cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] cxf-fediz git commit: Added partially working SAML SSO federation test
Date Mon, 07 Nov 2016 13:01:00 GMT
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml b/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
new file mode 100644
index 0000000..f0a63ab
--- /dev/null
+++ b/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
@@ -0,0 +1,529 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+
+    <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.service.jpa.IdpEntity">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
+        <property name="uri" value="realma" />
+        <property name="provideIdpList" value="true" />
+        <property name="useCurrentIdp" value="true" />
+        <property name="certificate" value="stsKeystoreA.properties" />
+        <property name="certificatePassword" value="realma" />
+        <property name="stsUrl" value="https://localhost:${idp.https.port}/fediz-idp-sts/REALMA" />
+        <property name="idpUrl" value="https://localhost:${idp.https.port}/fediz-idp/saml" />
+        <property name="rpSingleSignOutConfirmation" value="true"/>
+        <property name="supportedProtocols">
+            <util:list>
+                <value>http://docs.oasis-open.org/wsfed/federation/200706
+                </value>
+                <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
+                </value>
+            </util:list>
+        </property>
+        <property name="tokenTypesOffered">
+            <util:list>
+                <value>urn:oasis:names:tc:SAML:1.0:assertion</value>
+                <value>urn:oasis:names:tc:SAML:2.0:assertion</value>
+            </util:list>
+        </property>
+        <property name="authenticationURIs">
+            <util:map>
+                <entry key="default" value="federation/up" />
+            </util:map>
+        </property>
+        <property name="serviceDisplayName" value="REALM A" />
+        <property name="serviceDescription" value="IDP of Realm A" />
+        <property name="applications">
+            <util:list>
+                <ref bean="srv-fedizhelloworld" />
+            </util:list>
+        </property>
+        <property name="trustedIdps">
+            <util:list>
+                <ref bean="trusted-idp-realmB" />
+                <ref bean="trusted-idp-realmC" />
+                <ref bean="trusted-idp-realmD" />
+                <ref bean="trusted-idp-realmE" />
+            </util:list>
+        </property>
+        <property name="claimTypesOffered">
+            <util:list>
+                <ref bean="claim_role" />
+                <ref bean="claim_surname" />
+                <ref bean="claim_givenname" />
+                <ref bean="claim_email" />
+            </util:list>
+        </property>
+    </bean>
+
+    <bean id="trusted-idp-realmB"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
+        <property name="cacheTokens" value="true" />
+        <property name="url" value="https://localhost:${idp.realmb.https.port}/fediz-idp-realmb/federation" />
+        <property name="certificate" value="realmb.cert" />
+        <property name="trustType" value="PEER_TRUST" />
+        <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
+        <property name="federationType" value="FEDERATE_IDENTITY" />
+        <property name="name" value="Realm B" />
+        <property name="description" value="Realm B description" />
+    </bean>
+    
+    <bean id="trusted-idp-realmC"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-C" />
+        <property name="issuer" value="urn:org:apache:cxf:fediz:idp:realm-B" />
+        <property name="cacheTokens" value="true" />
+        <property name="url" value="https://localhost:${idp.realmb.https.port}/fediz-idp-realmb/saml/up" />
+        <property name="certificate" value="realmb.cert" />
+        <property name="trustType" value="PEER_TRUST" />
+        <property name="protocol" value="urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser" />
+        <property name="federationType" value="FEDERATE_IDENTITY" />
+        <property name="name" value="Realm B" />
+        <property name="description" value="Realm C description" />
+        <property name="parameters">
+            <util:map>
+                <entry key="sign.request" value="true" />
+            </util:map>
+        </property>
+    </bean>
+    
+    <bean id="trusted-idp-realmD"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-D" />
+        <property name="cacheTokens" value="true" />
+        <property name="url" value="https://localhost:${idp.samlsso.https.port}/idp/samlsso?binding=REDIRECT" />
+        <property name="certificate" value="realmb.cert" />
+        <property name="trustType" value="PEER_TRUST" />
+        <property name="protocol" value="urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser" />
+        <property name="federationType" value="FEDERATE_IDENTITY" />
+        <property name="name" value="Realm D" />
+        <property name="description" value="Realm D description" />
+        <property name="parameters">
+            <util:map>
+                <entry key="sign.request" value="true" />
+                <entry key="support.deflate.encoding" value="true" />
+            </util:map>
+        </property>
+    </bean>
+    
+    <bean id="trusted-idp-realmE"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-F" />
+        <property name="cacheTokens" value="true" />
+        <property name="url" value="https://localhost:${idp.oidc.https.port}/idpoidc/services/authorize" />
+        <property name="certificate" value="realmb.cert" />
+        <property name="trustType" value="PEER_TRUST" />
+        <property name="protocol" value="openid-connect-1.0" />
+        <property name="federationType" value="FEDERATE_IDENTITY" />
+        <property name="name" value="Realm B" />
+        <property name="description" value="Realm E description" />
+        <property name="parameters">
+            <util:map>
+                <entry key="client.id" value="consumer-id"/>
+                <entry key="client.secret" value="this-is-a-secret"/>
+                <entry key="token.endpoint" value="https://localhost:${idp.oidc.https.port}/idpoidc/services/token"/>
+            </util:map>
+        </property>
+    </bean>
+
+    <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
+        <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" />
+        <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
+        <property name="serviceDisplayName" value="Fedizhelloworld" />
+        <property name="serviceDescription" value="Web Application to illustrate WS-Federation" />
+        <property name="role" value="ApplicationServiceType" />
+        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+        <property name="lifeTime" value="3600" />
+        <property name="passiveRequestorEndpointConstraint" 
+                  value="https://localhost:(\d)*/(\w)*/racs/.*" />
+        <property name="validatingCertificate" value="realma.cert" />
+    </bean>
+    
+    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-fedizhelloworld" />
+        <property name="claim" ref="claim_role" />
+        <property name="optional" value="false" />
+    </bean>
+    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-fedizhelloworld" />
+        <property name="claim" ref="claim_givenname" />
+        <property name="optional" value="false" />
+    </bean>
+    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-fedizhelloworld" />
+        <property name="claim" ref="claim_surname" />
+        <property name="optional" value="false" />
+    </bean>
+    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-fedizhelloworld" />
+        <property name="claim" ref="claim_email" />
+        <property name="optional" value="false" />
+    </bean>
+    
+    <bean id="claim_role"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+        <property name="claimType"
+            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
+        <property name="displayName"
+            value="role" />
+        <property name="description"
+            value="Description for role" />
+    </bean>
+    <bean id="claim_givenname"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+        <property name="claimType"
+            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
+        <property name="displayName"
+            value="firstname" />
+        <property name="description"
+            value="Description for firstname" />
+    </bean>
+    <bean id="claim_surname"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+        <property name="claimType"
+            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
+        <property name="displayName"
+            value="lastname" />
+        <property name="description"
+            value="Description for lastname" />
+    </bean>
+    <bean id="claim_email"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+        <property name="claimType"
+            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
+        <property name="displayName"
+            value="email" />
+        <property name="description"
+            value="Description for email" />
+    </bean>
+    
+    
+    <bean id="entitlement_claim_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="CLAIM_LIST" />
+        <property name="description"
+            value="Description for CLAIM_LIST" />
+    </bean>
+    <bean id="entitlement_claim_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="CLAIM_CREATE" />
+        <property name="description"
+            value="Description for CLAIM_CREATE" />
+    </bean>
+    <bean id="entitlement_claim_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="CLAIM_READ" />
+        <property name="description"
+            value="Description for CLAIM_READ" />
+    </bean>
+    <bean id="entitlement_claim_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="CLAIM_UPDATE" />
+        <property name="description"
+            value="Description for CLAIM_UPDATE" />
+    </bean>
+    <bean id="entitlement_claim_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="CLAIM_DELETE" />
+        <property name="description"
+            value="Description for CLAIM_DELETE" />
+    </bean>
+
+    <bean id="entitlement_application_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_LIST" />
+        <property name="description"
+            value="Description for APPLICATION_LIST" />
+    </bean>
+    <bean id="entitlement_application_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_CREATE" />
+        <property name="description"
+            value="Description for APPLICATION_CREATE" />
+    </bean>
+    <bean id="entitlement_application_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_READ" />
+        <property name="description"
+            value="Description for APPLICATION_READ" />
+    </bean>
+    <bean id="entitlement_application_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_UPDATE" />
+        <property name="description"
+            value="Description for APPLICATION_UPDATE" />
+    </bean>
+    <bean id="entitlement_application_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_DELETE" />
+        <property name="description"
+            value="Description for APPLICATION_DELETE" />
+    </bean>
+    
+    <bean id="entitlement_trustedidp_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_LIST" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_LIST" />
+    </bean>
+    <bean id="entitlement_trustedidp_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_CREATE" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_CREATE" />
+    </bean>
+    <bean id="entitlement_trustedidp_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_READ" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_READ" />
+    </bean>
+    <bean id="entitlement_trustedidp_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_UPDATE" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_UPDATE" />
+    </bean>
+    <bean id="entitlement_trustedidp_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_DELETE" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_DELETE" />
+    </bean>
+
+    <bean id="entitlement_idp_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_LIST" />
+        <property name="description"
+            value="Description for IDP_LIST" />
+    </bean>
+    <bean id="entitlement_idp_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_CREATE" />
+        <property name="description"
+            value="Description for IDP_CREATE" />
+    </bean>
+    <bean id="entitlement_idp_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_READ" />
+        <property name="description"
+            value="Description for IDP_READ" />
+    </bean>
+    <bean id="entitlement_idp_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_UPDATE" />
+        <property name="description"
+            value="Description for IDP_UPDATE" />
+    </bean>
+    <bean id="entitlement_idp_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_DELETE" />
+        <property name="description"
+            value="Description for IDP_DELETE" />
+    </bean>
+    
+    <bean id="entitlement_role_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_LIST" />
+        <property name="description"
+            value="Description for ROLE_LIST" />
+    </bean>
+    <bean id="entitlement_role_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_CREATE" />
+        <property name="description"
+            value="Description for ROLE_CREATE" />
+    </bean>
+    <bean id="entitlement_role_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_READ" />
+        <property name="description"
+            value="Description for ROLE_READ" />
+    </bean>
+    <bean id="entitlement_role_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_UPDATE" />
+        <property name="description"
+            value="Description for ROLE_UPDATE" />
+    </bean>
+    <bean id="entitlement_role_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_DELETE" />
+        <property name="description"
+            value="Description for ROLE_DELETE" />
+    </bean>
+    
+    <bean id="entitlement_entitlement_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_LIST" />
+        <property name="description"
+            value="Description for ENTITLEMENT_LIST" />
+    </bean>
+    <bean id="entitlement_entitlement_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_CREATE" />
+        <property name="description"
+            value="Description for ENTITLEMENT_CREATE" />
+    </bean>
+    <bean id="entitlement_entitlement_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_READ" />
+        <property name="description"
+            value="Description for ENTITLEMENT_READ" />
+    </bean>
+    <bean id="entitlement_entitlement_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_UPDATE" />
+        <property name="description"
+            value="Description for ENTITLEMENT_UPDATE" />
+    </bean>
+    <bean id="entitlement_entitlement_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_DELETE" />
+        <property name="description"
+            value="Description for ENTITLEMENT_DELETE" />
+    </bean>
+    
+    <bean id="role_admin"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+        <property name="name"
+            value="ADMIN" />
+        <property name="description"
+            value="This is the administrator role with full access" />
+        <property name="entitlements">
+            <util:list>
+                <ref bean="entitlement_claim_list" />
+                <ref bean="entitlement_claim_create" />
+                <ref bean="entitlement_claim_read" />
+                <ref bean="entitlement_claim_update" />
+                <ref bean="entitlement_claim_delete" />
+                <ref bean="entitlement_idp_list" />
+                <ref bean="entitlement_idp_create" />
+                <ref bean="entitlement_idp_read" />
+                <ref bean="entitlement_idp_update" />
+                <ref bean="entitlement_idp_delete" />
+                <ref bean="entitlement_trustedidp_list" />
+                <ref bean="entitlement_trustedidp_create" />
+                <ref bean="entitlement_trustedidp_read" />
+                <ref bean="entitlement_trustedidp_update" />
+                <ref bean="entitlement_trustedidp_delete" />
+                <ref bean="entitlement_application_list" />
+                <ref bean="entitlement_application_create" />
+                <ref bean="entitlement_application_read" />
+                <ref bean="entitlement_application_update" />
+                <ref bean="entitlement_application_delete" />
+                <ref bean="entitlement_role_list" />
+                <ref bean="entitlement_role_create" />
+                <ref bean="entitlement_role_read" />
+                <ref bean="entitlement_role_update" />
+                <ref bean="entitlement_role_delete" />
+                <ref bean="entitlement_entitlement_list" />
+                <ref bean="entitlement_entitlement_create" />
+                <ref bean="entitlement_entitlement_read" />
+                <ref bean="entitlement_entitlement_update" />
+                <ref bean="entitlement_entitlement_delete" />
+            </util:list>
+        </property>
+    </bean>
+    <bean id="role_user"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+        <property name="name"
+            value="USER" />
+        <property name="description"
+            value="This is the user role with read access" />
+        <property name="entitlements">
+            <util:list>
+                <ref bean="entitlement_claim_list" />
+                <ref bean="entitlement_claim_read" />
+                <ref bean="entitlement_idp_list" />
+                <ref bean="entitlement_idp_read" />
+                <ref bean="entitlement_trustedidp_list" />
+                <ref bean="entitlement_trustedidp_read" />
+                <ref bean="entitlement_application_list" />
+                <ref bean="entitlement_application_read" />
+                <ref bean="entitlement_role_list" />
+                <ref bean="entitlement_role_read" />
+                <ref bean="entitlement_entitlement_list" />
+                <ref bean="entitlement_entitlement_read" />
+            </util:list>
+        </property>
+    </bean>
+    <bean id="role_idp_login"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+        <property name="name"
+            value="IDP_LOGIN" />
+        <property name="description"
+            value="This is the IDP login role which is applied to Users during the IDP SSO" />
+        <property name="entitlements">
+            <util:list>
+                <ref bean="entitlement_claim_list" />
+                <ref bean="entitlement_claim_read" />
+                <ref bean="entitlement_idp_list" />
+                <ref bean="entitlement_idp_read" />
+                <ref bean="entitlement_trustedidp_list" />
+                <ref bean="entitlement_trustedidp_read" />
+                <ref bean="entitlement_application_list" />
+                <ref bean="entitlement_application_read" />
+            </util:list>
+        </property>
+    </bean>
+    
+
+
+</beans>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml b/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml
new file mode 100644
index 0000000..5734ab9
--- /dev/null
+++ b/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml
@@ -0,0 +1,422 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+
+    <bean id="idp-realmB" class="org.apache.cxf.fediz.service.idp.service.jpa.IdpEntity">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
+        <property name="uri" value="realmb" />
+        <property name="provideIdpList" value="false" />
+        <property name="useCurrentIdp" value="true" />
+        <property name="certificate" value="stsKeystoreB.properties" />
+        <property name="certificatePassword" value="realmb" />
+        <property name="stsUrl" value="https://localhost:${idp.realmb.https.port}/fediz-idp-sts-realmb/REALMB" />
+        <property name="idpUrl" value="https://localhost:${idp.realmb.https.port}/fediz-idp-realmb/federation" />
+        <property name="supportedProtocols">
+            <util:list>
+                <value>http://docs.oasis-open.org/wsfed/federation/200706</value>
+                <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512</value>
+                <value>urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser</value>
+            </util:list>
+        </property>
+        <property name="tokenTypesOffered">
+            <util:list>
+                <value>urn:oasis:names:tc:SAML:1.0:assertion</value>
+                <value>urn:oasis:names:tc:SAML:2.0:assertion</value>
+            </util:list>
+        </property>
+        <property name="authenticationURIs">
+            <util:map>
+                <entry key="default" value="federation/up" />
+            </util:map>
+        </property>
+        <property name="serviceDisplayName" value="REALM B" />
+        <property name="serviceDescription" value="IDP of Realm B" />
+        <property name="applications">
+            <util:list>
+                <ref bean="idp-realmA" />
+            </util:list>
+        </property>
+        <property name="claimTypesOffered">
+            <util:list>
+                <ref bean="claim_role" />
+                <ref bean="claim_surname" />
+                <ref bean="claim_givenname" />
+                <ref bean="claim_email" />
+            </util:list>
+        </property>
+    </bean>
+
+    <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
+        <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
+        <property name="serviceDisplayName" value="Resource IDP Realm A" />
+        <property name="serviceDescription" value="Resource IDP Realm A" />
+        <property name="role" value="SecurityTokenServiceType" />
+        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+        <property name="lifeTime" value="3600" />
+        <property name="validatingCertificate" value="realma.cert" />
+    </bean>
+    
+    <bean id="claim_role"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+        <property name="claimType"
+            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
+        <property name="displayName"
+            value="role" />
+        <property name="description"
+            value="Description for role" />
+    </bean>
+    <bean id="claim_givenname"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+        <property name="claimType"
+            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
+        <property name="displayName"
+            value="firstname" />
+        <property name="description"
+            value="Description for firstname" />
+    </bean>
+    <bean id="claim_surname"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+        <property name="claimType"
+            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
+        <property name="displayName"
+            value="lastname" />
+        <property name="description"
+            value="Description for lastname" />
+    </bean>
+    <bean id="claim_email"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+        <property name="claimType"
+            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
+        <property name="displayName"
+            value="email" />
+        <property name="description"
+            value="Description for email" />
+    </bean>
+
+    <bean id="entitlement_claim_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="CLAIM_LIST" />
+        <property name="description"
+            value="Description for CLAIM_LIST" />
+    </bean>
+    <bean id="entitlement_claim_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="CLAIM_CREATE" />
+        <property name="description"
+            value="Description for CLAIM_CREATE" />
+    </bean>
+    <bean id="entitlement_claim_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="CLAIM_READ" />
+        <property name="description"
+            value="Description for CLAIM_READ" />
+    </bean>
+    <bean id="entitlement_claim_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="CLAIM_UPDATE" />
+        <property name="description"
+            value="Description for CLAIM_UPDATE" />
+    </bean>
+    <bean id="entitlement_claim_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="CLAIM_DELETE" />
+        <property name="description"
+            value="Description for CLAIM_DELETE" />
+    </bean>
+
+    <bean id="entitlement_application_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_LIST" />
+        <property name="description"
+            value="Description for APPLICATION_LIST" />
+    </bean>
+    <bean id="entitlement_application_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_CREATE" />
+        <property name="description"
+            value="Description for APPLICATION_CREATE" />
+    </bean>
+    <bean id="entitlement_application_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_READ" />
+        <property name="description"
+            value="Description for APPLICATION_READ" />
+    </bean>
+    <bean id="entitlement_application_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_UPDATE" />
+        <property name="description"
+            value="Description for APPLICATION_UPDATE" />
+    </bean>
+    <bean id="entitlement_application_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_DELETE" />
+        <property name="description"
+            value="Description for APPLICATION_DELETE" />
+    </bean>
+    
+    <bean id="entitlement_trustedidp_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_LIST" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_LIST" />
+    </bean>
+    <bean id="entitlement_trustedidp_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_CREATE" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_CREATE" />
+    </bean>
+    <bean id="entitlement_trustedidp_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_READ" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_READ" />
+    </bean>
+    <bean id="entitlement_trustedidp_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_UPDATE" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_UPDATE" />
+    </bean>
+    <bean id="entitlement_trustedidp_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_DELETE" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_DELETE" />
+    </bean>
+
+    <bean id="entitlement_idp_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_LIST" />
+        <property name="description"
+            value="Description for IDP_LIST" />
+    </bean>
+    <bean id="entitlement_idp_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_CREATE" />
+        <property name="description"
+            value="Description for IDP_CREATE" />
+    </bean>
+    <bean id="entitlement_idp_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_READ" />
+        <property name="description"
+            value="Description for IDP_READ" />
+    </bean>
+    <bean id="entitlement_idp_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_UPDATE" />
+        <property name="description"
+            value="Description for IDP_UPDATE" />
+    </bean>
+    <bean id="entitlement_idp_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_DELETE" />
+        <property name="description"
+            value="Description for IDP_DELETE" />
+    </bean>
+    
+    <bean id="entitlement_role_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_LIST" />
+        <property name="description"
+            value="Description for ROLE_LIST" />
+    </bean>
+    <bean id="entitlement_role_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_CREATE" />
+        <property name="description"
+            value="Description for ROLE_CREATE" />
+    </bean>
+    <bean id="entitlement_role_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_READ" />
+        <property name="description"
+            value="Description for ROLE_READ" />
+    </bean>
+    <bean id="entitlement_role_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_UPDATE" />
+        <property name="description"
+            value="Description for ROLE_UPDATE" />
+    </bean>
+    <bean id="entitlement_role_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_DELETE" />
+        <property name="description"
+            value="Description for ROLE_DELETE" />
+    </bean>
+    
+    <bean id="entitlement_entitlement_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_LIST" />
+        <property name="description"
+            value="Description for ENTITLEMENT_LIST" />
+    </bean>
+    <bean id="entitlement_entitlement_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_CREATE" />
+        <property name="description"
+            value="Description for ENTITLEMENT_CREATE" />
+    </bean>
+    <bean id="entitlement_entitlement_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_READ" />
+        <property name="description"
+            value="Description for ENTITLEMENT_READ" />
+    </bean>
+    <bean id="entitlement_entitlement_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_UPDATE" />
+        <property name="description"
+            value="Description for ENTITLEMENT_UPDATE" />
+    </bean>
+    <bean id="entitlement_entitlement_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_DELETE" />
+        <property name="description"
+            value="Description for ENTITLEMENT_DELETE" />
+    </bean>
+    
+    <bean id="role_admin"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+        <property name="name"
+            value="ADMIN" />
+        <property name="description"
+            value="This is the administrator role with full access" />
+        <property name="entitlements">
+            <util:list>
+                <ref bean="entitlement_claim_list" />
+                <ref bean="entitlement_claim_create" />
+                <ref bean="entitlement_claim_read" />
+                <ref bean="entitlement_claim_update" />
+                <ref bean="entitlement_claim_delete" />
+                <ref bean="entitlement_idp_list" />
+                <ref bean="entitlement_idp_create" />
+                <ref bean="entitlement_idp_read" />
+                <ref bean="entitlement_idp_update" />
+                <ref bean="entitlement_idp_delete" />
+                <ref bean="entitlement_trustedidp_list" />
+                <ref bean="entitlement_trustedidp_create" />
+                <ref bean="entitlement_trustedidp_read" />
+                <ref bean="entitlement_trustedidp_update" />
+                <ref bean="entitlement_trustedidp_delete" />
+                <ref bean="entitlement_application_list" />
+                <ref bean="entitlement_application_create" />
+                <ref bean="entitlement_application_read" />
+                <ref bean="entitlement_application_update" />
+                <ref bean="entitlement_application_delete" />
+                <ref bean="entitlement_role_list" />
+                <ref bean="entitlement_role_create" />
+                <ref bean="entitlement_role_read" />
+                <ref bean="entitlement_role_update" />
+                <ref bean="entitlement_role_delete" />
+                <ref bean="entitlement_entitlement_list" />
+                <ref bean="entitlement_entitlement_create" />
+                <ref bean="entitlement_entitlement_read" />
+                <ref bean="entitlement_entitlement_update" />
+                <ref bean="entitlement_entitlement_delete" />
+            </util:list>
+        </property>
+    </bean>
+    <bean id="role_user"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+        <property name="name"
+            value="USER" />
+        <property name="description"
+            value="This is the user role with read access" />
+        <property name="entitlements">
+            <util:list>
+                <ref bean="entitlement_claim_list" />
+                <ref bean="entitlement_claim_read" />
+                <ref bean="entitlement_idp_list" />
+                <ref bean="entitlement_idp_read" />
+                <ref bean="entitlement_trustedidp_list" />
+                <ref bean="entitlement_trustedidp_read" />
+                <ref bean="entitlement_application_list" />
+                <ref bean="entitlement_application_read" />
+                <ref bean="entitlement_role_list" />
+                <ref bean="entitlement_role_read" />
+                <ref bean="entitlement_entitlement_list" />
+                <ref bean="entitlement_entitlement_read" />
+            </util:list>
+        </property>
+    </bean>
+    <bean id="role_idp_login"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+        <property name="name"
+            value="IDP_LOGIN" />
+        <property name="description"
+            value="This is the IDP login role which is applied to Users during the IDP SSO" />
+        <property name="entitlements">
+            <util:list>
+                <ref bean="entitlement_claim_list" />
+                <ref bean="entitlement_claim_read" />
+                <ref bean="entitlement_idp_list" />
+                <ref bean="entitlement_idp_read" />
+                <ref bean="entitlement_trustedidp_list" />
+                <ref bean="entitlement_trustedidp_read" />
+                <ref bean="entitlement_application_list" />
+                <ref bean="entitlement_application_read" />
+            </util:list>
+        </property>
+    </bean>
+
+</beans>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlsso/src/test/resources/realmb/idp-servlet.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/realmb/idp-servlet.xml b/systests/federation/samlsso/src/test/resources/realmb/idp-servlet.xml
new file mode 100644
index 0000000..d355e97
--- /dev/null
+++ b/systests/federation/samlsso/src/test/resources/realmb/idp-servlet.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:webflow="http://www.springframework.org/schema/webflow-config"
+    xmlns:context="http://www.springframework.org/schema/context"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
+        http://www.springframework.org/schema/context
+        http://www.springframework.org/schema/context/spring-context-3.1.xsd">
+
+    <import resource="config/idp-core-servlet.xml" />
+
+    <!-- Define some mutable properties for the IdP -->
+    <context:property-placeholder location="classpath:realm.properties" />
+
+    <bean id="stsClientForRpAction" class="org.apache.cxf.fediz.service.idp.beans.STSClientAction">
+        <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts-realmb/${realm.STS_URI}/STSServiceTransport?wsdl" />
+        <property name="wsdlEndpoint" value="Transport_Port" />
+        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+    </bean>
+
+</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlsso/src/test/resources/realmb/persistence.properties
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/realmb/persistence.properties b/systests/federation/samlsso/src/test/resources/realmb/persistence.properties
new file mode 100644
index 0000000..2628714
--- /dev/null
+++ b/systests/federation/samlsso/src/test/resources/realmb/persistence.properties
@@ -0,0 +1,15 @@
+#jpa.driverClassName=org.apache.derby.jdbc.ClientDriver
+#jpa.url=jdbc:derby://localhost:1527/Fediz
+#jpa.username=admin
+#jpa.password=admin
+#jpa.defaultData=true
+#jpa.platform=DerbyDictionary
+
+
+jpa.driverClassName=org.hsqldb.jdbcDriver
+#jpa.url=jdbc:hsqldb:target/fediz/db/myDB;shutdown=true
+jpa.url=jdbc:hsqldb:target/db/realmb/myDB;shutdown=true
+jpa.username=sa
+jpa.password=
+jpa.defaultData=true
+jpa.platform=HSQLDictionary
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlsso/src/test/resources/realmb/realm.properties
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/realmb/realm.properties b/systests/federation/samlsso/src/test/resources/realmb/realm.properties
new file mode 100644
index 0000000..41d04cd
--- /dev/null
+++ b/systests/federation/samlsso/src/test/resources/realmb/realm.properties
@@ -0,0 +1,6 @@
+realm.STS_URI=REALMB
+realmA.port=${idp.https.port}
+realmB.port=${idp.realmb.https.port}
+idp-config=idp-config-realmb.xml
+db-load-config=entities-realmb.xml
+realm-uri=urn:org:apache:cxf:fediz:idp:realm-B

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlsso/src/test/resources/realmb/security-config.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/realmb/security-config.xml b/systests/federation/samlsso/src/test/resources/realmb/security-config.xml
new file mode 100644
index 0000000..6ddfb89
--- /dev/null
+++ b/systests/federation/samlsso/src/test/resources/realmb/security-config.xml
@@ -0,0 +1,134 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:security="http://www.springframework.org/schema/security"
+    xmlns:context="http://www.springframework.org/schema/context"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans.xsd
+        http://www.springframework.org/schema/context
+        http://www.springframework.org/schema/context/spring-context.xsd
+        http://www.springframework.org/schema/security
+        http://www.springframework.org/schema/security/spring-security-3.1.xsd
+        ">
+
+    <context:property-placeholder location="classpath:realm.properties"/>
+    
+    <!-- DISABLE in production as it might log confidential information about the user -->
+    <!-- <security:debug /> -->
+
+    <!-- Configure Spring Security -->
+    
+    <!-- If enabled, you can't access the Service layer within the Spring Webflow -->
+    <!-- The user has no role during the login phase of WS-Federation -->
+    <security:global-method-security pre-post-annotations="enabled"/>
+
+    <security:http pattern="/services/rs/**" use-expressions="true" authentication-manager-ref="restAuthenticationManager">
+        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
+        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
+        <security:intercept-url pattern="/services/rs/**" access="isAuthenticated()"/>
+        <security:http-basic />
+    </security:http>
+
+    <bean id="bCryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
+    
+    <bean id="defaultPasswordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder" />
+    
+    <security:authentication-manager id="restAuthenticationManager">
+        <security:authentication-provider>
+          <!-- <security:password-encoder ref="defaultPasswordEncoder"/>-->
+          <!-- <security:password-encoder hash="sha-256" base64="true" />-->
+          <!--  
+          <security:password-encoder hash="sha-256" base64="true">
+            <security:salt-source user-property="username"/>
+          </security:password-encoder>
+          -->
+          <security:user-service properties="classpath:/users.properties" />
+        </security:authentication-provider>
+        <security:authentication-provider ref="stsAuthProvider" />
+    </security:authentication-manager>
+
+    <!-- Redirects to a dedicated http config -->
+    <bean id="fedizEntryPoint" class="org.apache.cxf.fediz.service.idp.FedizEntryPoint">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
+        <property name="configService" ref="config" />
+    </bean>
+    
+    <!-- Main entry point -->
+    <security:http pattern="/federation" use-expressions="true" entry-point-ref="fedizEntryPoint">
+        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
+        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
+        <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous() or isAuthenticated()" />
+    </security:http>
+    
+    <!-- HTTP/BA entry point -->
+    <security:http pattern="/federation/up" use-expressions="true">
+        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
+        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
+        <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous() or isAuthenticated()" />
+
+        <security:http-basic />
+        <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
+    </security:http>
+    
+    <security:http pattern="/saml" use-expressions="true" entry-point-ref="fedizEntryPoint">
+        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
+        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
+    </security:http>
+    
+    <!-- HTTP/BA entry point -->
+    <security:http pattern="/saml/up/**" use-expressions="true">
+        <security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAnonymous() or isAuthenticated()" />
+        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
+        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
+
+        <security:http-basic />
+        <!--security:form-login login-page='/federation/up/login'
+            login-processing-url="/federation/up/login.do"
+            authentication-failure-url="/federation/up/login?error" 
+            default-target-url="/"
+            username-parameter="username" 
+            password-parameter="password"
+            /-->
+        <security:logout logout-url="/saml/up/logout" 
+            logout-success-url="/saml/up/login?out" 
+            delete-cookies="FEDIZ_HOME_REALM,JSESSIONID" 
+            invalidate-session="true" 
+            />
+    </security:http>	
+
+    <security:authentication-manager>
+        <security:authentication-provider ref="stsAuthProvider" />
+    </security:authentication-manager>
+	
+    <bean id="stsPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter" />
+    
+    <bean id="entitlementsEnricher" class="org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements" />
+	
+    <bean id="stsAuthProvider" class="org.apache.cxf.fediz.service.idp.STSUPAuthenticationProvider">
+        <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts-realmb/${realm.STS_URI}/STSServiceTransportUT?wsdl"/>
+        <property name="wsdlEndpoint" value="TransportUT_Port"/>
+        <property name="wsdlService" value="SecurityTokenService"/>
+        <property name="appliesTo" value="urn:fediz:idp"/>
+        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
+    </bean>
+
+</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml b/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
new file mode 100644
index 0000000..9227893
--- /dev/null
+++ b/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
@@ -0,0 +1,104 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:cxf="http://cxf.apache.org/core"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+  xmlns:jaxws="http://cxf.apache.org/jaxws"
+  xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+  xsi:schemaLocation="
+            http://cxf.apache.org/core
+            http://cxf.apache.org/schemas/core.xsd
+            http://cxf.apache.org/configuration/security
+            http://cxf.apache.org/schemas/configuration/security.xsd
+            http://cxf.apache.org/jaxws
+            http://cxf.apache.org/schemas/jaxws.xsd
+            http://cxf.apache.org/jaxrs
+            http://cxf.apache.org/schemas/jaxrs.xsd
+            http://cxf.apache.org/transports/http/configuration
+            http://cxf.apache.org/schemas/configuration/http-conf.xsd
+            http://cxf.apache.org/transports/http-jetty/configuration
+            http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+            http://www.springframework.org/schema/beans
+            http://www.springframework.org/schema/beans/spring-beans.xsd">
+   
+
+   <import resource="classpath:META-INF/cxf/cxf.xml" />
+      
+   <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+   </cxf:bus>
+   
+   <bean id="serviceBean" class="org.apache.cxf.fediz.samlsso.service.DoubleItService"/>
+
+   <bean id="callbackHandler" class="org.apache.cxf.fediz.samlsso.service.KeystorePasswordCallback"/>
+
+   <bean id="stateManager" class="org.apache.cxf.rs.security.saml.sso.state.EHCacheSPStateManager">
+        <constructor-arg ref="cxf"/>
+    </bean>
+
+    <bean id="ssoFilter" class="org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter">
+        <property name="idpServiceAddress" value="https://localhost:${idp.https.port}/fediz-idp/saml/up"/>
+        <property name="assertionConsumerServiceAddress" 
+                  value="/racs/sso"/>
+        <property name="stateProvider" ref="stateManager"/>
+        <property name="addEndpointAddressToContext" value="true"/>
+        <property name="signRequest" value="true"/>
+        <property name="signaturePropertiesFile" value="stsKeystoreA.properties"/>
+        <property name="callbackHandler" ref="callbackHandler"/>
+        <property name="signatureUsername" value="realma" />
+        <property name="issuerId" value="urn:org:apache:cxf:fediz:fedizhelloworld" />
+    </bean>
+
+   <bean id="authorizationInterceptor"
+         class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">
+       <property name="securedObject" ref="serviceBean" />
+   </bean>
+   
+   <jaxrs:server address="/app1">
+       <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+       </jaxrs:serviceBeans>
+       <jaxrs:providers>
+            <ref bean="ssoFilter"/>
+       </jaxrs:providers>
+       <jaxrs:inInterceptors>
+            <ref bean="authorizationInterceptor"/>
+       </jaxrs:inInterceptors>
+   </jaxrs:server>
+
+   <bean id="consumerService" class="org.apache.cxf.rs.security.saml.sso.RequestAssertionConsumerService">
+        <property name="stateProvider" ref="stateManager"/>
+        <property name="signaturePropertiesFile" value="stsKeystoreA.properties"/>
+        <property name="enforceKnownIssuer" value="false"/>
+        <property name="callbackHandlerClass" value="org.apache.cxf.fediz.samlsso.service.KeystorePasswordCallback" />
+   </bean>
+
+   <jaxrs:server address="/racs">
+       <jaxrs:serviceBeans>
+          <ref bean="consumerService"/>
+       </jaxrs:serviceBeans>
+   </jaxrs:server>
+   
+</beans>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/temp/pom.xml
----------------------------------------------------------------------
diff --git a/systests/federation/temp/pom.xml b/systests/federation/temp/pom.xml
deleted file mode 100644
index e04dfa7..0000000
--- a/systests/federation/temp/pom.xml
+++ /dev/null
@@ -1,312 +0,0 @@
-<?xml version="1.0"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <parent>
-        <groupId>org.apache.cxf.fediz</groupId>
-        <artifactId>fediz-systests</artifactId>
-        <version>1.3.2-SNAPSHOT</version>
-        <relativePath>../pom.xml</relativePath>
-    </parent>
-    <groupId>org.apache.cxf.fediz.systests.federation</groupId>
-    <artifactId>fediz-systests-federation-temp</artifactId>
-    <name>Apache Fediz Federation Systests Tomcat 7 WS-Federation temp</name>
-    <packaging>jar</packaging>
-    <properties>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-    </properties>
-    <dependencies>
-        <dependency>
-            <groupId>org.apache.tomcat.embed</groupId>
-            <artifactId>tomcat-embed-core</artifactId>
-            <version>${tomcat7.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.tomcat.embed</groupId>
-            <artifactId>tomcat-embed-logging-juli</artifactId>
-            <version>${tomcat7.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.eclipse.jdt.core.compiler</groupId>
-            <artifactId>ecj</artifactId>
-            <version>${ecj.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.tomcat.embed</groupId>
-            <artifactId>tomcat-embed-jasper</artifactId>
-            <version>${tomcat7.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>${junit.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf.fediz</groupId>
-            <artifactId>fediz-tomcat7</artifactId>
-            <version>${project.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf.fediz.systests</groupId>
-            <artifactId>fediz-systests-tests</artifactId>
-            <version>${project.version}</version>
-            <type>test-jar</type>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-api</artifactId>
-            <version>${slf4j.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-jdk14</artifactId>
-            <version>${slf4j.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.hsqldb</groupId>
-            <artifactId>hsqldb</artifactId>
-            <version>${hsqldb.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-rs-security-sso-saml</artifactId>
-            <version>${cxf.version}</version>
-            <scope>test</scope>
-        </dependency>
-
-    </dependencies>
-    <build>
-        <plugins>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>build-helper-maven-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <id>reserve-network-port</id>
-                        <goals>
-                            <goal>reserve-network-port</goal>
-                        </goals>
-                        <phase>initialize</phase>
-                        <configuration>
-                            <portNames>
-                                <portName>idp.https.port</portName>
-                                <portName>idp.realmb.https.port</portName>
-                                <portName>rp.https.port</portName>
-                            </portNames>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-dependency-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <id>copy-idp-sts</id>
-                        <phase>generate-resources</phase>
-                        <goals>
-                            <goal>unpack</goal>
-                        </goals>
-                        <configuration>
-                            <artifactItems>
-                                <artifactItem>
-                                    <groupId>org.apache.cxf.fediz</groupId>
-                                    <artifactId>fediz-idp</artifactId>
-                                    <version>${project.version}</version>
-                                    <type>war</type>
-                                    <overWrite>true</overWrite>
-                                    <outputDirectory>target/tomcat/idp/webapps/fediz-idp</outputDirectory>
-                                </artifactItem>
-                                <artifactItem>
-                                    <groupId>org.apache.cxf.fediz</groupId>
-                                    <artifactId>fediz-idp-sts</artifactId>
-                                    <version>${project.version}</version>
-                                    <type>war</type>
-                                    <overWrite>true</overWrite>
-                                    <outputDirectory>target/tomcat/idp/webapps/fediz-idp-sts</outputDirectory>
-                                </artifactItem>
-                                <artifactItem>
-                                    <groupId>org.apache.cxf.fediz.systests.webapps</groupId>
-                                    <artifactId>fediz-systests-webapps-simple</artifactId>
-                                    <version>${project.version}</version>
-                                    <type>war</type>
-                                    <overWrite>true</overWrite>
-                                    <outputDirectory>target/tomcat/rp/webapps/simpleWebapp</outputDirectory>
-                                </artifactItem>
-                                <artifactItem>
-                                    <groupId>org.apache.cxf.fediz</groupId>
-                                    <artifactId>fediz-idp</artifactId>
-                                    <version>${project.version}</version>
-                                    <type>war</type>
-                                    <overWrite>true</overWrite>
-                                    <outputDirectory>target/tomcat/idprealmb/webapps/fediz-idp-realmb</outputDirectory>
-                                </artifactItem>
-                                <artifactItem>
-                                    <groupId>org.apache.cxf.fediz</groupId>
-                                    <artifactId>fediz-idp-sts</artifactId>
-                                    <version>${project.version}</version>
-                                    <type>war</type>
-                                    <overWrite>true</overWrite>
-                                    <outputDirectory>target/tomcat/idprealmb/webapps/fediz-idp-sts-realmb</outputDirectory>
-                                </artifactItem>
-                                <artifactItem>
-                                    <groupId>org.apache.cxf.fediz.systests</groupId>
-                                    <artifactId>fediz-systests-tests</artifactId>
-                                    <version>${project.version}</version>
-                                    <classifier>tests</classifier>
-                                    <type>jar</type>
-                                    <overWrite>true</overWrite>
-                                    <outputDirectory>target/test-classes</outputDirectory>
-                                    <includes>**/*.jks</includes>
-                                </artifactItem>
-                            </artifactItems>
-                            <outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename>
-                            <overWriteSnapshots>true</overWriteSnapshots>
-                            <overWriteIfNewer>true</overWriteIfNewer>
-                            <stripVersion>true</stripVersion>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <artifactId>maven-resources-plugin</artifactId>
-                <version>2.7</version>
-                <executions>
-                    <execution>
-                        <id>copy-entities-to-idp</id>
-                        <phase>generate-test-sources</phase>
-                        <goals>
-                            <goal>copy-resources</goal>
-                        </goals>
-                        <configuration>
-                            <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp/WEB-INF/classes</outputDirectory>
-                            <resources>          
-                                <resource>
-                                    <directory>${basedir}/src/test/resources/realma</directory>
-                                    <includes>
-                                        <include>entities-realma.xml</include>
-                                        <include>realm.properties</include>
-                                    </includes>
-                                    <filtering>true</filtering>
-                                </resource>
-                            </resources>              
-                        </configuration>            
-                    </execution>
-                    <execution>
-                        <id>copy-entities-to-remote-idp</id>
-                        <phase>generate-test-sources</phase>
-                        <goals>
-                            <goal>copy-resources</goal>
-                        </goals>
-                        <configuration>
-                            <outputDirectory>${basedir}/target/tomcat/idprealmb/webapps/fediz-idp-realmb/WEB-INF/classes</outputDirectory>
-                            <resources>          
-                                <resource>
-                                    <directory>${basedir}/src/test/resources/realmb</directory>
-                                    <includes>
-                                        <include>entities-realmb.xml</include>
-                                        <include>realm.properties</include>
-                                        <include>persistence.properties</include>
-                                    </includes>
-                                    <filtering>true</filtering>
-                                </resource>
-                            </resources>              
-                        </configuration>            
-                    </execution>
-                    <execution>
-                        <id>copy-entities-to-remote-idp2</id>
-                        <phase>generate-test-sources</phase>
-                        <goals>
-                            <goal>copy-resources</goal>
-                        </goals>
-                        <configuration>
-                            <outputDirectory>${basedir}/target/tomcat/idprealmb/webapps/fediz-idp-realmb/WEB-INF</outputDirectory>
-                            <resources>          
-                                <resource>
-                                    <directory>${basedir}/src/test/resources/realmb</directory>
-                                    <includes>
-                                        <include>idp-servlet.xml</include>
-                                        <include>security-config.xml</include>
-                                    </includes>
-                                    <filtering>true</filtering>
-                                </resource>
-                            </resources>              
-                        </configuration>            
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <artifactId>maven-failsafe-plugin</artifactId>
-                <inherited>true</inherited>
-                <executions>
-                    <execution>
-                        <id>integration-test</id>
-                        <phase>integration-test</phase>
-                        <goals>
-                            <goal>integration-test</goal>
-                        </goals>
-                        <configuration>
-                            <skip>${skipTests}</skip>
-                            <systemPropertyVariables>
-                                <wt.headless>true</wt.headless>
-                                <idp.https.port>${idp.https.port}</idp.https.port>
-                                <idp.realmb.https.port>${idp.realmb.https.port}</idp.realmb.https.port>
-                                <rp.https.port>${rp.https.port}</rp.https.port>
-                            </systemPropertyVariables>
-                            <includes>
-                                <include>**/idp/**</include>
-                            </includes>
-                            <argLine>-Xms512m -Xmx1024m -XX:MaxPermSize=256m </argLine>
-                            <!--argLine>-Xms512m -Xmx1024m -XX:MaxPermSize=256m -Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=y</argLine-->
-                        </configuration>
-                    </execution>
-                    <execution>
-                        <id>verify</id>
-                        <phase>verify</phase>
-                        <goals>
-                            <goal>verify</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-plugin</artifactId>
-                <inherited>true</inherited>
-                <configuration>
-                    <excludes>
-                        <exclude>**/idp/**</exclude>
-                    </excludes>
-                </configuration>
-            </plugin>
-        </plugins>
-    </build>
-</project>


Mime
View raw message