cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/3] cxf-fediz git commit: Adding initial OIDC test web app
Date Thu, 25 Feb 2016 17:40:23 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 6a91675ef -> 785104b79


Adding initial OIDC test web app


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/423f68fb
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/423f68fb
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/423f68fb

Branch: refs/heads/master
Commit: 423f68fbc6ce6e777202f276e8bebc86bb4cbc8c
Parents: 6a91675
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Feb 25 16:12:14 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Feb 25 16:12:14 2016 +0000

----------------------------------------------------------------------
 systests/federation/oidc/pom.xml                |  28 ++++-
 .../cxf/fediz/integrationtests/OIDCTest.java    |  35 +++---
 .../oidc/src/test/resources/cxf-service.xml     | 120 ++++++++++++++++++
 .../oidc/src/test/resources/entities-realma.xml |  13 +-
 .../src/test/resources/fediz_config_oidc.xml    |   2 +-
 .../oidc/src/test/resources/realmb.cert         |   3 -
 systests/federation/oidcIdpWebapp/pom.xml       |  83 +++++++++++++
 .../fediz/oidc/idp/example/BasicAuthFilter.java | 122 +++++++++++++++++++
 .../oidc/idp/example/CommonCallbackHandler.java |  50 ++++++++
 .../example/EHCacheRefreshTokenProvider.java    |  53 ++++++++
 .../oidc/idp/example/IdTokenProviderImpl.java   |  50 ++++++++
 .../src/main/resources/clienttrust.jks          | Bin 0 -> 1512 bytes
 .../src/main/resources/log4j.properties         |  17 +++
 .../src/main/resources/logging.properties       |  52 ++++++++
 .../src/main/resources/stsKeystoreB.properties  |   6 +
 .../src/main/resources/stsrealm_b.jks           | Bin 0 -> 2062 bytes
 .../main/webapp/WEB-INF/applicationContext.xml  |  47 +++++++
 .../src/main/webapp/WEB-INF/cxf-service.xml     | 120 ++++++++++++++++++
 .../src/main/webapp/WEB-INF/web.xml             |  48 ++++++++
 .../oidcIdpWebapp/src/main/webapp/index.html    |  25 ++++
 .../src/main/webapp/secure/test.html            |  25 ++++
 21 files changed, 864 insertions(+), 35 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidc/pom.xml
----------------------------------------------------------------------
diff --git a/systests/federation/oidc/pom.xml b/systests/federation/oidc/pom.xml
index 7d11584..7ff6bd8 100644
--- a/systests/federation/oidc/pom.xml
+++ b/systests/federation/oidc/pom.xml
@@ -127,7 +127,7 @@
                         <configuration>
                             <portNames>
                                 <portName>idp.https.port</portName>
-                                <portName>idp.samlsso.https.port</portName>
+                                <portName>idp.oidc.https.port</portName>
                                 <portName>rp.https.port</portName>
                             </portNames>
                         </configuration>
@@ -164,11 +164,11 @@
                                 </artifactItem>
                                 <artifactItem>
                                     <groupId>org.apache.cxf.fediz.systests.federation</groupId>
-                                    <artifactId>fediz-systests-federation-samlIdpWebapp</artifactId>
+                                    <artifactId>fediz-systests-federation-oidcIdpWebapp</artifactId>
                                     <version>${project.version}</version>
                                     <type>war</type>
                                     <overWrite>true</overWrite>
-                                    <outputDirectory>target/tomcat/idpsamlsso/webapps/idpsaml</outputDirectory>
+                                    <outputDirectory>target/tomcat/idpoidc/webapps/idpoidc</outputDirectory>
                                 </artifactItem>
                                 <artifactItem>
                                     <groupId>org.apache.cxf.fediz.systests.webapps</groupId>
@@ -229,7 +229,25 @@
                                     <directory>${basedir}/src/test/resources</directory>
                                     <includes>
                                         <include>entities-realma.xml</include>
-                                        <include>realmb.cert</include>
+                                    </includes>
+                                    <filtering>true</filtering>
+                                </resource>
+                            </resources>              
+                        </configuration>            
+                    </execution>
+                    <execution>
+                        <id>copy-entities-to-oidc-idp</id>
+                        <phase>generate-test-sources</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${basedir}/target/tomcat/idpoidc/webapps/idpoidc/WEB-INF</outputDirectory>
+                            <resources>          
+                                <resource>
+                                    <directory>${basedir}/src/test/resources</directory>
+                                    <includes>
+                                        <include>cxf-service.xml</include>
                                     </includes>
                                     <filtering>true</filtering>
                                 </resource>
@@ -253,7 +271,7 @@
                             <systemPropertyVariables>
                                 <wt.headless>true</wt.headless>
                                 <idp.https.port>${idp.https.port}</idp.https.port>
-                                <idp.samlsso.https.port>${idp.samlsso.https.port}</idp.samlsso.https.port>
+                                <idp.oidc.https.port>${idp.oidc.https.port}</idp.oidc.https.port>
                                 <rp.https.port>${rp.https.port}</rp.https.port>
                             </systemPropertyVariables>
                             <includes>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidc/src/test/java/org/apache/cxf/fediz/integrationtests/OIDCTest.java
----------------------------------------------------------------------
diff --git a/systests/federation/oidc/src/test/java/org/apache/cxf/fediz/integrationtests/OIDCTest.java b/systests/federation/oidc/src/test/java/org/apache/cxf/fediz/integrationtests/OIDCTest.java
index b0f370b..6053355 100644
--- a/systests/federation/oidc/src/test/java/org/apache/cxf/fediz/integrationtests/OIDCTest.java
+++ b/systests/federation/oidc/src/test/java/org/apache/cxf/fediz/integrationtests/OIDCTest.java
@@ -60,11 +60,11 @@ import org.junit.Test;
 public class OIDCTest {
 
     static String idpHttpsPort;
-    static String idpSamlSSOHttpsPort;
+    static String idpOIDCHttpsPort;
     static String rpHttpsPort;
     
     private static Tomcat idpServer;
-    private static Tomcat idpSamlSSOServer;
+    private static Tomcat idpOIDCServer;
     private static Tomcat rpServer;
     
     @BeforeClass
@@ -79,15 +79,14 @@ public class OIDCTest {
         System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");  
         
         idpHttpsPort = System.getProperty("idp.https.port");
-        idpHttpsPort = "12111";
         Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
-        idpSamlSSOHttpsPort = System.getProperty("idp.samlsso.https.port");
-        Assert.assertNotNull("Property 'idp.samlsso.https.port' null", idpSamlSSOHttpsPort);
+        idpOIDCHttpsPort = System.getProperty("idp.oidc.https.port");
+        Assert.assertNotNull("Property 'idp.oidc.https.port' null", idpOIDCHttpsPort);
         rpHttpsPort = System.getProperty("rp.https.port");
         Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
 
         initIdp();
-        initSamlSSOIdp();
+        initOIDCIdp();
         initRp();
     }
     
@@ -127,19 +126,19 @@ public class OIDCTest {
         }
     }
     
-    private static void initSamlSSOIdp() {
+    private static void initOIDCIdp() {
         try {
-            idpSamlSSOServer = new Tomcat();
-            idpSamlSSOServer.setPort(0);
+            idpOIDCServer = new Tomcat();
+            idpOIDCServer.setPort(0);
             String currentDir = new File(".").getCanonicalPath();
-            idpSamlSSOServer.setBaseDir(currentDir + File.separator + "target");
+            idpOIDCServer.setBaseDir(currentDir + File.separator + "target");
             
-            idpSamlSSOServer.getHost().setAppBase("tomcat/idpsamlsso/webapps");
-            idpSamlSSOServer.getHost().setAutoDeploy(true);
-            idpSamlSSOServer.getHost().setDeployOnStartup(true);
+            idpOIDCServer.getHost().setAppBase("tomcat/idpoidc/webapps");
+            idpOIDCServer.getHost().setAutoDeploy(true);
+            idpOIDCServer.getHost().setDeployOnStartup(true);
             
             Connector httpsConnector = new Connector();
-            httpsConnector.setPort(Integer.parseInt(idpSamlSSOHttpsPort));
+            httpsConnector.setPort(Integer.parseInt(idpOIDCHttpsPort));
             httpsConnector.setSecure(true);
             httpsConnector.setScheme("https");
             //httpsConnector.setAttribute("keyAlias", keyAlias);
@@ -152,11 +151,11 @@ public class OIDCTest {
             httpsConnector.setAttribute("sslProtocol", "TLS");
             httpsConnector.setAttribute("SSLEnabled", true);
 
-            idpSamlSSOServer.getService().addConnector(httpsConnector);
+            idpOIDCServer.getService().addConnector(httpsConnector);
             
-            idpSamlSSOServer.addWebapp("/idp", "idpsaml");
+            idpOIDCServer.addWebapp("/idp", "idpoidc");
             
-            idpSamlSSOServer.start();
+            idpOIDCServer.start();
         } catch (Exception e) {
             e.printStackTrace();
         }
@@ -258,7 +257,7 @@ public class OIDCTest {
         String password = "ECILA";
         
         final String bodyTextContent = 
-            login(url, user, password, idpSamlSSOHttpsPort, idpHttpsPort, false);
+            login(url, user, password, idpOIDCHttpsPort, idpHttpsPort, false);
         
         Assert.assertTrue("Principal not alice",
                           bodyTextContent.contains("userPrincipal=alice"));

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidc/src/test/resources/cxf-service.xml
----------------------------------------------------------------------
diff --git a/systests/federation/oidc/src/test/resources/cxf-service.xml b/systests/federation/oidc/src/test/resources/cxf-service.xml
new file mode 100644
index 0000000..4201a96
--- /dev/null
+++ b/systests/federation/oidc/src/test/resources/cxf-service.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:cxf="http://cxf.apache.org/core"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:jaxws="http://cxf.apache.org/jaxws"
+  xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+  xmlns:util="http://www.springframework.org/schema/util"
+  xsi:schemaLocation="
+            http://cxf.apache.org/core
+            http://cxf.apache.org/schemas/core.xsd
+            http://cxf.apache.org/configuration/security
+            http://cxf.apache.org/schemas/configuration/security.xsd
+            http://cxf.apache.org/jaxws
+            http://cxf.apache.org/schemas/jaxws.xsd
+            http://cxf.apache.org/jaxrs
+            http://cxf.apache.org/schemas/jaxrs.xsd
+            http://cxf.apache.org/transports/http/configuration
+            http://cxf.apache.org/schemas/configuration/http-conf.xsd
+            http://www.springframework.org/schema/beans
+            http://www.springframework.org/schema/beans/spring-beans.xsd
+            http://www.springframework.org/schema/util         
+            http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+   
+   <import resource="classpath:META-INF/cxf/cxf.xml" />
+   
+   <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+   
+   <!--cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+   </cxf:bus-->
+   
+   <bean id="callbackHandler" class="org.apache.cxf.fediz.oidc.idp.example.CommonCallbackHandler"/>
+   <bean id="basicAuthFilter" class="org.apache.cxf.fediz.oidc.idp.example.BasicAuthFilter">
+       <property name="callbackHandler" ref="callbackHandler"/>
+   </bean>
+   
+   <bean id="client" class="org.apache.cxf.rs.security.oauth2.common.Client">
+       <constructor-arg><value>consumer-id</value></constructor-arg>
+       <constructor-arg><value>this-is-a-secret</value></constructor-arg>
+       <constructor-arg><value>true</value></constructor-arg>
+       <property name="redirectUris">
+           <util:list value-type="java.lang.String">
+               <value>https://localhost:${idp.https.port}/fediz-idp/federation</value>
+           </util:list>
+       </property>
+       <property name="allowedGrantTypes">
+           <util:list value-type="java.lang.String">
+               <value>authorization_code</value>
+           </util:list>
+       </property>
+       <property name="registeredScopes">
+           <util:list value-type="java.lang.String">
+               <value>openid</value>
+           </util:list>
+       </property>
+   </bean>
+   
+   <bean id="oauthProvider" class="org.apache.cxf.fediz.oidc.idp.example.EHCacheRefreshTokenProvider">
+      <property name="client" ref="client"/>
+   </bean>
+   
+   <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+      <property name="dataProvider" ref="oauthProvider"/>
+   </bean>
+   
+   <bean id="idTokenProviderImpl" class="org.apache.cxf.fediz.oidc.idp.example.IdTokenProviderImpl"/>
+   
+   <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter">
+       <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+   </bean>
+   
+   <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+      <property name="dataProvider" ref="oauthProvider"/>
+      <property name="responseFilter" ref="idTokenFilter"/>
+   </bean>
+   
+   <bean id="jackson" class="com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider"/>
+   
+   <jaxrs:server address="/services">
+       <jaxrs:serviceBeans>
+           <ref bean="authorizationService"/>
+           <ref bean="tokenService"/>
+       </jaxrs:serviceBeans>
+       <jaxrs:providers>
+           <ref bean="jackson"/>
+           <ref bean="basicAuthFilter"/>
+       </jaxrs:providers>
+       <jaxrs:properties>
+           <entry key="rs.security.keystore.type" value="jks" />
+           <entry key="rs.security.keystore.alias" value="realmb"/>
+           <entry key="rs.security.key.password" value="realmb"/>
+           <entry key="rs.security.keystore.file" value="stsKeystoreB.properties" />
+           <entry key="rs.security.signature.algorithm" value="RS256" />
+       </jaxrs:properties>
+   </jaxrs:server>
+
+</beans>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidc/src/test/resources/entities-realma.xml
----------------------------------------------------------------------
diff --git a/systests/federation/oidc/src/test/resources/entities-realma.xml b/systests/federation/oidc/src/test/resources/entities-realma.xml
index 43c36ef..851ef50 100644
--- a/systests/federation/oidc/src/test/resources/entities-realma.xml
+++ b/systests/federation/oidc/src/test/resources/entities-realma.xml
@@ -33,10 +33,8 @@
         <property name="useCurrentIdp" value="true" />
         <property name="certificate" value="stsKeystoreA.properties" />
         <property name="certificatePassword" value="realma" />
-        <!-- <property name="stsUrl" value="https://localhost:${idp.https.port}/fediz-idp-sts/REALMA" />
-        <property name="idpUrl" value="https://localhost:${idp.https.port}/fediz-idp/federation" />-->
-        <property name="stsUrl" value="https://localhost:12111/fediz-idp-sts/REALMA" />
-        <property name="idpUrl" value="https://localhost:12111/fediz-idp/federation" />
+        <property name="stsUrl" value="https://localhost:${idp.https.port}/fediz-idp-sts/REALMA" />
+        <property name="idpUrl" value="https://localhost:${idp.https.port}/fediz-idp/federation" />
         <property name="rpSingleSignOutConfirmation" value="true"/>
         <property name="supportedProtocols">
             <util:list>
@@ -89,8 +87,7 @@
         class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity">
         <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
         <property name="cacheTokens" value="true" />
-        <!-- <property name="url" value="https://localhost:${idp.samlsso.https.port}/idp/samlsso?binding=REDIRECT" />-->
-        <property name="url" value="http://localhost:8080/auth/realms/realmb/protocol/openid-connect/auth" />
+        <property name="url" value="https://localhost:${idp.oidc.https.port}/idp/services/authorize" />
         <property name="certificate" value="realmb.cert" />
         <property name="trustType" value="PEER_TRUST" />
         <property name="protocol" value="openid-connect-1.0" />
@@ -100,8 +97,8 @@
         <property name="parameters">
             <util:map>
                 <entry key="client.id" value="consumer-id"/>
-                <entry key="client.secret" value="90d5da25-e900-443f-a5d5-feb3bb060800"/>
-                <entry key="token.endpoint" value="http://localhost:8080/auth/realms/realmb/protocol/openid-connect/token"/>
+                <entry key="client.secret" value="this-is-a-secret"/>
+                <entry key="token.endpoint" value="https://localhost:${idp.oidc.https.port}/idp/services/token"/>
             </util:map>
         </property>
     </bean>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidc/src/test/resources/fediz_config_oidc.xml
----------------------------------------------------------------------
diff --git a/systests/federation/oidc/src/test/resources/fediz_config_oidc.xml b/systests/federation/oidc/src/test/resources/fediz_config_oidc.xml
index fecec20..7bd3cb7 100644
--- a/systests/federation/oidc/src/test/resources/fediz_config_oidc.xml
+++ b/systests/federation/oidc/src/test/resources/fediz_config_oidc.xml
@@ -39,7 +39,7 @@
         <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:type="federationProtocolType" version="1.0.0">
             <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
-            <issuer>https://localhost:12111/fediz-idp/federation</issuer>
+            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
             <roleDelimiter>,</roleDelimiter>
             <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
             <freshness>10</freshness>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidc/src/test/resources/realmb.cert
----------------------------------------------------------------------
diff --git a/systests/federation/oidc/src/test/resources/realmb.cert b/systests/federation/oidc/src/test/resources/realmb.cert
deleted file mode 100644
index 9bba7ad..0000000
--- a/systests/federation/oidc/src/test/resources/realmb.cert
+++ /dev/null
@@ -1,3 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICmzCCAYMCBgFSnXNZEjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZyZWFsbWIwHhcNMTYwMjAxMTUyNzA4WhcNMjYwMjAxMTUyODQ4WjARMQ8wDQYDVQQDDAZyZWFsbWIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9pVG5cEMbRwtl/JqY4pTSgGmYSlltpbDSbFrUHBG4z5KUGxBD1qnHYAOqY2IMUzGnqbRQhQSjU7Zd/Ko//p41PVsZQnHWQLHgJerzBFyWAmgBZthX0lMYtdBLylj9Wl2mgHK8Cgy/AWO0zq+RG7qTeB7UKBLthRXX07ERnEJEcSRPCnc7Rzf2hopKa9oZPFlwDlS7nYDwkpFLua78XeF6vlrhQB9EymM1v6moB8rWGwf+aED+QLUSSAvbBZqsXD1vxFngmpYG3ABEWsUepgsKOlVmnyZtSV85V9AeSWYwzMLEd/huvoTMYNZHY1HykigWJAhJJ6dNzsm+dUdg1KsTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHW3Dufv7r+hMKjy3qf0x24OEtfqmcNiRqR+2t1I22PbclSxTsdWue17E9cxXPi6gLV/eiZ+Wl7fnnB+yJBeQv/HZYVeQKHL/aYZKVJZi+vprExn1n3clHqZqgrxfYJBNW24KEHw6Ag2v3/81PzHQV0VGclcngUc3s8BvJ2x+tUMUVmyKXmW++CZBZePuN+ozk0xfzTnyW85P6qkrOooSKL/JrSrHi8/VM+hYvHS4RQioIzur0UhGs+9mPVRdMmQ66BOT3FCw7WsoynI+/U/Q9bJyP7puZLD/ftpbM+SUKhAZnBYNvKo8rui8TkU9VA/RCpkHGWnA9utjRa60MH20us=
------END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidcIdpWebapp/pom.xml
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/pom.xml b/systests/federation/oidcIdpWebapp/pom.xml
new file mode 100644
index 0000000..989391c
--- /dev/null
+++ b/systests/federation/oidcIdpWebapp/pom.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.cxf.fediz.systests</groupId>
+        <artifactId>fediz-systests-federation</artifactId>
+        <version>1.3.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <groupId>org.apache.cxf.fediz.systests.federation</groupId>
+    <artifactId>fediz-systests-federation-oidcIdpWebapp</artifactId>
+    <name>Apache Fediz Federation Systests OpenId Connect Mock Idp Webapp</name>
+    <packaging>war</packaging>
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+    <dependencies>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>${servlet.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>${commons.lang.version}</version>
+        </dependency>      
+        <dependency>
+           <groupId>org.apache.cxf</groupId>
+           <artifactId>cxf-rt-frontend-jaxrs</artifactId>
+           <version>${cxf.version}</version>
+       </dependency>
+       <dependency>
+           <groupId>org.apache.cxf</groupId>
+           <artifactId>cxf-rt-rs-security-sso-oidc</artifactId>
+           <version>${cxf.version}</version>
+       </dependency>
+       <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-web</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-jdk14</artifactId>
+            <version>${slf4j.version}</version>
+        </dependency>
+        <dependency>
+           <groupId>com.fasterxml.jackson.jaxrs</groupId>
+           <artifactId>jackson-jaxrs-json-provider</artifactId>
+           <version>2.6.5</version>
+        </dependency>
+        <dependency>
+           <groupId>org.apache.cxf</groupId>
+           <artifactId>cxf-rt-ws-security</artifactId>
+           <version>${cxf.version}</version>
+        </dependency>
+
+    </dependencies>
+    <build>
+        <!-- Name of the generated WAR file -->
+        <finalName>oidcidp</finalName>
+    </build>
+</project>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/BasicAuthFilter.java
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/BasicAuthFilter.java b/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/BasicAuthFilter.java
new file mode 100644
index 0000000..6c64fbe
--- /dev/null
+++ b/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/BasicAuthFilter.java
@@ -0,0 +1,122 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.oidc.idp.example;
+
+import java.io.IOException;
+import java.security.Principal;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.core.Response;
+
+import org.w3c.dom.Document;
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.engine.WSSConfig;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.message.token.UsernameToken;
+import org.apache.wss4j.dom.validate.Credential;
+import org.apache.wss4j.dom.validate.UsernameTokenValidator;
+
+/**
+ * A simple filter to validate a Basic Auth username/password via a CallbackHandler
+ */
+public class BasicAuthFilter implements ContainerRequestFilter {
+    
+    static {
+        WSSConfig.init();
+    }
+
+    private CallbackHandler callbackHandler;
+    
+    public void filter(ContainerRequestContext requestContext) throws IOException {
+        Message message = JAXRSUtils.getCurrentMessage();
+        AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
+        
+        if (policy == null || policy.getUserName() == null || policy.getPassword() == null) {
+            requestContext.abortWith(
+                Response.status(401).header("WWW-Authenticate", "Basic realm=\"IdP\"").build());
+            return;
+        }
+
+        try {
+            UsernameToken token = convertPolicyToToken(policy);
+            Credential credential = new Credential();
+            credential.setUsernametoken(token);
+            
+            RequestData data = new RequestData();
+            data.setMsgContext(message);
+            data.setCallbackHandler(callbackHandler);
+            UsernameTokenValidator validator = new UsernameTokenValidator();
+            credential = validator.validate(credential, data);
+            
+            // Create a Principal/SecurityContext
+            Principal p = null;
+            if (credential != null && credential.getPrincipal() != null) {
+                p = credential.getPrincipal();
+            } else {
+                p = new WSUsernameTokenPrincipalImpl(policy.getUserName(), false);
+                ((WSUsernameTokenPrincipalImpl)p).setPassword(policy.getPassword());
+            }
+            message.put(SecurityContext.class, createSecurityContext(p));
+        } catch (Exception ex) {
+            requestContext.abortWith(
+                Response.status(401).header("WWW-Authenticate", "Basic realm=\"IdP\"").build());
+        }
+    }
+
+    protected UsernameToken convertPolicyToToken(AuthorizationPolicy policy) 
+        throws Exception {
+
+        Document doc = DOMUtils.createDocument();
+        UsernameToken token = new UsernameToken(false, doc, 
+                                                WSConstants.PASSWORD_TEXT);
+        token.setName(policy.getUserName());
+        token.setPassword(policy.getPassword());
+        return token;
+    }
+    
+    protected SecurityContext createSecurityContext(final Principal p) {
+        return new SecurityContext() {
+
+            public Principal getUserPrincipal() {
+                return p;
+            }
+
+            public boolean isUserInRole(String arg0) {
+                return false;
+            }
+        };
+    }
+
+    public CallbackHandler getCallbackHandler() {
+        return callbackHandler;
+    }
+
+    public void setCallbackHandler(CallbackHandler callbackHandler) {
+        this.callbackHandler = callbackHandler;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/CommonCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/CommonCallbackHandler.java b/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/CommonCallbackHandler.java
new file mode 100644
index 0000000..b1d9527
--- /dev/null
+++ b/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/CommonCallbackHandler.java
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.oidc.idp.example;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+
+public class CommonCallbackHandler implements CallbackHandler {
+
+    public void handle(Callback[] callbacks) throws IOException,
+            UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof WSPasswordCallback) { // CXF
+                WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+                if ("ALICE".equals(pc.getIdentifier())) {
+                    pc.setPassword("ECILA");
+                    break;
+                } else if ("realmb".equals(pc.getIdentifier())) {
+                    pc.setPassword("realmb");
+                    break;
+                } else if (pc.getIdentifier() != null
+                    && pc.getIdentifier().startsWith("consumer-id")) {
+                    pc.setPassword("this-is-a-secret");
+                    break;
+                } 
+            }
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/EHCacheRefreshTokenProvider.java
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/EHCacheRefreshTokenProvider.java b/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/EHCacheRefreshTokenProvider.java
new file mode 100644
index 0000000..43c72d6
--- /dev/null
+++ b/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/EHCacheRefreshTokenProvider.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.oidc.idp.example;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
+import org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+
+/**
+ * Extend the DefaultEHCacheCodeDataProvider to allow OpenId
+ */
+public class EHCacheRefreshTokenProvider extends DefaultEHCacheCodeDataProvider {
+    
+    @Override
+    public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScopes) {
+        if (requestedScopes.isEmpty()) {
+            return Collections.emptyList();
+        }
+        
+        List<OAuthPermission> permissions = new ArrayList<>();
+        for (String requestedScope : requestedScopes) {
+            if ("openid".equals(requestedScope)) {
+                OAuthPermission permission = new OAuthPermission("openid", "Authenticate user");
+                permissions.add(permission);
+            } else {
+                throw new OAuthServiceException("invalid_scope");
+            }
+        }
+        
+        return permissions;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/IdTokenProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/IdTokenProviderImpl.java b/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/IdTokenProviderImpl.java
new file mode 100644
index 0000000..52f8fa8
--- /dev/null
+++ b/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/IdTokenProviderImpl.java
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.oidc.idp.example;
+
+import java.util.Calendar;
+import java.util.Date;
+import java.util.List;
+
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
+import org.apache.cxf.rs.security.oidc.idp.IdTokenProvider;
+
+public class IdTokenProviderImpl implements IdTokenProvider {
+
+    public IdTokenProviderImpl() {
+
+    }
+
+    @Override
+    public IdToken getIdToken(String clientId, UserSubject authenticatedUser, List<String> scopes) {
+        IdToken token = new IdToken();
+        
+        Calendar cal = Calendar.getInstance();
+        cal.add(Calendar.SECOND, 60);
+        token.setExpiryTime(cal.getTimeInMillis() / 1000L);
+        token.setIssuedAt(new Date().getTime() / 1000L);
+        token.setAudience(clientId);
+        token.setSubject(authenticatedUser.getLogin());
+        token.setIssuer("OIDC IdP");
+        
+        return token;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidcIdpWebapp/src/main/resources/clienttrust.jks
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/resources/clienttrust.jks b/systests/federation/oidcIdpWebapp/src/main/resources/clienttrust.jks
new file mode 100644
index 0000000..c3ad459
Binary files /dev/null and b/systests/federation/oidcIdpWebapp/src/main/resources/clienttrust.jks differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidcIdpWebapp/src/main/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/resources/log4j.properties b/systests/federation/oidcIdpWebapp/src/main/resources/log4j.properties
new file mode 100644
index 0000000..5fc56e3
--- /dev/null
+++ b/systests/federation/oidcIdpWebapp/src/main/resources/log4j.properties
@@ -0,0 +1,17 @@
+# Set root category priority to INFO and its only appender to CONSOLE.
+log4j.rootCategory=FATAL, CONSOLE
+#log4j.rootCategory=DEBUG, CONSOLE
+
+# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=DEBUG
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n
+
+# LOGFILE is set to be a File appender using a PatternLayout.
+log4j.appender.LOGFILE=org.apache.log4j.FileAppender
+log4j.appender.LOGFILE.File=target/wss4j.log
+log4j.appender.LOGFILE.Append=false
+log4j.appender.LOGFILE.Threshold=DEBUG
+log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout
+log4j.appender.LOGFILE.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidcIdpWebapp/src/main/resources/logging.properties
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/resources/logging.properties b/systests/federation/oidcIdpWebapp/src/main/resources/logging.properties
new file mode 100644
index 0000000..20617fe
--- /dev/null
+++ b/systests/federation/oidcIdpWebapp/src/main/resources/logging.properties
@@ -0,0 +1,52 @@
+############################################################
+#  	Default Logging Configuration File
+#
+# You can use a different file by specifying a filename
+# with the java.util.logging.config.file system property.  
+# For example java -Djava.util.logging.config.file=myfile
+############################################################
+
+############################################################
+#  	Global properties
+############################################################
+
+# "handlers" specifies a comma separated list of log Handler 
+# classes.  These handlers will be installed during VM startup.
+# Note that these classes must be on the system classpath.
+# By default we only configure a ConsoleHandler, which will only
+# show messages at the WARNING and above levels.
+handlers= java.util.logging.ConsoleHandler
+#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
+
+# Default global logging level.
+# This specifies which kinds of events are logged across
+# all loggers.  For any given facility this global level
+# can be overridden by a facility specific level
+# Note that the ConsoleHandler also has a separate level
+# setting to limit messages printed to the console.
+.level= INFO
+
+############################################################
+# Handler specific properties.
+# Describes specific configuration info for Handlers.
+############################################################
+
+# default file output is in user's home directory.
+java.util.logging.FileHandler.pattern = %h/java%u.log
+java.util.logging.FileHandler.limit = 50000
+java.util.logging.FileHandler.count = 1
+java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
+
+# Limit the message that are printed on the console to WARNING and above.
+java.util.logging.ConsoleHandler.level = WARNING
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+
+
+############################################################
+# Facility specific properties.
+# Provides extra control for each logger.
+############################################################
+
+# For example, set the com.xyz.foo logger to only log SEVERE
+# messages:
+#com.xyz.foo.level = SEVERE

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidcIdpWebapp/src/main/resources/stsKeystoreB.properties
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/resources/stsKeystoreB.properties b/systests/federation/oidcIdpWebapp/src/main/resources/stsKeystoreB.properties
new file mode 100644
index 0000000..16f4a3c
--- /dev/null
+++ b/systests/federation/oidcIdpWebapp/src/main/resources/stsKeystoreB.properties
@@ -0,0 +1,6 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=storepass
+org.apache.ws.security.crypto.merlin.keystore.alias=realmb
+org.apache.ws.security.crypto.merlin.keystore.file=stsrealm_b.jks
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidcIdpWebapp/src/main/resources/stsrealm_b.jks
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/resources/stsrealm_b.jks b/systests/federation/oidcIdpWebapp/src/main/resources/stsrealm_b.jks
new file mode 100644
index 0000000..83fd045
Binary files /dev/null and b/systests/federation/oidcIdpWebapp/src/main/resources/stsrealm_b.jks differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidcIdpWebapp/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/webapp/WEB-INF/applicationContext.xml b/systests/federation/oidcIdpWebapp/src/main/webapp/WEB-INF/applicationContext.xml
new file mode 100644
index 0000000..7d277ae
--- /dev/null
+++ b/systests/federation/oidcIdpWebapp/src/main/webapp/WEB-INF/applicationContext.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans 
+    xmlns="http://www.springframework.org/schema/beans"
+    xmlns:cxf="http://cxf.apache.org/core"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
+    xmlns:test="http://apache.org/hello_world_soap_http"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xsi:schemaLocation="
+        http://cxf.apache.org/core
+        http://cxf.apache.org/schemas/core.xsd
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://cxf.apache.org/jaxws
+        http://cxf.apache.org/schemas/jaxws.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+    
+    <import resource="classpath:META-INF/cxf/cxf.xml"/>   
+    <import resource="cxf-service.xml"/>  
+    
+    <!--cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus-->
+
+</beans>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidcIdpWebapp/src/main/webapp/WEB-INF/cxf-service.xml
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/webapp/WEB-INF/cxf-service.xml b/systests/federation/oidcIdpWebapp/src/main/webapp/WEB-INF/cxf-service.xml
new file mode 100644
index 0000000..4201a96
--- /dev/null
+++ b/systests/federation/oidcIdpWebapp/src/main/webapp/WEB-INF/cxf-service.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:cxf="http://cxf.apache.org/core"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:jaxws="http://cxf.apache.org/jaxws"
+  xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+  xmlns:util="http://www.springframework.org/schema/util"
+  xsi:schemaLocation="
+            http://cxf.apache.org/core
+            http://cxf.apache.org/schemas/core.xsd
+            http://cxf.apache.org/configuration/security
+            http://cxf.apache.org/schemas/configuration/security.xsd
+            http://cxf.apache.org/jaxws
+            http://cxf.apache.org/schemas/jaxws.xsd
+            http://cxf.apache.org/jaxrs
+            http://cxf.apache.org/schemas/jaxrs.xsd
+            http://cxf.apache.org/transports/http/configuration
+            http://cxf.apache.org/schemas/configuration/http-conf.xsd
+            http://www.springframework.org/schema/beans
+            http://www.springframework.org/schema/beans/spring-beans.xsd
+            http://www.springframework.org/schema/util         
+            http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+   
+   <import resource="classpath:META-INF/cxf/cxf.xml" />
+   
+   <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+   
+   <!--cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+   </cxf:bus-->
+   
+   <bean id="callbackHandler" class="org.apache.cxf.fediz.oidc.idp.example.CommonCallbackHandler"/>
+   <bean id="basicAuthFilter" class="org.apache.cxf.fediz.oidc.idp.example.BasicAuthFilter">
+       <property name="callbackHandler" ref="callbackHandler"/>
+   </bean>
+   
+   <bean id="client" class="org.apache.cxf.rs.security.oauth2.common.Client">
+       <constructor-arg><value>consumer-id</value></constructor-arg>
+       <constructor-arg><value>this-is-a-secret</value></constructor-arg>
+       <constructor-arg><value>true</value></constructor-arg>
+       <property name="redirectUris">
+           <util:list value-type="java.lang.String">
+               <value>https://localhost:${idp.https.port}/fediz-idp/federation</value>
+           </util:list>
+       </property>
+       <property name="allowedGrantTypes">
+           <util:list value-type="java.lang.String">
+               <value>authorization_code</value>
+           </util:list>
+       </property>
+       <property name="registeredScopes">
+           <util:list value-type="java.lang.String">
+               <value>openid</value>
+           </util:list>
+       </property>
+   </bean>
+   
+   <bean id="oauthProvider" class="org.apache.cxf.fediz.oidc.idp.example.EHCacheRefreshTokenProvider">
+      <property name="client" ref="client"/>
+   </bean>
+   
+   <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+      <property name="dataProvider" ref="oauthProvider"/>
+   </bean>
+   
+   <bean id="idTokenProviderImpl" class="org.apache.cxf.fediz.oidc.idp.example.IdTokenProviderImpl"/>
+   
+   <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter">
+       <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+   </bean>
+   
+   <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+      <property name="dataProvider" ref="oauthProvider"/>
+      <property name="responseFilter" ref="idTokenFilter"/>
+   </bean>
+   
+   <bean id="jackson" class="com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider"/>
+   
+   <jaxrs:server address="/services">
+       <jaxrs:serviceBeans>
+           <ref bean="authorizationService"/>
+           <ref bean="tokenService"/>
+       </jaxrs:serviceBeans>
+       <jaxrs:providers>
+           <ref bean="jackson"/>
+           <ref bean="basicAuthFilter"/>
+       </jaxrs:providers>
+       <jaxrs:properties>
+           <entry key="rs.security.keystore.type" value="jks" />
+           <entry key="rs.security.keystore.alias" value="realmb"/>
+           <entry key="rs.security.key.password" value="realmb"/>
+           <entry key="rs.security.keystore.file" value="stsKeystoreB.properties" />
+           <entry key="rs.security.signature.algorithm" value="RS256" />
+       </jaxrs:properties>
+   </jaxrs:server>
+
+</beans>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidcIdpWebapp/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/webapp/WEB-INF/web.xml b/systests/federation/oidcIdpWebapp/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..b024222
--- /dev/null
+++ b/systests/federation/oidcIdpWebapp/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+                      http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+	version="3.0" metadata-complete="true">
+
+	<description>OpenId Connect Mock IdP</description>
+	<display-name>OpenId Connect Mock IdP</display-name>
+
+    <context-param>
+        <param-name>contextConfigLocation</param-name>
+        <param-value>WEB-INF/applicationContext.xml</param-value>
+    </context-param>
+
+    <listener>
+        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+    </listener>
+
+    <servlet>
+        <servlet-name>OIDCIdpServlet</servlet-name>
+        <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+
+	<servlet-mapping>
+		<servlet-name>OIDCIdpServlet</servlet-name>
+		<url-pattern>/*</url-pattern>
+	</servlet-mapping>
+
+</web-app>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidcIdpWebapp/src/main/webapp/index.html
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/webapp/index.html b/systests/federation/oidcIdpWebapp/src/main/webapp/index.html
new file mode 100644
index 0000000..a9dbdaa
--- /dev/null
+++ b/systests/federation/oidcIdpWebapp/src/main/webapp/index.html
@@ -0,0 +1,25 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE>
+<META http-equiv=Content-Type content="text/html">
+</HEAD>
+<BODY>
+<P>
+<H3>Hello World</H3>
+<P></P>
+</BODY></HTML>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/423f68fb/systests/federation/oidcIdpWebapp/src/main/webapp/secure/test.html
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/webapp/secure/test.html b/systests/federation/oidcIdpWebapp/src/main/webapp/secure/test.html
new file mode 100644
index 0000000..9cf7366
--- /dev/null
+++ b/systests/federation/oidcIdpWebapp/src/main/webapp/secure/test.html
@@ -0,0 +1,25 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE>
+<META http-equiv=Content-Type content="text/html">
+</HEAD>
+<BODY>
+<P>
+<H3>Secure Test</H3>
+<P></P>
+</BODY></HTML>


Mime
View raw message