cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbernha...@apache.org
Subject [4/5] cxf-fediz git commit: [FEDIZ-112] Fixing Tomcat race condition with saved request * Improving Tomcat plugin by using core handler (code cleanup) * Renaming Tomcat plugin to tomcat7 plugin
Date Thu, 23 Apr 2015 11:26:55 GMT
[FEDIZ-112] Fixing Tomcat race condition with saved request
* Improving Tomcat plugin by using core handler (code cleanup)
* Renaming Tomcat plugin to tomcat7 plugin


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/cd04e4f1
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/cd04e4f1
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/cd04e4f1

Branch: refs/heads/master
Commit: cd04e4f13811d80bc58af9d4e313b2475b6acf2d
Parents: 2b008ea
Author: Jan Bernhardt <jbernhardt@talend.com>
Authored: Tue Apr 21 21:11:20 2015 +0200
Committer: Jan Bernhardt <jbernhardt@talend.com>
Committed: Thu Apr 23 13:06:47 2015 +0200

----------------------------------------------------------------------
 apache-fediz/pom.xml                            |   2 +-
 .../cxf/fediz/core/handler/SigninHandler.java   |   8 +-
 .../src/main/resources/schemas/FedizConfig.xsd  | 829 ++++++++++---------
 .../core/src/test/resources/RSTR.formatted.xml  | 193 ++---
 .../test/resources/fediz_meta_test_config.xml   | 204 +++--
 .../resources/fediz_meta_test_config_saml.xml   | 162 ++--
 plugins/pom.xml                                 |   2 +-
 plugins/tomcat/README.txt                       |  10 -
 plugins/tomcat/pom.xml                          |  78 --
 plugins/tomcat/src/main/assembly/assembly.xml   |  18 -
 .../fediz/tomcat/FederationAuthenticator.java   | 595 -------------
 .../fediz/tomcat/FederationPrincipalImpl.java   |  52 --
 .../src/test/resources/logging.properties       |  52 --
 plugins/tomcat7/README.txt                      |  10 +
 plugins/tomcat7/pom.xml                         |  78 ++
 plugins/tomcat7/src/main/assembly/assembly.xml  |  18 +
 .../fediz/tomcat/FederationAuthenticator.java   | 434 ++++++++++
 .../fediz/tomcat/FederationPrincipalImpl.java   |  52 ++
 .../tomcat/handler/TomcatLogoutHandler.java     |  58 ++
 .../tomcat/handler/TomcatSigninHandler.java     | 101 +++
 .../src/test/resources/logging.properties       |  52 ++
 .../cxf/fediz/was/tai/FedizInterceptor.java     |  38 +-
 systests/clientcert/pom.xml                     |   2 +-
 .../federation/FederationTest.java              |   6 +
 systests/federation/samlsso/pom.xml             |   2 +-
 systests/federation/wsfed/pom.xml               |   2 +-
 .../JettyPreAuthSpringTest.java                 |   6 +
 .../cxf/fediz/integrationtests/JettyTest.java   |   6 +
 systests/kerberos/pom.xml                       |   2 +-
 .../cxf/fediz/integrationtests/Spring2Test.java |   7 +-
 .../cxf/fediz/integrationtests/SpringTest.java  |   7 +-
 .../fediz/integrationtests/AbstractTests.java   |  83 +-
 systests/tomcat7/pom.xml                        |   2 +-
 33 files changed, 1611 insertions(+), 1560 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/apache-fediz/pom.xml
----------------------------------------------------------------------
diff --git a/apache-fediz/pom.xml b/apache-fediz/pom.xml
index 7f46117..29e4a55 100644
--- a/apache-fediz/pom.xml
+++ b/apache-fediz/pom.xml
@@ -52,7 +52,7 @@
         </dependency>
         <dependency>
             <groupId>org.apache.cxf.fediz</groupId>
-            <artifactId>fediz-tomcat</artifactId>
+            <artifactId>fediz-tomcat7</artifactId>
             <version>${project.version}</version>
         </dependency>
         <dependency>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
index ee1f18b..edd7302 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
@@ -67,9 +67,7 @@ public class SigninHandler<T> implements RequestHandler<T> {
                     FedizResponse federationResponse = processSigninRequest(responseToken, request, response);
                     validateAudienceRestrictions(federationResponse.getAudience(), request.getRequestURL().toString());
                     LOG.debug("RSTR validated successfully");
-                    T principal = createPrincipal(request, response, federationResponse);
-                    resumeRequest(request, response, federationResponse);
-                    return principal;
+                    return createPrincipal(request, response, federationResponse);
                 } catch (ProcessingException e) {
                     LOG.error("Federation processing failed: " + e.getMessage());
                 }
@@ -85,10 +83,6 @@ public class SigninHandler<T> implements RequestHandler<T> {
         return null;
     }
 
-    protected void resumeRequest(HttpServletRequest request, HttpServletResponse response,
-        FedizResponse federationResponse) {
-    }
-
     public FedizResponse processSigninRequest(String responseToken, HttpServletRequest req, HttpServletResponse resp)
         throws ProcessingException {
         LOG.debug("Process SignIn request");

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/core/src/main/resources/schemas/FedizConfig.xsd
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/resources/schemas/FedizConfig.xsd b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
index d662b37..5364dcb 100644
--- a/plugins/core/src/main/resources/schemas/FedizConfig.xsd
+++ b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
@@ -1,116 +1,123 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
-	elementFormDefault="qualified" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-	
-	<xs:element name="FedizConfig">
-		<xs:complexType>
-			<xs:sequence minOccurs="1" maxOccurs="unbounded">
-				<xs:element ref="contextConfig" />
-			</xs:sequence>
-		</xs:complexType>
-	</xs:element>
-
-	<xs:element name="contextConfig">
-		<xs:complexType>
-			<xs:sequence>
-				<xs:element ref="audienceUris" />
-				<xs:element ref="certificateValidation" />
-				<xs:element ref="certificateStores" />
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+    <xs:element name="FedizConfig">
+        <xs:complexType>
+            <xs:sequence minOccurs="1" maxOccurs="unbounded">
+                <xs:element ref="contextConfig" />
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+
+    <xs:element name="contextConfig">
+        <xs:complexType>
+            <xs:sequence>
+                <xs:element ref="audienceUris" />
+                <xs:element ref="certificateValidation" />
+                <xs:element ref="certificateStores" />
                 <xs:element ref="tokenExpirationValidation" />
-				<xs:element ref="maximumClockSkew" />
-				<xs:element ref="tokenReplayCache" />
-				<xs:element ref="serviceCertificate" />
-				<xs:element ref="signingKey" />
-				<xs:element ref="tokenDecryptionKey" />
-				<xs:element ref="trustedIssuers" />
-				<xs:element ref="protocol" />
-                <xs:element ref="logoutURL" minOccurs="0"/>
-                <xs:element ref="logoutRedirectTo" minOccurs="0"/>
-			</xs:sequence>
-			<xs:attribute name="name" use="required" type="xs:string" />
-
-		</xs:complexType>
-	</xs:element>
-
-	<xs:element name="trustedIssuers">
-		<xs:complexType>
-			<xs:sequence minOccurs="1" maxOccurs="unbounded">
-				<xs:element name="issuer" type="TrustedIssuerType" />
-			</xs:sequence>
-		</xs:complexType>
-	</xs:element>
-
-	<xs:complexType name="TrustedIssuerType">
-		<xs:attribute name="name" type="xs:string" use="optional" />
-		<xs:attribute name="certificateValidation" type="validationType"
-			use="optional" />
-		<xs:attribute name="subject" type="xs:string" use="optional" />
-	</xs:complexType>
-
-	<xs:element name="certificateStores">
-		<xs:complexType>
-			<xs:sequence minOccurs="1" maxOccurs="unbounded">
-				<xs:element name="trustManager" type="TrustManagersType" />
-			</xs:sequence>
-		</xs:complexType>
-	</xs:element>
-
-	<xs:element name="audienceUris">
+                <xs:element ref="maximumClockSkew" />
+                <xs:element ref="tokenReplayCache" />
+                <xs:element ref="serviceCertificate" />
+                <xs:element ref="signingKey" />
+                <xs:element ref="tokenDecryptionKey" />
+                <xs:element ref="trustedIssuers" />
+                <xs:element ref="protocol" />
+                <xs:element ref="logoutURL" minOccurs="0" />
+                <xs:element ref="logoutRedirectTo" minOccurs="0" />
+            </xs:sequence>
+            <xs:attribute name="name" use="required" type="xs:string" />
+
+        </xs:complexType>
+    </xs:element>
+
+    <xs:element name="trustedIssuers">
+        <xs:complexType>
+            <xs:sequence minOccurs="1" maxOccurs="unbounded">
+                <xs:element name="issuer" type="TrustedIssuerType" />
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+
+    <xs:complexType name="TrustedIssuerType">
+        <xs:attribute name="name" type="xs:string" use="optional" />
+        <xs:attribute name="certificateValidation" type="validationType" use="optional" />
+        <xs:attribute name="subject" type="xs:string" use="optional" />
+    </xs:complexType>
+
+    <xs:element name="certificateStores">
+        <xs:complexType>
+            <xs:sequence minOccurs="1" maxOccurs="unbounded">
+                <xs:element name="trustManager" type="TrustManagersType" />
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+
+    <xs:element name="audienceUris">
         <xs:annotation>
             <xs:documentation>If a SAML token contains a audience restriction which is not listed
-                within this collection, the token will be refused.</xs:documentation>
+                within this collection,
+                the token will be refused.
+            </xs:documentation>
         </xs:annotation>
-		<xs:complexType>
-			<xs:sequence minOccurs="1" maxOccurs="unbounded">
-				<xs:element ref="audienceItem" />
-			</xs:sequence>
-		</xs:complexType>
-	</xs:element>
-
-	<xs:element name="audienceItem" type="xs:anyURI">
+        <xs:complexType>
+            <xs:sequence minOccurs="1" maxOccurs="unbounded">
+                <xs:element ref="audienceItem" />
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+
+    <xs:element name="audienceItem" type="xs:anyURI">
         <xs:annotation>
             <xs:documentation>Valid value within the SAML token audience restriction element.</xs:documentation>
         </xs:annotation>
     </xs:element>
 
-	<xs:element name="certificateValidation" type="validationType" />
+    <xs:element name="certificateValidation" type="validationType" />
 
-	<xs:simpleType name="validationType">
-		<xs:restriction base="xs:string">
-			<xs:enumeration value="PeerTrust" />
-			<xs:enumeration value="ChainTrust" />
-		</xs:restriction>
-	</xs:simpleType>
+    <xs:simpleType name="validationType">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="PeerTrust" />
+            <xs:enumeration value="ChainTrust" />
+        </xs:restriction>
+    </xs:simpleType>
 
-	<xs:element name="maximumClockSkew" type="xs:integer" default="5"/>
+    <xs:element name="maximumClockSkew" type="xs:integer" default="5" />
 
     <xs:element name="tokenExpirationValidation" type="xs:boolean" default="true">
         <xs:annotation>
             <xs:documentation>Decision weather the token validation (e.g. lifetime) shall be
-                performed on every request (true) or only once at initial authentication (false).</xs:documentation>
+                performed on every request
+                (true) or only once at initial authentication (false).
+            </xs:documentation>
         </xs:annotation>
     </xs:element>
 
-	<xs:element name="tokenReplayCache" type="xs:string" />
+    <xs:element name="tokenReplayCache" type="xs:string" />
+
+    <xs:element name="serviceCertificate" type="KeyManagersType" />
 
-	<xs:element name="serviceCertificate" type="KeyManagersType" />
-	
-	<xs:element name="signingKey" type="KeyManagersType">
+    <xs:element name="signingKey" type="KeyManagersType">
         <xs:annotation>
             <xs:documentation>Signing key required to generate a XML signature element within the federation
-                metadata document, as well as for generating a signed signin request.</xs:documentation>
+                metadata
+                document, as well as for generating a signed signin request.
+            </xs:documentation>
         </xs:annotation>
     </xs:element>
-	
-	<xs:element name="tokenDecryptionKey" type="KeyManagersType" />
 
-	<xs:element name="protocol" type="protocolType" />
+    <xs:element name="tokenDecryptionKey" type="KeyManagersType" />
+
+    <xs:element name="protocol" type="protocolType" />
 
     <xs:element name="logoutURL" type="xs:string">
         <xs:annotation>
             <xs:documentation>User defined logout URL to trigger federated logout process. This URL will be
-                available in addition to the 'wa=wsignout1.0' URL parameter.
-                If the URL is overlapping an existing resource URL, the logout handling will be performed instead of
+                available in
+                addition to the 'wa=wsignout1.0' URL parameter.
+                If the URL is overlapping an existing resource URL, the
+                logout handling will be performed instead of
                 accessing the resource.
                 Example: '/logout'
             </xs:documentation>
@@ -125,342 +132,342 @@
         </xs:annotation>
     </xs:element>
 
-	<xs:complexType name="federationProtocolType">
-		<xs:complexContent>
-			<xs:extension base="protocolType">
-				<xs:sequence>
-					<xs:element ref="authenticationType" />
-					<xs:element ref="homeRealm" />
-					<xs:element ref="freshness" />
-					<xs:element ref="reply" />
-					<xs:element ref="request" />
-					<xs:element ref="signInQuery" />
-				</xs:sequence>
-				<xs:attribute name="version" use="required" type="xs:string" />
-			</xs:extension>
-		</xs:complexContent>
-	</xs:complexType>
-	
-	<xs:complexType name="samlProtocolType">
-		<xs:complexContent>
-			<xs:extension base="protocolType">
-				<xs:sequence>
-					<xs:element ref="signRequest" />
-					<xs:element ref="authnRequestBuilder"/>
-					<xs:element ref="disableDeflateEncoding"/>
-					<xs:element ref="doNotEnforceKnownIssuer"/>
-					<xs:element ref="issuerLogoutURL"/>
-				</xs:sequence>
-				<xs:attribute name="version" use="required" type="xs:string" />
-			</xs:extension>
-		</xs:complexContent>
-	</xs:complexType>
-
-	<xs:element name="roleDelimiter" type="xs:string" />
-	<xs:element name="roleURI" type="xs:string" />
-	<xs:element name="realm" type="CallbackType" />
-	<xs:element name="applicationServiceURL" type="xs:string" />
-	<xs:element name="metadataURI" type="xs:string" />
-
-	<xs:element name="signRequest" type="xs:boolean" />
-	<xs:element name="authnRequestBuilder" type="xs:string" />
-	<xs:element name="disableDeflateEncoding" type="xs:boolean"/>
-	<xs:element name="doNotEnforceKnownIssuer" type="xs:boolean"/>
-	<xs:element name="issuerLogoutURL" type="xs:string"/>
-	
-	<xs:complexType name="protocolType" abstract="true">
-	    <xs:sequence>
-	        <xs:element ref="applicationServiceURL" />
-	        <xs:element ref="roleDelimiter" />
-	        <xs:element ref="roleURI" />
-	        <xs:element ref="claimTypesRequested" />
-	        <xs:element ref="issuer" />
-	        <xs:element ref="realm" />
-	        <xs:element ref="tokenValidators" />
-	        <xs:element ref="metadataURI" />
-		</xs:sequence>
-	</xs:complexType>
- 
-	<xs:complexType name="CallbackType">
-		<xs:simpleContent>
-			<xs:extension base="xs:string">
-				<xs:attribute name="type" type="argumentType" />
-			</xs:extension>
-		</xs:simpleContent>
-	</xs:complexType>
-
-	<xs:element name="issuer" type="CallbackType" />
-	<xs:element name="homeRealm" type="CallbackType" />
-	<xs:element name="authenticationType" type="CallbackType" />
-	<xs:element name="request" type="CallbackType" />
-	<xs:element name="freshness" type="CallbackType" />
-	<xs:element name="signInQuery" type="CallbackType" />
-
-	<xs:simpleType name="argumentType">
-		<xs:restriction base="xs:string">
-			<xs:enumeration value="Class" />
-			<xs:enumeration value="String" />
-		</xs:restriction>
-	</xs:simpleType>
-
-	<xs:element name="reply" type="xs:string" />
-
-	<xs:element name="claimTypesRequested">
-		<xs:complexType>
-			<xs:sequence minOccurs="1" maxOccurs="unbounded">
-				<xs:element ref="claimType" />
-			</xs:sequence>
-		</xs:complexType>
-	</xs:element>
-
-	<xs:element name="claimType">
-		<xs:complexType>
-			<xs:attribute name="optional" use="required" type="optionalType" />
-			<xs:attribute name="type" use="required" type="xs:string" />
-		</xs:complexType>
-	</xs:element>
+    <xs:complexType name="federationProtocolType">
+        <xs:complexContent>
+            <xs:extension base="protocolType">
+                <xs:sequence>
+                    <xs:element ref="authenticationType" />
+                    <xs:element ref="homeRealm" />
+                    <xs:element ref="freshness" />
+                    <xs:element ref="reply" />
+                    <xs:element ref="request" />
+                    <xs:element ref="signInQuery" />
+                </xs:sequence>
+                <xs:attribute name="version" use="required" type="xs:string" />
+            </xs:extension>
+        </xs:complexContent>
+    </xs:complexType>
+
+    <xs:complexType name="samlProtocolType">
+        <xs:complexContent>
+            <xs:extension base="protocolType">
+                <xs:sequence>
+                    <xs:element ref="signRequest" />
+                    <xs:element ref="authnRequestBuilder" />
+                    <xs:element ref="disableDeflateEncoding" />
+                    <xs:element ref="doNotEnforceKnownIssuer" />
+                    <xs:element ref="issuerLogoutURL" />
+                </xs:sequence>
+                <xs:attribute name="version" use="required" type="xs:string" />
+            </xs:extension>
+        </xs:complexContent>
+    </xs:complexType>
+
+    <xs:element name="roleDelimiter" type="xs:string" />
+    <xs:element name="roleURI" type="xs:string" />
+    <xs:element name="realm" type="CallbackType" />
+    <xs:element name="applicationServiceURL" type="xs:string" />
+    <xs:element name="metadataURI" type="xs:string" />
+
+    <xs:element name="signRequest" type="xs:boolean" />
+    <xs:element name="authnRequestBuilder" type="xs:string" />
+    <xs:element name="disableDeflateEncoding" type="xs:boolean" />
+    <xs:element name="doNotEnforceKnownIssuer" type="xs:boolean" />
+    <xs:element name="issuerLogoutURL" type="xs:string" />
+
+    <xs:complexType name="protocolType" abstract="true">
+        <xs:sequence>
+            <xs:element ref="applicationServiceURL" />
+            <xs:element ref="roleDelimiter" />
+            <xs:element ref="roleURI" />
+            <xs:element ref="claimTypesRequested" />
+            <xs:element ref="issuer" />
+            <xs:element ref="realm" />
+            <xs:element ref="tokenValidators" />
+            <xs:element ref="metadataURI" />
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="CallbackType">
+        <xs:simpleContent>
+            <xs:extension base="xs:string">
+                <xs:attribute name="type" type="argumentType" />
+            </xs:extension>
+        </xs:simpleContent>
+    </xs:complexType>
+
+    <xs:element name="issuer" type="CallbackType" />
+    <xs:element name="homeRealm" type="CallbackType" />
+    <xs:element name="authenticationType" type="CallbackType" />
+    <xs:element name="request" type="CallbackType" />
+    <xs:element name="freshness" type="CallbackType" />
+    <xs:element name="signInQuery" type="CallbackType" />
+
+    <xs:simpleType name="argumentType">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="Class" />
+            <xs:enumeration value="String" />
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:element name="reply" type="xs:string" />
+
+    <xs:element name="claimTypesRequested">
+        <xs:complexType>
+            <xs:sequence minOccurs="1" maxOccurs="unbounded">
+                <xs:element ref="claimType" />
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+
+    <xs:element name="claimType">
+        <xs:complexType>
+            <xs:attribute name="optional" use="required" type="optionalType" />
+            <xs:attribute name="type" use="required" type="xs:string" />
+        </xs:complexType>
+    </xs:element>
 
     <xs:element name="tokenValidators">
-		<xs:complexType>
-			<xs:sequence minOccurs="1" maxOccurs="unbounded">
-				<xs:element name="validator" type="xs:string" />
-			</xs:sequence>
-		</xs:complexType>
-	</xs:element>
-
-	<xs:simpleType name="optionalType">
-		<xs:restriction base="xs:boolean" />
-	</xs:simpleType>
-
-
-	<xs:complexType name="TrustManagersType">
-		<xs:annotation>
-			<xs:documentation>
-				This structure contains the specification of JSSE
-				TrustManagers for
-				a single Keystore used for trusted certificates.
-			</xs:documentation>
-		</xs:annotation>
-		<xs:sequence minOccurs="1" maxOccurs="1">
-			<xs:element name="keyStore" type="KeyStoreType" minOccurs="1">
-				<xs:annotation>
-					<xs:documentation>
-						This element contains the KeyStore used as a
-						trust
-						store.
-                  </xs:documentation>
-				</xs:annotation>
-			</xs:element>
-		</xs:sequence>
-		<xs:attribute name="provider" type="xs:string">
-			<xs:annotation>
-				<xs:documentation>
-					This attribute contains the KeyManagers provider
-					name.
-				</xs:documentation>
-			</xs:annotation>
-		</xs:attribute>
-		<xs:attribute name="factoryAlgorithm" type="xs:string">
-			<xs:annotation>
-				<xs:documentation>
-					This attribute contains the algorithm the KeyManagers Factory
-					will use in creating the KeyManagers from the KeyStore. Most
-					common examples are "PKIX".
-                </xs:documentation>
-			</xs:annotation>
-		</xs:attribute>
-	</xs:complexType>
-
-	<xs:complexType name="KeyStoreType">
-		<xs:annotation>
-			<xs:documentation>
-				A KeyStoreType represents the information needed to
-				load a collection
-				of key and certificate material from a desired
-				location.
-				The "url", "file", and "resource" attributes are intended
-				to be
-				mutually exclusive, though this assumption is not encoded in
-				schema.
-				The precedence order observed by the runtime is
-				1) "file", 2)
-				"resource", and 3) "url".
-        </xs:documentation>
-		</xs:annotation>
-		<xs:attribute name="type" type="xs:string">
-			<xs:annotation>
-				<xs:documentation>
-					This attribute specifies the type of the keystore.
-					It is highly correlated to the provider. Most common examples
-					are
-					"jks" "pkcs12".
-            </xs:documentation>
-			</xs:annotation>
-		</xs:attribute>
-		<xs:attribute name="password" type="xs:string">
-			<xs:annotation>
-				<xs:documentation>
-					This attribute specifies the integrity password for
-					the keystore.
-					This is not the password that unlock keys within the
-					keystore.
-				</xs:documentation>
-			</xs:annotation>
-		</xs:attribute>
-		<xs:attribute name="provider" type="xs:string">
-			<xs:annotation>
-				<xs:documentation>
-					This attribute specifies the keystore
-					implementation provider.
-					Most common examples are "SUN".
-				</xs:documentation>
-			</xs:annotation>
-		</xs:attribute>
-		<xs:attribute name="url" type="xs:string">
-			<xs:annotation>
-				<xs:documentation>
-					This attribute specifies the URL location of the
-					keystore.
-					This element should be a properly accessible URL, such as
-					"http://..." "file:///...", etc. Only one attribute of
-					"url",
-					"file", or "resource" is allowed.
-            </xs:documentation>
-			</xs:annotation>
-		</xs:attribute>
-		<xs:attribute name="file" type="xs:string">
-			<xs:annotation>
-				<xs:documentation>
-					This attribute specifies the File location of the
-					keystore.
-					This element should be a properly accessible file from the
-					working directory. Only one attribute of
-					"url", "file", or
-					"resource" is allowed.
-            </xs:documentation>
-			</xs:annotation>
-		</xs:attribute>
-		<xs:attribute name="resource" type="xs:string">
-			<xs:annotation>
-				<xs:documentation>
-					This attribute specifies the Resource location of
-					the keystore.
-					This element should be a properly accessible on the
-					classpath.
-					Only one attribute of "url", "file", or "resource" is
-					allowed.
+        <xs:complexType>
+            <xs:sequence minOccurs="1" maxOccurs="unbounded">
+                <xs:element name="validator" type="xs:string" />
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+
+    <xs:simpleType name="optionalType">
+        <xs:restriction base="xs:boolean" />
+    </xs:simpleType>
+
+
+    <xs:complexType name="TrustManagersType">
+        <xs:annotation>
+            <xs:documentation>
+                This structure contains the specification of JSSE
+                TrustManagers for
+                a single Keystore used for trusted certificates.
             </xs:documentation>
-			</xs:annotation>
-		</xs:attribute>
-	</xs:complexType>
-
-	<xs:complexType name="CertStoreType">
-		<xs:annotation>
-			<xs:documentation>
-				A CertStoreType represents a catenated sequence of
-				X.509 certificates,
-				in PEM or DER format.
-				The "url", "file", and
-				"resource" attributes are intended to be
-				mutually exclusive, though
-				this assumption is not encoded in schema.
-				The precedence order
-				observed by the runtime is
-				1) "file", 2) "resource", and 3) "url".
-			</xs:documentation>
-		</xs:annotation>
-		<xs:attribute name="file" type="xs:string">
-			<xs:annotation>
-				<xs:documentation>
-					This attribute specifies the File location of the
-					certificate store.
-					This element should be a properly accessible file
-					from the working directory. Only one attribute of
-					"url", "file", or
-					"resource" is allowed.
+        </xs:annotation>
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="keyStore" type="KeyStoreType" minOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>
+                        This element contains the KeyStore used as a
+                        trust
+                        store.
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
+        </xs:sequence>
+        <xs:attribute name="provider" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    This attribute contains the KeyManagers provider
+                    name.
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="factoryAlgorithm" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    This attribute contains the algorithm the KeyManagers Factory
+                    will use in creating the KeyManagers from the KeyStore. Most
+                    common examples are "PKIX".
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+    </xs:complexType>
+
+    <xs:complexType name="KeyStoreType">
+        <xs:annotation>
+            <xs:documentation>
+                A KeyStoreType represents the information needed to
+                load a collection
+                of key and certificate material from a desired
+                location.
+                The "url", "file", and "resource" attributes are intended
+                to be
+                mutually exclusive, though this assumption is not encoded in
+                schema.
+                The precedence order observed by the runtime is
+                1) "file", 2)
+                "resource", and 3) "url".
             </xs:documentation>
-			</xs:annotation>
-		</xs:attribute>
-		<xs:attribute name="resource" type="xs:string">
-			<xs:annotation>
-				<xs:documentation>
-					This attribute specifies the Resource location of
-					the certificate store.
-					This element should be a properly accessible
-					on the classpath.
-					Only one attribute of "url", "file", or "resource"
-					is allowed.
+        </xs:annotation>
+        <xs:attribute name="type" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    This attribute specifies the type of the keystore.
+                    It is highly correlated to the provider. Most common examples
+                    are
+                    "jks" "pkcs12".
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="password" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    This attribute specifies the integrity password for
+                    the keystore.
+                    This is not the password that unlock keys within the
+                    keystore.
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="provider" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    This attribute specifies the keystore
+                    implementation provider.
+                    Most common examples are "SUN".
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="url" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    This attribute specifies the URL location of the
+                    keystore.
+                    This element should be a properly accessible URL, such as
+                    "http://..." "file:///...", etc. Only one attribute of
+                    "url",
+                    "file", or "resource" is allowed.
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="file" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    This attribute specifies the File location of the
+                    keystore.
+                    This element should be a properly accessible file from the
+                    working directory. Only one attribute of
+                    "url", "file", or
+                    "resource" is allowed.
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="resource" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    This attribute specifies the Resource location of
+                    the keystore.
+                    This element should be a properly accessible on the
+                    classpath.
+                    Only one attribute of "url", "file", or "resource" is
+                    allowed.
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+    </xs:complexType>
+
+    <xs:complexType name="CertStoreType">
+        <xs:annotation>
+            <xs:documentation>
+                A CertStoreType represents a catenated sequence of
+                X.509 certificates,
+                in PEM or DER format.
+                The "url", "file", and
+                "resource" attributes are intended to be
+                mutually exclusive, though
+                this assumption is not encoded in schema.
+                The precedence order
+                observed by the runtime is
+                1) "file", 2) "resource", and 3) "url".
             </xs:documentation>
-			</xs:annotation>
-		</xs:attribute>
-		<xs:attribute name="url" type="xs:string">
-			<xs:annotation>
-				<xs:documentation>
-					This attribute specifies the URL location of the
-					certificate store.
-					This element should be a properly accessible URL,
-					such as
-					"http://..." "file:///...", etc. Only one attribute of
-					"url", "file", or "resource" is allowed.
+        </xs:annotation>
+        <xs:attribute name="file" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    This attribute specifies the File location of the
+                    certificate store.
+                    This element should be a properly accessible file
+                    from the working directory. Only one attribute of
+                    "url", "file", or
+                    "resource" is allowed.
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="resource" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    This attribute specifies the Resource location of
+                    the certificate store.
+                    This element should be a properly accessible
+                    on the classpath.
+                    Only one attribute of "url", "file", or "resource"
+                    is allowed.
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="url" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    This attribute specifies the URL location of the
+                    certificate store.
+                    This element should be a properly accessible URL,
+                    such as
+                    "http://..." "file:///...", etc. Only one attribute of
+                    "url", "file", or "resource" is allowed.
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+    </xs:complexType>
+
+
+
+    <xs:complexType name="KeyManagersType">
+        <xs:annotation>
+            <xs:documentation>
+                This structure specifies the JSSE based KeyManagers
+                for a single Keystore.
             </xs:documentation>
-			</xs:annotation>
-		</xs:attribute>
-	</xs:complexType>
-
-
-
-	<xs:complexType name="KeyManagersType">
-		<xs:annotation>
-			<xs:documentation>
-				This structure specifies the JSSE based KeyManagers
-				for a single Keystore.
-        </xs:documentation>
-		</xs:annotation>
-
-		<xs:sequence>
-			<xs:element name="keyStore" type="KeyStoreType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>
-						This element specified the Keystore for these
-						JSSE KeyManagers.
-					</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-		</xs:sequence>
-		<xs:attribute name="keyPassword" type="xs:string">
-			<xs:annotation>
-				<xs:documentation>
-					This attribute contains the password that unlocks
-					the keys within the keystore.
+        </xs:annotation>
+
+        <xs:sequence>
+            <xs:element name="keyStore" type="KeyStoreType" minOccurs="0">
+                <xs:annotation>
+                    <xs:documentation>
+                        This element specified the Keystore for these
+                        JSSE KeyManagers.
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
+        </xs:sequence>
+        <xs:attribute name="keyPassword" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    This attribute contains the password that unlocks
+                    the keys within the keystore.
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="keyAlias" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    This attribute contains the alias of the selected
+                    key within the keystore.
                 </xs:documentation>
-			</xs:annotation>
-		</xs:attribute>
-		<xs:attribute name="keyAlias" type="xs:string">
-			<xs:annotation>
-				<xs:documentation>
-					This attribute contains the alias of the selected 
-					key within the keystore.
+            </xs:annotation>
+        </xs:attribute>
+
+        <xs:attribute name="provider" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    This attribute contains the KeyManagers provider name.
                 </xs:documentation>
-			</xs:annotation>
-		</xs:attribute>
-		
-		<xs:attribute name="provider" type="xs:string">
-			<xs:annotation>
-				<xs:documentation>
-					This attribute contains the KeyManagers provider name.
-				</xs:documentation>
-			</xs:annotation>
-		</xs:attribute>
-		<xs:attribute name="factoryAlgorithm" type="xs:string">
-			<xs:annotation>
-				<xs:documentation>
-					This attribute contains the algorithm the KeyManagers Factory
-					will use in creating the KeyManagers from the KeyStore. Most
-					common examples are "PKIX".
+            </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="factoryAlgorithm" type="xs:string">
+            <xs:annotation>
+                <xs:documentation>
+                    This attribute contains the algorithm the KeyManagers Factory
+                    will use in creating the KeyManagers from the KeyStore. Most
+                    common examples are "PKIX".
                 </xs:documentation>
-			</xs:annotation>
-		</xs:attribute>
-	</xs:complexType>
+            </xs:annotation>
+        </xs:attribute>
+    </xs:complexType>
 
 
 </xs:schema>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/core/src/test/resources/RSTR.formatted.xml
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/resources/RSTR.formatted.xml b/plugins/core/src/test/resources/RSTR.formatted.xml
index 1390f3a..90c5214 100644
--- a/plugins/core/src/test/resources/RSTR.formatted.xml
+++ b/plugins/core/src/test/resources/RSTR.formatted.xml
@@ -1,107 +1,92 @@
 <!-- DO NOT REFORMAT THIS XML DOCUMENT AS IT BREAKS THE SAML SIGNTATURE VALIDATION -->
 
-<RequestSecurityTokenResponseCollection
-	xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
-	xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
-	xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
-	xmlns:ns4="http://www.w3.org/2005/08/addressing" xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802">
-	<RequestSecurityTokenResponse>
-		<TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
-		</TokenType>
-		<RequestedSecurityToken>
-			<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
-				xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-				ID="_93FDCC53AC1D5AE3EB131849544559910" IssueInstant="2011-10-13T08:44:05.599Z"
-				Version="2.0" xsi:type="saml2:AssertionType">
-				<saml2:Issuer>DoubleItSTSIssuer</saml2:Issuer>
-				<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-					<ds:SignedInfo>
-						<ds:CanonicalizationMethod
-							Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
-						<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
-						<ds:Reference URI="#_93FDCC53AC1D5AE3EB131849544559910">
-							<ds:Transforms>
-								<ds:Transform
-									Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
-								<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
-									<ec:InclusiveNamespaces
-										xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs" />
-								</ds:Transform>
-							</ds:Transforms>
-							<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
-							<ds:DigestValue>3BwoTotMyMTFt40DCmi0ayEdnko=</ds:DigestValue>
-						</ds:Reference>
-					</ds:SignedInfo>
-					<ds:SignatureValue>bXSIwaG+e2hDdpdDkciR3pjLbbpCLD/XwS+CezMygN/w2g1trgyaIlfkUvyAXVyk5ULJH9s+fFuecPgRm2n2JePm8Up2oZ0+vAJ6fvwQxbhhpuGz8j+OkVr11rGMjpVo1tFSVQNlq183blHVjjDQhGBl7TvoKAZsSGnhzoHclEY=
-					</ds:SignatureValue>
-					<ds:KeyInfo>
-						<ds:X509Data>
-							<ds:X509Certificate>MIID5jCCA0+gAwIBAgIJAPahVdM2UPibMA0GCSqGSIb3DQEBBQUAMIGpMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxEjAQBgNVBAcTCUJhbHRpbW9yZTEpMCcGA1UEChMgU2FtcGxlIFNUUyAtLSBOT1QgRk9SIFBST0RVQ1RJT04xFjAUBgNVBAsTDUlUIERlcGFydG1lbnQxFDASBgNVBAMTC3d3dy5zdHMuY29tMRowGAYJKoZIhvcNAQkBFgtzdHNAc3RzLmNvbTAeFw0xMTAyMDkxODM4MTNaFw0yMTAyMDYxODM4MTNaMIGpMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxEjAQBgNVBAcTCUJhbHRpbW9yZTEpMCcGA1UEChMgU2FtcGxlIFNUUyAtLSBOT1QgRk9SIFBST0RVQ1RJT04xFjAUBgNVBAsTDUlUIERlcGFydG1lbnQxFDASBgNVBAMTC3d3dy5zdHMuY29tMRowGAYJKoZIhvcNAQkBFgtzdHNAc3RzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo+f8gs4WcteLdSPWPm8+ciyEz7zVmA7kcCGFQQvlO0smxRViWJ1x+yniT5Uu86UrAQjxRJyANBomQrirfE7KPrnCm6iVOsGDEntuIZAf7DFPnrv5p++jAZQuR3vm4ZHXFOFTXmI+/FD5AqLfNi17xiTxZCDYyDdD39CNFTrB2PkCAwEAAaOCARIwggEOMB0GA1UdDgQWBBRa0A38holQIbJMFW7m5ZSw+iVDHDCB3gYDVR0jBIHWMIHTgBRa0A38holQIbJMFW7m5ZSw+iVDHKGBr6SBrDCBqTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMRIwEAYDVQQHEwlCYWx0aW1vcmUxKTAnBgNVBAoTIFNhbX
 BsZSBTVFMgLS0gTk9UIEZPUiBQUk9EVUNUSU9OMRYwFAYDVQQLEw1JVCBEZXBhcnRtZW50MRQwEgYDVQQDEwt3d3cuc3RzLmNvbTEaMBgGCSqGSIb3DQEJARYLc3RzQHN0cy5jb22CCQD2oVXTNlD4mzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACp9yK1I9r++pyFT0yrcaV1m1Sub6urJH+GxQLBaTnTsaPLuzq2gIsJHpwk5XggB+IDe69iKKeb74Vt8aOe5usIWVASgi9ckqCwdfTqYu6KG9BlezqHZdExnIG2v/cD/3NkKr7O/a7DjlbE6FZ4G1nrOfVJkjmeAa6txtYm1Dm/f
-							</ds:X509Certificate>
-						</ds:X509Data>
-					</ds:KeyInfo>
-				</ds:Signature>
-				<saml2:Subject>
-					<saml2:NameID
-						Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
-						NameQualifier="http://cxf.apache.org/sts">alice</saml2:NameID>
-					<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" />
-				</saml2:Subject>
-				<saml2:Conditions NotBefore="2011-10-13T08:44:05.600Z"
-					NotOnOrAfter="2011-10-13T08:49:05.600Z">
-					<saml2:AudienceRestriction>
-						<saml2:Audience>http://localhost:8080/wsfedhelloworld/
-						</saml2:Audience>
-					</saml2:AudienceRestriction>
-				</saml2:Conditions>
-				<saml2:AttributeStatement>
-					<saml2:Attribute Name="givenname"
-						NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
-						<saml2:AttributeValue xsi:type="xs:string">Alice
-						</saml2:AttributeValue>
-					</saml2:Attribute>
-					<saml2:Attribute Name="surname"
-						NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
-						<saml2:AttributeValue xsi:type="xs:string">Smith
-						</saml2:AttributeValue>
-					</saml2:Attribute>
-					<saml2:Attribute Name="emailaddress"
-						NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
-						<saml2:AttributeValue xsi:type="xs:string">alice@mycompany.org
-						</saml2:AttributeValue>
-					</saml2:Attribute>
-					<saml2:Attribute Name="role"
-						NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
-						<saml2:AttributeValue xsi:type="xs:string">User
-						</saml2:AttributeValue>
-					</saml2:Attribute>
-				</saml2:AttributeStatement>
-			</saml2:Assertion>
-		</RequestedSecurityToken>
-		<RequestedAttachedReference>
-			<ns3:SecurityTokenReference
-				xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
-				wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
-				<ns3:KeyIdentifier
-					ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">#_93FDCC53AC1D5AE3EB131849544559910</ns3:KeyIdentifier>
-			</ns3:SecurityTokenReference>
-		</RequestedAttachedReference>
-		<RequestedUnattachedReference>
-			<ns3:SecurityTokenReference
-				xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
-				wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
-				<ns3:KeyIdentifier
-					ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_93FDCC53AC1D5AE3EB131849544559910</ns3:KeyIdentifier>
-			</ns3:SecurityTokenReference>
-		</RequestedUnattachedReference>
-		<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
-			<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
-				<wsa:Address>http://localhost:8080/wsfedhelloworld/</wsa:Address>
-			</wsa:EndpointReference>
-		</wsp:AppliesTo>
-		<Lifetime>
-			<ns2:Created>2011-10-13T08:44:05.608Z</ns2:Created>
-			<ns2:Expires>2011-10-13T08:49:05.608Z</ns2:Expires>
-		</Lifetime>
-	</RequestSecurityTokenResponse>
+<RequestSecurityTokenResponseCollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
+    xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+    xmlns:ns4="http://www.w3.org/2005/08/addressing" xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802">
+    <RequestSecurityTokenResponse>
+        <TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
+        </TokenType>
+        <RequestedSecurityToken>
+            <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema"
+                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_93FDCC53AC1D5AE3EB131849544559910"
+                IssueInstant="2011-10-13T08:44:05.599Z" Version="2.0" xsi:type="saml2:AssertionType">
+                <saml2:Issuer>DoubleItSTSIssuer</saml2:Issuer>
+                <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                    <ds:SignedInfo>
+                        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+                        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+                        <ds:Reference URI="#_93FDCC53AC1D5AE3EB131849544559910">
+                            <ds:Transforms>
+                                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+                                    <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
+                                        PrefixList="xs" />
+                                </ds:Transform>
+                            </ds:Transforms>
+                            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+                            <ds:DigestValue>3BwoTotMyMTFt40DCmi0ayEdnko=</ds:DigestValue>
+                        </ds:Reference>
+                    </ds:SignedInfo>
+                    <ds:SignatureValue>bXSIwaG+e2hDdpdDkciR3pjLbbpCLD/XwS+CezMygN/w2g1trgyaIlfkUvyAXVyk5ULJH9s+fFuecPgRm2n2JePm8Up2oZ0+vAJ6fvwQxbhhpuGz8j+OkVr11rGMjpVo1tFSVQNlq183blHVjjDQhGBl7TvoKAZsSGnhzoHclEY=
+                    </ds:SignatureValue>
+                    <ds:KeyInfo>
+                        <ds:X509Data>
+                            <ds:X509Certificate>MIID5jCCA0+gAwIBAgIJAPahVdM2UPibMA0GCSqGSIb3DQEBBQUAMIGpMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxEjAQBgNVBAcTCUJhbHRpbW9yZTEpMCcGA1UEChMgU2FtcGxlIFNUUyAtLSBOT1QgRk9SIFBST0RVQ1RJT04xFjAUBgNVBAsTDUlUIERlcGFydG1lbnQxFDASBgNVBAMTC3d3dy5zdHMuY29tMRowGAYJKoZIhvcNAQkBFgtzdHNAc3RzLmNvbTAeFw0xMTAyMDkxODM4MTNaFw0yMTAyMDYxODM4MTNaMIGpMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxEjAQBgNVBAcTCUJhbHRpbW9yZTEpMCcGA1UEChMgU2FtcGxlIFNUUyAtLSBOT1QgRk9SIFBST0RVQ1RJT04xFjAUBgNVBAsTDUlUIERlcGFydG1lbnQxFDASBgNVBAMTC3d3dy5zdHMuY29tMRowGAYJKoZIhvcNAQkBFgtzdHNAc3RzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo+f8gs4WcteLdSPWPm8+ciyEz7zVmA7kcCGFQQvlO0smxRViWJ1x+yniT5Uu86UrAQjxRJyANBomQrirfE7KPrnCm6iVOsGDEntuIZAf7DFPnrv5p++jAZQuR3vm4ZHXFOFTXmI+/FD5AqLfNi17xiTxZCDYyDdD39CNFTrB2PkCAwEAAaOCARIwggEOMB0GA1UdDgQWBBRa0A38holQIbJMFW7m5ZSw+iVDHDCB3gYDVR0jBIHWMIHTgBRa0A38holQIbJMFW7m5ZSw+iVDHKGBr6SBrDCBqTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMRIwEAYDVQQHEwlCYWx0aW1vc
 mUxKTAnBgNVBAoTIFNhbXBsZSBTVFMgLS0gTk9UIEZPUiBQUk9EVUNUSU9OMRYwFAYDVQQLEw1JVCBEZXBhcnRtZW50MRQwEgYDVQQDEwt3d3cuc3RzLmNvbTEaMBgGCSqGSIb3DQEJARYLc3RzQHN0cy5jb22CCQD2oVXTNlD4mzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACp9yK1I9r++pyFT0yrcaV1m1Sub6urJH+GxQLBaTnTsaPLuzq2gIsJHpwk5XggB+IDe69iKKeb74Vt8aOe5usIWVASgi9ckqCwdfTqYu6KG9BlezqHZdExnIG2v/cD/3NkKr7O/a7DjlbE6FZ4G1nrOfVJkjmeAa6txtYm1Dm/f
+                            </ds:X509Certificate>
+                        </ds:X509Data>
+                    </ds:KeyInfo>
+                </ds:Signature>
+                <saml2:Subject>
+                    <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+                        NameQualifier="http://cxf.apache.org/sts">alice</saml2:NameID>
+                    <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" />
+                </saml2:Subject>
+                <saml2:Conditions NotBefore="2011-10-13T08:44:05.600Z" NotOnOrAfter="2011-10-13T08:49:05.600Z">
+                    <saml2:AudienceRestriction>
+                        <saml2:Audience>http://localhost:8080/wsfedhelloworld/
+                        </saml2:Audience>
+                    </saml2:AudienceRestriction>
+                </saml2:Conditions>
+                <saml2:AttributeStatement>
+                    <saml2:Attribute Name="givenname" NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
+                        <saml2:AttributeValue xsi:type="xs:string">Alice
+                        </saml2:AttributeValue>
+                    </saml2:Attribute>
+                    <saml2:Attribute Name="surname" NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
+                        <saml2:AttributeValue xsi:type="xs:string">Smith
+                        </saml2:AttributeValue>
+                    </saml2:Attribute>
+                    <saml2:Attribute Name="emailaddress" NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
+                        <saml2:AttributeValue xsi:type="xs:string">alice@mycompany.org
+                        </saml2:AttributeValue>
+                    </saml2:Attribute>
+                    <saml2:Attribute Name="role" NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
+                        <saml2:AttributeValue xsi:type="xs:string">User
+                        </saml2:AttributeValue>
+                    </saml2:Attribute>
+                </saml2:AttributeStatement>
+            </saml2:Assertion>
+        </RequestedSecurityToken>
+        <RequestedAttachedReference>
+            <ns3:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
+                wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
+                <ns3:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">#_93FDCC53AC1D5AE3EB131849544559910</ns3:KeyIdentifier>
+            </ns3:SecurityTokenReference>
+        </RequestedAttachedReference>
+        <RequestedUnattachedReference>
+            <ns3:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
+                wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
+                <ns3:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_93FDCC53AC1D5AE3EB131849544559910</ns3:KeyIdentifier>
+            </ns3:SecurityTokenReference>
+        </RequestedUnattachedReference>
+        <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+            <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
+                <wsa:Address>http://localhost:8080/wsfedhelloworld/</wsa:Address>
+            </wsa:EndpointReference>
+        </wsp:AppliesTo>
+        <Lifetime>
+            <ns2:Created>2011-10-13T08:44:05.608Z</ns2:Created>
+            <ns2:Expires>2011-10-13T08:49:05.608Z</ns2:Expires>
+        </Lifetime>
+    </RequestSecurityTokenResponse>
 </RequestSecurityTokenResponseCollection>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/core/src/test/resources/fediz_meta_test_config.xml
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/resources/fediz_meta_test_config.xml b/plugins/core/src/test/resources/fediz_meta_test_config.xml
index cea7c63..f2619bc 100644
--- a/plugins/core/src/test/resources/fediz_meta_test_config.xml
+++ b/plugins/core/src/test/resources/fediz_meta_test_config.xml
@@ -1,106 +1,104 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <FedizConfig>
-	<contextConfig name="ROOT">
-		<audienceUris>
-			<audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
-		</audienceUris>
-		<certificateStores>
-			<trustManager>
-				<keyStore file="ststrust.jks" password="storepass"
-					type="JKS" />
-			</trustManager>
-		</certificateStores>
-		<trustedIssuers>
-			<issuer certificateValidation="PeerTrust" />
-		</trustedIssuers>
-		<maximumClockSkew>1000</maximumClockSkew>
-		<signingKey keyAlias="mystskey" keyPassword="stskpass">
-			<keyStore file="stsstore.jks" password="stsspass" type="JKS" />
-		</signingKey>
-		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-			xsi:type="federationProtocolType" version="1.2">
-			<realm>http://Server:Port/value from protocol.realm config property </realm>
-			<applicationServiceURL>http://Server:port/value from protocol.applicationServiceURL config property</applicationServiceURL>
-			<issuer>http://Server:Port/value from protocol.issuer config property</issuer>
-			<roleDelimiter>;</roleDelimiter>
-			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
-			<authenticationType value="some auth type" type="String" />
-			<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
-			<freshness>10000</freshness>
-			<reply>reply value</reply>
-			<request>REQUEST</request>
-			<claimTypesRequested>
-				<claimType type="a particular claim type" optional="true" />
-				<claimType type="another optional claim type" optional="true" />
-				<claimType type="and an mandatory claim type" optional="false" />
-			</claimTypesRequested>
-		</protocol>
-	</contextConfig>
-	<contextConfig name="ROOT_NO_KEY">
-		<audienceUris>
-			<audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
-		</audienceUris>
-		<certificateStores>
-			<trustManager>
-				<keyStore file="ststrust.jks" password="storepass"
-					type="JKS" />
-			</trustManager>
-		</certificateStores>
-		<trustedIssuers>
-			<issuer certificateValidation="PeerTrust" />
-		</trustedIssuers>
-		<maximumClockSkew>1000</maximumClockSkew>
-		<signingKey keyPassword="stskpass">
-			<keyStore file="stsstore.jks" password="stsspass" type="JKS" />
-		</signingKey>
-		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-			xsi:type="federationProtocolType" version="1.2">
-			<realm>http://Server:Port/value from protocol.realm config property </realm>
-			<issuer>http://Server:Port/value from protocol.issuer config property</issuer>
-			<roleDelimiter>;</roleDelimiter>
-			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
-			<authenticationType value="some auth type" type="String" />
-			<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
-			<freshness>10000</freshness>
-			<reply>reply value</reply>
-			<request>REQUEST</request>
-			<claimTypesRequested>
-				<claimType type="a particular claim type" optional="true" />
-				<claimType type="another optional claim type" optional="true" />
-				<claimType type="and an mandatory claim type" optional="false" />
-			</claimTypesRequested>
-		</protocol>
-	</contextConfig>
-	<contextConfig name="ROOT_NO_SIGNINGKEY">
-		<audienceUris>
-			<audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
-		</audienceUris>
-		<certificateStores>
-			<trustManager>
-				<keyStore file="ststrust.jks" password="storepass"
-					type="JKS" />
-			</trustManager>
-		</certificateStores>
-		<trustedIssuers>
-			<issuer certificateValidation="PeerTrust" />
-		</trustedIssuers>
-		<maximumClockSkew>1000</maximumClockSkew>
-		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-			xsi:type="federationProtocolType" version="1.2">
-			<realm>http://Server:Port/value from protocol.realm config property </realm>
-			<issuer>http://Server:Port/value from protocol.issuer config property</issuer>
-			<roleDelimiter>;</roleDelimiter>
-			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
-			<authenticationType value="some auth type" type="String" />
-			<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
-			<freshness>10000</freshness>
-			<reply>reply value</reply>
-			<request>REQUEST</request>
-			<claimTypesRequested>
-				<claimType type="a particular claim type" optional="true" />
-				<claimType type="another optional claim type" optional="true" />
-				<claimType type="and an mandatory claim type" optional="false" />
-			</claimTypesRequested>
-		</protocol>
-	</contextConfig>
+    <contextConfig name="ROOT">
+        <audienceUris>
+            <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="ststrust.jks" password="storepass" type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <signingKey keyAlias="mystskey" keyPassword="stskpass">
+            <keyStore file="stsstore.jks" password="stsspass" type="JKS" />
+        </signingKey>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="federationProtocolType"
+            version="1.2">
+            <realm>http://Server:Port/value from protocol.realm config property </realm>
+            <applicationServiceURL>http://Server:port/value from protocol.applicationServiceURL config property
+            </applicationServiceURL>
+            <issuer>http://Server:Port/value from protocol.issuer config property</issuer>
+            <roleDelimiter>;</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <authenticationType value="some auth type" type="String" />
+            <homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+            <freshness>10000</freshness>
+            <reply>reply value</reply>
+            <request>REQUEST</request>
+            <claimTypesRequested>
+                <claimType type="a particular claim type" optional="true" />
+                <claimType type="another optional claim type" optional="true" />
+                <claimType type="and an mandatory claim type" optional="false" />
+            </claimTypesRequested>
+        </protocol>
+    </contextConfig>
+    <contextConfig name="ROOT_NO_KEY">
+        <audienceUris>
+            <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="ststrust.jks" password="storepass" type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <signingKey keyPassword="stskpass">
+            <keyStore file="stsstore.jks" password="stsspass" type="JKS" />
+        </signingKey>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="federationProtocolType"
+            version="1.2">
+            <realm>http://Server:Port/value from protocol.realm config property </realm>
+            <issuer>http://Server:Port/value from protocol.issuer config property</issuer>
+            <roleDelimiter>;</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <authenticationType value="some auth type" type="String" />
+            <homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+            <freshness>10000</freshness>
+            <reply>reply value</reply>
+            <request>REQUEST</request>
+            <claimTypesRequested>
+                <claimType type="a particular claim type" optional="true" />
+                <claimType type="another optional claim type" optional="true" />
+                <claimType type="and an mandatory claim type" optional="false" />
+            </claimTypesRequested>
+        </protocol>
+    </contextConfig>
+    <contextConfig name="ROOT_NO_SIGNINGKEY">
+        <audienceUris>
+            <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="ststrust.jks" password="storepass" type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="federationProtocolType"
+            version="1.2">
+            <realm>http://Server:Port/value from protocol.realm config property </realm>
+            <issuer>http://Server:Port/value from protocol.issuer config property</issuer>
+            <roleDelimiter>;</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <authenticationType value="some auth type" type="String" />
+            <homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+            <freshness>10000</freshness>
+            <reply>reply value</reply>
+            <request>REQUEST</request>
+            <claimTypesRequested>
+                <claimType type="a particular claim type" optional="true" />
+                <claimType type="another optional claim type" optional="true" />
+                <claimType type="and an mandatory claim type" optional="false" />
+            </claimTypesRequested>
+        </protocol>
+    </contextConfig>
 </FedizConfig>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/core/src/test/resources/fediz_meta_test_config_saml.xml
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/resources/fediz_meta_test_config_saml.xml b/plugins/core/src/test/resources/fediz_meta_test_config_saml.xml
index 2151ce5..96c94a2 100644
--- a/plugins/core/src/test/resources/fediz_meta_test_config_saml.xml
+++ b/plugins/core/src/test/resources/fediz_meta_test_config_saml.xml
@@ -1,90 +1,84 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <FedizConfig>
-	<contextConfig name="ROOT">
-		<audienceUris>
-			<audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
-		</audienceUris>
-		<certificateStores>
-			<trustManager>
-				<keyStore file="ststrust.jks" password="storepass"
-					type="JKS" />
-			</trustManager>
-		</certificateStores>
-		<trustedIssuers>
-			<issuer certificateValidation="PeerTrust" />
-		</trustedIssuers>
-		<maximumClockSkew>1000</maximumClockSkew>
-		<signingKey keyAlias="mystskey" keyPassword="stskpass">
-			<keyStore file="stsstore.jks" password="stsspass" type="JKS" />
-		</signingKey>
-		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-			xsi:type="samlProtocolType" version="1.2">
-			<issuer>http://url_to_the_issuer</issuer>
-			<roleDelimiter>;</roleDelimiter>
-			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
-			<claimTypesRequested>
-				<claimType type="a particular claim type" optional="true" />
-			</claimTypesRequested>
-			<signRequest>true</signRequest>
-		</protocol>
-		<logoutURL>/secure/logout</logoutURL>
+    <contextConfig name="ROOT">
+        <audienceUris>
+            <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="ststrust.jks" password="storepass" type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <signingKey keyAlias="mystskey" keyPassword="stskpass">
+            <keyStore file="stsstore.jks" password="stsspass" type="JKS" />
+        </signingKey>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="samlProtocolType" version="1.2">
+            <issuer>http://url_to_the_issuer</issuer>
+            <roleDelimiter>;</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <claimTypesRequested>
+                <claimType type="a particular claim type" optional="true" />
+            </claimTypesRequested>
+            <signRequest>true</signRequest>
+        </protocol>
+        <logoutURL>/secure/logout</logoutURL>
         <logoutRedirectTo>/index.html</logoutRedirectTo>
-	</contextConfig>
-	<contextConfig name="ROOT_NO_KEY">
-		<audienceUris>
-			<audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
-		</audienceUris>
-		<certificateStores>
-			<trustManager>
-				<keyStore file="ststrust.jks" password="storepass"
-					type="JKS" />
-			</trustManager>
-		</certificateStores>
-		<trustedIssuers>
-			<issuer certificateValidation="PeerTrust" />
-		</trustedIssuers>
-		<maximumClockSkew>1000</maximumClockSkew>
-		<signingKey keyPassword="stskpass">
-			<keyStore file="stsstore.jks" password="stsspass" type="JKS" />
-		</signingKey>
-		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-			xsi:type="samlProtocolType" version="1.2">
-			<issuer>http://url_to_the_issuer</issuer>
-			<roleDelimiter>;</roleDelimiter>
-			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
-			<claimTypesRequested>
-				<claimType type="a particular claim type" optional="true" />
-			</claimTypesRequested>
-			<signRequest>true</signRequest>
-		</protocol>
-		<logoutURL>/secure/logout</logoutURL>
+    </contextConfig>
+    <contextConfig name="ROOT_NO_KEY">
+        <audienceUris>
+            <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="ststrust.jks" password="storepass" type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <signingKey keyPassword="stskpass">
+            <keyStore file="stsstore.jks" password="stsspass" type="JKS" />
+        </signingKey>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="samlProtocolType" version="1.2">
+            <issuer>http://url_to_the_issuer</issuer>
+            <roleDelimiter>;</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <claimTypesRequested>
+                <claimType type="a particular claim type" optional="true" />
+            </claimTypesRequested>
+            <signRequest>true</signRequest>
+        </protocol>
+        <logoutURL>/secure/logout</logoutURL>
         <logoutRedirectTo>/index.html</logoutRedirectTo>
-	</contextConfig>
-	<contextConfig name="ROOT_NO_SIGNINGKEY">
-		<audienceUris>
-			<audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
-		</audienceUris>
-		<certificateStores>
-			<trustManager>
-				<keyStore file="ststrust.jks" password="storepass"
-					type="JKS" />
-			</trustManager>
-		</certificateStores>
-		<trustedIssuers>
-			<issuer certificateValidation="PeerTrust" />
-		</trustedIssuers>
-		<maximumClockSkew>1000</maximumClockSkew>
-		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-			xsi:type="samlProtocolType" version="1.2">
-			<issuer>http://url_to_the_issuer</issuer>
-			<roleDelimiter>;</roleDelimiter>
-			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
-			<claimTypesRequested>
-				<claimType type="a particular claim type" optional="true" />
-			</claimTypesRequested>
-			<signRequest>true</signRequest>
-		</protocol>
-		<logoutURL>/secure/logout</logoutURL>
+    </contextConfig>
+    <contextConfig name="ROOT_NO_SIGNINGKEY">
+        <audienceUris>
+            <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="ststrust.jks" password="storepass" type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="samlProtocolType" version="1.2">
+            <issuer>http://url_to_the_issuer</issuer>
+            <roleDelimiter>;</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <claimTypesRequested>
+                <claimType type="a particular claim type" optional="true" />
+            </claimTypesRequested>
+            <signRequest>true</signRequest>
+        </protocol>
+        <logoutURL>/secure/logout</logoutURL>
         <logoutRedirectTo>/index.html</logoutRedirectTo>
-	</contextConfig>
+    </contextConfig>
 </FedizConfig>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/pom.xml b/plugins/pom.xml
index fc76665..e81424c 100644
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -31,7 +31,7 @@
 
    <modules>
       <module>core</module>
-      <module>tomcat</module>
+      <module>tomcat7</module>
       <module>jetty</module>
       <module>spring</module>
       <module>spring2</module>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/tomcat/README.txt
----------------------------------------------------------------------
diff --git a/plugins/tomcat/README.txt b/plugins/tomcat/README.txt
deleted file mode 100644
index 94565bb..0000000
--- a/plugins/tomcat/README.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Fediz configuration in Tomcat
------------------------------
-
-The Tomcat installation must be updated before a Web Application can be deployed.
-
-The following wiki page gives instructions how to do that:
-http://cxf.apache.org/fediz-tomcat.html
-
-The following wiki page explains the fediz configuration which is Container independent:
-http://cxf.apache.org/fediz-configuration.html

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/tomcat/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/tomcat/pom.xml b/plugins/tomcat/pom.xml
deleted file mode 100644
index 7775e10..0000000
--- a/plugins/tomcat/pom.xml
+++ /dev/null
@@ -1,78 +0,0 @@
-<?xml version="1.0"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <parent>
-        <groupId>org.apache.cxf.fediz</groupId>
-        <artifactId>plugin</artifactId>
-        <version>1.2.0-SNAPSHOT</version>
-        <relativePath>../pom.xml</relativePath>
-    </parent>
-    <artifactId>fediz-tomcat</artifactId>
-    <name>Apache Fediz Plugin Tomcat</name>
-    <packaging>jar</packaging>
-    <properties>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    </properties>
-    <dependencies>
-        <dependency>
-            <groupId>org.apache.tomcat</groupId>
-            <artifactId>tomcat-catalina</artifactId>
-            <version>${tomcat.version}</version>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>${junit.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf.fediz</groupId>
-            <artifactId>fediz-core</artifactId>
-            <version>${project.version}</version>
-            <type>jar</type>
-            <scope>compile</scope>
-        </dependency>
-    </dependencies>
-    <build>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-assembly-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <id>zip-file</id>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>attached</goal>
-                        </goals>
-                        <configuration>
-                            <descriptors>
-                                <descriptor>src/main/assembly/assembly.xml</descriptor>
-                            </descriptors>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
-        </plugins>
-    </build>
-</project>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/tomcat/src/main/assembly/assembly.xml
----------------------------------------------------------------------
diff --git a/plugins/tomcat/src/main/assembly/assembly.xml b/plugins/tomcat/src/main/assembly/assembly.xml
deleted file mode 100644
index fb0d6aa..0000000
--- a/plugins/tomcat/src/main/assembly/assembly.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0
-http://maven.apache.org/xsd/assembly-1.1.0.xsd">
-  <id>zip-with-dependencies</id>
-  <formats>
-    <format>zip</format>
-  </formats>
-  <includeBaseDirectory>false</includeBaseDirectory>
-  <dependencySets>
-    <dependencySet>
-      <outputDirectory>/</outputDirectory>
-      <useProjectArtifact>true</useProjectArtifact>
-      <unpack>false</unpack>
-      <scope>runtime</scope>
-    </dependencySet>
-  </dependencySets>
-</assembly>


Mime
View raw message