </wsp:Policy>
+                        </sp:SamlToken>
+					</wsp:Policy>
+				</sp:SupportingTokens>
+            <sp:Wss11
+               xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+               <wsp:Policy>
+                  <sp:MustSupportRefKeyIdentifier />
+                  <sp:MustSupportRefIssuerSerial />
+                  <sp:MustSupportRefThumbprint />
+                  <sp:MustSupportRefEncryptedKey />
+               </wsp:Policy>
+            </sp:Wss11>				
+			</wsp:All>
+		</wsp:ExactlyOne>
+	</wsp:Policy>
+   
    <wsp:Policy wsu:Id="Input_policy">
       <wsp:ExactlyOne>
          <wsp:All>



Mime
View raw message