cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [4/5] cxf-fediz git commit: Folded SAML SSO federation tests in with WS-Federation
Date Thu, 03 Nov 2016 17:30:04 GMT
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6fef44bb/systests/federation/samlsso/src/test/resources/realmb/idp-servlet.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/realmb/idp-servlet.xml b/systests/federation/samlsso/src/test/resources/realmb/idp-servlet.xml
deleted file mode 100644
index e557819..0000000
--- a/systests/federation/samlsso/src/test/resources/realmb/idp-servlet.xml
+++ /dev/null
@@ -1,120 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xmlns:webflow="http://www.springframework.org/schema/webflow-config"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
-        http://www.springframework.org/schema/context
-        http://www.springframework.org/schema/context/spring-context-3.1.xsd
-        http://www.springframework.org/schema/webflow-config
-        http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.0.xsd">
-
-    <context:property-placeholder location="classpath:realm.properties" />
-    
-    <context:component-scan base-package="org.apache.cxf.fediz.service.idp.beans" />
-
-    <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping"
-        p:flowRegistry-ref="flowRegistry" p:order="2">
-    </bean>
-
-    <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerAdapter"
-        p:flowExecutor-ref="flowExecutor" />
-
-    <webflow:flow-executor id="flowExecutor"
-        flow-registry="flowRegistry">
-        <webflow:flow-execution-attributes>
-            <webflow:always-redirect-on-pause
-                value="false" />
-        </webflow:flow-execution-attributes>
-
-        <webflow:flow-execution-listeners>
-            <webflow:listener ref="securityFlowExecutionListener" />
-        </webflow:flow-execution-listeners>
-    </webflow:flow-executor>
-
-    <bean id="securityFlowExecutionListener"
-        class="org.springframework.webflow.security.SecurityFlowExecutionListener">
-        <property name="accessDecisionManager" ref="accessDecisionManager" />
-    </bean>
-
-    <bean id="accessDecisionManager"
-        class="org.springframework.security.access.vote.AffirmativeBased">
-        <property name="decisionVoters">
-            <list>
-                <bean
-                    class="org.springframework.security.access.vote.RoleVoter">
-                    <property name="rolePrefix" value="ROLE_" />
-                </bean>
-                <bean
-                    class="org.springframework.security.access.vote.AuthenticatedVoter" />
-            </list>
-        </property>
-    </bean>
-
-    <webflow:flow-registry id="flowRegistry"
-        flow-builder-services="builder">
-        <webflow:flow-location
-            path="/WEB-INF/flows/federation-validate-request.xml" id="federation" />
-        <webflow:flow-location
-            path="/WEB-INF/flows/federation-validate-request.xml" id="federation/up" />
-        <webflow:flow-location path="/WEB-INF/flows/federation-signin-request.xml"
-            id="signinRequest" />
-        <webflow:flow-location path="/WEB-INF/flows/federation-signin-response.xml"
-            id="signinResponse" />
-            
-        <webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml" />
-        <webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml/up" />
-        <webflow:flow-location path="/WEB-INF/flows/saml-signin-request.xml" id="signinSAMLRequest" />
-    </webflow:flow-registry>
-
-    <webflow:flow-builder-services id="builder"
-        view-factory-creator="viewFactoryCreator" expression-parser="expressionParser" />
-
-    <bean id="expressionParser"
-        class="org.springframework.webflow.expression.WebFlowOgnlExpressionParser" />
-
-    <bean id="viewFactoryCreator"
-        class="org.springframework.webflow.mvc.builder.MvcViewFactoryCreator">
-        <property name="viewResolvers">
-            <list>
-                <ref local="viewResolver" />
-            </list>
-        </property>
-    </bean>
-
-    <bean id="viewResolver"
-        class="org.springframework.web.servlet.view.InternalResourceViewResolver">
-        <property name="prefix" value="/WEB-INF/views/" />
-        <property name="suffix" value=".jsp" />
-    </bean>
-
-    <bean id="stsClientForRpAction"
-        class="org.apache.cxf.fediz.service.idp.beans.STSClientAction">
-        <property name="wsdlLocation"
-            value="https://localhost:0/fediz-idp-sts-realmb/${realm.STS_URI}/STSServiceTransport?wsdl" />
-        <property name="wsdlEndpoint" value="Transport_Port" />
-        <property name="tokenType"
-            value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
-    </bean>
-
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6fef44bb/systests/federation/samlsso/src/test/resources/realmb/persistence.properties
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/realmb/persistence.properties b/systests/federation/samlsso/src/test/resources/realmb/persistence.properties
deleted file mode 100644
index 2628714..0000000
--- a/systests/federation/samlsso/src/test/resources/realmb/persistence.properties
+++ /dev/null
@@ -1,15 +0,0 @@
-#jpa.driverClassName=org.apache.derby.jdbc.ClientDriver
-#jpa.url=jdbc:derby://localhost:1527/Fediz
-#jpa.username=admin
-#jpa.password=admin
-#jpa.defaultData=true
-#jpa.platform=DerbyDictionary
-
-
-jpa.driverClassName=org.hsqldb.jdbcDriver
-#jpa.url=jdbc:hsqldb:target/fediz/db/myDB;shutdown=true
-jpa.url=jdbc:hsqldb:target/db/realmb/myDB;shutdown=true
-jpa.username=sa
-jpa.password=
-jpa.defaultData=true
-jpa.platform=HSQLDictionary
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6fef44bb/systests/federation/samlsso/src/test/resources/realmb/realm.properties
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/realmb/realm.properties b/systests/federation/samlsso/src/test/resources/realmb/realm.properties
deleted file mode 100644
index 41d04cd..0000000
--- a/systests/federation/samlsso/src/test/resources/realmb/realm.properties
+++ /dev/null
@@ -1,6 +0,0 @@
-realm.STS_URI=REALMB
-realmA.port=${idp.https.port}
-realmB.port=${idp.realmb.https.port}
-idp-config=idp-config-realmb.xml
-db-load-config=entities-realmb.xml
-realm-uri=urn:org:apache:cxf:fediz:idp:realm-B

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6fef44bb/systests/federation/samlsso/src/test/resources/realmb/security-config.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/realmb/security-config.xml b/systests/federation/samlsso/src/test/resources/realmb/security-config.xml
deleted file mode 100644
index 78e50c8..0000000
--- a/systests/federation/samlsso/src/test/resources/realmb/security-config.xml
+++ /dev/null
@@ -1,135 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:security="http://www.springframework.org/schema/security"
-    xmlns:context="http://www.springframework.org/schema/context"
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans.xsd
-        http://www.springframework.org/schema/context
-        http://www.springframework.org/schema/context/spring-context.xsd
-        http://www.springframework.org/schema/security
-        http://www.springframework.org/schema/security/spring-security-3.1.xsd
-        ">
-
-    <context:property-placeholder location="classpath:realm.properties"/>
-    
-    <!-- DISABLE in production as it might log confidential information about the user -->
-    <!-- <security:debug /> -->
-
-    <!-- Configure Spring Security -->
-    
-    <!-- If enabled, you can't access the Service layer within the Spring Webflow -->
-    <!-- The user has no role during the login phase of WS-Federation -->
-    <security:global-method-security pre-post-annotations="enabled"/>
-
-    <security:http pattern="/services/rs/**" use-expressions="true" authentication-manager-ref="restAuthenticationManager">
-        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
-        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-        <security:intercept-url pattern="/services/rs/**" access="isAuthenticated()"/>
-        <security:http-basic />
-    </security:http>
-
-    <bean id="bCryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
-    
-    <bean id="defaultPasswordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder" />
-    
-    <security:authentication-manager id="restAuthenticationManager">
-        <security:authentication-provider>
-          <!-- <security:password-encoder ref="defaultPasswordEncoder"/>-->
-          <!-- <security:password-encoder hash="sha-256" base64="true" />-->
-          <!--  
-          <security:password-encoder hash="sha-256" base64="true">
-            <security:salt-source user-property="username"/>
-          </security:password-encoder>
-          -->
-          <security:user-service properties="classpath:/users.properties" />
-        </security:authentication-provider>
-        <security:authentication-provider ref="stsAuthProvider" />
-    </security:authentication-manager>
-
-    <!-- Redirects to a dedicated http config -->
-    <bean id="fedizEntryPoint" class="org.apache.cxf.fediz.service.idp.FedizEntryPoint">
-        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
-        <property name="configService" ref="config" />
-    </bean>
-    
-    <!-- Main entry point -->
-    <security:http pattern="/federation" use-expressions="true" entry-point-ref="fedizEntryPoint">
-        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
-        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-        <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous() or isAuthenticated()" />
-    </security:http>
-    
-    <!-- HTTP/BA entry point -->
-    <security:http pattern="/federation/up" use-expressions="true">
-        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
-        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-        <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous() or isAuthenticated()" />
-
-        <security:http-basic />
-        <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
-    </security:http>
-    
-    <!-- Main entry point -->
-    <security:http pattern="/saml" use-expressions="true" entry-point-ref="fedizEntryPoint">
-        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
-        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-    </security:http>
-    
-    <!-- HTTP/BA entry point -->
-    <security:http pattern="/saml/up/**" use-expressions="true">
-        <security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAnonymous() or isAuthenticated()" />
-        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
-        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
-        <security:http-basic />
-        <!--security:form-login login-page='/federation/up/login'
-            login-processing-url="/federation/up/login.do"
-            authentication-failure-url="/federation/up/login?error" 
-            default-target-url="/"
-            username-parameter="username" 
-            password-parameter="password"
-            /-->
-        <security:logout logout-url="/saml/up/logout" 
-            logout-success-url="/saml/up/login?out" 
-            delete-cookies="FEDIZ_HOME_REALM,JSESSIONID" 
-            invalidate-session="true" 
-            />
-    </security:http>
-
-    <security:authentication-manager>
-        <security:authentication-provider ref="stsAuthProvider" />
-    </security:authentication-manager>
-	
-    <bean id="stsPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter" />
-    
-    <bean id="entitlementsEnricher" class="org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements" />
-	
-    <bean id="stsAuthProvider" class="org.apache.cxf.fediz.service.idp.STSUPAuthenticationProvider">
-        <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts-realmb/${realm.STS_URI}/STSServiceTransportUT?wsdl"/>
-        <property name="wsdlEndpoint" value="TransportUT_Port"/>
-        <property name="wsdlService" value="SecurityTokenService"/>
-        <property name="appliesTo" value="urn:fediz:idp"/>
-        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
-    </bean>
-
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6fef44bb/systests/federation/wsfed/pom.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/pom.xml b/systests/federation/wsfed/pom.xml
index 3ce1c62..41cdcb0 100644
--- a/systests/federation/wsfed/pom.xml
+++ b/systests/federation/wsfed/pom.xml
@@ -128,6 +128,7 @@
                             <portNames>
                                 <portName>idp.https.port</portName>
                                 <portName>idp.realmb.https.port</portName>
+                                <portName>idp.samlsso.https.port</portName>
                                 <portName>rp.https.port</portName>
                             </portNames>
                         </configuration>
@@ -187,6 +188,14 @@
                                     <outputDirectory>target/tomcat/idprealmb/webapps/fediz-idp-sts-realmb</outputDirectory>
                                 </artifactItem>
                                 <artifactItem>
+                                    <groupId>org.apache.cxf.fediz.systests.federation</groupId>
+                                    <artifactId>fediz-systests-federation-samlIdpWebapp</artifactId>
+                                    <version>${project.version}</version>
+                                    <type>war</type>
+                                    <overWrite>true</overWrite>
+                                    <outputDirectory>target/tomcat/idpsamlsso/webapps/idpsaml</outputDirectory>
+                                </artifactItem>
+                                <artifactItem>
                                     <groupId>org.apache.cxf.fediz.systests</groupId>
                                     <artifactId>fediz-systests-tests</artifactId>
                                     <version>${project.version}</version>
@@ -287,6 +296,7 @@
                                 <wt.headless>true</wt.headless>
                                 <idp.https.port>${idp.https.port}</idp.https.port>
                                 <idp.realmb.https.port>${idp.realmb.https.port}</idp.realmb.https.port>
+                                <idp.samlsso.https.port>${idp.samlsso.https.port}</idp.samlsso.https.port>
                                 <rp.https.port>${rp.https.port}</rp.https.port>
                             </systemPropertyVariables>
                             <includes>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6fef44bb/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java b/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java
index 1a72589..b7ac194 100644
--- a/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java
+++ b/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java
@@ -26,6 +26,10 @@ import java.net.URLEncoder;
 
 import javax.servlet.ServletException;
 
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
 import com.gargoylesoftware.htmlunit.CookieManager;
 import com.gargoylesoftware.htmlunit.WebClient;
 import com.gargoylesoftware.htmlunit.html.DomElement;
@@ -33,6 +37,7 @@ import com.gargoylesoftware.htmlunit.html.DomNodeList;
 import com.gargoylesoftware.htmlunit.html.HtmlForm;
 import com.gargoylesoftware.htmlunit.html.HtmlPage;
 import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
+import com.gargoylesoftware.htmlunit.xml.XmlPage;
 
 import org.apache.catalina.Context;
 import org.apache.catalina.LifecycleException;
@@ -40,27 +45,36 @@ import org.apache.catalina.LifecycleState;
 import org.apache.catalina.connector.Connector;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.cxf.fediz.core.ClaimTypes;
+import org.apache.cxf.fediz.core.util.DOMUtils;
 import org.apache.cxf.fediz.tomcat7.FederationAuthenticator;
 import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.signature.XMLSignature;
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
+import org.junit.Test;
 
 /**
- * This is a test for federation in the IdP. The RP application is configured to use a home realm of "realm b". The
- * client gets redirected to the IdP for "realm a", which in turn redirects to the IdP for "realm b". The user 
- * authenticates + is redirected back to the IdP for "realm a" to get a SAML token from the STS + then back to the
- * application.
+ * This is a test for federation using a WS-Federation enabled web application. The web application is configured
+ * to use a different realm to that of the IdP. The IdP then redirects to a third party IdP for authentication. 
+ * The third party IdPs that are tested are as follows:
+ *  - WS-Federation (Fediz)
+ *  - SAML SSO (Fediz)
+ *  - SAML SSO (custom webapp - supports POST binding as well)
+ *  - OIDC (custom webapp)
  */
 public class WSFedTest {
 
     static String idpHttpsPort;
     static String idpRealmbHttpsPort;
+    static String idpSamlSSOHttpsPort;
     static String rpHttpsPort;
     
     private static Tomcat idpServer;
     private static Tomcat idpRealmbServer;
+    private static Tomcat idpSamlSSOServer;
     private static Tomcat rpServer;
     
     @BeforeClass
@@ -78,15 +92,18 @@ public class WSFedTest {
         Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
         idpRealmbHttpsPort = System.getProperty("idp.realmb.https.port");
         Assert.assertNotNull("Property 'idp.realmb.https.port' null", idpRealmbHttpsPort);
+        idpSamlSSOHttpsPort = System.getProperty("idp.samlsso.https.port");
+        Assert.assertNotNull("Property 'idp.samlsso.https.port' null", idpSamlSSOHttpsPort);
         rpHttpsPort = System.getProperty("rp.https.port");
         Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
 
-        idpServer = startServer(true, false, idpHttpsPort);
-        idpRealmbServer = startServer(false, true, idpRealmbHttpsPort);
-        rpServer = startServer(false, false, rpHttpsPort);
+        idpServer = startServer(true, false, false, idpHttpsPort);
+        idpRealmbServer = startServer(false, true, false, idpRealmbHttpsPort);
+        idpSamlSSOServer = startServer(false, false, true, idpSamlSSOHttpsPort);
+        rpServer = startServer(false, false, false, rpHttpsPort);
     }
     
-    private static Tomcat startServer(boolean idp, boolean realmb, String port) 
+    private static Tomcat startServer(boolean idp, boolean realmb, boolean samlSSOIdP, String port) 
         throws ServletException, LifecycleException, IOException {
         Tomcat server = new Tomcat();
         server.setPort(0);
@@ -98,6 +115,8 @@ public class WSFedTest {
             server.getHost().setAppBase("tomcat/idp/webapps");
         } else if (realmb) {
             server.getHost().setAppBase("tomcat/idprealmb/webapps");
+        } else if (samlSSOIdP) {
+            server.getHost().setAppBase("tomcat/idpsamlsso/webapps");
         } else {
             server.getHost().setAppBase("tomcat/rp/webapps");
         }
@@ -132,14 +151,29 @@ public class WSFedTest {
     
             File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-realmb");
             server.addWebapp("/fediz-idp-realmb", idpWebapp.getAbsolutePath());
+        } else if (samlSSOIdP) {
+            File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "idpsaml");
+            server.addWebapp("/idp", idpWebapp.getAbsolutePath());
         } else {
             File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
-            Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
+            Context cxt = server.addWebapp("/wsfed", rpWebapp.getAbsolutePath());
             
             FederationAuthenticator fa = new FederationAuthenticator();
             fa.setConfigFile(currentDir + File.separator + "target" + File.separator
                              + "test-classes" + File.separator + "fediz_config_wsfed.xml");
             cxt.getPipeline().addValve(fa);
+            
+            rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
+            cxt = server.addWebapp("/samlsso", rpWebapp.getAbsolutePath());
+            cxt.getPipeline().addValve(fa);
+            
+            rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
+            cxt = server.addWebapp("/samlssocustom", rpWebapp.getAbsolutePath());
+            cxt.getPipeline().addValve(fa);
+            
+            rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
+            cxt = server.addWebapp("/samlssocustompost", rpWebapp.getAbsolutePath());
+            cxt.getPipeline().addValve(fa);
         }
 
         server.start();
@@ -151,6 +185,7 @@ public class WSFedTest {
     public static void cleanup() {
         shutdownServer(idpServer);
         shutdownServer(idpRealmbServer);
+        shutdownServer(idpSamlSSOServer);
         shutdownServer(rpServer);
     }
     
@@ -185,8 +220,8 @@ public class WSFedTest {
     }
     
     @org.junit.Test
-    public void testWSFed() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
+    public void testWSFederation() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() + "/wsfed/secure/fedservlet";
         // System.out.println(url);
         // Thread.sleep(60 * 2 * 1000);
         String user = "ALICE";  // realm b credentials
@@ -215,6 +250,132 @@ public class WSFedTest {
                           bodyTextContent.contains(claim + "=alice@realma.org"));
     }
     
+    @org.junit.Test
+    public void testSAMLSSOFedizIdP() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() + "/samlsso/secure/fedservlet";
+        // System.out.println(url);
+        // Thread.sleep(60 * 2 * 1000);
+        String user = "ALICE";  // realm b credentials
+        String password = "ECILA";
+        
+        final String bodyTextContent = 
+            login(url, user, password, getIdpRealmbHttpsPort(), getIdpHttpsPort(), true);
+        
+        Assert.assertTrue("Principal not alice",
+                          bodyTextContent.contains("userPrincipal=alice"));
+        Assert.assertTrue("User " + user + " does not have role Admin",
+                          bodyTextContent.contains("role:Admin=false"));
+        Assert.assertTrue("User " + user + " does not have role Manager",
+                          bodyTextContent.contains("role:Manager=false"));
+        Assert.assertTrue("User " + user + " must have role User",
+                          bodyTextContent.contains("role:User=true"));
+
+        String claim = ClaimTypes.FIRSTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
+                          bodyTextContent.contains(claim + "=Alice"));
+        claim = ClaimTypes.LASTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
+                          bodyTextContent.contains(claim + "=Smith"));
+        claim = ClaimTypes.EMAILADDRESS.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
+                          bodyTextContent.contains(claim + "=alice@realma.org"));
+    }
+    
+    @org.junit.Test
+    public void testSAMLSSOCustom() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() + "/samlssocustom/secure/fedservlet";
+        // System.out.println("URL: " + url);
+        // Thread.sleep(60 * 2 * 1000);
+        String user = "ALICE";  // realm b credentials
+        String password = "ECILA";
+        
+        final String bodyTextContent = 
+            login(url, user, password, idpSamlSSOHttpsPort, idpHttpsPort, false);
+        
+        Assert.assertTrue("Principal not alice",
+                          bodyTextContent.contains("userPrincipal=alice"));
+        Assert.assertTrue("User " + user + " does not have role Admin",
+                          bodyTextContent.contains("role:Admin=false"));
+        Assert.assertTrue("User " + user + " does not have role Manager",
+                          bodyTextContent.contains("role:Manager=false"));
+        Assert.assertTrue("User " + user + " must have role User",
+                          bodyTextContent.contains("role:User=true"));
+
+        String claim = ClaimTypes.FIRSTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
+                          bodyTextContent.contains(claim + "=Alice"));
+        claim = ClaimTypes.LASTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
+                          bodyTextContent.contains(claim + "=Smith"));
+        claim = ClaimTypes.EMAILADDRESS.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
+                          bodyTextContent.contains(claim + "=alice@realma.org"));
+    }
+    
+    @org.junit.Test
+    public void testSAMLSSOCustomPostBinding() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() + "/samlssocustompost/secure/fedservlet";
+        // System.out.println("URL: " + url);
+        // Thread.sleep(60 * 2 * 1000);
+        String user = "ALICE";  // realm b credentials
+        String password = "ECILA";
+        
+        final String bodyTextContent = 
+            login(url, user, password, idpSamlSSOHttpsPort, idpHttpsPort, true);
+        
+        Assert.assertTrue("Principal not alice",
+                          bodyTextContent.contains("userPrincipal=alice"));
+        Assert.assertTrue("User " + user + " does not have role Admin",
+                          bodyTextContent.contains("role:Admin=false"));
+        Assert.assertTrue("User " + user + " does not have role Manager",
+                          bodyTextContent.contains("role:Manager=false"));
+        Assert.assertTrue("User " + user + " must have role User",
+                          bodyTextContent.contains("role:User=true"));
+
+        String claim = ClaimTypes.FIRSTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
+                          bodyTextContent.contains(claim + "=Alice"));
+        claim = ClaimTypes.LASTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
+                          bodyTextContent.contains(claim + "=Smith"));
+        claim = ClaimTypes.EMAILADDRESS.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
+                          bodyTextContent.contains(claim + "=alice@realma.org"));
+    }
+    
+    @Test
+    public void testSAMLSSOIdPServiceMetadata() throws Exception {
+        String url = "https://localhost:" + getIdpHttpsPort()
+            + "/fediz-idp/metadata/urn:org:apache:cxf:fediz:idp:realm-B";
+
+        final WebClient webClient = new WebClient();
+        webClient.getOptions().setUseInsecureSSL(true);
+        webClient.getOptions().setSSLClientCertificate(
+            this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks");
+
+        final XmlPage rpPage = webClient.getPage(url);
+        final String xmlContent = rpPage.asXml();
+        Assert.assertTrue(xmlContent.startsWith("<md:EntityDescriptor"));
+
+        // Now validate the Signature
+        Document doc = rpPage.getXmlDocument();
+
+        doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
+
+        Node signatureNode =
+            DOMUtils.getChild(doc.getDocumentElement(), "Signature");
+        Assert.assertNotNull(signatureNode);
+
+        XMLSignature signature = new XMLSignature((Element)signatureNode, "");
+        KeyInfo ki = signature.getKeyInfo();
+        Assert.assertNotNull(ki);
+        Assert.assertNotNull(ki.getX509Certificate());
+
+        Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
+
+        webClient.close();
+    }
+    
     private static String login(String url, String user, String password, 
                                            String idpPort, String rpIdpPort) throws IOException {
         //
@@ -282,5 +443,47 @@ public class WSFedTest {
         return rpPage.getBody().getTextContent();
     }
     
+    private static String login(String url, String user, String password, 
+                                String idpPort, String rpIdpPort, boolean postBinding) throws IOException {
+        //
+        // Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for
+        // "realm b".
+        //
+        final WebClient webClient = new WebClient();
+        CookieManager cookieManager = new CookieManager();
+        webClient.setCookieManager(cookieManager);
+        webClient.getOptions().setUseInsecureSSL(true);
+        webClient.getCredentialsProvider().setCredentials(
+            new AuthScope("localhost", Integer.parseInt(idpPort)),
+            new UsernamePasswordCredentials(user, password));
+
+        webClient.getOptions().setJavaScriptEnabled(false);
+        HtmlPage idpPage = webClient.getPage(url);
+        
+        if (postBinding) {
+            Assert.assertTrue("SAML IDP Response Form".equals(idpPage.getTitleText())
+                                || "IDP SignIn Response Form".equals(idpPage.getTitleText()));
+            for (HtmlForm form : idpPage.getForms()) {
+                String name = form.getAttributeNS(null, "name");
+                if ("signinresponseform".equals(name) || "samlsigninresponseform".equals(name)) {
+                    final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+                    idpPage = button.click();
+                }
+            }
+        }
+        
+        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+
+        // Now redirect back to the RP
+        final HtmlForm form = idpPage.getFormByName("signinresponseform");
+
+        final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+
+        final HtmlPage rpPage = button.click();
+        Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
+
+        webClient.close();
+        return rpPage.getBody().getTextContent();
+    }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6fef44bb/systests/federation/wsfed/src/test/resources/fediz_config_wsfed.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/fediz_config_wsfed.xml b/systests/federation/wsfed/src/test/resources/fediz_config_wsfed.xml
index 7bd3cb7..b9f47e4 100644
--- a/systests/federation/wsfed/src/test/resources/fediz_config_wsfed.xml
+++ b/systests/federation/wsfed/src/test/resources/fediz_config_wsfed.xml
@@ -22,7 +22,7 @@
      keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead. 
 -->
 <FedizConfig>
-    <contextConfig name="/fedizhelloworld">
+    <contextConfig name="/wsfed">
         <audienceUris>
             <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
         </audienceUris>
@@ -52,5 +52,95 @@
         <logoutURL>/secure/logout</logoutURL>
         <logoutRedirectTo>/index.html</logoutRedirectTo>
     </contextConfig>
+    <contextConfig name="/samlsso">
+        <audienceUris>
+            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="test-classes/clienttrust.jks"
+                          password="storepass" type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xsi:type="federationProtocolType" version="1.0.0">
+            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+            <roleDelimiter>,</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <freshness>10</freshness>
+            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-C</homeRealm>
+            <claimTypesRequested>
+                <claimType type="a particular claim type"
+                           optional="true" />
+            </claimTypesRequested>
+        </protocol>
+        <logoutURL>/secure/logout</logoutURL>
+        <logoutRedirectTo>/index.html</logoutRedirectTo>
+    </contextConfig>
+    <contextConfig name="/samlssocustom">
+        <audienceUris>
+            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="test-classes/clienttrust.jks"
+                          password="storepass" type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xsi:type="federationProtocolType" version="1.0.0">
+            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+            <roleDelimiter>,</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <freshness>10</freshness>
+            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-D</homeRealm>
+            <claimTypesRequested>
+                <claimType type="a particular claim type"
+                           optional="true" />
+            </claimTypesRequested>
+        </protocol>
+        <logoutURL>/secure/logout</logoutURL>
+        <logoutRedirectTo>/index.html</logoutRedirectTo>
+    </contextConfig>
+    <contextConfig name="/samlssocustompost">
+        <audienceUris>
+            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="test-classes/clienttrust.jks"
+                          password="storepass" type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xsi:type="federationProtocolType" version="1.0.0">
+            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+            <roleDelimiter>,</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <freshness>10</freshness>
+            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-E</homeRealm>
+            <claimTypesRequested>
+                <claimType type="a particular claim type"
+                           optional="true" />
+            </claimTypesRequested>
+        </protocol>
+        <logoutURL>/secure/logout</logoutURL>
+        <logoutRedirectTo>/index.html</logoutRedirectTo>
+    </contextConfig>
 </FedizConfig>
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6fef44bb/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml b/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml
index 4cca3ec..2cdc6f2 100644
--- a/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml
+++ b/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml
@@ -65,6 +65,9 @@
         <property name="trustedIdps">
             <util:list>
                 <ref bean="trusted-idp-realmB" />
+                <ref bean="trusted-idp-realmC" />
+                <ref bean="trusted-idp-realmD" />
+                <ref bean="trusted-idp-realmE" />
             </util:list>
         </property>
         <property name="claimTypesOffered">
@@ -89,6 +92,62 @@
         <property name="name" value="Realm B" />
         <property name="description" value="Realm B description" />
     </bean>
+    
+    <bean id="trusted-idp-realmC"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-C" />
+        <property name="issuer" value="urn:org:apache:cxf:fediz:idp:realm-B" />
+        <property name="cacheTokens" value="true" />
+        <property name="url" value="https://localhost:${idp.realmb.https.port}/fediz-idp-realmb/saml/up" />
+        <property name="certificate" value="realmb.cert" />
+        <property name="trustType" value="PEER_TRUST" />
+        <property name="protocol" value="urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser" />
+        <property name="federationType" value="FEDERATE_IDENTITY" />
+        <property name="name" value="Realm B" />
+        <property name="description" value="Realm B description" />
+        <property name="parameters">
+            <util:map>
+                <entry key="sign.request" value="true" />
+            </util:map>
+        </property>
+    </bean>
+    
+    <bean id="trusted-idp-realmD"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-D" />
+        <property name="cacheTokens" value="true" />
+        <property name="url" value="https://localhost:${idp.samlsso.https.port}/idp/samlsso?binding=REDIRECT" />
+        <property name="certificate" value="realmb.cert" />
+        <property name="trustType" value="PEER_TRUST" />
+        <property name="protocol" value="urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser" />
+        <property name="federationType" value="FEDERATE_IDENTITY" />
+        <property name="name" value="Realm D" />
+        <property name="description" value="Realm D description" />
+        <property name="parameters">
+            <util:map>
+                <entry key="sign.request" value="true" />
+                <entry key="support.deflate.encoding" value="true" />
+            </util:map>
+        </property>
+    </bean>
+    
+    <bean id="trusted-idp-realmE"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-E" />
+        <property name="cacheTokens" value="true" />
+        <property name="url" value="https://localhost:${idp.samlsso.https.port}/idp/samlsso" />
+        <property name="certificate" value="realmb.cert" />
+        <property name="trustType" value="PEER_TRUST" />
+        <property name="protocol" value="urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser" />
+        <property name="federationType" value="FEDERATE_IDENTITY" />
+        <property name="name" value="Realm E" />
+        <property name="description" value="SAML Web Profile - Response POST Binding" />
+        <property name="parameters">
+            <util:map>
+                <entry key="sign.request" value="true" />
+            </util:map>
+        </property>
+    </bean>
 
     <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
         <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" />
@@ -99,7 +158,7 @@
         <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
         <property name="lifeTime" value="3600" />
         <property name="passiveRequestorEndpointConstraint" 
-                  value="https://localhost:(\d)*/(\w)*helloworld(\w)*/secure/.*" />
+                  value="https://localhost:(\d)*/(\w)*/secure/.*" />
     </bean>
     
     <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6fef44bb/systests/federation/wsfed/src/test/resources/realmb/entities-realmb.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/realmb/entities-realmb.xml b/systests/federation/wsfed/src/test/resources/realmb/entities-realmb.xml
index fc203fb..5734ab9 100644
--- a/systests/federation/wsfed/src/test/resources/realmb/entities-realmb.xml
+++ b/systests/federation/wsfed/src/test/resources/realmb/entities-realmb.xml
@@ -37,10 +37,9 @@
         <property name="idpUrl" value="https://localhost:${idp.realmb.https.port}/fediz-idp-realmb/federation" />
         <property name="supportedProtocols">
             <util:list>
-                <value>http://docs.oasis-open.org/wsfed/federation/200706
-                </value>
-                <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
-                </value>
+                <value>http://docs.oasis-open.org/wsfed/federation/200706</value>
+                <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512</value>
+                <value>urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser</value>
             </util:list>
         </property>
         <property name="tokenTypesOffered">
@@ -79,6 +78,7 @@
         <property name="role" value="SecurityTokenServiceType" />
         <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
         <property name="lifeTime" value="3600" />
+        <property name="validatingCertificate" value="realma.cert" />
     </bean>
     
     <bean id="claim_role"

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6fef44bb/systests/federation/wsfed/src/test/resources/realmb/idp-servlet.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/realmb/idp-servlet.xml b/systests/federation/wsfed/src/test/resources/realmb/idp-servlet.xml
index 0a68517..e557819 100644
--- a/systests/federation/wsfed/src/test/resources/realmb/idp-servlet.xml
+++ b/systests/federation/wsfed/src/test/resources/realmb/idp-servlet.xml
@@ -81,6 +81,10 @@
             id="signinRequest" />
         <webflow:flow-location path="/WEB-INF/flows/federation-signin-response.xml"
             id="signinResponse" />
+            
+        <webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml" />
+        <webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml/up" />
+        <webflow:flow-location path="/WEB-INF/flows/saml-signin-request.xml" id="signinSAMLRequest" />
     </webflow:flow-registry>
 
     <webflow:flow-builder-services id="builder"

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6fef44bb/systests/federation/wsfed/src/test/resources/realmb/security-config.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/realmb/security-config.xml b/systests/federation/wsfed/src/test/resources/realmb/security-config.xml
index e59ace7..6ddfb89 100644
--- a/systests/federation/wsfed/src/test/resources/realmb/security-config.xml
+++ b/systests/federation/wsfed/src/test/resources/realmb/security-config.xml
@@ -88,6 +88,32 @@
         <security:http-basic />
         <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
     </security:http>
+    
+    <security:http pattern="/saml" use-expressions="true" entry-point-ref="fedizEntryPoint">
+        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
+        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
+    </security:http>
+    
+    <!-- HTTP/BA entry point -->
+    <security:http pattern="/saml/up/**" use-expressions="true">
+        <security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAnonymous() or isAuthenticated()" />
+        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
+        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
+
+        <security:http-basic />
+        <!--security:form-login login-page='/federation/up/login'
+            login-processing-url="/federation/up/login.do"
+            authentication-failure-url="/federation/up/login?error" 
+            default-target-url="/"
+            username-parameter="username" 
+            password-parameter="password"
+            /-->
+        <security:logout logout-url="/saml/up/logout" 
+            logout-success-url="/saml/up/login?out" 
+            delete-cookies="FEDIZ_HOME_REALM,JSESSIONID" 
+            invalidate-session="true" 
+            />
+    </security:http>	
 
     <security:authentication-manager>
         <security:authentication-provider ref="stsAuthProvider" />


Mime
View raw message