cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/3] cxf-fediz git commit: Added partially working SAML SSO federation test
Date Mon, 07 Nov 2016 13:01:01 GMT
Added partially working SAML SSO federation test


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/722b70f0
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/722b70f0
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/722b70f0

Branch: refs/heads/master
Commit: 722b70f02c08f75063d8b77ea0cd2159f88798ca
Parents: 9912e61
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Nov 7 12:10:51 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Nov 7 12:10:51 2016 +0000

----------------------------------------------------------------------
 .../idp/beans/SigninParametersCacheAction.java  |  13 +-
 .../flows/federation-signin-response.xml        |   1 +
 .../WEB-INF/flows/saml-validate-request.xml     |   2 +
 systests/federation/pom.xml                     |   2 +
 systests/federation/samlWebapp/pom.xml          |  73 +++
 .../fediz/samlsso/service/DoubleItService.java  |  53 ++
 .../service/KeystorePasswordCallback.java       |  66 +++
 .../cxf/fediz/samlsso/service/Number.java       |  48 ++
 .../src/main/resources/stsKeystoreA.properties  |   6 +
 .../src/main/resources/stsrealm_a.jks           | Bin 0 -> 2061 bytes
 .../samlWebapp/src/main/resources/ststrust.jks  | Bin 0 -> 3908 bytes
 .../src/main/webapp/WEB-INF/cxf-service.xml     | 104 ++++
 .../samlWebapp/src/main/webapp/WEB-INF/web.xml  |  29 +
 systests/federation/samlsso/pom.xml             | 369 +++++++++++++
 .../cxf/fediz/integrationtests/SAMLSSOTest.java | 304 +++++++++++
 .../samlsso/src/test/resources/cxf-service.xml  | 130 +++++
 .../src/test/resources/fediz_config_wsfed.xml   | 176 ++++++
 .../test/resources/realma/entities-realma.xml   | 529 +++++++++++++++++++
 .../test/resources/realmb/entities-realmb.xml   | 422 +++++++++++++++
 .../src/test/resources/realmb/idp-servlet.xml   |  40 ++
 .../resources/realmb/persistence.properties     |  15 +
 .../src/test/resources/realmb/realm.properties  |   6 +
 .../test/resources/realmb/security-config.xml   | 134 +++++
 .../src/test/resources/rp/cxf-service.xml       | 104 ++++
 systests/federation/temp/pom.xml                | 312 -----------
 .../apache/cxf/fediz/systests/idp/IdpTest.java  | 459 ----------------
 .../temp/src/test/resources/logging.properties  |  54 --
 .../temp/src/test/resources/realma.cert         |  15 -
 .../test/resources/realma/entities-realma.xml   | 525 ------------------
 .../src/test/resources/realma/realm.properties  |   5 -
 .../test/resources/realmb/entities-realmb.xml   | 422 ---------------
 .../src/test/resources/realmb/idp-servlet.xml   | 116 ----
 .../resources/realmb/persistence.properties     |  15 -
 .../src/test/resources/realmb/realm.properties  |   6 -
 .../test/resources/realmb/security-config.xml   | 108 ----
 .../src/test/resources/stsKeystoreA.properties  |   6 -
 .../temp/src/test/resources/stsrealm_a.jks      | Bin 2061 -> 0 bytes
 .../test/resources/realma/entities-realma.xml   |   4 +-
 38 files changed, 2627 insertions(+), 2046 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
index 4b2b308..2ecb08e 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
@@ -70,6 +70,11 @@ public class SigninParametersCacheAction {
         if (value != null) {
             signinParams.put(FederationConstants.PARAM_CONTEXT, value);
         }
+        // TODO
+        value = WebUtils.getAttributeFromFlowScope(context, "RelayState");
+        if (value != null) {
+            signinParams.put("RelayState", value);
+        }
         value = WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
         if (value != null) {
             signinParams.put(IdpConstants.SAML_AUTHN_REQUEST, value);
@@ -121,7 +126,13 @@ public class SigninParametersCacheAction {
                     (SAMLAuthnRequest)signinParams.get(IdpConstants.SAML_AUTHN_REQUEST);
                 if (authnRequest != null) {
                     WebUtils.putAttributeInFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST, authnRequest);
-                } 
+                }
+                
+                // TODO
+                value = (String)signinParams.get("RelayState");
+                if (value != null) {
+                    WebUtils.putAttributeInFlowScope(context, "RelayState", value);
+                }
                 
                 LOG.debug("SignIn parameters restored: {}", signinParams.toString());
                 WebUtils.removeAttributeFromFlowScope(context, FederationConstants.PARAM_CONTEXT);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
index a71e6cd..d6e761d 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
@@ -65,6 +65,7 @@
         <output name="wtrealm" value="flowScope.wtrealm" />
         <output name="idpToken" value="flowScope.idpToken" />
         <output name="saml_authn_request" value="flowScope.saml_authn_request" />
+        <output name="RelayState" value="flowScope.RelayState" />
     </end-state>
 
     <!-- abnormal exit point : Http 400 Bad Request -->

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
index f03c985..b52d122 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
@@ -88,11 +88,13 @@
         <output name="whr" />
         <output name="idpToken" />
         <output name="saml_authn_request" />
+        <output name="RelayState" />
 
         <transition on="requestRpToken" to="requestRpToken">
             <set name="flowScope.home_realm" value="currentEvent.attributes.whr" />
             <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
             <set name="flowScope.saml_authn_request" value="currentEvent.attributes.saml_authn_request" />
+            <set name="flowScope.RelayState" value="currentEvent.attributes.RelayState" />
         </transition>
         <transition on="viewBadRequest" to="viewBadRequest" />
         <transition on="scInternalServerError" to="scInternalServerError" />

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/pom.xml
----------------------------------------------------------------------
diff --git a/systests/federation/pom.xml b/systests/federation/pom.xml
index ca73553..aa32503 100644
--- a/systests/federation/pom.xml
+++ b/systests/federation/pom.xml
@@ -31,9 +31,11 @@
     <packaging>pom</packaging>
 
     <modules>
+        <module>samlWebapp</module>
         <module>samlIdpWebapp</module>
         <module>oidcIdpWebapp</module>
         <module>wsfed</module>
+        <!--<module>samlsso</module>-->
     </modules>
 
 </project>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlWebapp/pom.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlWebapp/pom.xml b/systests/federation/samlWebapp/pom.xml
new file mode 100644
index 0000000..f25b29c
--- /dev/null
+++ b/systests/federation/samlWebapp/pom.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.cxf.fediz.systests</groupId>
+        <artifactId>fediz-systests-federation</artifactId>
+        <version>1.3.2-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <groupId>org.apache.cxf.fediz.systests.federation</groupId>
+    <artifactId>fediz-systests-federation-samlWebapp</artifactId>
+    <name>Apache Fediz Federation Systests SAML SSO Mock Webapp</name>
+    <packaging>war</packaging>
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+    <dependencies>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>${servlet.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>${commons.lang.version}</version>
+        </dependency>      
+        <dependency>
+           <groupId>org.apache.cxf</groupId>
+           <artifactId>cxf-rt-frontend-jaxrs</artifactId>
+           <version>${cxf.version}</version>
+       </dependency>
+       <dependency>
+           <groupId>org.apache.cxf</groupId>
+           <artifactId>cxf-rt-rs-security-sso-saml</artifactId>
+           <version>${cxf.version}</version>
+       </dependency>
+       <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-web</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-jdk14</artifactId>
+            <version>${slf4j.version}</version>
+        </dependency>
+
+    </dependencies>
+    <build>
+        <!-- Name of the generated WAR file -->
+        <finalName>samlssowebapp</finalName>
+    </build>
+</project>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/DoubleItService.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/DoubleItService.java b/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/DoubleItService.java
new file mode 100644
index 0000000..ece78ce
--- /dev/null
+++ b/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/DoubleItService.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.samlsso.service;
+
+import javax.annotation.security.RolesAllowed;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+
+@Path("/services")
+public class DoubleItService {
+
+    @GET
+    @Produces("application/xml")
+    @Path("/{numberToDouble}/")
+    @RolesAllowed({ "User", "Admin", "Manager" })
+    public Number doubleIt(@PathParam("numberToDouble") int numberToDouble) {
+        Number newNumber = new Number();
+        newNumber.setDescription("This is the double number response");
+        newNumber.setNumber(numberToDouble * 2);
+        return newNumber;
+    }
+
+    @POST
+    @Produces("application/xml")
+    @Consumes("application/x-www-form-urlencoded")
+    @Path("/{numberToDouble}/")
+    @RolesAllowed({ "User", "Admin", "Manager" })
+    public Number doubleItPost(@PathParam("numberToDouble") int numberToDouble) {
+        return doubleIt(numberToDouble);
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/KeystorePasswordCallback.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/KeystorePasswordCallback.java b/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/KeystorePasswordCallback.java
new file mode 100644
index 0000000..ef42da5
--- /dev/null
+++ b/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/KeystorePasswordCallback.java
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.samlsso.service;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+
+/**
+ * A CallbackHandler implementation for keystores.
+ */
+public class KeystorePasswordCallback implements CallbackHandler {
+    
+    private Map<String, String> passwords = 
+        new HashMap<String, String>();
+    
+    public KeystorePasswordCallback() {
+        passwords.put("realma", "realma");
+    }
+
+    /**
+     * It attempts to get the password from the private 
+     * alias/passwords map.
+     */
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
+            if (pc.getUsage() == WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD) {
+                pc.setPassword("this-is-a-secret");
+            } else {
+                String pass = passwords.get(pc.getIdentifier());
+                if (pass != null) {
+                    pc.setPassword(pass);
+                    return;
+                } else {
+                    pc.setPassword("password");
+                }
+            }
+        }
+    }
+    
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/Number.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/Number.java b/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/Number.java
new file mode 100644
index 0000000..bccb647
--- /dev/null
+++ b/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/Number.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.samlsso.service;
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement(name = "Number")
+public class Number {
+    private int number;
+    private String description;
+    
+    public Number() {
+        
+    }
+
+    public int getNumber() {
+        return number;
+    }
+
+    public void setNumber(int number) {
+        this.number = number;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlWebapp/src/main/resources/stsKeystoreA.properties
----------------------------------------------------------------------
diff --git a/systests/federation/samlWebapp/src/main/resources/stsKeystoreA.properties b/systests/federation/samlWebapp/src/main/resources/stsKeystoreA.properties
new file mode 100644
index 0000000..bd9fb1b
--- /dev/null
+++ b/systests/federation/samlWebapp/src/main/resources/stsKeystoreA.properties
@@ -0,0 +1,6 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=storepass
+org.apache.ws.security.crypto.merlin.keystore.alias=realma
+org.apache.ws.security.crypto.merlin.keystore.file=stsrealm_a.jks
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlWebapp/src/main/resources/stsrealm_a.jks
----------------------------------------------------------------------
diff --git a/systests/federation/samlWebapp/src/main/resources/stsrealm_a.jks b/systests/federation/samlWebapp/src/main/resources/stsrealm_a.jks
new file mode 100644
index 0000000..fde2928
Binary files /dev/null and b/systests/federation/samlWebapp/src/main/resources/stsrealm_a.jks differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlWebapp/src/main/resources/ststrust.jks
----------------------------------------------------------------------
diff --git a/systests/federation/samlWebapp/src/main/resources/ststrust.jks b/systests/federation/samlWebapp/src/main/resources/ststrust.jks
new file mode 100644
index 0000000..ef5a844
Binary files /dev/null and b/systests/federation/samlWebapp/src/main/resources/ststrust.jks differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlWebapp/src/main/webapp/WEB-INF/cxf-service.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlWebapp/src/main/webapp/WEB-INF/cxf-service.xml b/systests/federation/samlWebapp/src/main/webapp/WEB-INF/cxf-service.xml
new file mode 100644
index 0000000..9227893
--- /dev/null
+++ b/systests/federation/samlWebapp/src/main/webapp/WEB-INF/cxf-service.xml
@@ -0,0 +1,104 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:cxf="http://cxf.apache.org/core"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+  xmlns:jaxws="http://cxf.apache.org/jaxws"
+  xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+  xsi:schemaLocation="
+            http://cxf.apache.org/core
+            http://cxf.apache.org/schemas/core.xsd
+            http://cxf.apache.org/configuration/security
+            http://cxf.apache.org/schemas/configuration/security.xsd
+            http://cxf.apache.org/jaxws
+            http://cxf.apache.org/schemas/jaxws.xsd
+            http://cxf.apache.org/jaxrs
+            http://cxf.apache.org/schemas/jaxrs.xsd
+            http://cxf.apache.org/transports/http/configuration
+            http://cxf.apache.org/schemas/configuration/http-conf.xsd
+            http://cxf.apache.org/transports/http-jetty/configuration
+            http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+            http://www.springframework.org/schema/beans
+            http://www.springframework.org/schema/beans/spring-beans.xsd">
+   
+
+   <import resource="classpath:META-INF/cxf/cxf.xml" />
+      
+   <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+   </cxf:bus>
+   
+   <bean id="serviceBean" class="org.apache.cxf.fediz.samlsso.service.DoubleItService"/>
+
+   <bean id="callbackHandler" class="org.apache.cxf.fediz.samlsso.service.KeystorePasswordCallback"/>
+
+   <bean id="stateManager" class="org.apache.cxf.rs.security.saml.sso.state.EHCacheSPStateManager">
+        <constructor-arg ref="cxf"/>
+    </bean>
+
+    <bean id="ssoFilter" class="org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter">
+        <property name="idpServiceAddress" value="https://localhost:${idp.https.port}/fediz-idp/saml/up"/>
+        <property name="assertionConsumerServiceAddress" 
+                  value="/racs/sso"/>
+        <property name="stateProvider" ref="stateManager"/>
+        <property name="addEndpointAddressToContext" value="true"/>
+        <property name="signRequest" value="true"/>
+        <property name="signaturePropertiesFile" value="stsKeystoreA.properties"/>
+        <property name="callbackHandler" ref="callbackHandler"/>
+        <property name="signatureUsername" value="realma" />
+        <property name="issuerId" value="urn:org:apache:cxf:fediz:fedizhelloworld" />
+    </bean>
+
+   <bean id="authorizationInterceptor"
+         class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">
+       <property name="securedObject" ref="serviceBean" />
+   </bean>
+   
+   <jaxrs:server address="/app1">
+       <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+       </jaxrs:serviceBeans>
+       <jaxrs:providers>
+            <ref bean="ssoFilter"/>
+       </jaxrs:providers>
+       <jaxrs:inInterceptors>
+            <ref bean="authorizationInterceptor"/>
+       </jaxrs:inInterceptors>
+   </jaxrs:server>
+
+   <bean id="consumerService" class="org.apache.cxf.rs.security.saml.sso.RequestAssertionConsumerService">
+        <property name="stateProvider" ref="stateManager"/>
+        <property name="signaturePropertiesFile" value="stsKeystoreA.properties"/>
+        <property name="enforceKnownIssuer" value="false"/>
+        <property name="callbackHandlerClass" value="org.apache.cxf.fediz.samlsso.service.KeystorePasswordCallback" />
+   </bean>
+
+   <jaxrs:server address="/racs">
+       <jaxrs:serviceBeans>
+          <ref bean="consumerService"/>
+       </jaxrs:serviceBeans>
+   </jaxrs:server>
+   
+</beans>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlWebapp/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlWebapp/src/main/webapp/WEB-INF/web.xml b/systests/federation/samlWebapp/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..b0b8ab5
--- /dev/null
+++ b/systests/federation/samlWebapp/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,29 @@
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+                      http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+	version="3.0" metadata-complete="true">
+
+	<description>Apache CXF Fediz double it service</description>
+	<display-name>Apache CXF Fediz double it service</display-name>
+
+    <context-param>
+        <param-name>contextConfigLocation</param-name>
+        <param-value>WEB-INF/cxf-service.xml</param-value>
+    </context-param>
+
+    <listener>
+        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+    </listener>
+
+    <servlet>
+        <servlet-name>FederationServlet</servlet-name>
+        <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+
+	<servlet-mapping>
+		<servlet-name>FederationServlet</servlet-name>
+		<url-pattern>/*</url-pattern>
+	</servlet-mapping>
+
+</web-app>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlsso/pom.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/pom.xml b/systests/federation/samlsso/pom.xml
new file mode 100644
index 0000000..2d1c1fc
--- /dev/null
+++ b/systests/federation/samlsso/pom.xml
@@ -0,0 +1,369 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.cxf.fediz.systests</groupId>
+        <artifactId>fediz-systests-federation</artifactId>
+        <version>1.3.2-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <groupId>org.apache.cxf.fediz.systests.federation</groupId>
+    <artifactId>fediz-systests-federation-samlsso</artifactId>
+    <name>Apache Fediz Federation Systests Tomcat 7 SAML SSO</name>
+    <packaging>jar</packaging>
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+    </properties>
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-core</artifactId>
+            <version>${tomcat7.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-logging-juli</artifactId>
+            <version>${tomcat7.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jdt.core.compiler</groupId>
+            <artifactId>ecj</artifactId>
+            <version>${ecj.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-jasper</artifactId>
+            <version>${tomcat7.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>${junit.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf.fediz</groupId>
+            <artifactId>fediz-tomcat7</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf.fediz.systests</groupId>
+            <artifactId>fediz-systests-tests</artifactId>
+            <version>${project.version}</version>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>${slf4j.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-jdk14</artifactId>
+            <version>${slf4j.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.hsqldb</groupId>
+            <artifactId>hsqldb</artifactId>
+            <version>${hsqldb.version}</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+    <build>
+        <testResources>
+            <testResource>
+                <directory>src/test/resources</directory>
+                <filtering>true</filtering>
+                <includes>
+                    <include>**/fediz_config*.xml</include>
+                </includes>
+            </testResource>
+            <testResource>
+                <directory>src/test/resources</directory>
+                <filtering>false</filtering>
+                <excludes>
+                    <exclude>**/fediz_config*.xml</exclude>
+                </excludes>
+            </testResource>
+        </testResources>
+        <plugins>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>build-helper-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>reserve-network-port</id>
+                        <goals>
+                            <goal>reserve-network-port</goal>
+                        </goals>
+                        <phase>initialize</phase>
+                        <configuration>
+                            <portNames>
+                                <portName>idp.https.port</portName>
+                                <portName>idp.realmb.https.port</portName>
+                                <portName>idp.oidc.https.port</portName>
+                                <portName>rp.https.port</portName>
+                            </portNames>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy-idp-sts</id>
+                        <phase>generate-resources</phase>
+                        <goals>
+                            <goal>unpack</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.apache.cxf.fediz</groupId>
+                                    <artifactId>fediz-idp</artifactId>
+                                    <version>${project.version}</version>
+                                    <type>war</type>
+                                    <overWrite>true</overWrite>
+                                    <outputDirectory>target/tomcat/idp/webapps/fediz-idp</outputDirectory>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.apache.cxf.fediz</groupId>
+                                    <artifactId>fediz-idp-sts</artifactId>
+                                    <version>${project.version}</version>
+                                    <type>war</type>
+                                    <overWrite>true</overWrite>
+                                    <outputDirectory>target/tomcat/idp/webapps/fediz-idp-sts</outputDirectory>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.apache.cxf.fediz.systests.federation</groupId>
+                                    <artifactId>fediz-systests-federation-samlWebapp</artifactId>
+                                    <version>${project.version}</version>
+                                    <type>war</type>
+                                    <overWrite>true</overWrite>
+                                    <outputDirectory>target/tomcat/rp/webapps/samlssoWebapp</outputDirectory>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.apache.cxf.fediz</groupId>
+                                    <artifactId>fediz-idp</artifactId>
+                                    <version>${project.version}</version>
+                                    <type>war</type>
+                                    <overWrite>true</overWrite>
+                                    <outputDirectory>target/tomcat/idprealmb/webapps/fediz-idp-realmb</outputDirectory>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.apache.cxf.fediz</groupId>
+                                    <artifactId>fediz-idp-sts</artifactId>
+                                    <version>${project.version}</version>
+                                    <type>war</type>
+                                    <overWrite>true</overWrite>
+                                    <outputDirectory>target/tomcat/idprealmb/webapps/fediz-idp-sts-realmb</outputDirectory>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.apache.cxf.fediz.systests.federation</groupId>
+                                    <artifactId>fediz-systests-federation-oidcIdpWebapp</artifactId>
+                                    <version>${project.version}</version>
+                                    <type>war</type>
+                                    <overWrite>true</overWrite>
+                                    <outputDirectory>target/tomcat/idpoidc/webapps/idpoidc</outputDirectory>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.apache.cxf.fediz.systests</groupId>
+                                    <artifactId>fediz-systests-tests</artifactId>
+                                    <version>${project.version}</version>
+                                    <classifier>tests</classifier>
+                                    <type>jar</type>
+                                    <overWrite>true</overWrite>
+                                    <outputDirectory>target/test-classes</outputDirectory>
+                                    <includes>**/*.jks</includes>
+                                </artifactItem>
+                            </artifactItems>
+                            <outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename>
+                            <overWriteSnapshots>true</overWriteSnapshots>
+                            <overWriteIfNewer>true</overWriteIfNewer>
+                            <stripVersion>true</stripVersion>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <artifactId>maven-resources-plugin</artifactId>
+                <version>2.7</version>
+                <executions>
+                    <execution>
+                        <id>copy-entities-to-idp</id>
+                        <phase>generate-test-sources</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp/WEB-INF/classes</outputDirectory>
+                            <resources>          
+                                <resource>
+                                    <directory>${basedir}/src/test/resources/realma</directory>
+                                    <includes>
+                                        <include>entities-realma.xml</include>
+                                    </includes>
+                                    <filtering>true</filtering>
+                                </resource>
+                            </resources>              
+                        </configuration>            
+                    </execution>
+                    <execution>
+                        <id>copy-entities-to-remote-idp</id>
+                        <phase>generate-test-sources</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${basedir}/target/tomcat/idprealmb/webapps/fediz-idp-realmb/WEB-INF/classes</outputDirectory>
+                            <resources>          
+                                <resource>
+                                    <directory>${basedir}/src/test/resources/realmb</directory>
+                                    <includes>
+                                        <include>entities-realmb.xml</include>
+                                        <include>realm.properties</include>
+                                        <include>persistence.properties</include>
+                                    </includes>
+                                    <filtering>true</filtering>
+                                </resource>
+                            </resources>              
+                        </configuration>            
+                    </execution>
+                    <execution>
+                        <id>copy-entities-to-remote-idp2</id>
+                        <phase>generate-test-sources</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${basedir}/target/tomcat/idprealmb/webapps/fediz-idp-realmb/WEB-INF</outputDirectory>
+                            <resources>          
+                                <resource>
+                                    <directory>${basedir}/src/test/resources/realmb</directory>
+                                    <includes>
+                                        <include>idp-servlet.xml</include>
+                                        <include>security-config.xml</include>
+                                    </includes>
+                                    <filtering>true</filtering>
+                                </resource>
+                            </resources>              
+                        </configuration>            
+                    </execution>
+                    <execution>
+                        <id>copy-entities-to-oidc-idp</id>
+                        <phase>generate-test-sources</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${basedir}/target/tomcat/idpoidc/webapps/idpoidc/WEB-INF</outputDirectory>
+                            <resources>          
+                                <resource>
+                                    <directory>${basedir}/src/test/resources</directory>
+                                    <includes>
+                                        <include>cxf-service.xml</include>
+                                    </includes>
+                                    <filtering>true</filtering>
+                                </resource>
+                            </resources>              
+                        </configuration>            
+                    </execution>
+                    <execution>
+                        <id>copy-entities-to-samlsso-webapp</id>
+                        <phase>generate-test-sources</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${basedir}/target/tomcat/rp/webapps/samlssoWebapp/WEB-INF</outputDirectory>
+                            <resources>          
+                                <resource>
+                                    <directory>${basedir}/src/test/resources/rp</directory>
+                                    <includes>
+                                        <include>cxf-service.xml</include>
+                                    </includes>
+                                    <filtering>true</filtering>
+                                </resource>
+                            </resources>              
+                        </configuration>            
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <artifactId>maven-failsafe-plugin</artifactId>
+                <inherited>true</inherited>
+                <executions>
+                    <execution>
+                        <id>integration-test</id>
+                        <phase>integration-test</phase>
+                        <goals>
+                            <goal>integration-test</goal>
+                        </goals>
+                        <configuration>
+                            <skip>${skipTests}</skip>
+                            <systemPropertyVariables>
+                                <wt.headless>true</wt.headless>
+                                <idp.https.port>${idp.https.port}</idp.https.port>
+                                <idp.realmb.https.port>${idp.realmb.https.port}</idp.realmb.https.port>
+                                <idp.samlsso.https.port>${idp.samlsso.https.port}</idp.samlsso.https.port>
+                                <idp.oidc.https.port>${idp.oidc.https.port}</idp.oidc.https.port>
+                                <rp.https.port>${rp.https.port}</rp.https.port>
+                            </systemPropertyVariables>
+                            <includes>
+                                <include>**/integrationtests/**</include>
+                            </includes>
+                            <argLine>-Xms512m -Xmx1024m
+                                -XX:MaxPermSize=256m</argLine>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>verify</id>
+                        <phase>verify</phase>
+                        <goals>
+                            <goal>verify</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <inherited>true</inherited>
+                <configuration>
+                    <excludes>
+                        <exclude>**/integrationtests/**</exclude>
+                    </excludes>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
new file mode 100644
index 0000000..b42a28c
--- /dev/null
+++ b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
@@ -0,0 +1,304 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+
+import java.io.File;
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+
+/**
+ * This is a test for federation using a SAML SSO enabled web application (using CXF interceptors). The web 
+ * application is configured to use a different realm to that of the IdP. The IdP then redirects to a third party 
+ * IdP for authentication. The third party IdPs that are tested are as follows:
+ *  - WS-Federation (Fediz)
+ *  - SAML SSO (Fediz)
+ *  - OIDC (custom webapp)
+ */
+public class SAMLSSOTest {
+    
+    private enum ServerType {
+        IDP, REALMB, OIDC, RP
+    }
+
+    static String idpHttpsPort;
+    static String idpRealmbHttpsPort;
+    static String idpSamlSSOHttpsPort;
+    static String idpOIDCHttpsPort;
+    static String rpHttpsPort;
+    
+    private static Tomcat idpServer;
+    private static Tomcat idpRealmbServer;
+    private static Tomcat idpOIDCServer;
+    private static Tomcat rpServer;
+    
+    @BeforeClass
+    public static void init() throws Exception {
+        System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+        System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+        System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");  
+        
+        idpHttpsPort = System.getProperty("idp.https.port");
+        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+        idpRealmbHttpsPort = System.getProperty("idp.realmb.https.port");
+        Assert.assertNotNull("Property 'idp.realmb.https.port' null", idpRealmbHttpsPort);
+        idpSamlSSOHttpsPort = System.getProperty("idp.samlsso.https.port");
+        Assert.assertNotNull("Property 'idp.samlsso.https.port' null", idpSamlSSOHttpsPort);
+        idpOIDCHttpsPort = System.getProperty("idp.oidc.https.port");
+        Assert.assertNotNull("Property 'idp.oidc.https.port' null", idpOIDCHttpsPort);
+        rpHttpsPort = System.getProperty("rp.https.port");
+        Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+        idpServer = startServer(ServerType.IDP, idpHttpsPort);
+        idpRealmbServer = startServer(ServerType.REALMB, idpRealmbHttpsPort);
+        idpOIDCServer = startServer(ServerType.OIDC, idpOIDCHttpsPort);
+        rpServer = startServer(ServerType.RP, rpHttpsPort);
+    }
+    
+    private static Tomcat startServer(ServerType serverType, String port) 
+        throws ServletException, LifecycleException, IOException {
+        Tomcat server = new Tomcat();
+        server.setPort(0);
+        String currentDir = new File(".").getCanonicalPath();
+        String baseDir = currentDir + File.separator + "target";
+        server.setBaseDir(baseDir);
+
+        if (serverType == ServerType.IDP) {
+            server.getHost().setAppBase("tomcat/idp/webapps");
+        } else if (serverType == ServerType.REALMB) {
+            server.getHost().setAppBase("tomcat/idprealmb/webapps");
+        } else if (serverType == ServerType.OIDC) {
+            server.getHost().setAppBase("tomcat/idpoidc/webapps");
+        } else {
+            server.getHost().setAppBase("tomcat/rp/webapps");
+        }
+        server.getHost().setAutoDeploy(true);
+        server.getHost().setDeployOnStartup(true);
+
+        Connector httpsConnector = new Connector();
+        httpsConnector.setPort(Integer.parseInt(port));
+        httpsConnector.setSecure(true);
+        httpsConnector.setScheme("https");
+        //httpsConnector.setAttribute("keyAlias", keyAlias);
+        httpsConnector.setAttribute("keystorePass", "tompass");
+        httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+        httpsConnector.setAttribute("truststorePass", "tompass");
+        httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+        httpsConnector.setAttribute("clientAuth", "want");
+        // httpsConnector.setAttribute("clientAuth", "false");
+        httpsConnector.setAttribute("sslProtocol", "TLS");
+        httpsConnector.setAttribute("SSLEnabled", true);
+
+        server.getService().addConnector(httpsConnector);
+
+        if (serverType == ServerType.IDP) {
+            File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
+            server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+    
+            File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
+            server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+        } else if (serverType == ServerType.REALMB) {
+            File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts-realmb");
+            server.addWebapp("/fediz-idp-sts-realmb", stsWebapp.getAbsolutePath());
+    
+            File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-realmb");
+            server.addWebapp("/fediz-idp-realmb", idpWebapp.getAbsolutePath());
+        } else if (serverType == ServerType.OIDC) {
+            File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "idpoidc");
+            server.addWebapp("/idpoidc", idpWebapp.getAbsolutePath());
+        } else {
+            File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "samlssoWebapp");
+            server.addWebapp("/wsfed", rpWebapp.getAbsolutePath());
+            
+            /*            
+            rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
+            cxt = server.addWebapp("/samlssocustom", rpWebapp.getAbsolutePath());
+            cxt.getPipeline().addValve(fa);
+            
+            rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
+            cxt = server.addWebapp("/samlssocustompost", rpWebapp.getAbsolutePath());
+            cxt.getPipeline().addValve(fa);
+            
+            rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
+            cxt = server.addWebapp("/oidc", rpWebapp.getAbsolutePath());
+            cxt.getPipeline().addValve(fa);
+            */
+        }
+
+        server.start();
+
+        return server;
+    }
+    
+    @AfterClass
+    public static void cleanup() {
+        shutdownServer(idpServer);
+        shutdownServer(idpRealmbServer);
+        shutdownServer(idpOIDCServer);
+        shutdownServer(rpServer);
+    }
+    
+    private static void shutdownServer(Tomcat server) {
+        try {
+            if (server != null && server.getServer() != null
+                && server.getServer().getState() != LifecycleState.DESTROYED) {
+                if (server.getServer().getState() != LifecycleState.STOPPED) {
+                    server.stop();
+                }
+                server.destroy();
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+    public String getIdpHttpsPort() {
+        return idpHttpsPort;
+    }
+    
+    public String getIdpRealmbHttpsPort() {
+        return idpRealmbHttpsPort;
+    }
+
+    public String getRpHttpsPort() {
+        return rpHttpsPort;
+    }
+    
+    public String getServletContextName() {
+        return "fedizhelloworld";
+    }
+    
+    @org.junit.Test
+    @org.junit.Ignore
+    public void testWSFederation() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() + "/wsfed/app1/services/25";
+        System.out.println(url);
+        Thread.sleep(60 * 2 * 1000);
+        
+        /*
+        String user = "ALICE";  // realm b credentials
+        String password = "ECILA";
+        
+        final String bodyTextContent = 
+            login(url, user, password, getIdpRealmbHttpsPort(), idpHttpsPort);
+        
+        Assert.assertTrue("Principal not alice",
+                          bodyTextContent.contains("userPrincipal=alice"));
+        Assert.assertTrue("User " + user + " does not have role Admin",
+                          bodyTextContent.contains("role:Admin=false"));
+        Assert.assertTrue("User " + user + " does not have role Manager",
+                          bodyTextContent.contains("role:Manager=false"));
+        Assert.assertTrue("User " + user + " must have role User",
+                          bodyTextContent.contains("role:User=true"));
+
+        String claim = ClaimTypes.FIRSTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
+                          bodyTextContent.contains(claim + "=Alice"));
+        claim = ClaimTypes.LASTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
+                          bodyTextContent.contains(claim + "=Smith"));
+        claim = ClaimTypes.EMAILADDRESS.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
+                          bodyTextContent.contains(claim + "=alice@realma.org"));
+        */
+    }
+    /*
+    private static String login(String url, String user, String password, 
+                                           String idpPort, String rpIdpPort) throws IOException {
+        //
+        // Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for
+        // "realm b".
+        //
+        final WebClient webClient = new WebClient();
+        CookieManager cookieManager = new CookieManager();
+        webClient.setCookieManager(cookieManager);
+        webClient.getOptions().setUseInsecureSSL(true);
+        webClient.getCredentialsProvider().setCredentials(
+            new AuthScope("localhost", Integer.parseInt(idpPort)),
+            new UsernamePasswordCredentials(user, password));
+
+        webClient.getOptions().setJavaScriptEnabled(false);
+        final HtmlPage idpPage = webClient.getPage(url);
+        webClient.getOptions().setJavaScriptEnabled(true);
+        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+        
+        // For some reason, redirecting back to the IdP for "realm a" is not working with htmlunit. So extract
+        // the parameters manually from the form, and access the IdP for "realm a" with them
+        DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
+
+        String wresult = null;
+        String wa = "wsignin1.0";
+        String wctx = null;
+        String wtrealm = null;
+        for (DomElement result : results) {
+            if ("wresult".equals(result.getAttributeNS(null, "name"))) {
+                wresult = result.getAttributeNS(null, "value");
+            } else if ("wctx".equals(result.getAttributeNS(null, "name"))) {
+                wctx = result.getAttributeNS(null, "value");
+            } else if ("wtrealm".equals(result.getAttributeNS(null, "name"))) {
+                wtrealm = result.getAttributeNS(null, "value");
+            }
+        }
+        Assert.assertTrue(wctx != null && wresult != null && wtrealm != null);
+        webClient.close();
+
+        // Invoke on the IdP for "realm a"
+        final WebClient webClient2 = new WebClient();
+        webClient2.setCookieManager(cookieManager);
+        webClient2.getOptions().setUseInsecureSSL(true);
+        
+        String url2 = "https://localhost:" + rpIdpPort + "/fediz-idp/federation?";
+        url2 += "wctx=" + wctx + "&";
+        url2 += "wa=" + wa + "&";
+        url2 += "wtrealm=" + URLEncoder.encode(wtrealm, "UTF8") + "&";
+        url2 += "wresult=" + URLEncoder.encode(wresult, "UTF8") + "&";
+        
+        webClient2.getOptions().setJavaScriptEnabled(false);
+        final HtmlPage idpPage2 = webClient2.getPage(url2);
+        webClient2.getOptions().setJavaScriptEnabled(true);
+        Assert.assertEquals("IDP SignIn Response Form", idpPage2.getTitleText());
+        
+        // Now redirect back to the RP
+        final HtmlForm form2 = idpPage2.getFormByName("signinresponseform");
+        
+        final HtmlSubmitInput button2 = form2.getInputByName("_eventId_submit");
+
+        final HtmlPage rpPage = button2.click();
+        Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
+
+        webClient2.close();
+        return rpPage.getBody().getTextContent();
+    }
+    */
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlsso/src/test/resources/cxf-service.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/cxf-service.xml b/systests/federation/samlsso/src/test/resources/cxf-service.xml
new file mode 100644
index 0000000..7b09656
--- /dev/null
+++ b/systests/federation/samlsso/src/test/resources/cxf-service.xml
@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:cxf="http://cxf.apache.org/core"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:jaxws="http://cxf.apache.org/jaxws"
+  xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+  xmlns:util="http://www.springframework.org/schema/util"
+  xsi:schemaLocation="
+            http://cxf.apache.org/core
+            http://cxf.apache.org/schemas/core.xsd
+            http://cxf.apache.org/configuration/security
+            http://cxf.apache.org/schemas/configuration/security.xsd
+            http://cxf.apache.org/jaxws
+            http://cxf.apache.org/schemas/jaxws.xsd
+            http://cxf.apache.org/jaxrs
+            http://cxf.apache.org/schemas/jaxrs.xsd
+            http://cxf.apache.org/transports/http/configuration
+            http://cxf.apache.org/schemas/configuration/http-conf.xsd
+            http://www.springframework.org/schema/beans
+            http://www.springframework.org/schema/beans/spring-beans.xsd
+            http://www.springframework.org/schema/util         
+            http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+   
+   <import resource="classpath:META-INF/cxf/cxf.xml" />
+   
+   <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+   
+   <!--cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+   </cxf:bus-->
+   
+   <bean id="callbackHandler" class="org.apache.cxf.fediz.oidc.idp.example.CommonCallbackHandler"/>
+   <bean id="basicAuthFilter" class="org.apache.cxf.fediz.oidc.idp.example.BasicAuthFilter">
+       <property name="callbackHandler" ref="callbackHandler"/>
+   </bean>
+   
+   <bean id="client" class="org.apache.cxf.rs.security.oauth2.common.Client">
+       <constructor-arg><value>consumer-id</value></constructor-arg>
+       <constructor-arg><value>this-is-a-secret</value></constructor-arg>
+       <constructor-arg><value>true</value></constructor-arg>
+       <constructor-arg><value>Fediz IdP</value></constructor-arg>
+       <property name="redirectUris">
+           <util:list value-type="java.lang.String">
+               <value>https://localhost:${idp.https.port}/fediz-idp/federation</value>
+           </util:list>
+       </property>
+       <property name="allowedGrantTypes">
+           <util:list value-type="java.lang.String">
+               <value>authorization_code</value>
+           </util:list>
+       </property>
+       <property name="registeredScopes">
+           <util:list value-type="java.lang.String">
+               <value>openid</value>
+           </util:list>
+       </property>
+   </bean>
+   
+   <bean id="oauthProvider" class="org.apache.cxf.fediz.oidc.idp.example.EHCacheOIDCTokenProvider">
+      <property name="client" ref="client"/>
+   </bean>
+   
+   <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+      <property name="dataProvider" ref="oauthProvider"/>
+   </bean>
+   
+   <bean id="idTokenProviderImpl" class="org.apache.cxf.fediz.oidc.idp.example.IdTokenProviderImpl"/>
+   
+   <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter">
+       <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+   </bean>
+   
+   <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+      <property name="dataProvider" ref="oauthProvider"/>
+      <property name="responseFilter" ref="idTokenFilter"/>
+   </bean>
+   
+   <bean id="oauthJSONProvider" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+   
+   <bean id="viewProvider" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider">
+       <property name="useClassNames" value="true"/>
+       <property name="locationPrefix" value="/WEB-INF/views/"/>
+       <property name="beanName" value="data"/>
+       <property name="dispatcherName" value="jsp"/>
+   </bean>
+    
+   <jaxrs:server address="/services">
+       <jaxrs:serviceBeans>
+           <ref bean="authorizationService"/>
+           <ref bean="tokenService"/>
+       </jaxrs:serviceBeans>
+       <jaxrs:providers>
+           <ref bean="oauthJSONProvider"/>
+           <ref bean="basicAuthFilter"/>
+           <ref bean="viewProvider"/>
+       </jaxrs:providers>
+       <jaxrs:properties>
+           <entry key="rs.security.keystore.type" value="jks" />
+           <entry key="rs.security.keystore.alias" value="realmb"/>
+           <entry key="rs.security.key.password" value="realmb"/>
+           <entry key="rs.security.keystore.password" value="storepass"/>
+           <entry key="rs.security.keystore.file" value="stsrealm_b.jks" />
+           <entry key="rs.security.signature.algorithm" value="RS256" />
+       </jaxrs:properties>
+   </jaxrs:server>
+
+</beans>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/722b70f0/systests/federation/samlsso/src/test/resources/fediz_config_wsfed.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/fediz_config_wsfed.xml b/systests/federation/samlsso/src/test/resources/fediz_config_wsfed.xml
new file mode 100644
index 0000000..c63530b
--- /dev/null
+++ b/systests/federation/samlsso/src/test/resources/fediz_config_wsfed.xml
@@ -0,0 +1,176 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file. 
+     Keystore referenced below must have IDP STS' public cert included in it.  This example re-uses the Tomcat SSL 
+     keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead. 
+-->
+<FedizConfig>
+    <contextConfig name="/wsfed">
+        <audienceUris>
+            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="test-classes/clienttrust.jks"
+                          password="storepass" type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xsi:type="federationProtocolType" version="1.0.0">
+            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+            <roleDelimiter>,</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <freshness>10</freshness>
+            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-B</homeRealm>
+            <claimTypesRequested>
+                <claimType type="a particular claim type"
+                           optional="true" />
+            </claimTypesRequested>
+        </protocol>
+        <logoutURL>/secure/logout</logoutURL>
+        <logoutRedirectTo>/index.html</logoutRedirectTo>
+    </contextConfig>
+    <contextConfig name="/samlsso">
+        <audienceUris>
+            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="test-classes/clienttrust.jks"
+                          password="storepass" type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xsi:type="federationProtocolType" version="1.0.0">
+            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+            <roleDelimiter>,</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <freshness>10</freshness>
+            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-C</homeRealm>
+            <claimTypesRequested>
+                <claimType type="a particular claim type"
+                           optional="true" />
+            </claimTypesRequested>
+        </protocol>
+        <logoutURL>/secure/logout</logoutURL>
+        <logoutRedirectTo>/index.html</logoutRedirectTo>
+    </contextConfig>
+    <contextConfig name="/samlssocustom">
+        <audienceUris>
+            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="test-classes/clienttrust.jks"
+                          password="storepass" type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xsi:type="federationProtocolType" version="1.0.0">
+            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+            <roleDelimiter>,</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <freshness>10</freshness>
+            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-D</homeRealm>
+            <claimTypesRequested>
+                <claimType type="a particular claim type"
+                           optional="true" />
+            </claimTypesRequested>
+        </protocol>
+        <logoutURL>/secure/logout</logoutURL>
+        <logoutRedirectTo>/index.html</logoutRedirectTo>
+    </contextConfig>
+    <contextConfig name="/samlssocustompost">
+        <audienceUris>
+            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="test-classes/clienttrust.jks"
+                          password="storepass" type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xsi:type="federationProtocolType" version="1.0.0">
+            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+            <roleDelimiter>,</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <freshness>10</freshness>
+            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-E</homeRealm>
+            <claimTypesRequested>
+                <claimType type="a particular claim type"
+                           optional="true" />
+            </claimTypesRequested>
+        </protocol>
+        <logoutURL>/secure/logout</logoutURL>
+        <logoutRedirectTo>/index.html</logoutRedirectTo>
+    </contextConfig>
+    <contextConfig name="/oidc">
+        <audienceUris>
+            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="test-classes/clienttrust.jks"
+                          password="storepass" type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xsi:type="federationProtocolType" version="1.0.0">
+            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+            <roleDelimiter>,</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <freshness>10</freshness>
+            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-F</homeRealm>
+            <claimTypesRequested>
+                <claimType type="a particular claim type"
+                           optional="true" />
+            </claimTypesRequested>
+        </protocol>
+        <logoutURL>/secure/logout</logoutURL>
+        <logoutRedirectTo>/index.html</logoutRedirectTo>
+    </contextConfig>
+</FedizConfig>
+


Mime
View raw message