cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/3] cxf-fediz git commit: FEDIZ-182 - Add support for bridging from SAML SSO -> OIDC
Date Mon, 05 Dec 2016 13:02:40 GMT
FEDIZ-182 - Add support for bridging from SAML SSO -> OIDC


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/0b04bdd5
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/0b04bdd5
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/0b04bdd5

Branch: refs/heads/master
Commit: 0b04bdd50c6da961cf54b060bb600c38599a66b1
Parents: f20a014
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Dec 5 13:02:14 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Dec 5 13:02:14 2016 +0000

----------------------------------------------------------------------
 .../WEB-INF/flows/saml-validate-request.xml     |  14 +-
 .../cxf/fediz/integrationtests/SAMLSSOTest.java |  75 +++++++-
 .../samlsso/src/test/resources/cxf-service.xml  |   2 +-
 .../src/test/resources/fediz_config_wsfed.xml   | 176 -------------------
 .../test/resources/realma/entities-realma.xml   |  25 ++-
 .../src/test/resources/rp/cxf-service.xml       |  25 +++
 6 files changed, 129 insertions(+), 188 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0b04bdd5/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
index 7cda428..36ac3a8 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
@@ -28,7 +28,7 @@
         </on-entry>
         <if test="requestParameters.wa == 'wsignin1.0'" then="selectWsFedProcess" />
         <if test="requestParameters.SAMLRequest != null or requestParameters.SAMLResponse
!= null" 
-            then="selectSAMLProcess" else="viewBadRequest"
+            then="selectSAMLProcess" else="selectOIDCAuthorizationCodeFlowProcess"
         />
     </decision-state>
     
@@ -62,6 +62,18 @@
             then="viewBadRequest" else="signinResponse" />
     </decision-state>
     
+    <decision-state id="selectOIDCAuthorizationCodeFlowProcess">
+         <on-entry>
+            <set name="flowScope.state" value="requestParameters.state" />
+            <set name="flowScope.request_context" value="requestParameters.state" />
+            <set name="flowScope.code" value="requestParameters.code" />
+        </on-entry>
+        <if test="requestParameters.code == null or requestParameters.code.isEmpty()"
+            then="viewBadRequest" />
+        <if test="requestParameters.state == null or requestParameters.state.isEmpty()"
+            then="viewBadRequest" else="signinResponse" />
+    </decision-state>
+    
     <subflow-state id="signinSAMLRequest" subflow="signinSAMLRequest">
         <input name="idpConfig" value="flowScope.idpConfig" />
         <input name="SAMLRequest" value="flowScope.SAMLRequest" />

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0b04bdd5/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
index 61f79d6..a3d9dff 100644
--- a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
+++ b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
@@ -22,14 +22,19 @@ package org.apache.cxf.fediz.integrationtests;
 
 import java.io.File;
 import java.io.IOException;
+import java.net.URL;
+import java.util.ArrayList;
 
 import javax.servlet.ServletException;
 
 import com.gargoylesoftware.htmlunit.CookieManager;
+import com.gargoylesoftware.htmlunit.HttpMethod;
 import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.WebRequest;
 import com.gargoylesoftware.htmlunit.html.HtmlForm;
 import com.gargoylesoftware.htmlunit.html.HtmlPage;
 import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
+import com.gargoylesoftware.htmlunit.util.NameValuePair;
 import com.gargoylesoftware.htmlunit.xml.XmlPage;
 
 import org.apache.catalina.LifecycleException;
@@ -149,12 +154,6 @@ public class SAMLSSOTest {
         } else {
             File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"samlssoWebapp");
             server.addWebapp("/samlsso", rpWebapp.getAbsolutePath());
-            
-            /*            
-            rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"simpleWebapp");
-            cxt = server.addWebapp("/oidc", rpWebapp.getAbsolutePath());
-            cxt.getPipeline().addValve(fa);
-            */
         }
 
         server.start();
@@ -229,6 +228,19 @@ public class SAMLSSOTest {
         
         Assert.assertTrue(bodyTextContent.contains("This is the double number response"));
     }
+    
+    @org.junit.Test
+    public void testOIDC() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() + "/samlsso/app3/services/25";
+        String user = "ALICE";  // realm b credentials
+        String password = "ECILA";
+        
+        final String bodyTextContent = 
+            loginOIDC(url, user, password, idpOIDCHttpsPort, idpHttpsPort);
+        
+        Assert.assertTrue(bodyTextContent.contains("This is the double number response"));
+    }
+    
 
     private static String login(String url, String user, String password, 
                                 String idpPort, String rpIdpPort) throws IOException {
@@ -300,7 +312,6 @@ public class SAMLSSOTest {
         
         Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
 
-        System.out.println("IDP: " + idpPage.asXml());
         // Now redirect back to the RP
         final HtmlForm form = idpPage.getFormByName("samlsigninresponseform");
 
@@ -312,4 +323,54 @@ public class SAMLSSOTest {
         return rpPage.asXml();
     }
     
+    private static String loginOIDC(String url, String user, String password, 
+                                    String idpPort, String rpIdpPort) throws IOException
{
+        //
+        // Access the RP + get redirected to the IdP for "realm a". Then get redirected to
the IdP for
+        // "realm b".
+        //
+        final WebClient webClient = new WebClient();
+        CookieManager cookieManager = new CookieManager();
+        webClient.setCookieManager(cookieManager);
+        webClient.getOptions().setUseInsecureSSL(true);
+        webClient.getCredentialsProvider().setCredentials(
+                                                          new AuthScope("localhost", Integer.parseInt(idpPort)),
+                                                          new UsernamePasswordCredentials(user,
password));
+
+        webClient.getOptions().setJavaScriptEnabled(false);
+
+        // The decision page is returned as XML for some reason. So parse it and send a form
response back.
+        HtmlPage oidcIdpConfirmationPage = webClient.getPage(url);
+        final HtmlForm oidcForm = oidcIdpConfirmationPage.getForms().get(0);
+
+        WebRequest request = new WebRequest(new URL(oidcForm.getActionAttribute()), HttpMethod.POST);
+
+        request.setRequestParameters(new ArrayList<NameValuePair>());
+        String clientId = oidcForm.getInputByName("client_id").getValueAttribute();
+        request.getRequestParameters().add(new NameValuePair("client_id", clientId));
+        String redirectUri = oidcForm.getInputByName("redirect_uri").getValueAttribute();
+        request.getRequestParameters().add(new NameValuePair("redirect_uri", redirectUri));
+        String scope = oidcForm.getInputByName("scope").getValueAttribute();
+        request.getRequestParameters().add(new NameValuePair("scope", scope));
+        String state = oidcForm.getInputByName("state").getValueAttribute();
+        request.getRequestParameters().add(new NameValuePair("state", state));
+        String authToken = oidcForm.getInputByName("session_authenticity_token").getValueAttribute();
+        request.getRequestParameters().add(new NameValuePair("session_authenticity_token",
authToken));
+        request.getRequestParameters().add(new NameValuePair("oauthDecision", "allow"));
+
+        HtmlPage idpPage = webClient.getPage(request);
+
+        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+
+        // Now redirect back to the RP
+        final HtmlForm form = idpPage.getFormByName("samlsigninresponseform");
+
+        final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+
+        final XmlPage rpPage = button.click();
+
+        webClient.close();
+        return rpPage.asXml();
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0b04bdd5/systests/federation/samlsso/src/test/resources/cxf-service.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/cxf-service.xml b/systests/federation/samlsso/src/test/resources/cxf-service.xml
index a03d3fa..eba2446 100644
--- a/systests/federation/samlsso/src/test/resources/cxf-service.xml
+++ b/systests/federation/samlsso/src/test/resources/cxf-service.xml
@@ -63,7 +63,7 @@
        <constructor-arg><value>Fediz IdP</value></constructor-arg>
        <property name="redirectUris">
            <util:list value-type="java.lang.String">
-               <value>https://localhost:${idp.https.port}/fediz-idp/federation</value>
+               <value>https://localhost:${idp.https.port}/fediz-idp/saml</value>
            </util:list>
        </property>
        <property name="allowedGrantTypes">

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0b04bdd5/systests/federation/samlsso/src/test/resources/fediz_config_wsfed.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/fediz_config_wsfed.xml b/systests/federation/samlsso/src/test/resources/fediz_config_wsfed.xml
deleted file mode 100644
index c63530b..0000000
--- a/systests/federation/samlsso/src/test/resources/fediz_config_wsfed.xml
+++ /dev/null
@@ -1,176 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml
file. 
-     Keystore referenced below must have IDP STS' public cert included in it.  This example
re-uses the Tomcat SSL 
-     keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific
keystore instead. 
--->
-<FedizConfig>
-    <contextConfig name="/wsfed">
-        <audienceUris>
-            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
-        </audienceUris>
-        <certificateStores>
-            <trustManager>
-                <keyStore file="test-classes/clienttrust.jks"
-                          password="storepass" type="JKS" />
-            </trustManager>
-        </certificateStores>
-        <trustedIssuers>
-            <issuer certificateValidation="PeerTrust" />
-        </trustedIssuers>
-        <maximumClockSkew>1000</maximumClockSkew>
-        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-            xsi:type="federationProtocolType" version="1.0.0">
-            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
-            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
-            <roleDelimiter>,</roleDelimiter>
-            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
-            <freshness>10</freshness>
-            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-B</homeRealm>
-            <claimTypesRequested>
-                <claimType type="a particular claim type"
-                           optional="true" />
-            </claimTypesRequested>
-        </protocol>
-        <logoutURL>/secure/logout</logoutURL>
-        <logoutRedirectTo>/index.html</logoutRedirectTo>
-    </contextConfig>
-    <contextConfig name="/samlsso">
-        <audienceUris>
-            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
-        </audienceUris>
-        <certificateStores>
-            <trustManager>
-                <keyStore file="test-classes/clienttrust.jks"
-                          password="storepass" type="JKS" />
-            </trustManager>
-        </certificateStores>
-        <trustedIssuers>
-            <issuer certificateValidation="PeerTrust" />
-        </trustedIssuers>
-        <maximumClockSkew>1000</maximumClockSkew>
-        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-            xsi:type="federationProtocolType" version="1.0.0">
-            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
-            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
-            <roleDelimiter>,</roleDelimiter>
-            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
-            <freshness>10</freshness>
-            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-C</homeRealm>
-            <claimTypesRequested>
-                <claimType type="a particular claim type"
-                           optional="true" />
-            </claimTypesRequested>
-        </protocol>
-        <logoutURL>/secure/logout</logoutURL>
-        <logoutRedirectTo>/index.html</logoutRedirectTo>
-    </contextConfig>
-    <contextConfig name="/samlssocustom">
-        <audienceUris>
-            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
-        </audienceUris>
-        <certificateStores>
-            <trustManager>
-                <keyStore file="test-classes/clienttrust.jks"
-                          password="storepass" type="JKS" />
-            </trustManager>
-        </certificateStores>
-        <trustedIssuers>
-            <issuer certificateValidation="PeerTrust" />
-        </trustedIssuers>
-        <maximumClockSkew>1000</maximumClockSkew>
-        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-            xsi:type="federationProtocolType" version="1.0.0">
-            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
-            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
-            <roleDelimiter>,</roleDelimiter>
-            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
-            <freshness>10</freshness>
-            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-D</homeRealm>
-            <claimTypesRequested>
-                <claimType type="a particular claim type"
-                           optional="true" />
-            </claimTypesRequested>
-        </protocol>
-        <logoutURL>/secure/logout</logoutURL>
-        <logoutRedirectTo>/index.html</logoutRedirectTo>
-    </contextConfig>
-    <contextConfig name="/samlssocustompost">
-        <audienceUris>
-            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
-        </audienceUris>
-        <certificateStores>
-            <trustManager>
-                <keyStore file="test-classes/clienttrust.jks"
-                          password="storepass" type="JKS" />
-            </trustManager>
-        </certificateStores>
-        <trustedIssuers>
-            <issuer certificateValidation="PeerTrust" />
-        </trustedIssuers>
-        <maximumClockSkew>1000</maximumClockSkew>
-        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-            xsi:type="federationProtocolType" version="1.0.0">
-            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
-            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
-            <roleDelimiter>,</roleDelimiter>
-            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
-            <freshness>10</freshness>
-            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-E</homeRealm>
-            <claimTypesRequested>
-                <claimType type="a particular claim type"
-                           optional="true" />
-            </claimTypesRequested>
-        </protocol>
-        <logoutURL>/secure/logout</logoutURL>
-        <logoutRedirectTo>/index.html</logoutRedirectTo>
-    </contextConfig>
-    <contextConfig name="/oidc">
-        <audienceUris>
-            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
-        </audienceUris>
-        <certificateStores>
-            <trustManager>
-                <keyStore file="test-classes/clienttrust.jks"
-                          password="storepass" type="JKS" />
-            </trustManager>
-        </certificateStores>
-        <trustedIssuers>
-            <issuer certificateValidation="PeerTrust" />
-        </trustedIssuers>
-        <maximumClockSkew>1000</maximumClockSkew>
-        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-            xsi:type="federationProtocolType" version="1.0.0">
-            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
-            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
-            <roleDelimiter>,</roleDelimiter>
-            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
-            <freshness>10</freshness>
-            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-F</homeRealm>
-            <claimTypesRequested>
-                <claimType type="a particular claim type"
-                           optional="true" />
-            </claimTypesRequested>
-        </protocol>
-        <logoutURL>/secure/logout</logoutURL>
-        <logoutRedirectTo>/index.html</logoutRedirectTo>
-    </contextConfig>
-</FedizConfig>
-

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0b04bdd5/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml b/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
index c0dd89b..6e840f5 100644
--- a/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
+++ b/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
@@ -61,6 +61,7 @@
             <util:list>
                 <ref bean="srv-fedizhelloworld-realmB" />
                 <ref bean="srv-fedizhelloworld-realmC" />
+                <ref bean="srv-fedizhelloworld-realmD" />
             </util:list>
         </property>
         <property name="trustedIdps">
@@ -116,7 +117,7 @@
     
     <bean id="trusted-idp-realmD"
         class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity">
-        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-F" />
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-D" />
         <property name="cacheTokens" value="true" />
         <property name="url" value="https://localhost:${idp.oidc.https.port}/idpoidc/services/authorize"
/>
         <property name="certificate" value="realmb.cert" />
@@ -138,7 +139,7 @@
         <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-B"
/>
         <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"
/>
         <property name="serviceDisplayName" value="Fedizhelloworld" />
-        <property name="serviceDescription" value="Web Application to illustrate WS-Federation"
/>
+        <property name="serviceDescription" value="Web Application to illustrate SAML
SSO" />
         <property name="role" value="ApplicationServiceType" />
         <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
/>
         <property name="lifeTime" value="3600" />
@@ -151,7 +152,20 @@
         <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-C"
/>
         <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"
/>
         <property name="serviceDisplayName" value="Fedizhelloworld" />
-        <property name="serviceDescription" value="Web Application to illustrate WS-Federation"
/>
+        <property name="serviceDescription" value="Web Application to illustrate SAML
SSO" />
+        <property name="role" value="ApplicationServiceType" />
+        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
/>
+        <property name="lifeTime" value="3600" />
+        <property name="passiveRequestorEndpointConstraint" 
+                  value="https://localhost:(\d)*/(\w)*/racs/.*" />
+        <property name="validatingCertificate" value="realma.cert" />
+    </bean>
+    
+    <bean id="srv-fedizhelloworld-realmD" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
+        <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-D"
/>
+        <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"
/>
+        <property name="serviceDisplayName" value="Fedizhelloworld" />
+        <property name="serviceDescription" value="Web Application to illustrate SAML
SSO" />
         <property name="role" value="ApplicationServiceType" />
         <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
/>
         <property name="lifeTime" value="3600" />
@@ -171,6 +185,11 @@
         <property name="optional" value="false" />
     </bean>
     <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-fedizhelloworld-realmD" />
+        <property name="claim" ref="claim_role" />
+        <property name="optional" value="false" />
+    </bean>
+    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
         <property name="application" ref="srv-fedizhelloworld-realmB" />
         <property name="claim" ref="claim_givenname" />
         <property name="optional" value="false" />

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0b04bdd5/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml b/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
index 6f8d70a..11f179d 100644
--- a/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
+++ b/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
@@ -111,6 +111,31 @@
             <ref bean="authorizationInterceptor"/>
        </jaxrs:inInterceptors>
    </jaxrs:server>
+   
+   <bean id="ssoFilterApp3" class="org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter">
+       <property name="idpServiceAddress" value="https://localhost:${idp.https.port}/fediz-idp/saml/up"/>
+       <property name="assertionConsumerServiceAddress" 
+                 value="/racs/sso"/>
+       <property name="stateProvider" ref="stateManager"/>
+       <property name="addEndpointAddressToContext" value="true"/>
+       <property name="signRequest" value="true"/>
+       <property name="signaturePropertiesFile" value="stsKeystoreA.properties"/>
+       <property name="callbackHandler" ref="callbackHandler"/>
+       <property name="signatureUsername" value="realma" />
+       <property name="issuerId" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-D"
/>
+   </bean>
+   
+   <jaxrs:server address="/app3">
+       <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+       </jaxrs:serviceBeans>
+       <jaxrs:providers>
+            <ref bean="ssoFilterApp3"/>
+       </jaxrs:providers>
+       <jaxrs:inInterceptors>
+            <ref bean="authorizationInterceptor"/>
+       </jaxrs:inInterceptors>
+   </jaxrs:server>
 
    <bean id="consumerService" class="org.apache.cxf.rs.security.saml.sso.RequestAssertionConsumerService">
         <property name="stateProvider" ref="stateManager"/>


Mime
View raw message