cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/3] cxf-fediz git commit: Added partially working SAML SSO federation test
Date Mon, 07 Nov 2016 13:00:59 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 9912e61d2 -> 722b70f02


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/temp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
----------------------------------------------------------------------
diff --git a/systests/federation/temp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/federation/temp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
deleted file mode 100644
index 11ff13c..0000000
--- a/systests/federation/temp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ /dev/null
@@ -1,459 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.systests.idp;
-
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.net.URLEncoder;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
-import java.util.UUID;
-
-import javax.servlet.ServletException;
-
-import org.apache.catalina.Context;
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.LifecycleState;
-import org.apache.catalina.connector.Connector;
-import org.apache.catalina.startup.Tomcat;
-import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.fediz.core.util.DOMUtils;
-import org.apache.cxf.fediz.tomcat7.FederationAuthenticator;
-import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
-import org.apache.cxf.rs.security.saml.sso.DefaultAuthnRequestBuilder;
-import org.apache.cxf.rs.security.saml.sso.SSOConstants;
-import org.apache.cxf.staxutils.StaxUtils;
-import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.common.crypto.CryptoFactory;
-import org.apache.wss4j.common.crypto.CryptoType;
-import org.apache.wss4j.common.saml.OpenSAMLUtil;
-import org.apache.wss4j.common.util.DOM2Writer;
-import org.apache.wss4j.dom.engine.WSSConfig;
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-import org.opensaml.core.xml.XMLObject;
-import org.opensaml.saml.common.SignableSAMLObject;
-import org.opensaml.saml.saml2.core.AuthnRequest;
-import org.opensaml.security.x509.BasicX509Credential;
-import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
-import org.opensaml.xmlsec.signature.KeyInfo;
-import org.opensaml.xmlsec.signature.Signature;
-import org.opensaml.xmlsec.signature.support.SignatureConstants;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import com.gargoylesoftware.htmlunit.html.DomElement;
-import com.gargoylesoftware.htmlunit.html.DomNodeList;
-import com.gargoylesoftware.htmlunit.html.HtmlPage;
-
-/**
- * Some tests invoking directly on the IdP for SAML SSO
- */
-public class IdpTest {
-
-    static String idpHttpsPort;
-    static String rpHttpsPort;
-    static String idpRealmbHttpsPort;
-
-    private static Tomcat idpServer;
-    private static Tomcat idpRealmbServer;
-    private static Tomcat rpServer;
-
-    @BeforeClass
-    public static void init() throws Exception {
-        System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
-        System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
-        System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
-        idpHttpsPort = System.getProperty("idp.https.port");
-        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
-        idpRealmbHttpsPort = System.getProperty("idp.realmb.https.port");
-        Assert.assertNotNull("Property 'idp.realmb.https.port' null", idpRealmbHttpsPort);
-        rpHttpsPort = System.getProperty("rp.https.port");
-        Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
-
-        idpServer = startServer(true, false, idpHttpsPort);
-        idpRealmbServer = startServer(false, true, idpRealmbHttpsPort);
-        // rpServer = startServer(false, false, rpHttpsPort);
-
-        WSSConfig.init();
-    }
-
-    private static Tomcat startServer(boolean idp, boolean realmb, String port) 
-        throws ServletException, LifecycleException, IOException {
-        Tomcat server = new Tomcat();
-        server.setPort(0);
-        String currentDir = new File(".").getCanonicalPath();
-        String baseDir = currentDir + File.separator + "target";
-        server.setBaseDir(baseDir);
-
-        if (idp) {
-            server.getHost().setAppBase("tomcat/idp/webapps");
-        } else if (realmb) {
-            server.getHost().setAppBase("tomcat/idprealmb/webapps");
-        } else {
-            server.getHost().setAppBase("tomcat/rp/webapps");
-        }
-        server.getHost().setAutoDeploy(true);
-        server.getHost().setDeployOnStartup(true);
-
-        Connector httpsConnector = new Connector();
-        httpsConnector.setPort(Integer.parseInt(port));
-        httpsConnector.setSecure(true);
-        httpsConnector.setScheme("https");
-        //httpsConnector.setAttribute("keyAlias", keyAlias);
-        httpsConnector.setAttribute("keystorePass", "tompass");
-        httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
-        httpsConnector.setAttribute("truststorePass", "tompass");
-        httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
-        httpsConnector.setAttribute("clientAuth", "want");
-        // httpsConnector.setAttribute("clientAuth", "false");
-        httpsConnector.setAttribute("sslProtocol", "TLS");
-        httpsConnector.setAttribute("SSLEnabled", true);
-
-        server.getService().addConnector(httpsConnector);
-
-        if (idp) {
-            File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
-            server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-    
-            File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
-            server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
-        } else if (realmb) {
-            File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts-realmb");
-            server.addWebapp("/fediz-idp-sts-realmb", stsWebapp.getAbsolutePath());
-    
-            File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-realmb");
-            server.addWebapp("/fediz-idp-realmb", idpWebapp.getAbsolutePath());
-        } else {
-            File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
-            Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
-            
-            FederationAuthenticator fa = new FederationAuthenticator();
-            fa.setConfigFile(currentDir + File.separator + "target" + File.separator
-                             + "test-classes" + File.separator + "fediz_config_wsfed.xml");
-            cxt.getPipeline().addValve(fa);
-        }
-
-        server.start();
-
-        return server;
-    }
-
-    @AfterClass
-    public static void cleanup() {
-        shutdownServer(idpServer);
-        shutdownServer(idpRealmbServer);
-        shutdownServer(rpServer);
-    }
-    
-    private static void shutdownServer(Tomcat server) {
-        try {
-            if (server != null && server.getServer() != null
-                && server.getServer().getState() != LifecycleState.DESTROYED) {
-                if (server.getServer().getState() != LifecycleState.STOPPED) {
-                    server.stop();
-                }
-                server.destroy();
-            }
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-    }
-
-    public String getIdpHttpsPort() {
-        return idpHttpsPort;
-    }
-
-    public String getRpHttpsPort() {
-        return rpHttpsPort;
-    }
-
-    public String getServletContextName() {
-        return "fedizhelloworld";
-    }
-    
-    //
-    // Successful tests
-    //
-    
-    @org.junit.Test
-    public void testBrowser() throws Exception {
-        OpenSAMLUtil.initSamlEngine();
-        
-        // Create SAML AuthnRequest
-        Document doc = DOMUtils.createDocument();
-        doc.appendChild(doc.createElement("root"));
-        // Create the AuthnRequest
-        String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" 
-            + getServletContextName() + "/secure/fedservlet";
-        AuthnRequest authnRequest = 
-            new DefaultAuthnRequestBuilder().createAuthnRequest(
-                null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
-            );
-        authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
-        signAuthnRequest(authnRequest);
-        
-        Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
-        String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
-
-        String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8");
-
-        String relayState = UUID.randomUUID().toString();
-        String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?";
-        url += SSOConstants.RELAY_STATE + "=" + relayState;
-        url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
-        
-        System.out.println("URL: " + url);
-        
-        Thread.sleep(60 * 1000);
-
-    }
-    /*
-    @org.junit.Test
-    public void testSuccessfulInvokeOnIdP() throws Exception {
-        OpenSAMLUtil.initSamlEngine();
-        
-        // Create SAML AuthnRequest
-        Document doc = DOMUtils.createDocument();
-        doc.appendChild(doc.createElement("root"));
-        // Create the AuthnRequest
-        String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" 
-            + getServletContextName() + "/secure/fedservlet";
-        AuthnRequest authnRequest = 
-            new DefaultAuthnRequestBuilder().createAuthnRequest(
-                null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
-            );
-        authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
-        signAuthnRequest(authnRequest);
-        
-        Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
-        String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
-
-        String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8");
-
-        String relayState = UUID.randomUUID().toString();
-        String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?";
-        url += SSOConstants.RELAY_STATE + "=" + relayState;
-        url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
-
-        String user = "alice";
-        String password = "ecila";
-
-        final WebClient webClient = new WebClient();
-        webClient.getOptions().setUseInsecureSSL(true);
-        webClient.getCredentialsProvider().setCredentials(
-            new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
-            new UsernamePasswordCredentials(user, password));
-
-        webClient.getOptions().setJavaScriptEnabled(false);
-        final HtmlPage idpPage = webClient.getPage(url);
-        webClient.getOptions().setJavaScriptEnabled(true);
-        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-        
-        org.opensaml.saml.saml2.core.Response samlResponse = 
-            parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
-        String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
-        Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-        
-        // Check claims
-        String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
-        String claim = ClaimTypes.FIRSTNAME.toString();
-        Assert.assertTrue(parsedResponse.contains(claim));
-        claim = ClaimTypes.LASTNAME.toString();
-        Assert.assertTrue(parsedResponse.contains(claim));
-        claim = ClaimTypes.EMAILADDRESS.toString();
-        Assert.assertTrue(parsedResponse.contains(claim));
-
-        webClient.close();
-    }
-    
-    @org.junit.Test
-    public void testSuccessfulInvokeOnIdPUsingPOST() throws Exception {
-        OpenSAMLUtil.initSamlEngine();
-        
-        // Create SAML AuthnRequest
-        Document doc = DOMUtils.createDocument();
-        doc.appendChild(doc.createElement("root"));
-        // Create the AuthnRequest
-        String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" 
-            + getServletContextName() + "/secure/fedservlet";
-        AuthnRequest authnRequest = 
-            new DefaultAuthnRequestBuilder().createAuthnRequest(
-                null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
-            );
-        authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up");
-        signAuthnRequest(authnRequest);
-        
-        Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
-        
-        // Don't inflate the token...
-        String requestMessage = DOM2Writer.nodeToString(authnRequestElement);
-        String authnRequestEncoded = Base64Utility.encode(requestMessage.getBytes("UTF-8"));
-
-        String relayState = UUID.randomUUID().toString();
-        String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up";
-
-        String user = "alice";
-        String password = "ecila";
-
-        final WebClient webClient = new WebClient();
-        webClient.getOptions().setUseInsecureSSL(true);
-        webClient.getCredentialsProvider().setCredentials(
-            new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
-            new UsernamePasswordCredentials(user, password));
-
-        webClient.getOptions().setJavaScriptEnabled(false);
-        
-        WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
-
-        request.setRequestParameters(new ArrayList<NameValuePair>());
-        request.getRequestParameters().add(new NameValuePair(SSOConstants.RELAY_STATE, relayState));
-        request.getRequestParameters().add(new NameValuePair(SSOConstants.SAML_REQUEST, authnRequestEncoded));
-        
-        webClient.getOptions().setJavaScriptEnabled(false);
-        final HtmlPage idpPage = webClient.getPage(request);
-        
-        webClient.getOptions().setJavaScriptEnabled(true);
-        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-        
-        org.opensaml.saml.saml2.core.Response samlResponse = 
-            parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
-        String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
-        Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-        
-        // Check claims
-        String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
-        String claim = ClaimTypes.FIRSTNAME.toString();
-        Assert.assertTrue(parsedResponse.contains(claim));
-        claim = ClaimTypes.LASTNAME.toString();
-        Assert.assertTrue(parsedResponse.contains(claim));
-        claim = ClaimTypes.EMAILADDRESS.toString();
-        Assert.assertTrue(parsedResponse.contains(claim));
-
-        webClient.close();
-    }
-    */
-
-    private String encodeAuthnRequest(Element authnRequest) throws IOException {
-        String requestMessage = DOM2Writer.nodeToString(authnRequest);
-        
-        DeflateEncoderDecoder encoder = new DeflateEncoderDecoder();
-        byte[] deflatedBytes = encoder.deflateToken(requestMessage.getBytes("UTF-8"));
-
-        return Base64Utility.encode(deflatedBytes);
-    }
-    
-    private void signAuthnRequest(AuthnRequest authnRequest) throws Exception {
-        Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
-        
-        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
-        cryptoType.setAlias("realma");
-        X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
-
-        String sigAlgo = SSOConstants.RSA_SHA1;
-        
-        // Get the private key
-        PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
-        
-        // Create the signature
-        Signature signature = OpenSAMLUtil.buildSignature();
-        signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
-        signature.setSignatureAlgorithm(sigAlgo);
-        
-        BasicX509Credential signingCredential = new BasicX509Credential(issuerCerts[0], privateKey);
-
-        signature.setSigningCredential(signingCredential);
-
-        X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory();
-        kiFactory.setEmitEntityCertificate(true);
-        
-        try {
-            KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential);
-            signature.setKeyInfo(keyInfo);
-        } catch (org.opensaml.security.SecurityException ex) {
-            throw new Exception(
-                    "Error generating KeyInfo from signing credential", ex);
-        }
-        
-        SignableSAMLObject signableObject = (SignableSAMLObject) authnRequest;
-        signableObject.setSignature(signature);
-        signableObject.releaseDOM();
-        signableObject.releaseChildrenDOM(true);
-        
-    }
-    
-    private org.opensaml.saml.saml2.core.Response parseSAMLResponse(HtmlPage idpPage, 
-                                                                    String relayState, 
-                                                                    String consumerURL,
-                                                                    String authnRequestId
-    ) throws Exception {
-        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-        
-        // Parse the form to get the token (SAMLResponse)
-        DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
-
-        String samlResponse = null;
-        boolean foundRelayState = false;
-        for (DomElement result : results) {
-            if ("SAMLResponse".equals(result.getAttributeNS(null, "name"))) {
-                samlResponse = result.getAttributeNS(null, "value");
-            } else if ("RelayState".equals(result.getAttributeNS(null, "name"))) {
-                foundRelayState = true;
-                Assert.assertEquals(result.getAttributeNS(null, "value"), relayState);
-            }
-        }
-
-        Assert.assertNotNull(samlResponse);
-        Assert.assertTrue(foundRelayState);
-        
-        // Check the "action"
-        DomNodeList<DomElement> formResults = idpPage.getElementsByTagName("form");
-        Assert.assertFalse(formResults.isEmpty());
-        
-        DomElement formResult = formResults.get(0);
-        String action = formResult.getAttributeNS(null, "action");
-        Assert.assertTrue(action.equals(consumerURL));
-        
-        // Decode + verify response
-        byte[] deflatedToken = Base64Utility.decode(samlResponse);
-        InputStream inputStream = new ByteArrayInputStream(deflatedToken);
-        
-        Document responseDoc = StaxUtils.read(new InputStreamReader(inputStream, "UTF-8"));
-        
-        XMLObject responseObject = OpenSAMLUtil.fromDom(responseDoc.getDocumentElement());
-        Assert.assertTrue(responseObject instanceof org.opensaml.saml.saml2.core.Response);
-        
-        org.opensaml.saml.saml2.core.Response samlResponseObject = 
-            (org.opensaml.saml.saml2.core.Response)responseObject;
-        Assert.assertTrue(authnRequestId.equals(samlResponseObject.getInResponseTo()));
-        
-        return samlResponseObject;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/temp/src/test/resources/logging.properties
----------------------------------------------------------------------
diff --git a/systests/federation/temp/src/test/resources/logging.properties b/systests/federation/temp/src/test/resources/logging.properties
deleted file mode 100644
index 040b210..0000000
--- a/systests/federation/temp/src/test/resources/logging.properties
+++ /dev/null
@@ -1,54 +0,0 @@
-############################################################
-#   Default Logging Configuration File
-#
-# You can use a different file by specifying a filename
-# with the java.util.logging.config.file system property.  
-# For example java -Djava.util.logging.config.file=myfile
-############################################################
-
-############################################################
-#   Global properties
-############################################################
-
-# "handlers" specifies a comma separated list of log Handler 
-# classes.  These handlers will be installed during VM startup.
-# Note that these classes must be on the system classpath.
-# By default we only configure a ConsoleHandler, which will only
-# show messages at the WARNING and above levels.
-handlers= java.util.logging.ConsoleHandler
-#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
-
-# Default global logging level.
-# This specifies which kinds of events are logged across
-# all loggers.  For any given facility this global level
-# can be overridden by a facility specific level
-# Note that the ConsoleHandler also has a separate level
-# setting to limit messages printed to the console.
-.level= INFO
-
-############################################################
-# Handler specific properties.
-# Describes specific configuration info for Handlers.
-############################################################
-
-# default file output is in user's home directory.
-java.util.logging.FileHandler.pattern = %h/java%u.log
-java.util.logging.FileHandler.limit = 50000
-java.util.logging.FileHandler.count = 1
-java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
-
-# Limit the message that are printed on the console to WARNING and above.
-java.util.logging.ConsoleHandler.level = WARNING
-java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
-
-
-############################################################
-# Facility specific properties.
-# Provides extra control for each logger.
-############################################################
-
-# For example, set the com.xyz.foo logger to only log SEVERE
-# messages:
-#com.xyz.foo.level = SEVERE
-org.apache.ws.security.level = FINEST
-org.apache.cxf.fediz.level = FINEST

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/temp/src/test/resources/realma.cert
----------------------------------------------------------------------
diff --git a/systests/federation/temp/src/test/resources/realma.cert b/systests/federation/temp/src/test/resources/realma.cert
deleted file mode 100644
index ff97f79..0000000
--- a/systests/federation/temp/src/test/resources/realma.cert
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICwTCCAamgAwIBAgIEINqJ9TANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN
-MTUwNjEwMTU0NDE3WhcNMjUwNDE4MTU0NDE3WjARMQ8wDQYDVQQDEwZSRUFMTUEwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJDSXn2lDR+JM+AsJarFG3/XGH7K+9AfAbQIz2IgB9MCpO
-KVWTUPCvuo1I+Fp5nEGreuHYLEwgIiam3o+C9tvpLgtDDaDkmXjDzkWpk8z6+im72HZ/ODF93Rqw
-jIiY5ZCzgDumFyPzdKiGwChThamidy+rd6oheSoi6qRVSMMcnwiEUmvkfFvV3izXRqeT5nGQwsin
-y9mCEiGx8jkfxP++H0RQjVjhOwzfQ7epsR7dTQNf2ZhkBR3o6wKV9QnF2IBWHZpA9EK58rWU9H6j
-G7b631rYvwsbOUF9HcZ8DI2BFh+4p18jDN/fnjNGSLr9rYOExpsIiF1cHBK7Tr7WwCmDAgMBAAGj
-ITAfMB0GA1UdDgQWBBRHy0qYoLm9jx/1L6r61NznHKun2jANBgkqhkiG9w0BAQsFAAOCAQEAR9rU
-5Sp1FsOErdvKNFqeaKl0oq6Fuz7BWcGm2kK6+1ZbWE8IOv6Vh+BlLuOe5hF7aLUbm8UIjhKsmg0M
-Ey5MBwkBZktT1qhQteMuiKgYR7CxayCxO0f125RYvvwntJa5rI7bUrzOqX29VQD1qQ/Tb+08fULT
-L7oURP+g88Ff99dn3IpO4VZxZdsbl4+KZRtqQvPAdXNYjOajJtPzS489+/DtfWJ6wPm/7YZ4did4
-1fYcrdwyEZ15L0/5i931z7sztNickm5WhO40qEVDKN6KrlV2Eyea0+933v2Pwe4resTlko9G2T5h
-dEaSbvht2Q/JOMMmT91daeto2oS8HTKhTA==
------END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/temp/src/test/resources/realma/entities-realma.xml
----------------------------------------------------------------------
diff --git a/systests/federation/temp/src/test/resources/realma/entities-realma.xml b/systests/federation/temp/src/test/resources/realma/entities-realma.xml
deleted file mode 100644
index 74dd5d1..0000000
--- a/systests/federation/temp/src/test/resources/realma/entities-realma.xml
+++ /dev/null
@@ -1,525 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:util="http://www.springframework.org/schema/util"
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
-        http://www.springframework.org/schema/util
-        http://www.springframework.org/schema/util/spring-util-2.0.xsd">
-
-    <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.service.jpa.IdpEntity">
-        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
-        <property name="uri" value="realma" />
-        <property name="provideIdpList" value="true" />
-        <property name="useCurrentIdp" value="true" />
-        <property name="certificate" value="stsKeystoreA.properties" />
-        <property name="certificatePassword" value="realma" />
-        <property name="stsUrl" value="https://localhost:${idp.https.port}/fediz-idp-sts/REALMA" />
-        <property name="idpUrl" value="https://localhost:${idp.https.port}/fediz-idp/federation" />
-        <property name="rpSingleSignOutConfirmation" value="true"/>
-        <property name="supportedProtocols">
-            <util:list>
-                <value>http://docs.oasis-open.org/wsfed/federation/200706
-                </value>
-                <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
-                </value>
-            </util:list>
-        </property>
-        <property name="tokenTypesOffered">
-            <util:list>
-                <value>urn:oasis:names:tc:SAML:1.0:assertion</value>
-                <value>urn:oasis:names:tc:SAML:2.0:assertion</value>
-            </util:list>
-        </property>
-        <property name="authenticationURIs">
-            <util:map>
-                <entry key="default" value="federation/up" />
-                <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey" 
-                       value="federation/krb" />
-                <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default"
-                       value="federation/up" />
-                <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl"
-                       value="federation/clientcert" />
-            </util:map>
-        </property>
-        <property name="serviceDisplayName" value="REALM A" />
-        <property name="serviceDescription" value="IDP of Realm A" />
-        <property name="applications">
-            <util:list>
-                <ref bean="srv-fedizhelloworld" />
-            </util:list>
-        </property>
-        <property name="trustedIdps">
-            <util:list>
-                <ref bean="trusted-idp-realmB" />
-            </util:list>
-        </property>
-        <property name="claimTypesOffered">
-            <util:list>
-                <ref bean="claim_role" />
-                <ref bean="claim_surname" />
-                <ref bean="claim_givenname" />
-                <ref bean="claim_email" />
-            </util:list>
-        </property>
-    </bean>
-    
-    <bean id="idp-saml-realmA" class="org.apache.cxf.fediz.service.idp.service.jpa.IdpEntity">
-        <property name="realm" value="urn:org:apache:cxf:fediz:idp:saml:realm-A" />
-        <property name="uri" value="realma" />
-        <property name="provideIdpList" value="true" />
-        <property name="useCurrentIdp" value="true" />
-        <property name="certificate" value="stsKeystoreA.properties" />
-        <property name="certificatePassword" value="realma" />
-        <property name="stsUrl" value="https://localhost:${idp.https.port}/fediz-idp-sts/REALMA" />
-        <property name="idpUrl" value="https://localhost:${idp.https.port}/fediz-idp/saml" />
-        <property name="rpSingleSignOutConfirmation" value="true"/>
-        <property name="supportedProtocols">
-            <util:list>
-                <value>urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser
-                </value>
-                <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
-                </value>
-            </util:list>
-        </property>
-        <property name="tokenTypesOffered">
-            <util:list>
-                <value>urn:oasis:names:tc:SAML:1.0:assertion</value>
-                <value>urn:oasis:names:tc:SAML:2.0:assertion</value>
-            </util:list>
-        </property>
-        <property name="authenticationURIs">
-            <util:map>
-                <entry key="default" value="saml/up" />
-            </util:map>
-        </property>
-        <property name="serviceDisplayName" value="REALM A" />
-        <property name="serviceDescription" value="IDP of Realm A" />
-        <property name="applications">
-            <util:list>
-                <ref bean="srv-fedizhelloworld" />
-            </util:list>
-        </property>
-        <property name="trustedIdps">
-            <util:list>
-                <ref bean="trusted-idp-realmB" />
-            </util:list>
-        </property>
-        <property name="claimTypesOffered">
-            <util:list>
-                <ref bean="claim_role" />
-                <ref bean="claim_surname" />
-                <ref bean="claim_givenname" />
-                <ref bean="claim_email" />
-            </util:list>
-        </property>
-    </bean>
-
-    <bean id="trusted-idp-realmB"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity">
-        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
-        <property name="cacheTokens" value="true" />
-        <property name="url" value="https://localhost:${idp.realmb.https.port}/fediz-idp-realmb/federation" />
-        <property name="certificate" value="realmb.cert" />
-        <property name="trustType" value="PEER_TRUST" />
-        <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
-        <property name="federationType" value="FEDERATE_IDENTITY" />
-        <property name="name" value="Realm B" />
-        <property name="description" value="Realm B description" />
-    </bean>
-
-    <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
-        <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" />
-        <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
-        <property name="serviceDisplayName" value="Fedizhelloworld" />
-        <property name="serviceDescription" value="Web Application to illustrate WS-Federation" />
-        <property name="role" value="ApplicationServiceType" />
-        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
-        <property name="lifeTime" value="3600" />
-        <property name="passiveRequestorEndpointConstraint" 
-                  value="https://localhost:(\d)*/(\w)*helloworld(\w)*/secure/.*" />
-        <property name="validatingCertificate" value="realma.cert" />
-    </bean>
-    
-    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
-        <property name="application" ref="srv-fedizhelloworld" />
-        <property name="claim" ref="claim_role" />
-        <property name="optional" value="false" />
-    </bean>
-    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
-        <property name="application" ref="srv-fedizhelloworld" />
-        <property name="claim" ref="claim_givenname" />
-        <property name="optional" value="false" />
-    </bean>
-    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
-        <property name="application" ref="srv-fedizhelloworld" />
-        <property name="claim" ref="claim_surname" />
-        <property name="optional" value="false" />
-    </bean>
-    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
-        <property name="application" ref="srv-fedizhelloworld" />
-        <property name="claim" ref="claim_email" />
-        <property name="optional" value="false" />
-    </bean>
-    
-    <bean id="claim_role"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
-        <property name="claimType"
-            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
-        <property name="displayName"
-            value="role" />
-        <property name="description"
-            value="Description for role" />
-    </bean>
-    <bean id="claim_givenname"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
-        <property name="claimType"
-            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
-        <property name="displayName"
-            value="firstname" />
-        <property name="description"
-            value="Description for firstname" />
-    </bean>
-    <bean id="claim_surname"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
-        <property name="claimType"
-            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
-        <property name="displayName"
-            value="lastname" />
-        <property name="description"
-            value="Description for lastname" />
-    </bean>
-    <bean id="claim_email"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
-        <property name="claimType"
-            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
-        <property name="displayName"
-            value="email" />
-        <property name="description"
-            value="Description for email" />
-    </bean>
-    
-    
-    <bean id="entitlement_claim_list"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="CLAIM_LIST" />
-        <property name="description"
-            value="Description for CLAIM_LIST" />
-    </bean>
-    <bean id="entitlement_claim_create"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="CLAIM_CREATE" />
-        <property name="description"
-            value="Description for CLAIM_CREATE" />
-    </bean>
-    <bean id="entitlement_claim_read"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="CLAIM_READ" />
-        <property name="description"
-            value="Description for CLAIM_READ" />
-    </bean>
-    <bean id="entitlement_claim_update"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="CLAIM_UPDATE" />
-        <property name="description"
-            value="Description for CLAIM_UPDATE" />
-    </bean>
-    <bean id="entitlement_claim_delete"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="CLAIM_DELETE" />
-        <property name="description"
-            value="Description for CLAIM_DELETE" />
-    </bean>
-
-    <bean id="entitlement_application_list"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="APPLICATION_LIST" />
-        <property name="description"
-            value="Description for APPLICATION_LIST" />
-    </bean>
-    <bean id="entitlement_application_create"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="APPLICATION_CREATE" />
-        <property name="description"
-            value="Description for APPLICATION_CREATE" />
-    </bean>
-    <bean id="entitlement_application_read"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="APPLICATION_READ" />
-        <property name="description"
-            value="Description for APPLICATION_READ" />
-    </bean>
-    <bean id="entitlement_application_update"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="APPLICATION_UPDATE" />
-        <property name="description"
-            value="Description for APPLICATION_UPDATE" />
-    </bean>
-    <bean id="entitlement_application_delete"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="APPLICATION_DELETE" />
-        <property name="description"
-            value="Description for APPLICATION_DELETE" />
-    </bean>
-    
-    <bean id="entitlement_trustedidp_list"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="TRUSTEDIDP_LIST" />
-        <property name="description"
-            value="Description for TRUSTEDIDP_LIST" />
-    </bean>
-    <bean id="entitlement_trustedidp_create"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="TRUSTEDIDP_CREATE" />
-        <property name="description"
-            value="Description for TRUSTEDIDP_CREATE" />
-    </bean>
-    <bean id="entitlement_trustedidp_read"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="TRUSTEDIDP_READ" />
-        <property name="description"
-            value="Description for TRUSTEDIDP_READ" />
-    </bean>
-    <bean id="entitlement_trustedidp_update"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="TRUSTEDIDP_UPDATE" />
-        <property name="description"
-            value="Description for TRUSTEDIDP_UPDATE" />
-    </bean>
-    <bean id="entitlement_trustedidp_delete"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="TRUSTEDIDP_DELETE" />
-        <property name="description"
-            value="Description for TRUSTEDIDP_DELETE" />
-    </bean>
-
-    <bean id="entitlement_idp_list"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="IDP_LIST" />
-        <property name="description"
-            value="Description for IDP_LIST" />
-    </bean>
-    <bean id="entitlement_idp_create"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="IDP_CREATE" />
-        <property name="description"
-            value="Description for IDP_CREATE" />
-    </bean>
-    <bean id="entitlement_idp_read"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="IDP_READ" />
-        <property name="description"
-            value="Description for IDP_READ" />
-    </bean>
-    <bean id="entitlement_idp_update"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="IDP_UPDATE" />
-        <property name="description"
-            value="Description for IDP_UPDATE" />
-    </bean>
-    <bean id="entitlement_idp_delete"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="IDP_DELETE" />
-        <property name="description"
-            value="Description for IDP_DELETE" />
-    </bean>
-    
-    <bean id="entitlement_role_list"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ROLE_LIST" />
-        <property name="description"
-            value="Description for ROLE_LIST" />
-    </bean>
-    <bean id="entitlement_role_create"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ROLE_CREATE" />
-        <property name="description"
-            value="Description for ROLE_CREATE" />
-    </bean>
-    <bean id="entitlement_role_read"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ROLE_READ" />
-        <property name="description"
-            value="Description for ROLE_READ" />
-    </bean>
-    <bean id="entitlement_role_update"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ROLE_UPDATE" />
-        <property name="description"
-            value="Description for ROLE_UPDATE" />
-    </bean>
-    <bean id="entitlement_role_delete"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ROLE_DELETE" />
-        <property name="description"
-            value="Description for ROLE_DELETE" />
-    </bean>
-    
-    <bean id="entitlement_entitlement_list"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ENTITLEMENT_LIST" />
-        <property name="description"
-            value="Description for ENTITLEMENT_LIST" />
-    </bean>
-    <bean id="entitlement_entitlement_create"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ENTITLEMENT_CREATE" />
-        <property name="description"
-            value="Description for ENTITLEMENT_CREATE" />
-    </bean>
-    <bean id="entitlement_entitlement_read"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ENTITLEMENT_READ" />
-        <property name="description"
-            value="Description for ENTITLEMENT_READ" />
-    </bean>
-    <bean id="entitlement_entitlement_update"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ENTITLEMENT_UPDATE" />
-        <property name="description"
-            value="Description for ENTITLEMENT_UPDATE" />
-    </bean>
-    <bean id="entitlement_entitlement_delete"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ENTITLEMENT_DELETE" />
-        <property name="description"
-            value="Description for ENTITLEMENT_DELETE" />
-    </bean>
-    
-    <bean id="role_admin"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
-        <property name="name"
-            value="ADMIN" />
-        <property name="description"
-            value="This is the administrator role with full access" />
-        <property name="entitlements">
-            <util:list>
-                <ref bean="entitlement_claim_list" />
-                <ref bean="entitlement_claim_create" />
-                <ref bean="entitlement_claim_read" />
-                <ref bean="entitlement_claim_update" />
-                <ref bean="entitlement_claim_delete" />
-                <ref bean="entitlement_idp_list" />
-                <ref bean="entitlement_idp_create" />
-                <ref bean="entitlement_idp_read" />
-                <ref bean="entitlement_idp_update" />
-                <ref bean="entitlement_idp_delete" />
-                <ref bean="entitlement_trustedidp_list" />
-                <ref bean="entitlement_trustedidp_create" />
-                <ref bean="entitlement_trustedidp_read" />
-                <ref bean="entitlement_trustedidp_update" />
-                <ref bean="entitlement_trustedidp_delete" />
-                <ref bean="entitlement_application_list" />
-                <ref bean="entitlement_application_create" />
-                <ref bean="entitlement_application_read" />
-                <ref bean="entitlement_application_update" />
-                <ref bean="entitlement_application_delete" />
-                <ref bean="entitlement_role_list" />
-                <ref bean="entitlement_role_create" />
-                <ref bean="entitlement_role_read" />
-                <ref bean="entitlement_role_update" />
-                <ref bean="entitlement_role_delete" />
-                <ref bean="entitlement_entitlement_list" />
-                <ref bean="entitlement_entitlement_create" />
-                <ref bean="entitlement_entitlement_read" />
-                <ref bean="entitlement_entitlement_update" />
-                <ref bean="entitlement_entitlement_delete" />
-            </util:list>
-        </property>
-    </bean>
-    <bean id="role_user"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
-        <property name="name"
-            value="USER" />
-        <property name="description"
-            value="This is the user role with read access" />
-        <property name="entitlements">
-            <util:list>
-                <ref bean="entitlement_claim_list" />
-                <ref bean="entitlement_claim_read" />
-                <ref bean="entitlement_idp_list" />
-                <ref bean="entitlement_idp_read" />
-                <ref bean="entitlement_trustedidp_list" />
-                <ref bean="entitlement_trustedidp_read" />
-                <ref bean="entitlement_application_list" />
-                <ref bean="entitlement_application_read" />
-                <ref bean="entitlement_role_list" />
-                <ref bean="entitlement_role_read" />
-                <ref bean="entitlement_entitlement_list" />
-                <ref bean="entitlement_entitlement_read" />
-            </util:list>
-        </property>
-    </bean>
-    <bean id="role_idp_login"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
-        <property name="name"
-            value="IDP_LOGIN" />
-        <property name="description"
-            value="This is the IDP login role which is applied to Users during the IDP SSO" />
-        <property name="entitlements">
-            <util:list>
-                <ref bean="entitlement_claim_list" />
-                <ref bean="entitlement_claim_read" />
-                <ref bean="entitlement_idp_list" />
-                <ref bean="entitlement_idp_read" />
-                <ref bean="entitlement_trustedidp_list" />
-                <ref bean="entitlement_trustedidp_read" />
-                <ref bean="entitlement_application_list" />
-                <ref bean="entitlement_application_read" />
-            </util:list>
-        </property>
-    </bean>
-    
-
-
-</beans>
-

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/temp/src/test/resources/realma/realm.properties
----------------------------------------------------------------------
diff --git a/systests/federation/temp/src/test/resources/realma/realm.properties b/systests/federation/temp/src/test/resources/realma/realm.properties
deleted file mode 100644
index 1df51d7..0000000
--- a/systests/federation/temp/src/test/resources/realma/realm.properties
+++ /dev/null
@@ -1,5 +0,0 @@
-realm.STS_URI=REALMA
-realm-uri=urn:org:apache:cxf:fediz:idp:saml:realm-A
-realmA.port=9443
-realmB.port=12443
-db-load-config=entities-realma.xml

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/temp/src/test/resources/realmb/entities-realmb.xml
----------------------------------------------------------------------
diff --git a/systests/federation/temp/src/test/resources/realmb/entities-realmb.xml b/systests/federation/temp/src/test/resources/realmb/entities-realmb.xml
deleted file mode 100644
index a87894b..0000000
--- a/systests/federation/temp/src/test/resources/realmb/entities-realmb.xml
+++ /dev/null
@@ -1,422 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:util="http://www.springframework.org/schema/util"
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
-        http://www.springframework.org/schema/util
-        http://www.springframework.org/schema/util/spring-util-2.0.xsd">
-
-    <bean id="idp-realmB" class="org.apache.cxf.fediz.service.idp.service.jpa.IdpEntity">
-        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
-        <property name="uri" value="realmb" />
-        <property name="provideIdpList" value="false" />
-        <property name="useCurrentIdp" value="true" />
-        <property name="certificate" value="stsKeystoreB.properties" />
-        <property name="certificatePassword" value="realmb" />
-        <property name="stsUrl" value="https://localhost:${idp.realmb.https.port}/fediz-idp-sts-realmb/REALMB" />
-        <property name="idpUrl" value="https://localhost:${idp.realmb.https.port}/fediz-idp-realmb/federation" />
-        <property name="supportedProtocols">
-            <util:list>
-                <value>http://docs.oasis-open.org/wsfed/federation/200706
-                </value>
-                <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
-                </value>
-            </util:list>
-        </property>
-        <property name="tokenTypesOffered">
-            <util:list>
-                <value>urn:oasis:names:tc:SAML:1.0:assertion</value>
-                <value>urn:oasis:names:tc:SAML:2.0:assertion</value>
-            </util:list>
-        </property>
-        <property name="authenticationURIs">
-            <util:map>
-                <entry key="default" value="federation/up" />
-            </util:map>
-        </property>
-        <property name="serviceDisplayName" value="REALM B" />
-        <property name="serviceDescription" value="IDP of Realm B" />
-        <property name="applications">
-            <util:list>
-                <ref bean="idp-realmA" />
-            </util:list>
-        </property>
-        <property name="claimTypesOffered">
-            <util:list>
-                <ref bean="claim_role" />
-                <ref bean="claim_surname" />
-                <ref bean="claim_givenname" />
-                <ref bean="claim_email" />
-            </util:list>
-        </property>
-    </bean>
-
-    <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
-        <property name="realm" value="urn:org:apache:cxf:fediz:idp:saml:realm-A" />
-        <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
-        <property name="serviceDisplayName" value="Resource IDP Realm A" />
-        <property name="serviceDescription" value="Resource IDP Realm A" />
-        <property name="role" value="SecurityTokenServiceType" />
-        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
-        <property name="lifeTime" value="3600" />
-    </bean>
-    
-    <bean id="claim_role"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
-        <property name="claimType"
-            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
-        <property name="displayName"
-            value="role" />
-        <property name="description"
-            value="Description for role" />
-    </bean>
-    <bean id="claim_givenname"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
-        <property name="claimType"
-            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
-        <property name="displayName"
-            value="firstname" />
-        <property name="description"
-            value="Description for firstname" />
-    </bean>
-    <bean id="claim_surname"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
-        <property name="claimType"
-            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
-        <property name="displayName"
-            value="lastname" />
-        <property name="description"
-            value="Description for lastname" />
-    </bean>
-    <bean id="claim_email"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
-        <property name="claimType"
-            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
-        <property name="displayName"
-            value="email" />
-        <property name="description"
-            value="Description for email" />
-    </bean>
-
-    <bean id="entitlement_claim_list"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="CLAIM_LIST" />
-        <property name="description"
-            value="Description for CLAIM_LIST" />
-    </bean>
-    <bean id="entitlement_claim_create"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="CLAIM_CREATE" />
-        <property name="description"
-            value="Description for CLAIM_CREATE" />
-    </bean>
-    <bean id="entitlement_claim_read"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="CLAIM_READ" />
-        <property name="description"
-            value="Description for CLAIM_READ" />
-    </bean>
-    <bean id="entitlement_claim_update"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="CLAIM_UPDATE" />
-        <property name="description"
-            value="Description for CLAIM_UPDATE" />
-    </bean>
-    <bean id="entitlement_claim_delete"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="CLAIM_DELETE" />
-        <property name="description"
-            value="Description for CLAIM_DELETE" />
-    </bean>
-
-    <bean id="entitlement_application_list"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="APPLICATION_LIST" />
-        <property name="description"
-            value="Description for APPLICATION_LIST" />
-    </bean>
-    <bean id="entitlement_application_create"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="APPLICATION_CREATE" />
-        <property name="description"
-            value="Description for APPLICATION_CREATE" />
-    </bean>
-    <bean id="entitlement_application_read"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="APPLICATION_READ" />
-        <property name="description"
-            value="Description for APPLICATION_READ" />
-    </bean>
-    <bean id="entitlement_application_update"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="APPLICATION_UPDATE" />
-        <property name="description"
-            value="Description for APPLICATION_UPDATE" />
-    </bean>
-    <bean id="entitlement_application_delete"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="APPLICATION_DELETE" />
-        <property name="description"
-            value="Description for APPLICATION_DELETE" />
-    </bean>
-    
-    <bean id="entitlement_trustedidp_list"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="TRUSTEDIDP_LIST" />
-        <property name="description"
-            value="Description for TRUSTEDIDP_LIST" />
-    </bean>
-    <bean id="entitlement_trustedidp_create"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="TRUSTEDIDP_CREATE" />
-        <property name="description"
-            value="Description for TRUSTEDIDP_CREATE" />
-    </bean>
-    <bean id="entitlement_trustedidp_read"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="TRUSTEDIDP_READ" />
-        <property name="description"
-            value="Description for TRUSTEDIDP_READ" />
-    </bean>
-    <bean id="entitlement_trustedidp_update"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="TRUSTEDIDP_UPDATE" />
-        <property name="description"
-            value="Description for TRUSTEDIDP_UPDATE" />
-    </bean>
-    <bean id="entitlement_trustedidp_delete"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="TRUSTEDIDP_DELETE" />
-        <property name="description"
-            value="Description for TRUSTEDIDP_DELETE" />
-    </bean>
-
-    <bean id="entitlement_idp_list"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="IDP_LIST" />
-        <property name="description"
-            value="Description for IDP_LIST" />
-    </bean>
-    <bean id="entitlement_idp_create"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="IDP_CREATE" />
-        <property name="description"
-            value="Description for IDP_CREATE" />
-    </bean>
-    <bean id="entitlement_idp_read"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="IDP_READ" />
-        <property name="description"
-            value="Description for IDP_READ" />
-    </bean>
-    <bean id="entitlement_idp_update"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="IDP_UPDATE" />
-        <property name="description"
-            value="Description for IDP_UPDATE" />
-    </bean>
-    <bean id="entitlement_idp_delete"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="IDP_DELETE" />
-        <property name="description"
-            value="Description for IDP_DELETE" />
-    </bean>
-    
-    <bean id="entitlement_role_list"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ROLE_LIST" />
-        <property name="description"
-            value="Description for ROLE_LIST" />
-    </bean>
-    <bean id="entitlement_role_create"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ROLE_CREATE" />
-        <property name="description"
-            value="Description for ROLE_CREATE" />
-    </bean>
-    <bean id="entitlement_role_read"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ROLE_READ" />
-        <property name="description"
-            value="Description for ROLE_READ" />
-    </bean>
-    <bean id="entitlement_role_update"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ROLE_UPDATE" />
-        <property name="description"
-            value="Description for ROLE_UPDATE" />
-    </bean>
-    <bean id="entitlement_role_delete"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ROLE_DELETE" />
-        <property name="description"
-            value="Description for ROLE_DELETE" />
-    </bean>
-    
-    <bean id="entitlement_entitlement_list"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ENTITLEMENT_LIST" />
-        <property name="description"
-            value="Description for ENTITLEMENT_LIST" />
-    </bean>
-    <bean id="entitlement_entitlement_create"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ENTITLEMENT_CREATE" />
-        <property name="description"
-            value="Description for ENTITLEMENT_CREATE" />
-    </bean>
-    <bean id="entitlement_entitlement_read"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ENTITLEMENT_READ" />
-        <property name="description"
-            value="Description for ENTITLEMENT_READ" />
-    </bean>
-    <bean id="entitlement_entitlement_update"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ENTITLEMENT_UPDATE" />
-        <property name="description"
-            value="Description for ENTITLEMENT_UPDATE" />
-    </bean>
-    <bean id="entitlement_entitlement_delete"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
-        <property name="name"
-            value="ENTITLEMENT_DELETE" />
-        <property name="description"
-            value="Description for ENTITLEMENT_DELETE" />
-    </bean>
-    
-    <bean id="role_admin"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
-        <property name="name"
-            value="ADMIN" />
-        <property name="description"
-            value="This is the administrator role with full access" />
-        <property name="entitlements">
-            <util:list>
-                <ref bean="entitlement_claim_list" />
-                <ref bean="entitlement_claim_create" />
-                <ref bean="entitlement_claim_read" />
-                <ref bean="entitlement_claim_update" />
-                <ref bean="entitlement_claim_delete" />
-                <ref bean="entitlement_idp_list" />
-                <ref bean="entitlement_idp_create" />
-                <ref bean="entitlement_idp_read" />
-                <ref bean="entitlement_idp_update" />
-                <ref bean="entitlement_idp_delete" />
-                <ref bean="entitlement_trustedidp_list" />
-                <ref bean="entitlement_trustedidp_create" />
-                <ref bean="entitlement_trustedidp_read" />
-                <ref bean="entitlement_trustedidp_update" />
-                <ref bean="entitlement_trustedidp_delete" />
-                <ref bean="entitlement_application_list" />
-                <ref bean="entitlement_application_create" />
-                <ref bean="entitlement_application_read" />
-                <ref bean="entitlement_application_update" />
-                <ref bean="entitlement_application_delete" />
-                <ref bean="entitlement_role_list" />
-                <ref bean="entitlement_role_create" />
-                <ref bean="entitlement_role_read" />
-                <ref bean="entitlement_role_update" />
-                <ref bean="entitlement_role_delete" />
-                <ref bean="entitlement_entitlement_list" />
-                <ref bean="entitlement_entitlement_create" />
-                <ref bean="entitlement_entitlement_read" />
-                <ref bean="entitlement_entitlement_update" />
-                <ref bean="entitlement_entitlement_delete" />
-            </util:list>
-        </property>
-    </bean>
-    <bean id="role_user"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
-        <property name="name"
-            value="USER" />
-        <property name="description"
-            value="This is the user role with read access" />
-        <property name="entitlements">
-            <util:list>
-                <ref bean="entitlement_claim_list" />
-                <ref bean="entitlement_claim_read" />
-                <ref bean="entitlement_idp_list" />
-                <ref bean="entitlement_idp_read" />
-                <ref bean="entitlement_trustedidp_list" />
-                <ref bean="entitlement_trustedidp_read" />
-                <ref bean="entitlement_application_list" />
-                <ref bean="entitlement_application_read" />
-                <ref bean="entitlement_role_list" />
-                <ref bean="entitlement_role_read" />
-                <ref bean="entitlement_entitlement_list" />
-                <ref bean="entitlement_entitlement_read" />
-            </util:list>
-        </property>
-    </bean>
-    <bean id="role_idp_login"
-        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
-        <property name="name"
-            value="IDP_LOGIN" />
-        <property name="description"
-            value="This is the IDP login role which is applied to Users during the IDP SSO" />
-        <property name="entitlements">
-            <util:list>
-                <ref bean="entitlement_claim_list" />
-                <ref bean="entitlement_claim_read" />
-                <ref bean="entitlement_idp_list" />
-                <ref bean="entitlement_idp_read" />
-                <ref bean="entitlement_trustedidp_list" />
-                <ref bean="entitlement_trustedidp_read" />
-                <ref bean="entitlement_application_list" />
-                <ref bean="entitlement_application_read" />
-            </util:list>
-        </property>
-    </bean>
-
-</beans>
-

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/temp/src/test/resources/realmb/idp-servlet.xml
----------------------------------------------------------------------
diff --git a/systests/federation/temp/src/test/resources/realmb/idp-servlet.xml b/systests/federation/temp/src/test/resources/realmb/idp-servlet.xml
deleted file mode 100644
index 0a68517..0000000
--- a/systests/federation/temp/src/test/resources/realmb/idp-servlet.xml
+++ /dev/null
@@ -1,116 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xmlns:webflow="http://www.springframework.org/schema/webflow-config"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
-        http://www.springframework.org/schema/context
-        http://www.springframework.org/schema/context/spring-context-3.1.xsd
-        http://www.springframework.org/schema/webflow-config
-        http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.0.xsd">
-
-    <context:property-placeholder location="classpath:realm.properties" />
-    
-    <context:component-scan base-package="org.apache.cxf.fediz.service.idp.beans" />
-
-    <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping"
-        p:flowRegistry-ref="flowRegistry" p:order="2">
-    </bean>
-
-    <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerAdapter"
-        p:flowExecutor-ref="flowExecutor" />
-
-    <webflow:flow-executor id="flowExecutor"
-        flow-registry="flowRegistry">
-        <webflow:flow-execution-attributes>
-            <webflow:always-redirect-on-pause
-                value="false" />
-        </webflow:flow-execution-attributes>
-
-        <webflow:flow-execution-listeners>
-            <webflow:listener ref="securityFlowExecutionListener" />
-        </webflow:flow-execution-listeners>
-    </webflow:flow-executor>
-
-    <bean id="securityFlowExecutionListener"
-        class="org.springframework.webflow.security.SecurityFlowExecutionListener">
-        <property name="accessDecisionManager" ref="accessDecisionManager" />
-    </bean>
-
-    <bean id="accessDecisionManager"
-        class="org.springframework.security.access.vote.AffirmativeBased">
-        <property name="decisionVoters">
-            <list>
-                <bean
-                    class="org.springframework.security.access.vote.RoleVoter">
-                    <property name="rolePrefix" value="ROLE_" />
-                </bean>
-                <bean
-                    class="org.springframework.security.access.vote.AuthenticatedVoter" />
-            </list>
-        </property>
-    </bean>
-
-    <webflow:flow-registry id="flowRegistry"
-        flow-builder-services="builder">
-        <webflow:flow-location
-            path="/WEB-INF/flows/federation-validate-request.xml" id="federation" />
-        <webflow:flow-location
-            path="/WEB-INF/flows/federation-validate-request.xml" id="federation/up" />
-        <webflow:flow-location path="/WEB-INF/flows/federation-signin-request.xml"
-            id="signinRequest" />
-        <webflow:flow-location path="/WEB-INF/flows/federation-signin-response.xml"
-            id="signinResponse" />
-    </webflow:flow-registry>
-
-    <webflow:flow-builder-services id="builder"
-        view-factory-creator="viewFactoryCreator" expression-parser="expressionParser" />
-
-    <bean id="expressionParser"
-        class="org.springframework.webflow.expression.WebFlowOgnlExpressionParser" />
-
-    <bean id="viewFactoryCreator"
-        class="org.springframework.webflow.mvc.builder.MvcViewFactoryCreator">
-        <property name="viewResolvers">
-            <list>
-                <ref local="viewResolver" />
-            </list>
-        </property>
-    </bean>
-
-    <bean id="viewResolver"
-        class="org.springframework.web.servlet.view.InternalResourceViewResolver">
-        <property name="prefix" value="/WEB-INF/views/" />
-        <property name="suffix" value=".jsp" />
-    </bean>
-
-    <bean id="stsClientForRpAction"
-        class="org.apache.cxf.fediz.service.idp.beans.STSClientAction">
-        <property name="wsdlLocation"
-            value="https://localhost:0/fediz-idp-sts-realmb/${realm.STS_URI}/STSServiceTransport?wsdl" />
-        <property name="wsdlEndpoint" value="Transport_Port" />
-        <property name="tokenType"
-            value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
-    </bean>
-
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/temp/src/test/resources/realmb/persistence.properties
----------------------------------------------------------------------
diff --git a/systests/federation/temp/src/test/resources/realmb/persistence.properties b/systests/federation/temp/src/test/resources/realmb/persistence.properties
deleted file mode 100644
index 2628714..0000000
--- a/systests/federation/temp/src/test/resources/realmb/persistence.properties
+++ /dev/null
@@ -1,15 +0,0 @@
-#jpa.driverClassName=org.apache.derby.jdbc.ClientDriver
-#jpa.url=jdbc:derby://localhost:1527/Fediz
-#jpa.username=admin
-#jpa.password=admin
-#jpa.defaultData=true
-#jpa.platform=DerbyDictionary
-
-
-jpa.driverClassName=org.hsqldb.jdbcDriver
-#jpa.url=jdbc:hsqldb:target/fediz/db/myDB;shutdown=true
-jpa.url=jdbc:hsqldb:target/db/realmb/myDB;shutdown=true
-jpa.username=sa
-jpa.password=
-jpa.defaultData=true
-jpa.platform=HSQLDictionary
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/temp/src/test/resources/realmb/realm.properties
----------------------------------------------------------------------
diff --git a/systests/federation/temp/src/test/resources/realmb/realm.properties b/systests/federation/temp/src/test/resources/realmb/realm.properties
deleted file mode 100644
index 41d04cd..0000000
--- a/systests/federation/temp/src/test/resources/realmb/realm.properties
+++ /dev/null
@@ -1,6 +0,0 @@
-realm.STS_URI=REALMB
-realmA.port=${idp.https.port}
-realmB.port=${idp.realmb.https.port}
-idp-config=idp-config-realmb.xml
-db-load-config=entities-realmb.xml
-realm-uri=urn:org:apache:cxf:fediz:idp:realm-B

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/temp/src/test/resources/realmb/security-config.xml
----------------------------------------------------------------------
diff --git a/systests/federation/temp/src/test/resources/realmb/security-config.xml b/systests/federation/temp/src/test/resources/realmb/security-config.xml
deleted file mode 100644
index e59ace7..0000000
--- a/systests/federation/temp/src/test/resources/realmb/security-config.xml
+++ /dev/null
@@ -1,108 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:security="http://www.springframework.org/schema/security"
-    xmlns:context="http://www.springframework.org/schema/context"
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans.xsd
-        http://www.springframework.org/schema/context
-        http://www.springframework.org/schema/context/spring-context.xsd
-        http://www.springframework.org/schema/security
-        http://www.springframework.org/schema/security/spring-security-3.1.xsd
-        ">
-
-    <context:property-placeholder location="classpath:realm.properties"/>
-    
-    <!-- DISABLE in production as it might log confidential information about the user -->
-    <!-- <security:debug /> -->
-
-    <!-- Configure Spring Security -->
-    
-    <!-- If enabled, you can't access the Service layer within the Spring Webflow -->
-    <!-- The user has no role during the login phase of WS-Federation -->
-    <security:global-method-security pre-post-annotations="enabled"/>
-
-    <security:http pattern="/services/rs/**" use-expressions="true" authentication-manager-ref="restAuthenticationManager">
-        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
-        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-        <security:intercept-url pattern="/services/rs/**" access="isAuthenticated()"/>
-        <security:http-basic />
-    </security:http>
-
-    <bean id="bCryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
-    
-    <bean id="defaultPasswordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder" />
-    
-    <security:authentication-manager id="restAuthenticationManager">
-        <security:authentication-provider>
-          <!-- <security:password-encoder ref="defaultPasswordEncoder"/>-->
-          <!-- <security:password-encoder hash="sha-256" base64="true" />-->
-          <!--  
-          <security:password-encoder hash="sha-256" base64="true">
-            <security:salt-source user-property="username"/>
-          </security:password-encoder>
-          -->
-          <security:user-service properties="classpath:/users.properties" />
-        </security:authentication-provider>
-        <security:authentication-provider ref="stsAuthProvider" />
-    </security:authentication-manager>
-
-    <!-- Redirects to a dedicated http config -->
-    <bean id="fedizEntryPoint" class="org.apache.cxf.fediz.service.idp.FedizEntryPoint">
-        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
-        <property name="configService" ref="config" />
-    </bean>
-    
-    <!-- Main entry point -->
-    <security:http pattern="/federation" use-expressions="true" entry-point-ref="fedizEntryPoint">
-        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
-        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-        <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous() or isAuthenticated()" />
-    </security:http>
-    
-    <!-- HTTP/BA entry point -->
-    <security:http pattern="/federation/up" use-expressions="true">
-        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
-        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-        <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous() or isAuthenticated()" />
-
-        <security:http-basic />
-        <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
-    </security:http>
-
-    <security:authentication-manager>
-        <security:authentication-provider ref="stsAuthProvider" />
-    </security:authentication-manager>
-	
-    <bean id="stsPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter" />
-    
-    <bean id="entitlementsEnricher" class="org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements" />
-	
-    <bean id="stsAuthProvider" class="org.apache.cxf.fediz.service.idp.STSUPAuthenticationProvider">
-        <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts-realmb/${realm.STS_URI}/STSServiceTransportUT?wsdl"/>
-        <property name="wsdlEndpoint" value="TransportUT_Port"/>
-        <property name="wsdlService" value="SecurityTokenService"/>
-        <property name="appliesTo" value="urn:fediz:idp"/>
-        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
-    </bean>
-
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/temp/src/test/resources/stsKeystoreA.properties
----------------------------------------------------------------------
diff --git a/systests/federation/temp/src/test/resources/stsKeystoreA.properties b/systests/federation/temp/src/test/resources/stsKeystoreA.properties
deleted file mode 100644
index bd9fb1b..0000000
--- a/systests/federation/temp/src/test/resources/stsKeystoreA.properties
+++ /dev/null
@@ -1,6 +0,0 @@
-org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
-org.apache.ws.security.crypto.merlin.keystore.type=jks
-org.apache.ws.security.crypto.merlin.keystore.password=storepass
-org.apache.ws.security.crypto.merlin.keystore.alias=realma
-org.apache.ws.security.crypto.merlin.keystore.file=stsrealm_a.jks
-

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/temp/src/test/resources/stsrealm_a.jks
----------------------------------------------------------------------
diff --git a/systests/federation/temp/src/test/resources/stsrealm_a.jks b/systests/federation/temp/src/test/resources/stsrealm_a.jks
deleted file mode 100644
index fde2928..0000000
Binary files a/systests/federation/temp/src/test/resources/stsrealm_a.jks and /dev/null differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml b/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml
index 59a752d..b3d7552 100644
--- a/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml
+++ b/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml
@@ -105,7 +105,7 @@
         <property name="protocol" value="urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser" />
         <property name="federationType" value="FEDERATE_IDENTITY" />
         <property name="name" value="Realm B" />
-        <property name="description" value="Realm B description" />
+        <property name="description" value="Realm C description" />
         <property name="parameters">
             <util:map>
                 <entry key="sign.request" value="true" />
@@ -160,7 +160,7 @@
         <property name="protocol" value="openid-connect-1.0" />
         <property name="federationType" value="FEDERATE_IDENTITY" />
         <property name="name" value="Realm B" />
-        <property name="description" value="Realm B description" />
+        <property name="description" value="Realm F description" />
         <property name="parameters">
             <util:map>
                 <entry key="client.id" value="consumer-id"/>


Mime
View raw message