cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: Adding some tests
Date Mon, 14 Dec 2015 16:37:05 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master b125218df -> 85eb8cc50


Adding some tests


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/85eb8cc5
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/85eb8cc5
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/85eb8cc5

Branch: refs/heads/master
Commit: 85eb8cc50da6f2deb972e474cc2a032ba06b48fc
Parents: b125218
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Dec 14 16:36:49 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Dec 14 16:37:01 2015 +0000

----------------------------------------------------------------------
 .../integrationtests/AbstractAttackTests.java   | 237 +++++++++++++++++++
 .../fediz/integrationtests/AbstractTests.java   | 144 ++---------
 .../BadWReqCallbackHandler.java                 |  48 ----
 .../cxf/fediz/integrationtests/BadWReqTest.java | 197 ---------------
 .../test/resources/fediz_config_bad_wreq.xml    |  57 -----
 .../BadWReqCallbackHandler.java                 |  48 ----
 .../cxf/fediz/integrationtests/BadWReqTest.java | 197 ---------------
 .../test/resources/fediz_config_bad_wreq.xml    |  57 -----
 8 files changed, 257 insertions(+), 728 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/85eb8cc5/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java
new file mode 100644
index 0000000..be8ca4d
--- /dev/null
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractAttackTests.java
@@ -0,0 +1,237 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+import java.net.URLEncoder;
+
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.wss4j.dom.engine.WSSConfig;
+import org.junit.Assert;
+import org.junit.Test;
+
+import com.gargoylesoftware.htmlunit.CookieManager;
+import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
+import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.html.DomElement;
+import com.gargoylesoftware.htmlunit.html.DomNodeList;
+import com.gargoylesoftware.htmlunit.html.HtmlForm;
+import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
+
+/**
+ * Some negative/attack tests for the IdP/RP
+ */
+public abstract class AbstractAttackTests {
+    
+    static final String TEST_WREQ = 
+        "<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
+        + "<TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV3.0</TokenType>"
+        + "</RequestSecurityToken>";
+    
+    static {
+        WSSConfig.init();
+    }
+
+    public AbstractAttackTests() {
+        super();
+    }
+
+    public abstract String getServletContextName();
+    
+    public abstract String getIdpHttpsPort();
+
+    public abstract String getRpHttpsPort();
+
+    @Test
+    public void testAliceModifiedSignature() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() 
+            + "/secure/fedservlet";
+        String user = "alice";
+        String password = "ecila";
+        
+        // Get the initial token
+        CookieManager cookieManager = new CookieManager();
+        final WebClient webClient = new WebClient();
+        webClient.setCookieManager(cookieManager);
+        webClient.getOptions().setUseInsecureSSL(true);
+        webClient.getCredentialsProvider().setCredentials(
+            new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+            new UsernamePasswordCredentials(user, password));
+
+        webClient.getOptions().setJavaScriptEnabled(false);
+        final HtmlPage idpPage = webClient.getPage(url);
+        webClient.getOptions().setJavaScriptEnabled(true);
+        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+
+        // Parse the form to get the token (wresult)
+        DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
+
+        for (DomElement result : results) {
+            if ("wresult".equals(result.getAttributeNS(null, "name"))) {
+                // Now modify the Signature
+                String value = result.getAttributeNS(null, "value");
+                value = value.replace("alice", "bob");
+                result.setAttributeNS(null, "value", value);
+            }
+        }
+        
+        // Invoke back on the RP
+        
+        final HtmlForm form = idpPage.getFormByName("signinresponseform");
+        final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+
+        try {
+            button.click();
+            Assert.fail("Failure expected on a modified signature");
+        } catch (FailingHttpStatusCodeException ex) {
+            // expected
+            Assert.assertTrue(ex.getMessage().contains("401 Unauthorized")
+                              || ex.getMessage().contains("401 Authentication Failed")
+                              || ex.getMessage().contains("403 Forbidden"));
+        }
+
+        webClient.close();
+    }
+    
+    @Test
+    public void testConcurrentRequests() throws Exception {
+        
+        String url1 = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
+        String url2 = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/test.html";
+        String user = "bob";
+        String password = "bob";
+        
+        // Get the initial token
+        CookieManager cookieManager = new CookieManager();
+        final WebClient webClient = new WebClient();
+        webClient.setCookieManager(cookieManager);
+        webClient.getOptions().setUseInsecureSSL(true);
+        webClient.getCredentialsProvider().setCredentials(
+            new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+            new UsernamePasswordCredentials(user, password));
+
+        webClient.getOptions().setJavaScriptEnabled(false);
+        final HtmlPage idpPage1 = webClient.getPage(url1);
+        final HtmlPage idpPage2 = webClient.getPage(url2);
+        webClient.getOptions().setJavaScriptEnabled(true);
+        Assert.assertEquals("IDP SignIn Response Form", idpPage1.getTitleText());
+        Assert.assertEquals("IDP SignIn Response Form", idpPage2.getTitleText());
+        
+        // Invoke back on the page1 RP
+        final HtmlForm form = idpPage1.getFormByName("signinresponseform");
+        final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+        final HtmlPage rpPage1 = button.click();
+        Assert.assertTrue("WS Federation Systests Examples".equals(rpPage1.getTitleText())
+                          || "WS Federation Systests Spring Examples".equals(rpPage1.getTitleText()));
+        
+        String bodyTextContent1 = rpPage1.getBody().getTextContent();
+
+        Assert.assertTrue("Principal not " + user,
+                          bodyTextContent1.contains("userPrincipal=" + user));
+
+        // Invoke back on the page2 RP
+        final HtmlForm form2 = idpPage2.getFormByName("signinresponseform");
+        final HtmlSubmitInput button2 = form2.getInputByName("_eventId_submit");
+        final HtmlPage rpPage2 = button2.click();
+        String bodyTextContent2 = rpPage2.getBody().getTextContent();
+
+        Assert.assertTrue("Unexpected content of RP page", bodyTextContent2.contains("Secure Test"));
+
+        webClient.close();
+    }
+    
+    @org.junit.Test
+    public void testMaliciousRedirect() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
+        String user = "alice";
+        String password = "ecila";
+        
+        CookieManager cookieManager = new CookieManager();
+        
+        // 1. Login
+        HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), cookieManager);
+        
+        // 2. Now we should have a cookie from the RP and IdP and should be able to do
+        // subsequent requests without authenticate again. Lets test this first.
+        WebClient webClient = new WebClient();
+        webClient.setCookieManager(cookieManager);
+        webClient.getOptions().setUseInsecureSSL(true);
+        HtmlPage rpPage = webClient.getPage(url);
+        Assert.assertTrue("WS Federation Systests Examples".equals(rpPage.getTitleText())
+                          || "WS Federation Systests Spring Examples".equals(rpPage.getTitleText()));
+        
+        // 3. Now a malicious user sends the client a URL with a bad "wreply" address to the IdP
+        String maliciousURL = "https://www.apache.org/attack";
+        String idpUrl
+         = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation";
+        idpUrl += "?wa=wsignin1.0&wreply=" + URLEncoder.encode(maliciousURL, "UTF-8");
+        idpUrl += "&wtrealm=urn%3Aorg%3Aapache%3Acxf%3Afediz%3Afedizhelloworld";
+        idpUrl += "&whr=urn%3Aorg%3Aapache%3Acxf%3Afediz%3Aidp%3Arealm-A";
+        webClient.close();
+        
+        final WebClient webClient2 = new WebClient();
+        webClient2.setCookieManager(cookieManager);
+        webClient2.getOptions().setUseInsecureSSL(true);
+        webClient2.getCredentialsProvider().setCredentials(
+            new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+            new UsernamePasswordCredentials(user, password));
+
+        webClient2.getOptions().setJavaScriptEnabled(false);
+        try {
+            webClient2.getPage(idpUrl);
+            Assert.fail("Failure expected on a bad wreply address");
+        } catch (FailingHttpStatusCodeException ex) {
+            Assert.assertEquals(ex.getStatusCode(), 400);
+        }
+        webClient2.close();
+    }
+    
+    // Send an unknown wreq value
+    @org.junit.Test
+    public void testBadWReq() throws Exception {
+        String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
+        url += "wa=wsignin1.0";
+        url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
+        url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
+        String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
+        url += "&wreply=" + wreply;
+        url += "&wreq=" + URLEncoder.encode(TEST_WREQ, "UTF-8");
+        
+        String user = "alice";
+        String password = "ecila";
+        
+        final WebClient webClient = new WebClient();
+        webClient.getOptions().setUseInsecureSSL(true);
+        webClient.getCredentialsProvider().setCredentials(
+            new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+            new UsernamePasswordCredentials(user, password));
+
+        webClient.getOptions().setJavaScriptEnabled(false);
+        try {
+            webClient.getPage(url);
+            Assert.fail("Failure expected on a bad wreq value");
+        } catch (FailingHttpStatusCodeException ex) {
+            Assert.assertEquals(ex.getStatusCode(), 400);
+        }
+        
+        webClient.close();
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/85eb8cc5/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index 63ff980..9a28760 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -19,8 +19,6 @@
 
 package org.apache.cxf.fediz.integrationtests;
 
-import java.net.URLEncoder;
-
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -30,9 +28,7 @@ import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
 import com.gargoylesoftware.htmlunit.WebClient;
 import com.gargoylesoftware.htmlunit.html.DomElement;
 import com.gargoylesoftware.htmlunit.html.DomNodeList;
-import com.gargoylesoftware.htmlunit.html.HtmlForm;
 import com.gargoylesoftware.htmlunit.html.HtmlPage;
-import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
 import com.gargoylesoftware.htmlunit.xml.XmlPage;
 
 import org.apache.cxf.fediz.core.ClaimTypes;
@@ -46,7 +42,12 @@ import org.apache.xml.security.signature.XMLSignature;
 import org.junit.Assert;
 import org.junit.Test;
 
-public abstract class AbstractTests {
+public abstract class AbstractTests extends AbstractAttackTests {
+    
+    static final String TEST_WREQ = 
+        "<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
+        + "<TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV3.0</TokenType>"
+        + "</RequestSecurityToken>";
     
     static {
         WSSConfig.init();
@@ -557,17 +558,19 @@ public abstract class AbstractTests {
         webClient.close();
     }
     
-    @Test
-    public void testAliceModifiedSignature() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() 
-            + "/secure/fedservlet";
+    @org.junit.Test
+    public void testSuccessfulInvokeOnIdP() throws Exception {
+        String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
+        url += "wa=wsignin1.0";
+        url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
+        url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
+        String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
+        url += "&wreply=" + wreply;
+        
         String user = "alice";
         String password = "ecila";
         
-        // Get the initial token
-        CookieManager cookieManager = new CookieManager();
         final WebClient webClient = new WebClient();
-        webClient.setCookieManager(cookieManager);
         webClient.getOptions().setUseInsecureSSL(true);
         webClient.getCredentialsProvider().setCredentials(
             new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
@@ -577,128 +580,21 @@ public abstract class AbstractTests {
         final HtmlPage idpPage = webClient.getPage(url);
         webClient.getOptions().setJavaScriptEnabled(true);
         Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
+        
         // Parse the form to get the token (wresult)
         DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
 
+        String wresult = null;
         for (DomElement result : results) {
             if ("wresult".equals(result.getAttributeNS(null, "name"))) {
-                // Now modify the Signature
-                String value = result.getAttributeNS(null, "value");
-                value = value.replace("alice", "bob");
-                result.setAttributeNS(null, "value", value);
+                wresult = result.getAttributeNS(null, "value");
+                break;
             }
         }
         
-        // Invoke back on the RP
-        
-        final HtmlForm form = idpPage.getFormByName("signinresponseform");
-        final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
-
-        try {
-            button.click();
-            Assert.fail("Failure expected on a modified signature");
-        } catch (FailingHttpStatusCodeException ex) {
-            // expected
-            Assert.assertTrue(ex.getMessage().contains("401 Unauthorized")
-                              || ex.getMessage().contains("401 Authentication Failed")
-                              || ex.getMessage().contains("403 Forbidden"));
-        }
-
-        webClient.close();
-    }
-    
-    @Test
-    public void testConcurrentRequests() throws Exception {
-        
-        String url1 = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
-        String url2 = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/test.html";
-        String user = "bob";
-        String password = "bob";
-        
-        // Get the initial token
-        CookieManager cookieManager = new CookieManager();
-        final WebClient webClient = new WebClient();
-        webClient.setCookieManager(cookieManager);
-        webClient.getOptions().setUseInsecureSSL(true);
-        webClient.getCredentialsProvider().setCredentials(
-            new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
-            new UsernamePasswordCredentials(user, password));
-
-        webClient.getOptions().setJavaScriptEnabled(false);
-        final HtmlPage idpPage1 = webClient.getPage(url1);
-        final HtmlPage idpPage2 = webClient.getPage(url2);
-        webClient.getOptions().setJavaScriptEnabled(true);
-        Assert.assertEquals("IDP SignIn Response Form", idpPage1.getTitleText());
-        Assert.assertEquals("IDP SignIn Response Form", idpPage2.getTitleText());
-        
-        // Invoke back on the page1 RP
-        final HtmlForm form = idpPage1.getFormByName("signinresponseform");
-        final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
-        final HtmlPage rpPage1 = button.click();
-        Assert.assertTrue("WS Federation Systests Examples".equals(rpPage1.getTitleText())
-                          || "WS Federation Systests Spring Examples".equals(rpPage1.getTitleText()));
-        
-        String bodyTextContent1 = rpPage1.getBody().getTextContent();
-
-        Assert.assertTrue("Principal not " + user,
-                          bodyTextContent1.contains("userPrincipal=" + user));
-
-        // Invoke back on the page2 RP
-        final HtmlForm form2 = idpPage2.getFormByName("signinresponseform");
-        final HtmlSubmitInput button2 = form2.getInputByName("_eventId_submit");
-        final HtmlPage rpPage2 = button2.click();
-        String bodyTextContent2 = rpPage2.getBody().getTextContent();
-
-        Assert.assertTrue("Unexpected content of RP page", bodyTextContent2.contains("Secure Test"));
-
-        webClient.close();
-    }
-    
-    @org.junit.Test
-    public void testMaliciousRedirect() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
-        String user = "alice";
-        String password = "ecila";
-        
-        CookieManager cookieManager = new CookieManager();
-        
-        // 1. Login
-        HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), cookieManager);
+        Assert.assertNotNull(wresult);
         
-        // 2. Now we should have a cookie from the RP and IdP and should be able to do
-        // subsequent requests without authenticate again. Lets test this first.
-        WebClient webClient = new WebClient();
-        webClient.setCookieManager(cookieManager);
-        webClient.getOptions().setUseInsecureSSL(true);
-        HtmlPage rpPage = webClient.getPage(url);
-        Assert.assertTrue("WS Federation Systests Examples".equals(rpPage.getTitleText())
-                          || "WS Federation Systests Spring Examples".equals(rpPage.getTitleText()));
-        
-        // 3. Now a malicious user sends the client a URL with a bad "wreply" address to the IdP
-        String maliciousURL = "https://www.apache.org/attack";
-        String idpUrl
-         = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation";
-        idpUrl += "?wa=wsignin1.0&wreply=" + URLEncoder.encode(maliciousURL, "UTF-8");
-        idpUrl += "&wtrealm=urn%3Aorg%3Aapache%3Acxf%3Afediz%3Afedizhelloworld";
-        idpUrl += "&whr=urn%3Aorg%3Aapache%3Acxf%3Afediz%3Aidp%3Arealm-A";
         webClient.close();
-        
-        final WebClient webClient2 = new WebClient();
-        webClient2.setCookieManager(cookieManager);
-        webClient2.getOptions().setUseInsecureSSL(true);
-        webClient2.getCredentialsProvider().setCredentials(
-            new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
-            new UsernamePasswordCredentials(user, password));
-
-        webClient2.getOptions().setJavaScriptEnabled(false);
-        try {
-            webClient2.getPage(idpUrl);
-            Assert.fail("Failure expected on a bad wreply address");
-        } catch (FailingHttpStatusCodeException ex) {
-            Assert.assertEquals(ex.getStatusCode(), 400);
-        }
-        webClient2.close();
     }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/85eb8cc5/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqCallbackHandler.java b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqCallbackHandler.java
deleted file mode 100644
index a35d286..0000000
--- a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqCallbackHandler.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.integrationtests;
-
-import java.io.IOException;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
-
-import org.apache.cxf.fediz.core.spi.WReqCallback;
-
-public class BadWReqCallbackHandler implements CallbackHandler {
-
-    static final String TEST_WREQ = 
-        "<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
-        + "<TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV3.0</TokenType>"
-        + "</RequestSecurityToken>";
-    
-    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
-        for (int i = 0; i < callbacks.length; i++) {
-            if (callbacks[i] instanceof WReqCallback) {
-                WReqCallback callback = (WReqCallback) callbacks[i];
-                callback.setWreq(TEST_WREQ);
-            } else {
-                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
-            }
-        }
-    }
-
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/85eb8cc5/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqTest.java b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqTest.java
deleted file mode 100644
index d647312..0000000
--- a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqTest.java
+++ /dev/null
@@ -1,197 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.integrationtests;
-
-import java.io.File;
-
-import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
-
-import org.apache.catalina.Context;
-import org.apache.catalina.LifecycleState;
-import org.apache.catalina.connector.Connector;
-import org.apache.catalina.startup.Tomcat;
-import org.apache.cxf.fediz.tomcat7.FederationAuthenticator;
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-
-/**
- * A test for sending a TokenType request to the IdP via the "wreq" parameter. This test sends
- * a "bad" TokenType, and so a failure is expected.
- */
-public class BadWReqTest {
-
-    static String idpHttpsPort;
-    static String rpHttpsPort;
-    
-    private static Tomcat idpServer;
-    private static Tomcat rpServer;
-    
-    @BeforeClass
-    public static void init() {
-        System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
-        System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
-        System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");  
-        
-        idpHttpsPort = System.getProperty("idp.https.port");
-        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
-        rpHttpsPort = System.getProperty("rp.https.port");
-        Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
-
-        initIdp();
-        initRp();
-    }
-    
-    private static void initIdp() {
-        try {
-            idpServer = new Tomcat();
-            idpServer.setPort(0);
-            String currentDir = new File(".").getCanonicalPath();
-            idpServer.setBaseDir(currentDir + File.separator + "target");
-            
-            idpServer.getHost().setAppBase("tomcat/idp/webapps");
-            idpServer.getHost().setAutoDeploy(true);
-            idpServer.getHost().setDeployOnStartup(true);
-            
-            Connector httpsConnector = new Connector();
-            httpsConnector.setPort(Integer.parseInt(idpHttpsPort));
-            httpsConnector.setSecure(true);
-            httpsConnector.setScheme("https");
-            //httpsConnector.setAttribute("keyAlias", keyAlias);
-            httpsConnector.setAttribute("keystorePass", "tompass");
-            httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
-            httpsConnector.setAttribute("truststorePass", "tompass");
-            httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
-            httpsConnector.setAttribute("clientAuth", "want");
-            // httpsConnector.setAttribute("clientAuth", "false");
-            httpsConnector.setAttribute("sslProtocol", "TLS");
-            httpsConnector.setAttribute("SSLEnabled", true);
-
-            idpServer.getService().addConnector(httpsConnector);
-            
-            idpServer.addWebapp("/fediz-idp-sts", "fediz-idp-sts");
-            idpServer.addWebapp("/fediz-idp", "fediz-idp");
-            
-            idpServer.start();
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-    }
-    
-    private static void initRp() {
-        try {
-            rpServer = new Tomcat();
-            rpServer.setPort(0);
-            String currentDir = new File(".").getCanonicalPath();
-            rpServer.setBaseDir(currentDir + File.separator + "target");
-            
-            rpServer.getHost().setAppBase("tomcat/rp/webapps");
-            rpServer.getHost().setAutoDeploy(true);
-            rpServer.getHost().setDeployOnStartup(true);
-            
-            Connector httpsConnector = new Connector();
-            httpsConnector.setPort(Integer.parseInt(rpHttpsPort));
-            httpsConnector.setSecure(true);
-            httpsConnector.setScheme("https");
-            //httpsConnector.setAttribute("keyAlias", keyAlias);
-            httpsConnector.setAttribute("keystorePass", "tompass");
-            httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
-            httpsConnector.setAttribute("truststorePass", "tompass");
-            httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
-            // httpsConnector.setAttribute("clientAuth", "false");
-            httpsConnector.setAttribute("clientAuth", "want");
-            httpsConnector.setAttribute("sslProtocol", "TLS");
-            httpsConnector.setAttribute("SSLEnabled", true);
-
-            rpServer.getService().addConnector(httpsConnector);
-            
-            //Context ctx =
-            Context cxt = rpServer.addWebapp("/fedizhelloworld", "simpleWebapp");
-            FederationAuthenticator fa = new FederationAuthenticator();
-            fa.setConfigFile(currentDir + File.separator + "target" + File.separator
-                             + "test-classes" + File.separator + "fediz_config_bad_wreq.xml");
-            cxt.getPipeline().addValve(fa);
-            
-            
-            rpServer.start();
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-    }
-    
-    @AfterClass
-    public static void cleanup() {
-        try {
-            if (idpServer.getServer() != null
-                && idpServer.getServer().getState() != LifecycleState.DESTROYED) {
-                if (idpServer.getServer().getState() != LifecycleState.STOPPED) {
-                    idpServer.stop();
-                }
-                idpServer.destroy();
-            }
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-
-        try {
-            if (rpServer.getServer() != null
-                && rpServer.getServer().getState() != LifecycleState.DESTROYED) {
-                if (rpServer.getServer().getState() != LifecycleState.STOPPED) {
-                    rpServer.stop();
-                }
-                rpServer.destroy();
-            }
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-    }
-
-    public String getIdpHttpsPort() {
-        return idpHttpsPort;
-    }
-
-    public String getRpHttpsPort() {
-        return rpHttpsPort;
-    }
-    
-    public String getServletContextName() {
-        return "fedizhelloworld";
-    }
-    
-    @org.junit.Test
-    public void testSAML1TokenViaWReq() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
-        String user = "alice";
-        String password = "ecila";
-        
-        try {
-            HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
-            Assert.fail("Exception expected");
-        } catch (FailingHttpStatusCodeException ex) {
-            Assert.assertEquals(ex.getStatusCode(), 400);
-        }
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/85eb8cc5/systests/tomcat7/src/test/resources/fediz_config_bad_wreq.xml
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/resources/fediz_config_bad_wreq.xml b/systests/tomcat7/src/test/resources/fediz_config_bad_wreq.xml
deleted file mode 100644
index 91432e0..0000000
--- a/systests/tomcat7/src/test/resources/fediz_config_bad_wreq.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file. 
-     Keystore referenced below must have IDP STS' public cert included in it.  This example re-uses the Tomcat SSL 
-     keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead. 
--->
-<FedizConfig>
-    <contextConfig name="/fedizhelloworld">
-        <audienceUris>
-            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
-        </audienceUris>
-        <certificateStores>
-            <trustManager>
-                <keyStore file="test-classes/clienttrust.jks"
-                          password="storepass" type="JKS" />
-            </trustManager>
-        </certificateStores>
-        <trustedIssuers>
-            <issuer certificateValidation="PeerTrust" />
-        </trustedIssuers>
-        <maximumClockSkew>1000</maximumClockSkew>
-        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-            xsi:type="federationProtocolType" version="1.0.0">
-            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
-            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
-            <roleDelimiter>,</roleDelimiter>
-            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
-            <freshness>10</freshness>
-            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
-            <claimTypesRequested>
-                <claimType type="a particular claim type"
-                           optional="true" />
-            </claimTypesRequested>
-            <request type="Class">org.apache.cxf.fediz.integrationtests.BadWReqCallbackHandler</request>
-        </protocol>
-        <logoutURL>/secure/logout</logoutURL>
-        <logoutRedirectTo>/index.html</logoutRedirectTo>
-    </contextConfig>
-</FedizConfig>
-

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/85eb8cc5/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqCallbackHandler.java b/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqCallbackHandler.java
deleted file mode 100644
index a35d286..0000000
--- a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqCallbackHandler.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.integrationtests;
-
-import java.io.IOException;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
-
-import org.apache.cxf.fediz.core.spi.WReqCallback;
-
-public class BadWReqCallbackHandler implements CallbackHandler {
-
-    static final String TEST_WREQ = 
-        "<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
-        + "<TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV3.0</TokenType>"
-        + "</RequestSecurityToken>";
-    
-    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
-        for (int i = 0; i < callbacks.length; i++) {
-            if (callbacks[i] instanceof WReqCallback) {
-                WReqCallback callback = (WReqCallback) callbacks[i];
-                callback.setWreq(TEST_WREQ);
-            } else {
-                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
-            }
-        }
-    }
-
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/85eb8cc5/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqTest.java b/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqTest.java
deleted file mode 100644
index 18545d5..0000000
--- a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqTest.java
+++ /dev/null
@@ -1,197 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.integrationtests;
-
-import java.io.File;
-
-import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
-
-import org.apache.catalina.Context;
-import org.apache.catalina.LifecycleState;
-import org.apache.catalina.connector.Connector;
-import org.apache.catalina.startup.Tomcat;
-import org.apache.cxf.fediz.tomcat8.FederationAuthenticator;
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-
-/**
- * A test for sending a TokenType request to the IdP via the "wreq" parameter. This test sends
- * a "bad" TokenType, and so a failure is expected.
- */
-public class BadWReqTest {
-
-    static String idpHttpsPort;
-    static String rpHttpsPort;
-    
-    private static Tomcat idpServer;
-    private static Tomcat rpServer;
-    
-    @BeforeClass
-    public static void init() {
-        System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
-        System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
-        System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");  
-        
-        idpHttpsPort = System.getProperty("idp.https.port");
-        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
-        rpHttpsPort = System.getProperty("rp.https.port");
-        Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
-
-        initIdp();
-        initRp();
-    }
-    
-    private static void initIdp() {
-        try {
-            idpServer = new Tomcat();
-            idpServer.setPort(0);
-            String currentDir = new File(".").getCanonicalPath();
-            idpServer.setBaseDir(currentDir + File.separator + "target");
-            
-            idpServer.getHost().setAppBase("tomcat/idp/webapps");
-            idpServer.getHost().setAutoDeploy(true);
-            idpServer.getHost().setDeployOnStartup(true);
-            
-            Connector httpsConnector = new Connector();
-            httpsConnector.setPort(Integer.parseInt(idpHttpsPort));
-            httpsConnector.setSecure(true);
-            httpsConnector.setScheme("https");
-            //httpsConnector.setAttribute("keyAlias", keyAlias);
-            httpsConnector.setAttribute("keystorePass", "tompass");
-            httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
-            httpsConnector.setAttribute("truststorePass", "tompass");
-            httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
-            httpsConnector.setAttribute("clientAuth", "want");
-            // httpsConnector.setAttribute("clientAuth", "false");
-            httpsConnector.setAttribute("sslProtocol", "TLS");
-            httpsConnector.setAttribute("SSLEnabled", true);
-
-            idpServer.getService().addConnector(httpsConnector);
-            
-            idpServer.addWebapp("/fediz-idp-sts", "fediz-idp-sts");
-            idpServer.addWebapp("/fediz-idp", "fediz-idp");
-            
-            idpServer.start();
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-    }
-    
-    private static void initRp() {
-        try {
-            rpServer = new Tomcat();
-            rpServer.setPort(0);
-            String currentDir = new File(".").getCanonicalPath();
-            rpServer.setBaseDir(currentDir + File.separator + "target");
-            
-            rpServer.getHost().setAppBase("tomcat/rp/webapps");
-            rpServer.getHost().setAutoDeploy(true);
-            rpServer.getHost().setDeployOnStartup(true);
-            
-            Connector httpsConnector = new Connector();
-            httpsConnector.setPort(Integer.parseInt(rpHttpsPort));
-            httpsConnector.setSecure(true);
-            httpsConnector.setScheme("https");
-            //httpsConnector.setAttribute("keyAlias", keyAlias);
-            httpsConnector.setAttribute("keystorePass", "tompass");
-            httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
-            httpsConnector.setAttribute("truststorePass", "tompass");
-            httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
-            // httpsConnector.setAttribute("clientAuth", "false");
-            httpsConnector.setAttribute("clientAuth", "want");
-            httpsConnector.setAttribute("sslProtocol", "TLS");
-            httpsConnector.setAttribute("SSLEnabled", true);
-
-            rpServer.getService().addConnector(httpsConnector);
-            
-            //Context ctx =
-            Context cxt = rpServer.addWebapp("/fedizhelloworld", "simpleWebapp");
-            FederationAuthenticator fa = new FederationAuthenticator();
-            fa.setConfigFile(currentDir + File.separator + "target" + File.separator
-                             + "test-classes" + File.separator + "fediz_config_bad_wreq.xml");
-            cxt.getPipeline().addValve(fa);
-            
-            
-            rpServer.start();
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-    }
-    
-    @AfterClass
-    public static void cleanup() {
-        try {
-            if (idpServer.getServer() != null
-                && idpServer.getServer().getState() != LifecycleState.DESTROYED) {
-                if (idpServer.getServer().getState() != LifecycleState.STOPPED) {
-                    idpServer.stop();
-                }
-                idpServer.destroy();
-            }
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-
-        try {
-            if (rpServer.getServer() != null
-                && rpServer.getServer().getState() != LifecycleState.DESTROYED) {
-                if (rpServer.getServer().getState() != LifecycleState.STOPPED) {
-                    rpServer.stop();
-                }
-                rpServer.destroy();
-            }
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-    }
-
-    public String getIdpHttpsPort() {
-        return idpHttpsPort;
-    }
-
-    public String getRpHttpsPort() {
-        return rpHttpsPort;
-    }
-    
-    public String getServletContextName() {
-        return "fedizhelloworld";
-    }
-    
-    @org.junit.Test
-    public void testSAML1TokenViaWReq() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
-        String user = "alice";
-        String password = "ecila";
-        
-        try {
-            HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
-            Assert.fail("Exception expected");
-        } catch (FailingHttpStatusCodeException ex) {
-            Assert.assertEquals(ex.getStatusCode(), 400);
-        }
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/85eb8cc5/systests/tomcat8/src/test/resources/fediz_config_bad_wreq.xml
----------------------------------------------------------------------
diff --git a/systests/tomcat8/src/test/resources/fediz_config_bad_wreq.xml b/systests/tomcat8/src/test/resources/fediz_config_bad_wreq.xml
deleted file mode 100644
index 91432e0..0000000
--- a/systests/tomcat8/src/test/resources/fediz_config_bad_wreq.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file. 
-     Keystore referenced below must have IDP STS' public cert included in it.  This example re-uses the Tomcat SSL 
-     keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead. 
--->
-<FedizConfig>
-    <contextConfig name="/fedizhelloworld">
-        <audienceUris>
-            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
-        </audienceUris>
-        <certificateStores>
-            <trustManager>
-                <keyStore file="test-classes/clienttrust.jks"
-                          password="storepass" type="JKS" />
-            </trustManager>
-        </certificateStores>
-        <trustedIssuers>
-            <issuer certificateValidation="PeerTrust" />
-        </trustedIssuers>
-        <maximumClockSkew>1000</maximumClockSkew>
-        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-            xsi:type="federationProtocolType" version="1.0.0">
-            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
-            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
-            <roleDelimiter>,</roleDelimiter>
-            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
-            <freshness>10</freshness>
-            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
-            <claimTypesRequested>
-                <claimType type="a particular claim type"
-                           optional="true" />
-            </claimTypesRequested>
-            <request type="Class">org.apache.cxf.fediz.integrationtests.BadWReqCallbackHandler</request>
-        </protocol>
-        <logoutURL>/secure/logout</logoutURL>
-        <logoutRedirectTo>/index.html</logoutRedirectTo>
-    </contextConfig>
-</FedizConfig>
-


Mime
View raw message