cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/4] cxf-fediz git commit: Removing WEB-INF stuff from idp-core
Date Wed, 15 Feb 2017 17:25:00 GMT
Removing WEB-INF stuff from idp-core


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/137858bf
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/137858bf
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/137858bf

Branch: refs/heads/master
Commit: 137858bf2769f3e8854be1b3a1b39f4c83359f99
Parents: 1d9ad00
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Feb 15 16:30:29 2017 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Feb 15 16:30:29 2017 +0000

----------------------------------------------------------------------
 .../main/webapp/WEB-INF/applicationContext.xml  |  61 ----
 .../webapp/WEB-INF/config/idp-core-servlet.xml  | 105 -------
 .../config/security-clientcert-config.xml       |  75 -----
 .../WEB-INF/config/security-krb-config.xml      |  84 ------
 .../WEB-INF/config/security-rs-config.xml       |  64 -----
 .../WEB-INF/config/security-up-config.xml       |  94 ------
 .../flows/federation-validate-request.xml       | 283 -------------------
 .../WEB-INF/flows/saml-validate-request.xml     | 259 -----------------
 .../webapp/WEB-INF/flows/signin-request.xml     | 171 -----------
 .../webapp/WEB-INF/flows/signin-response.xml    |  85 ------
 .../main/webapp/WEB-INF/idp-config-realma.xml   | 158 -----------
 .../main/webapp/WEB-INF/idp-config-realmb.xml   | 133 ---------
 .../src/main/webapp/WEB-INF/idp-servlet.xml     |  39 ---
 .../src/main/webapp/WEB-INF/security-config.xml |  76 -----
 .../main/webapp/WEB-INF/views/genericerror.jsp  |  11 -
 .../src/main/webapp/WEB-INF/views/idplist.jsp   |  33 ---
 .../src/main/webapp/WEB-INF/views/index.jsp     |  25 --
 .../WEB-INF/views/samlsigninresponseform.jsp    |  20 --
 .../main/webapp/WEB-INF/views/signinform.jsp    |  72 -----
 .../webapp/WEB-INF/views/signinresponseform.jsp |  25 --
 .../views/signoutconfirmationresponse.jsp       |  65 -----
 .../webapp/WEB-INF/views/signoutresponse.jsp    |  56 ----
 .../idp-core/src/main/webapp/WEB-INF/web.xml    | 131 ---------
 .../webapp/resources/images/apache-logo.png     | Bin 20928 -> 0 bytes
 .../main/webapp/resources/swagger/index.html    | 156 ----------
 25 files changed, 2281 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/applicationContext.xml b/services/idp-core/src/main/webapp/WEB-INF/applicationContext.xml
deleted file mode 100644
index 68bcb0b..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/applicationContext.xml
+++ /dev/null
@@ -1,61 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:cxf="http://cxf.apache.org/core"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xsi:schemaLocation="http://cxf.apache.org/core
-        http://cxf.apache.org/schemas/core.xsd
-        http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
-        http://www.springframework.org/schema/context
-        http://www.springframework.org/schema/context/spring-context-4.3.xsd">
-
-    <context:component-scan base-package="org.apache.cxf.fediz.service.idp.protocols" />
-        
-        
-    <!-- Use http://www.baeldung.com/2012/02/06/properties-with-spring/ instead -->
-    <bean
-        class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
-        <property name="locations">
-            <list>
-                <value>classpath:persistence.properties</value>
-            </list>
-        </property>
-        <property name="ignoreResourceNotFound" value="true" />
-        <property name="ignoreUnresolvablePlaceholders" value="true" />
-    </bean>
-
-    <import resource="classpath:META-INF/cxf/cxf.xml" />
-
-    <import resource="security-config.xml" />
-    <import resource="${idp-config}" />
-    <import resource="classpath:cxf-tls.xml" />
-    <import resource="classpath:persistenceContext.xml" />
-    <import resource="classpath:restContext.xml" />
-
-    <!--cxf:bus>
-        <cxf:features>
-            <cxf:logging />
-        </cxf:features>
-    </cxf:bus-->
-    
-</beans>
-

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/config/idp-core-servlet.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/config/idp-core-servlet.xml b/services/idp-core/src/main/webapp/WEB-INF/config/idp-core-servlet.xml
deleted file mode 100644
index 3d62ad9..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/config/idp-core-servlet.xml
+++ /dev/null
@@ -1,105 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:webflow="http://www.springframework.org/schema/webflow-config"
-    xmlns:p="http://www.springframework.org/schema/p"
-    xmlns:mvc="http://www.springframework.org/schema/mvc"
-    xmlns:context="http://www.springframework.org/schema/context"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
-        http://www.springframework.org/schema/context
-        http://www.springframework.org/schema/context/spring-context-4.3.xsd
-        http://www.springframework.org/schema/mvc
-        http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
-        http://www.springframework.org/schema/webflow-config
-        http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.0.xsd">
-
-    <context:component-scan base-package="org.apache.cxf.fediz.service.idp.beans" />
-
-    <mvc:resources mapping="/images/**" location="/resources/images/" />
-    
-    <mvc:resources mapping="/swagger/**" location="/resources/swagger/" />
-    
-    <mvc:view-controller path="/" view-name="index" />
-    <mvc:view-controller path="/federation/up/login" view-name="signinform" />
-
-    <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
-        <property name="prefix" value="/WEB-INF/views/" />
-        <property name="suffix" value=".jsp" />
-    </bean>
-
-    <bean id="viewFactoryCreator" class="org.springframework.webflow.mvc.builder.MvcViewFactoryCreator">
-        <property name="viewResolvers">
-            <list>
-                <ref bean="viewResolver" />
-            </list>
-        </property>
-    </bean>
-
-    <webflow:flow-builder-services id="builder" view-factory-creator="viewFactoryCreator" />
-
-    <webflow:flow-registry id="flowRegistry" flow-builder-services="builder">
-        <webflow:flow-location path="/WEB-INF/flows/federation-validate-request.xml" id="federation" />
-        <webflow:flow-location path="/WEB-INF/flows/federation-validate-request.xml" id="federation/up" />
-        <webflow:flow-location path="/WEB-INF/flows/federation-validate-request.xml" id="federation/krb" />
-        <webflow:flow-location path="/WEB-INF/flows/federation-validate-request.xml" id="federation/clientcert" />
-        
-        <webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml" />
-        <webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml/up" />
-        <webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml/krb" />
-        <webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml/clientcert" />
-        
-        <webflow:flow-location path="/WEB-INF/flows/signin-request.xml" id="signinRequest" />
-        <webflow:flow-location path="/WEB-INF/flows/signin-response.xml" id="signinResponse" />
-    </webflow:flow-registry>
-
-    <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping" p:flowRegistry-ref="flowRegistry"
-        p:order="2">
-    </bean>
-
-    <webflow:flow-executor id="flowExecutor" flow-registry="flowRegistry">
-        <webflow:flow-execution-attributes>
-            <webflow:always-redirect-on-pause value="false" />
-        </webflow:flow-execution-attributes>
-
-        <webflow:flow-execution-listeners>
-            <webflow:listener ref="securityFlowExecutionListener" />
-        </webflow:flow-execution-listeners>
-    </webflow:flow-executor>
-
-    <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerAdapter" p:flowExecutor-ref="flowExecutor" />
-
-    <bean id="securityFlowExecutionListener" class="org.springframework.webflow.security.SecurityFlowExecutionListener">
-        <property name="accessDecisionManager" ref="accessDecisionManager" />
-    </bean>
-
-    <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
-        <property name="decisionVoters">
-            <list>
-                <bean class="org.springframework.security.access.vote.RoleVoter">
-                    <property name="rolePrefix" value="ROLE_" />
-                </bean>
-                <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
-            </list>
-        </property>
-    </bean>
-
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/config/security-clientcert-config.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/config/security-clientcert-config.xml b/services/idp-core/src/main/webapp/WEB-INF/config/security-clientcert-config.xml
deleted file mode 100644
index d40d0c9..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/config/security-clientcert-config.xml
+++ /dev/null
@@ -1,75 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:security="http://www.springframework.org/schema/security"
-    xmlns:context="http://www.springframework.org/schema/context"
-    xmlns:util="http://www.springframework.org/schema/util"
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
-        http://www.springframework.org/schema/context
-        http://www.springframework.org/schema/context/spring-context-4.3.xsd
-        http://www.springframework.org/schema/security
-        http://www.springframework.org/schema/security/spring-security-3.2.xsd
-        http://www.springframework.org/schema/util
-        http://www.springframework.org/schema/util/spring-util-4.3.xsd
-        ">
-
-    <!-- DISABLE in production as it might log confidential information about the user -->
-    <!-- <security:debug /> -->
-
-    <!-- SSL Client Cert entry point for WS-Federation -->
-    <security:http pattern="/federation/clientcert" use-expressions="true">
-        <security:custom-filter after="CHANNEL_FILTER" ref="stsClientCertPortFilter" />
-        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
-        <security:x509 />
-        <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
-    </security:http>
-    
-    <!-- SSL Client Cert entry point for SAML SSO -->
-    <security:http pattern="/saml/clientcert" use-expressions="true">
-        <security:custom-filter after="CHANNEL_FILTER" ref="stsClientCertPortFilter" />
-        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
-        <security:x509 />
-        <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
-    </security:http>
-
-    <bean id="stsClientCertPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter">
-        <property name="authenticationProvider" ref="stsClientCertAuthProvider" />
-    </bean>
-    
-    <util:map id="securityProperties">
-        <entry key="ws-security.username" value="idp-user" />
-        <entry key="ws-security.password" value="idp-pass" />
-    </util:map>
-    
-    <bean id="stsClientCertAuthProvider" class="org.apache.cxf.fediz.service.idp.STSPreAuthAuthenticationProvider">
-        <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportUT?wsdl" />
-        <property name="wsdlEndpoint" value="TransportUT_Port" />
-        <property name="wsdlService" value="SecurityTokenService" />
-        <property name="appliesTo" value="urn:fediz:idp" />
-        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
-        <property name="properties" ref="securityProperties" />
-    </bean>
-    
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/config/security-krb-config.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/config/security-krb-config.xml b/services/idp-core/src/main/webapp/WEB-INF/config/security-krb-config.xml
deleted file mode 100644
index b66044b..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/config/security-krb-config.xml
+++ /dev/null
@@ -1,84 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:security="http://www.springframework.org/schema/security"
-    xmlns:context="http://www.springframework.org/schema/context"
-    xmlns:util="http://www.springframework.org/schema/util"
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
-        http://www.springframework.org/schema/context
-        http://www.springframework.org/schema/context/spring-context-4.3.xsd
-        http://www.springframework.org/schema/security
-        http://www.springframework.org/schema/security/spring-security-3.2.xsd
-        http://www.springframework.org/schema/util
-        http://www.springframework.org/schema/util/spring-util-4.3.xsd
-        ">
-
-    <!-- DISABLE in production as it might log confidential information about the user -->
-    <!-- <security:debug /> -->
-
-    <!-- Kerberos entry point -->
-    <bean id="kerberosEntryPoint"
-          class="org.apache.cxf.fediz.service.idp.kerberos.KerberosEntryPoint" />
-    
-    <bean id="kerberosAuthenticationProcessingFilter"
-          class="org.apache.cxf.fediz.service.idp.kerberos.KerberosAuthenticationProcessingFilter">
-          <property name="authenticationManager" ref="authenticationManagers" />
-    </bean>
-    
-    <security:http pattern="/federation/krb" use-expressions="true" entry-point-ref="kerberosEntryPoint">
-        <security:custom-filter after="CHANNEL_FILTER" ref="stsKrbPortFilter" />
-        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
-        <security:custom-filter ref="kerberosAuthenticationProcessingFilter" position="BASIC_AUTH_FILTER" />
-        <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
-    </security:http>
-    
-    <security:http pattern="/saml/krb" use-expressions="true" entry-point-ref="kerberosEntryPoint">
-        <security:custom-filter after="CHANNEL_FILTER" ref="stsKrbPortFilter" />
-        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
-        <security:custom-filter ref="kerberosAuthenticationProcessingFilter" position="BASIC_AUTH_FILTER" />
-        <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
-    </security:http>
-    
-    <bean id="stsKrbPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter">
-        <property name="authenticationProvider" ref="stsKrbAuthProvider" />
-    </bean>
-    
-    <!--<bean id="kerberosTokenValidator" class="org.apache.cxf.fediz.service.idp.kerberos.KerberosTokenValidator">
-        <property name="contextName" value="bob" />
-        <property name="serviceName" value="bob@service.ws.apache.org" />
-    </bean>-->
-	
-	<!-- Kerberos authentication provider -->
-    <bean id="stsKrbAuthProvider" class="org.apache.cxf.fediz.service.idp.STSKrbAuthenticationProvider">
-        <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportKerberos?wsdl" />
-        <property name="wsdlEndpoint" value="TransportKerberos_Port" />
-        <property name="wsdlService" value="SecurityTokenService" />
-        <property name="appliesTo" value="urn:fediz:idp" />
-        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
-        <!-- <property name="kerberosTokenValidator" ref="kerberosTokenValidator" />
-        <property name="requireDelegation" value="true" />-->
-    </bean>
-
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/config/security-rs-config.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/config/security-rs-config.xml b/services/idp-core/src/main/webapp/WEB-INF/config/security-rs-config.xml
deleted file mode 100644
index aa859b5..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/config/security-rs-config.xml
+++ /dev/null
@@ -1,64 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:security="http://www.springframework.org/schema/security"
-    xmlns:context="http://www.springframework.org/schema/context"
-    xmlns:util="http://www.springframework.org/schema/util"
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
-        http://www.springframework.org/schema/context
-        http://www.springframework.org/schema/context/spring-context-4.3.xsd
-        http://www.springframework.org/schema/security
-        http://www.springframework.org/schema/security/spring-security-3.2.xsd
-        http://www.springframework.org/schema/util
-        http://www.springframework.org/schema/util/spring-util-4.3.xsd
-        ">
-
-    <!-- DISABLE in production as it might log confidential information about the user -->
-    <!-- <security:debug /> -->
-
-    <security:http pattern="/services/rs/**" use-expressions="true" authentication-manager-ref="restAuthenticationManager">
-        <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
-        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-        <security:intercept-url pattern="/services/rs/**" access="isAuthenticated()" />
-        <security:http-basic />
-    </security:http>
-
-    <bean id="bCryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
-    
-    <bean id="defaultPasswordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder" />
-    
-    <security:authentication-manager id="restAuthenticationManager">
-        <security:authentication-provider>
-          <!-- <security:password-encoder ref="defaultPasswordEncoder" />-->
-          <!-- <security:password-encoder hash="sha-256" base64="true" />-->
-          <!--  
-          <security:password-encoder hash="sha-256" base64="true">
-            <security:salt-source user-property="username" />
-          </security:password-encoder>
-          -->
-          <security:user-service properties="classpath:/users.properties" />
-        </security:authentication-provider>
-        <security:authentication-provider ref="stsUPAuthProvider" />
-    </security:authentication-manager>
-    
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/config/security-up-config.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/config/security-up-config.xml b/services/idp-core/src/main/webapp/WEB-INF/config/security-up-config.xml
deleted file mode 100644
index 2ba5f86..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/config/security-up-config.xml
+++ /dev/null
@@ -1,94 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:security="http://www.springframework.org/schema/security"
-    xmlns:context="http://www.springframework.org/schema/context"
-    xmlns:util="http://www.springframework.org/schema/util"
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
-        http://www.springframework.org/schema/context
-        http://www.springframework.org/schema/context/spring-context-4.3.xsd
-        http://www.springframework.org/schema/security
-        http://www.springframework.org/schema/security/spring-security-3.2.xsd
-        http://www.springframework.org/schema/util
-        http://www.springframework.org/schema/util/spring-util-4.3.xsd
-        ">
-
-    <!-- DISABLE in production as it might log confidential information about the user -->
-    <!-- <security:debug /> -->
-
-    <!-- HTTP/BA entry point for WS-Federation -->
-    <security:http pattern="/federation/up/**" use-expressions="true">
-		<security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAnonymous() or isAuthenticated()" />
-        <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
-        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
-        <security:http-basic />
-	<!--security:form-login login-page='/federation/up/login'
-		login-processing-url="/federation/up/login.do"
-		authentication-failure-url="/federation/up/login?error" 
-		default-target-url="/"
-		username-parameter="username" 
-		password-parameter="password"
-	/-->
-	<security:logout logout-url="/federation/up/logout" 
-		logout-success-url="/federation/up/login?out" 
-		delete-cookies="FEDIZ_HOME_REALM,JSESSIONID" 
-		invalidate-session="true" 
-	/>
-    </security:http>
-    
-    <!-- HTTP/BA entry point for SAML SSO -->
-    <security:http pattern="/saml/up/**" use-expressions="true">
-		<security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAnonymous() or isAuthenticated()" />
-        <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
-        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
-        <security:http-basic />
-	<!--security:form-login login-page='/federation/up/login'
-		login-processing-url="/federation/up/login.do"
-		authentication-failure-url="/federation/up/login?error" 
-		default-target-url="/"
-		username-parameter="username" 
-		password-parameter="password"
-	/-->
-	<security:logout logout-url="/saml/up/logout" 
-		logout-success-url="/saml/up/login?out" 
-		delete-cookies="FEDIZ_HOME_REALM,JSESSIONID" 
-		invalidate-session="true" 
-	/>
-    </security:http>
-    
-    <bean id="stsUPPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter">
-        <property name="authenticationProvider" ref="stsUPAuthProvider" />
-    </bean>
-    
-    <!-- U/P Authentication Provider -->
-    <bean id="stsUPAuthProvider" class="org.apache.cxf.fediz.service.idp.STSUPAuthenticationProvider">
-        <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportUT?wsdl" />
-        <property name="wsdlEndpoint" value="TransportUT_Port" />
-        <property name="wsdlService" value="SecurityTokenService" />
-        <property name="appliesTo" value="urn:fediz:idp" />
-        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
-    </bean>
-    
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp-core/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
deleted file mode 100644
index ea9ce68..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ /dev/null
@@ -1,283 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<flow xmlns="http://www.springframework.org/schema/webflow"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/webflow
-                          http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
-
-    <decision-state id="evaluateProtocol">
-        <on-entry>
-            <set name="flowScope.idpConfig" value="config.getIDP(fedizEntryPoint.getRealm())" />
-        </on-entry>
-        <if test="requestParameters.wa == 'wsignin1.0'" then="selectWsFedProcess" />
-        <if test="requestParameters.wa == 'wsignout1.0' or requestParameters.wa == 'wsignoutcleanup1.0'"
-            then="selectWsFedProcess" />
-        <if test="requestParameters.SAMLResponse != null" then="selectSAMLProcess"
-            else="selectOIDCAuthorizationCodeFlowProcess"
-        /> 
-    </decision-state>
-
-    <decision-state id="selectWsFedProcess">
-        <on-entry>
-            <set name="flowScope.wtrealm" value="requestParameters.wtrealm" />
-            <set name="flowScope.wreply" value="requestParameters.wreply" />
-            <set name="flowScope.wctx" value="requestParameters.wctx" />
-            <set name="flowScope.request_context" value="requestParameters.wctx" />
-            <set name="flowScope.wfresh" value="requestParameters.wfresh" />
-            <set name="flowScope.whr" value="requestParameters.whr" />
-            <set name="flowScope.wresult" value="requestParameters.wresult" />
-            <set name="flowScope.wreq" value="requestParameters.wreq" />
-            <evaluate expression="requestScope.getString('wauth','default')"
-                result="flowScope.wauth" />
-        </on-entry>
-        <if test="requestParameters.wa == 'wsignout1.0' or requestParameters.wa == 'wsignoutcleanup1.0'"
-            then="validateWReplyForSignout" />
-        <if test="requestParameters.wresult != null and !requestParameters.wresult.isEmpty()"
-            then="signinResponse" />
-        <if test="requestParameters.wtrealm != null and !requestParameters.wtrealm.isEmpty()"
-            then="signinRequest" else="viewBadRequest" />
-    </decision-state>
-    
-    <decision-state id="selectSAMLProcess">
-        <on-entry>
-            <set name="flowScope.RelayState" value="requestParameters.RelayState" />
-            <set name="flowScope.request_context" value="requestParameters.RelayState" />
-            <set name="flowScope.SAMLResponse" value="requestParameters.SAMLResponse" />
-        </on-entry>
-        <if test="requestParameters.RelayState == null or requestParameters.RelayState.isEmpty()"
-            then="viewBadRequest" />
-        <if test="requestParameters.SAMLResponse == null or requestParameters.SAMLResponse.isEmpty()"
-            then="viewBadRequest" else="signinResponse" />
-    </decision-state>
-    
-    <decision-state id="selectOIDCAuthorizationCodeFlowProcess">
-         <on-entry>
-            <set name="flowScope.state" value="requestParameters.state" />
-            <set name="flowScope.request_context" value="requestParameters.state" />
-            <set name="flowScope.code" value="requestParameters.code" />
-        </on-entry>
-        <if test="requestParameters.code == null or requestParameters.code.isEmpty()"
-            then="viewBadRequest" />
-        <if test="requestParameters.state == null or requestParameters.state.isEmpty()"
-            then="viewBadRequest" else="signinResponse" />
-    </decision-state>
-    
-    <action-state id="validateWReplyForSignout">
-        <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.wreply)"/>
-        <transition on="yes" to="selectSignOutProcess" />
-        <transition on="no" to="viewBadRequestAndLogout" />
-    </action-state>
-	
-    <decision-state id="selectSignOutProcess">
-        <if test="requestParameters.wa == 'wsignout1.0' and flowScope.idpConfig.rpSingleSignOutConfirmation == true
-            or requestParameters.wa == 'wsignoutcleanup1.0' and flowScope.idpConfig.rpSingleSignOutCleanupConfirmation == true"
-            then="viewSignoutConfirmation" else="invalidateSessionAction" />
-    </decision-state>
-
-    <subflow-state id="signinRequest" subflow="signinRequest">
-        <input name="idpConfig" value="flowScope.idpConfig" />
-        <input name="realm" value="flowScope.wtrealm" />
-        <input name="wctx" value="flowScope.wctx" />
-        <input name="wfresh" value="flowScope.wfresh" />
-        <input name="wauth" value="flowScope.wauth" />
-        <input name="home_realm" value="flowScope.whr" />
-        <input name="protocol" value="'wsfed'" />
-        <input name="return_address" value="flowScope.wreply" />
-        <input name="request_context" value="flowScope.request_context" />
-
-        <output name="home_realm" />
-        <output name="idpToken" />
-        <output name="trusted_idp_context" />
-
-        <transition on="requestRpToken" to="requestRpToken">
-            <set name="flowScope.whr" value="currentEvent.attributes.home_realm" />
-            <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
-        </transition>
-        <transition on="viewBadRequest" to="viewBadRequest" />
-        <transition on="scInternalServerError" to="scInternalServerError" />
-        <transition on="redirectToTrustedIDP" to="processTrustedIdpProtocol">
-            <set name="flowScope.whr" value="currentEvent.attributes.home_realm" />
-            <set name="flowScope.trusted_idp_context" value="currentEvent.attributes.trusted_idp_context"/>
-        </transition>
-        <transition on="redirectToLocalIDP" to="redirectToLocalIDP">
-            <set name="flowScope.wctx" value="currentEvent.attributes.wctx" />
-        </transition>
-    </subflow-state>
-
-    <subflow-state id="signinResponse" subflow="signinResponse">
-        <input name="idpConfig" value="flowScope.idpConfig" />
-        <input name="wfresh" value="flowScope.wfresh" />
-        <input name="request_context" value="flowScope.request_context" />
-        <input name="wresult" value="flowScope.wresult" />
-        <input name="RelayState" value="flowScope.RelayState" />
-        <input name="SAMLResponse" value="flowScope.SAMLResponse" />
-        <input name="state" value="flowScope.state" />
-        <input name="code" value="flowScope.code" />
-        <input name="home_realm" value="flowScope.whr" />
-        <input name="protocol" value="'wsfed'" />
-
-        <output name="realm" />
-        <output name="return_address" />
-        <output name="request_context" />
-        <output name="home_realm" />
-        <output name="idpToken" />
-
-        <transition on="requestRpToken" to="requestRpToken">
-            <set name="flowScope.whr" value="currentEvent.attributes.home_realm" />
-            <set name="flowScope.wctx" value="currentEvent.attributes.request_context" />
-            <set name="flowScope.wtrealm" value="currentEvent.attributes.realm" />
-            <set name="flowScope.wreply" value="currentEvent.attributes.return_address" />
-            <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
-        </transition>
-        <transition on="viewBadRequest" to="viewBadRequest" />
-        <transition on="scInternalServerError" to="scInternalServerError" />
-    </subflow-state>
-    
-    <!-- produce RP security token (as String type) -->
-    <action-state id="requestRpToken">
-        <on-entry>
-            <evaluate expression="stsClientForRpAction.submit(flowRequestContext, flowScope.wtrealm, flowScope.whr)"
-                      result="flowScope.rpTokenElement"/>
-            <evaluate expression="tokenSerializer.serialize(flowRequestContext, flowScope.rpTokenElement)"
-                      result="flowScope.rpToken"/>
-        </on-entry>
-        <evaluate expression="signinParametersCacheAction.storeRPConfigInSession(flowRequestContext)" />
-        <transition to="isWReplyProvided" />
-        <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
-        <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
-    </action-state>
-    
-    <action-state id="processTrustedIdpProtocol">
-        <evaluate expression="trustedIdpProtocolAction.mapSignInRequest(flowRequestContext, flowScope.whr)"
-                      result="flowScope.remoteIdpUrl"/>
-        <transition to="redirectToTrustedIDP" />
-        <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
-    </action-state>
-
-    <action-state id="isWReplyProvided">
-        <evaluate expression="flowScope.wreply != null" />
-        <transition on="yes" to="formResponseView" >
-            <set name="flowScope.signinResponseUrl" value="flowScope.wreply" />
-        </transition>
-        <transition on="no" to="formResponseView" >
-            <set name="flowScope.signinResponseUrl" value="flowScope.wtrealm" />
-        </transition>
-    </action-state>
-
-    <!-- normal exit point for login -->
-    <!-- browser redirection (self-submitted form 'signinresponseform.jsp') -->
-    <end-state id="formResponseView" view="signinresponseform">
-        <on-entry>
-            <evaluate expression="flowScope.signinResponseUrl" result="requestScope.fedAction" />
-            <evaluate expression="flowScope.wtrealm" result="requestScope.fedWTrealm" />
-            <evaluate expression="flowScope.wctx" result="requestScope.fedWCtx" />
-            <evaluate expression="flowScope.rpToken" result="requestScope.fedWResult" />
-        </on-entry>
-    </end-state>
-
-    <!-- abnormal exit point : Http 400 Bad Request -->
-    <end-state id="viewBadRequest" view="genericerror">
-        <on-entry>
-            <evaluate
-                expression="externalContext.nativeResponse.setStatus(400,flowRequestContext.currentTransition.toString())" />
-            <!--<set name="requestScope.reason" value="flowRequestContext.currentTransition" />-->
-        </on-entry>
-    </end-state>
-    
-    <end-state id="viewBadRequestAndLogout" view="genericerror">
-        <on-entry>
-            <evaluate expression="homeRealmReminder.removeCookie(flowRequestContext)" />
-            <evaluate expression="logoutAction.submit(flowRequestContext)" />
-            <evaluate
-                expression="externalContext.nativeResponse.setStatus(400,flowRequestContext.currentTransition.toString())" />
-            <!--<set name="requestScope.reason" value="flowRequestContext.currentTransition" />-->
-        </on-entry>
-    </end-state>
-
-    <!-- abnormal exit point : Http 500 Internal Server Error -->
-    <end-state id="scInternalServerError" view="genericerror">
-        <on-entry>
-            <evaluate
-                expression="externalContext.nativeResponse.setStatus(500,'IDP is unavailable, please contact the administrator')" />
-            <set name="requestScope.reason"
-                value="'IDP is unavailable, please contact the administrator'" />
-            <set name="requestScope.stateException"
-                value="flowScope.stateException" />
-            <set name="requestScope.rootCauseException"
-                value="flowScope.rootCauseException" />
-        </on-entry>
-    </end-state>
-    
-    <!-- normal exit point for logout -->
-    <view-state id="viewSignoutConfirmation" view="signoutconfirmationresponse">
-        <transition on="submit" to="invalidateSessionAction"/>
-        <transition on="cancel" to="redirect" />
-    </view-state>
-
-    <view-state id="redirect" view="externalRedirect:#{flowScope.wreply}" />
-
-    <!-- normal exit point for logout -->
-    <end-state id="invalidateSessionAction" view="signoutresponse">
-        <on-entry>
-            <!-- store the realmConfigMap in the request map before we invalidate the session below.
-            Its needed in the signoutresponse.jsp page -->
-            <set name="externalContext.requestMap.realmConfigMap" 
-                value="externalContext.sessionMap.realmConfigMap"/>
-            <set name="externalContext.requestMap.wreply" value="flowScope.wreply"/>
-            <!-- there is no Saml token canceller in cxf STS...
-            <evaluate expression="stsClientForRpAction.cancelTokens(flowRequestContext)" />
-            -->
-            <evaluate expression="homeRealmReminder.removeCookie(flowRequestContext)" />
-            <evaluate expression="logoutAction.submit(flowRequestContext)" />
-        </on-entry>
-    </end-state>
-
-    <!-- redirect to remote idp -->
-    <end-state id="redirectToTrustedIDP" view="externalRedirect:#{flowScope.remoteIdpUrl}">
-    <!-- 
-        <on-entry>
-            <set name="flowScope.remoteIdpUrl"
-                value="flowScope.idpConfig.findTrustedIdp(flowScope.whr).url
-                +'?wa=wsignin1.0'
-                +'&amp;wtrealm='+flowScope.idpConfig.realm
-                +'&amp;wreply='+flowScope.idpConfig.idpUrl
-                +(flowScope.wfresh != null ? '&amp;wfresh='+flowScope.wfresh : '')
-                +(flowScope.wctx != null ? '&amp;wctx='+flowScope.wctx : '')">
-            </set>
-        </on-entry>
-         --> 
-    </end-state>
-
-    <end-state id="redirectToLocalIDP" view="externalRedirect:#{flowScope.localIdpUrl}">
-        <on-entry>
-            <set name="flowScope.localIdpUrl"
-                value="flowScope.idpConfig.idpUrl
-                +'?wa=wsignin1.0'
-                +'&amp;wreply='+flowScope.wreply
-                +'&amp;wtrealm='+flowScope.wtrealm
-                +(flowScope.wctx != null ? '&amp;wctx='+flowScope.wctx : '')
-                +(flowScope.wfresh != null ? '&amp;wfresh='+flowScope.wfresh : '')
-                +(flowScope.whr != null ? '&amp;whr='+flowScope.whr : '')
-                +(flowScope.wreq != null ? '&amp;wreq='+flowScope.wreq : '')">
-            </set>
-        </on-entry>
-    </end-state>
-
-</flow>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp-core/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
deleted file mode 100644
index 1f12890..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
+++ /dev/null
@@ -1,259 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<flow xmlns="http://www.springframework.org/schema/webflow"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/webflow
-                          http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
-
-    <decision-state id="evaluateProtocol">
-        <on-entry>
-            <set name="flowScope.idpConfig" value="config.getIDP(fedizEntryPoint.getRealm())" />
-        </on-entry>
-        <if test="requestParameters.wa == 'wsignin1.0'" then="selectWsFedProcess" />
-        <if test="requestParameters.SAMLRequest != null or requestParameters.SAMLResponse != null" 
-            then="selectSAMLProcess" else="selectOIDCAuthorizationCodeFlowProcess"
-        />
-    </decision-state>
-    
-    <decision-state id="selectWsFedProcess">
-        <on-entry>
-            <set name="flowScope.wresult" value="requestParameters.wresult" />
-            <set name="flowScope.wctx" value="requestParameters.wctx" />
-            <set name="flowScope.request_context" value="requestParameters.wctx" />
-        </on-entry>
-        <if test="requestParameters.wctx == null or requestParameters.wctx.isEmpty()"
-            then="viewBadRequest" />
-        <if test="requestParameters.wresult == null or requestParameters.wresult.isEmpty()"
-            then="viewBadRequest" />
-        <if test="requestParameters.wtrealm != null and !requestParameters.wtrealm.isEmpty()"
-            then="signinResponse" else="viewBadRequest" />
-    </decision-state>
-    
-    <decision-state id="selectSAMLProcess">
-        <on-entry>
-            <set name="flowScope.RelayState" value="requestParameters.RelayState" />
-            <set name="flowScope.request_context" value="requestParameters.RelayState" />
-            <set name="flowScope.SAMLResponse" value="requestParameters.SAMLResponse" />
-            <set name="flowScope.SAMLRequest" value="requestParameters.SAMLRequest" />
-            <set name="flowScope.Signature" value="requestParameters.Signature" />
-        </on-entry>
-        <if test="requestParameters.RelayState == null or requestParameters.RelayState.isEmpty()"
-            then="viewBadRequest" />
-        <if test="requestParameters.SAMLRequest != null and !requestParameters.SAMLRequest.isEmpty()"
-            then="parseSAMLAuthnRequest" />
-        <if test="requestParameters.SAMLResponse == null or requestParameters.SAMLResponse.isEmpty()"
-            then="viewBadRequest" else="signinResponse" />
-    </decision-state>
-    
-    <decision-state id="selectOIDCAuthorizationCodeFlowProcess">
-        <on-entry>
-            <set name="flowScope.state" value="requestParameters.state" />
-            <set name="flowScope.request_context" value="requestParameters.state" />
-            <set name="flowScope.code" value="requestParameters.code" />
-        </on-entry>
-        <if test="requestParameters.code == null or requestParameters.code.isEmpty()"
-            then="viewBadRequest" />
-        <if test="requestParameters.state == null or requestParameters.state.isEmpty()"
-            then="viewBadRequest" else="signinResponse" />
-    </decision-state>
-    
-    <action-state id="parseSAMLAuthnRequest">
-        <evaluate expression="authnRequestParser.parseSAMLRequest(flowRequestContext, flowScope.idpConfig,
-                                                              flowScope.SAMLRequest, flowScope.Signature,
-                                                              flowScope.RelayState)" />
-        <transition to="retrieveConsumerURL"/>
-        <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
-    </action-state>
-    
-    <action-state id="retrieveConsumerURL">
-        <evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)" 
-                  result="flowScope.consumerURL"/>
-        <transition to="retrieveRealm"/>
-        <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
-    </action-state>
-    
-    <action-state id="retrieveRealm">
-        <evaluate expression="authnRequestParser.retrieveRealm(flowRequestContext)" 
-                  result="flowScope.realm"/>
-        <transition to="signinRequest"/>
-        <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
-    </action-state>
-    
-    <subflow-state id="signinRequest" subflow="signinRequest">
-        <input name="idpConfig" value="flowScope.idpConfig" />
-        <input name="SAMLRequest" value="flowScope.SAMLRequest" />
-        <input name="RelayState" value="flowScope.RelayState" />
-        <input name="Signature" value="flowScope.Signature" />
-        <input name="protocol" value="'samlsso'" />
-        <input name="saml_authn_request" value="flowScope.saml_authn_request" />
-        <input name="realm" value="flowScope.realm" />
-        <input name="home_realm" value="null" />
-        <input name="wfresh" value="null" />
-        <input name="return_address" value="flowScope.consumerURL" />
-        <input name="request_context" value="flowScope.request_context" />
-
-        <output name="home_realm" />
-        <output name="idpToken" />
-        <output name="trusted_idp_context" />
-
-        <transition on="requestRpToken" to="requestRpToken">
-            <set name="flowScope.home_realm" value="currentEvent.attributes.home_realm" />
-            <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
-        </transition>
-        <transition on="viewBadRequest" to="viewBadRequest" />
-        <transition on="scInternalServerError" to="scInternalServerError" />
-        <transition on="redirectToLocalIDP" to="redirectToLocalIDP" />
-        <transition on="redirectToTrustedIDP" to="processTrustedIdpProtocol">
-            <set name="flowScope.home_realm" value="currentEvent.attributes.home_realm" />
-            <set name="flowScope.trusted_idp_context" value="currentEvent.attributes.trusted_idp_context"/>
-        </transition>
-    </subflow-state>
-    
-     <subflow-state id="signinResponse" subflow="signinResponse">
-        <input name="idpConfig" value="flowScope.idpConfig" />
-        <input name="wfresh" value="flowScope.wfresh" />
-        <input name="request_context" value="flowScope.request_context" />
-        <input name="wresult" value="flowScope.wresult" />
-        <input name="RelayState" value="flowScope.RelayState" />
-        <input name="SAMLResponse" value="flowScope.SAMLResponse" />
-        <input name="state" value="flowScope.state" />
-        <input name="code" value="flowScope.code" />
-        <input name="home_realm" value="flowScope.whr" />
-        <input name="protocol" value="'samlsso'" />
-
-        <output name="home_realm" />
-        <output name="idpToken" />
-        <output name="saml_authn_request" />
-        <output name="request_context" />
-
-        <transition on="requestRpToken" to="requestRpToken">
-            <set name="flowScope.home_realm" value="currentEvent.attributes.home_realm" />
-            <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
-            <set name="flowScope.saml_authn_request" value="currentEvent.attributes.saml_authn_request" />
-            <set name="flowScope.RelayState" value="currentEvent.attributes.request_context" />
-        </transition>
-        <transition on="viewBadRequest" to="viewBadRequest" />
-        <transition on="scInternalServerError" to="scInternalServerError" />
-    </subflow-state>
-    
-    <!-- produce RP security token (as String type) -->
-    <action-state id="requestRpToken">
-        <on-entry>
-            <evaluate expression="authnRequestParser.retrieveRealm(flowRequestContext)" 
-                      result="flowScope.realm"/>
-            <evaluate expression="stsClientForRpAction.submit(flowRequestContext, flowScope.realm, flowScope.home_realm)"
-                      result="flowScope.rpTokenElement"/>
-        </on-entry>
-        <evaluate expression="signinParametersCacheAction.storeRPConfigInSession(flowRequestContext)"/>
-        <transition to="produceSAMLResponse" />
-        <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
-        <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
-    </action-state>
-    
-    <action-state id="produceSAMLResponse">
-        <on-entry>
-            <evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)" 
-                      result="flowScope.consumerURL"/>
-            <evaluate expression="authnRequestParser.retrieveRequestId(flowRequestContext)" 
-                      result="flowScope.requestId"/>
-            <evaluate expression="authnRequestParser.retrieveRequestIssuer(flowRequestContext)" 
-                      result="flowScope.requestIssuer"/>
-        </on-entry>
-        <evaluate expression="samlResponseCreator.createSAMLResponse(flowRequestContext, flowScope.idpConfig, flowScope.rpTokenElement,
-                                                                     flowScope.consumerURL, flowScope.requestId, flowScope.requestIssuer)"
-                  result="flowScope.rpResponse"/>                                               
-        <transition to="formResponseView" />
-    </action-state>
-    
-    <!-- normal exit point for login -->
-    <!-- browser redirection (self-submitted form 'samlsigninresponseform.jsp') -->
-    <end-state id="formResponseView" view="samlsigninresponseform">
-        <on-entry>
-            <evaluate expression="flowScope.consumerURL" result="requestScope.samlAction" />
-            <evaluate expression="flowScope.RelayState" result="requestScope.relayState" />
-            <evaluate expression="flowScope.rpResponse" result="requestScope.samlResponse" />
-        </on-entry>
-    </end-state>
-    
-    <action-state id="processTrustedIdpProtocol">
-        <evaluate expression="trustedIdpProtocolAction.mapSignInRequest(flowRequestContext, flowScope.home_realm)"
-                      result="flowScope.remoteIdpUrl"/>
-        <transition to="redirectToTrustedIDP" />
-        <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
-    </action-state>
-
-    <!-- abnormal exit point -->
-    <decision-state id="viewBadRequest">
-        <on-entry>
-            <evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)" 
-                      result="requestScope.samlAction"/>
-        </on-entry>
-        <!-- See if we managed to at least parse the request to get the response URL -->
-        <if test="requestScope.samlAction == null or requestScope.samlAction.isEmpty()"
-            then="viewBadRequestParsingError" else="viewBadRequestResponse"/>
-    </decision-state>
-    
-    <end-state id="viewBadRequestResponse" view="samlsigninresponseform">
-        <on-entry>
-            <evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)" 
-                      result="requestScope.samlAction"/>
-            <evaluate expression="authnRequestParser.retrieveRequestId(flowRequestContext)" 
-                      result="flowScope.requestId"/>
-            <evaluate expression="flowScope.RelayState" result="requestScope.relayState" />
-            <evaluate expression="samlResponseErrorCreator.createSAMLResponse(flowRequestContext, true, flowScope.idpConfig, 
-                                                                     flowScope.requestId)"
-                      result="requestScope.samlResponse"/>     
-        </on-entry>
-    </end-state>
-    
-    <!-- abnormal exit point : Http 400 Bad Request -->
-    <end-state id="viewBadRequestParsingError" view="genericerror">
-        <on-entry>
-            <evaluate
-                expression="externalContext.nativeResponse.setStatus(400,'Error parsing SAML Request')" />
-            <set name="requestScope.reason" value="'Error parsing SAML Request'" />
-        </on-entry>
-    </end-state>
-
-    <!-- abnormal exit point : Http 500 Internal Server Error -->
-    <end-state id="scInternalServerError" view="genericerror">
-        <on-entry>
-            <evaluate
-                expression="externalContext.nativeResponse.setStatus(500,'IDP is unavailable, please contact the administrator')" />
-            <set name="requestScope.reason"
-                value="'IDP is unavailable, please contact the administrator'" />
-            <set name="requestScope.stateException"
-                value="flowScope.stateException" />
-            <set name="requestScope.rootCauseException"
-                value="flowScope.rootCauseException" />
-        </on-entry>
-    </end-state>
-    
-    <end-state id="redirectToLocalIDP" view="externalRedirect:#{flowScope.localIdpUrl}">
-        <on-entry>
-            <evaluate expression="localRedirectCreator.createRedirectURL(flowRequestContext, flowScope.idpConfig)"
-                      result="flowScope.localIdpUrl"/>
-        </on-entry>
-    </end-state>
-    
-    <!-- redirect to remote idp -->
-    <end-state id="redirectToTrustedIDP" view="externalRedirect:#{flowScope.remoteIdpUrl}" />
-
-</flow>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/flows/signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/flows/signin-request.xml b/services/idp-core/src/main/webapp/WEB-INF/flows/signin-request.xml
deleted file mode 100644
index 2a7b125..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/flows/signin-request.xml
+++ /dev/null
@@ -1,171 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<flow xmlns="http://www.springframework.org/schema/webflow"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/webflow
-        http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
-
-    <input name="idpConfig" />
-    <input name="wfresh" />
-    <input name="saml_authn_request" />
-    <input name="realm" />
-    <input name="home_realm" />
-    <input name="protocol" />
-    <input name="return_address" />
-    <input name="request_context" />
-    
-    <!-- ===== Home Realm Discovery ===== -->
-    
-    <decision-state id="processHRDSExpression">
-        <on-entry>
-            <evaluate expression="processHRDSExpressionAction.submit(flowRequestContext, flowScope.home_realm)" 
-                      result="flowScope.home_realm" />
-        </on-entry>
-        <if test="flowScope.home_realm == null or flowScope.home_realm.trim().isEmpty()"
-            then="provideIDPListForUser" else="checkIsThisIDP" />
-    </decision-state>
-    
-    <decision-state id="provideIDPListForUser">
-        <if test="flowScope.idpConfig.trustedIdps == null or idpConfig.trustedIdps.isEmpty()"
-            then="checkDefaultToThisIDP" />
-        <if test="flowScope.idpConfig.isProvideIdpList() == false"
-            then="checkDefaultToThisIDP" else="showIDPList" />
-    </decision-state>
-    
-    <decision-state id="checkDefaultToThisIDP">
-        <if test="flowScope.idpConfig.isUseCurrentIdp()" then="homeRealmSignInEntryPoint"
-            else="viewBadRequest" />
-    </decision-state>
-    
-    <view-state id="showIDPList" view="idplist" model="trustedIDPSelection">
-        <var name="trustedIDPSelection"
-            class="org.apache.cxf.fediz.service.idp.model.TrustedIDPSelection" />
-        <binder>
-            <binding property="homeRealm" required="true" />
-        </binder>
-        <on-entry>
-            <set name="requestScope.idPConfig" value="flowScope.idpConfig" />
-        </on-entry>
-        <transition on="submit" to="checkIsThisIDP" bind="true"
-            validate="true">
-            <set name="flowScope.home_realm" value="trustedIDPSelection.homeRealm" />
-            <evaluate
-                expression="homeRealmReminder.addCookie(flowRequestContext, flowScope.home_realm)" />
-        </transition>
-        <transition on="cancel" to="checkDefaultToThisIDP"
-            bind="false" validate="false" />
-    </view-state>
-    
-    <!-- Home Realm is known then we can store it in cookie -->
-    <decision-state id="checkIsThisIDP">
-        <if test="flowScope.idpConfig.realm.equals(flowScope.home_realm)"
-            then="homeRealmSignInEntryPoint" else="checkRemoteIdpToken" />
-    </decision-state>
-    
-    <!-- ===== Realm independent ===== -->
-    
-    <action-state id="validateReturnAddress">
-        <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.return_address)
-                              and passiveRequestorValidator.isValid(flowRequestContext, flowScope.return_address, flowScope.realm)"/>
-        <transition on="yes" to="requestRpToken" />
-        <transition on="no" to="viewBadRequest" />
-    </action-state>
-    
-    <!-- ===== Home Realm != this realm ===== -->
-    
-    <decision-state id="checkRemoteIdpToken">
-        <if test="externalContext.sessionMap[flowScope.home_realm] != null"
-            then="checkRemoteIdpTokenExpiry" else="redirectToTrustedIDP" />
-    </decision-state>
-    
-    <action-state id="checkRemoteIdpTokenExpiry">
-        <evaluate
-            expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext) or
-                        protocol.equals('wsfed') and wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.home_realm, flowRequestContext)
-                        or protocol.equals('samlsso') and authnRequestParser.isForceAuthentication(flowRequestContext)" />
-        <transition on="yes" to="redirectToTrustedIDP" />
-        <transition on="no" to="validateReturnAddress" >
-            <set name="flowScope.idpToken" value="externalContext.sessionMap[flowScope.home_realm]" />
-        </transition>
-        <transition on-exception="java.lang.Throwable" to="viewBadRequest" />
-    </action-state>
-    
-    <!-- ===== Home Realm == this realm ===== -->
-    
-    <decision-state id="homeRealmSignInEntryPoint">
-        <on-entry>
-            <!-- Here, home realm is guaranteed to be THIS realm -->
-            <set name="flowScope.home_realm" value="flowScope.idpConfig.realm" />
-        </on-entry>
-            
-        <!-- check presence of cached IDP token for THIS realm -->
-        <if test="externalContext.sessionMap[flowScope.home_realm] == null"
-            then="cacheSecurityToken" else="checkLocalIdPTokenExpiry" />
-    </decision-state>
-
-    <action-state id="checkLocalIdPTokenExpiry">
-        <evaluate
-            expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext) or
-                        protocol.equals('wsfed') and wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.home_realm, flowRequestContext)
-                        or protocol.equals('samlsso') and authnRequestParser.isForceAuthentication(flowRequestContext)" />
-        <transition on="yes" to="redirectToLocalIDP" />
-        <transition on="no" to="validateReturnAddress">
-            <set name="flowScope.idpToken" value="externalContext.sessionMap[flowScope.home_realm]" />
-        </transition>
-        <transition on-exception="java.lang.Throwable" to="viewBadRequest" />
-    </action-state>
-
-    <end-state id="redirectToLocalIDP">
-        <on-entry>
-            <evaluate expression="logoutAction.submit(flowRequestContext)" />
-        </on-entry>
-        <output name="home_realm" value="flowScope.home_realm" />
-    </end-state>
-
-    <action-state id="cacheSecurityToken">
-        <secured attributes="IS_AUTHENTICATED_FULLY" />
-        <evaluate expression="cacheSecurityToken.submit(flowRequestContext)" />
-        <transition to="validateReturnAddress">
-            <set name="flowScope.idpToken" value="externalContext.sessionMap[flowScope.home_realm]" />
-        </transition>
-    </action-state>
-    
-    <!-- ============================================================================================================= -->
-
-    <!-- normal exit point -->
-    <end-state id="requestRpToken">
-        <output name="home_realm" value="flowScope.home_realm" />
-        <output name="idpToken" value="flowScope.idpToken" />
-    </end-state>
-
-    <!-- abnormal exit point -->
-    <end-state id="viewBadRequest" />
-    
-    <!-- redirects to requestor idp -->
-    <end-state id="redirectToTrustedIDP">
-        <on-entry>
-            <evaluate expression="signinParametersCacheAction.store(flowRequestContext, protocol)" />
-        </on-entry>
-        <output name="home_realm" value="flowScope.home_realm" />
-        <output name="trusted_idp_context" value="flowScope.trusted_idp_context" />
-    </end-state>
-
-</flow>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/flows/signin-response.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/flows/signin-response.xml b/services/idp-core/src/main/webapp/WEB-INF/flows/signin-response.xml
deleted file mode 100644
index ebfbf1f..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/flows/signin-response.xml
+++ /dev/null
@@ -1,85 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<!--
-Process a response from a trusted third party IdP. It starts by restoring the original request parameters for the current context. 
-It then converts the response from the third party IdP into a SecurityToken via the TrustedIdPProtocolAction. It then exits this 
-subflow to get a RP token from the STS.
- -->
-<flow xmlns="http://www.springframework.org/schema/webflow"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/webflow
-        http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
-
-    <input name="idpConfig" />
-    <input name="request_context" />
-    <input name="wresult" />
-    <input name="RelayState" />
-    <input name="SAMLResponse" />
-    <input name="state" />
-    <input name="code" />
-    <input name="home_realm" />
-    <input name="protocol" />
-
-    <on-start>
-        <!-- restore the original request parameters for the current context -->
-        <evaluate expression="signinParametersCacheAction.restore(flowRequestContext, request_context, protocol)" />
-    </on-start>
-    
-    <!-- validate token issued by requestor IDP given its home realm -->
-    <action-state id="validateToken">
-        <evaluate expression="trustedIdpProtocolAction.mapSignInResponse(flowRequestContext, home_realm)"
-            result="flowScope.idpToken" result-type="org.apache.cxf.ws.security.tokenstore.SecurityToken" />
-        <transition to="checkCacheTrustedIdpToken" />
-        <transition
-            on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
-        <transition
-            on-exception="javax.ws.rs.BadRequestException" to="viewBadRequest" />
-        <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
-    </action-state>
-    
-    <action-state id="checkCacheTrustedIdpToken">
-        <evaluate expression="idpConfig.findTrustedIdp(flowScope.home_realm).cacheTokens" />
-        <transition on="yes" to="requestRpToken">
-            <set name="externalContext.sessionMap[flowScope.home_realm]"
-                    value="flowScope.idpToken" />
-        </transition>
-        <transition on="no" to="requestRpToken" />
-    </action-state>
-
-    <end-state id="requestRpToken">
-        <output name="home_realm" value="flowScope.home_realm" />
-        <output name="request_context" value="flowScope.request_context" />
-        <output name="return_address" value="flowScope.return_address" />
-        <output name="realm" value="flowScope.realm" />
-        <output name="idpToken" value="flowScope.idpToken" />
-        <output name="saml_authn_request" value="flowScope.saml_authn_request" />
-    </end-state>
-
-    <!-- abnormal exit point : Http 400 Bad Request -->
-    <end-state id="viewBadRequest">
-        <output name="saml_authn_request" value="flowScope.saml_authn_request" />
-        <output name="RelayState" value="flowScope.RelayState" />
-    </end-state>
-
-    <!-- abnormal exit point : Http 500 Internal Server Error -->
-    <end-state id="scInternalServerError" />
-    
-</flow>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/idp-config-realma.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/idp-config-realma.xml b/services/idp-core/src/main/webapp/WEB-INF/idp-config-realma.xml
deleted file mode 100644
index 8e66b57..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/idp-config-realma.xml
+++ /dev/null
@@ -1,158 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans profile="spring" xmlns="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:util="http://www.springframework.org/schema/util"
-    xmlns:context="http://www.springframework.org/schema/context"
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
-        http://www.springframework.org/schema/context
-        http://www.springframework.org/schema/context/spring-context-4.3.xsd
-        http://www.springframework.org/schema/util
-        http://www.springframework.org/schema/util/spring-util-4.3.xsd
-        ">
-
-    <context:property-placeholder location="classpath:realm.properties" />
-
-    <bean id="config"
-        class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
-        <property name="idpConfigs">
-            <util:list>
-                <ref bean="idp-realmA" />
-            </util:list>
-        </property>
-        <property name="serviceConfigs">
-            <util:list>
-                <ref bean="srv-fedizhelloworld" />
-            </util:list>
-        </property>
-    </bean>
-
-    <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.model.IDPConfig">
-        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
-        <property name="uri" value="realma" />
-        <!--<property name="hrds" value="" /> --> <!-- TBD, not defined, provide list if enabled -->
-        <property name="provideIdpList" value="true" />
-        <property name="useCurrentIdp" value="true" />
-        <property name="certificate" value="stsKeystoreA.properties" />
-        <property name="certificatePassword" value="realma" />
-        <property name="stsUrl"
-            value="https://localhost:0/fediz-idp-sts/REALMA" />
-        <property name="idpUrl"
-            value="https://localhost:${realmA.port}/fediz-idp/federation" />
-        <property name="supportedProtocols">
-            <util:list>
-                <value>http://docs.oasis-open.org/wsfed/federation/200706
-                </value>
-                <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
-                </value>
-            </util:list>
-        </property>
-        <property name="services">
-            <util:map>
-                <entry key="urn:org:apache:cxf:fediz:fedizhelloworld"
-                    value-ref="srv-fedizhelloworld" />
-            </util:map>
-        </property>
-        <property name="authenticationURIs">
-            <util:map>
-                <entry key="default" value="federation/up" />
-                <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey" 
-                       value="federation/krb" />
-                <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default"
-                       value="federation/up" />
-                <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl"
-                       value="federation/clientcert" />
-            </util:map>
-        </property>
-        <property name="trustedIdps">
-            <util:map>
-                <entry key="urn:org:apache:cxf:fediz:idp:realm-B"
-                    value-ref="trusted-idp-realmB" />
-            </util:map>
-        </property>
-        <property name="serviceDisplayName" value="REALM A" />
-        <property name="serviceDescription" value="IDP of Realm A" />
-        <property name="rpSingleSignOutConfirmation" value="true"/>
-        <property name="rpSingleSignOutCleanupConfirmation" value="false"/>
-    </bean>
-
-    <bean id="trusted-idp-realmB"
-        class="org.apache.cxf.fediz.service.idp.model.TrustedIDPConfig">
-        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
-        <property name="cacheTokens" value="true" />
-        <property name="url"
-            value="https://localhost:${realmB.port}/fediz-idp-remote/federation" />
-        <property name="certificate" value="realmb.cert" />
-        <property name="trustType" value="PEER_TRUST" />  <!-- Required for Fediz Core, Process SignInResponse -->
-        <property name="protocol"
-            value="http://docs.oasis-open.org/wsfed/federation/200706" />
-        <property name="federationType" value="FEDERATE_IDENTITY" /> <!-- Required for STS Relationship -->
-        <property name="name" value="REALM B" />
-        <property name="description" value="IDP of Realm B" />
-        <!-- todo true / false prop for propagate sign-out of other realms !?-->
-    </bean>
-
-    <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.model.ServiceConfig">
-        <property name="realm"
-            value="urn:org:apache:cxf:fediz:fedizhelloworld" />
-        <property name="protocol"
-            value="http://docs.oasis-open.org/wsfed/federation/200706" />
-        <property name="serviceDisplayName" value="Fedizhelloworld" />
-        <property name="serviceDescription"
-            value="Web Application to illustrate WS-Federation" />
-        <property name="role" value="ApplicationServiceType" />
-        <property name="tokenType"
-            value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
-        <property name="lifeTime" value="3600" />
-        <!-- <property name="encryptionCertificate" value="" /> -->
-        <property name="requestedClaims">
-            <util:list>
-                <bean
-                    class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
-                    <property name="claimType"
-                        value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
-                    <property name="optional" value="false" />
-                </bean>
-                <bean
-                    class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
-                    <property name="claimType"
-                        value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
-                    <property name="optional" value="false" />
-                </bean>
-                <bean
-                    class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
-                    <property name="claimType"
-                        value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
-                    <property name="optional" value="false" />
-                </bean>
-                <bean
-                    class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
-                    <property name="claimType"
-                        value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
-                    <property name="optional" value="true" />
-                </bean>
-            </util:list>
-        </property>
-    </bean>
-
-</beans>
-

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/idp-config-realmb.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/idp-config-realmb.xml b/services/idp-core/src/main/webapp/WEB-INF/idp-config-realmb.xml
deleted file mode 100644
index 9494587..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/idp-config-realmb.xml
+++ /dev/null
@@ -1,133 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans profile="spring" xmlns="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:util="http://www.springframework.org/schema/util"
-    xmlns:context="http://www.springframework.org/schema/context"
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
-        http://www.springframework.org/schema/context
-        http://www.springframework.org/schema/context/spring-context-4.3.xsd
-        http://www.springframework.org/schema/util
-        http://www.springframework.org/schema/util/spring-util-4.3.xsd">
-
-    <context:property-placeholder location="classpath:realm.properties" />
-
-    <bean id="config"
-        class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
-        <property name="idpConfigs">
-            <util:list>
-                <ref bean="idp-realmB" />
-            </util:list>
-        </property>
-        <property name="serviceConfigs">
-            <util:list>
-                <ref bean="idp-realmA" />
-            </util:list>
-        </property>
-    </bean>
-
-    <bean id="idp-realmB" class="org.apache.cxf.fediz.service.idp.model.IDPConfig">
-        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
-        <property name="uri" value="realmb" />
-        <!--<property name="hrds" value="" /> --> <!-- TBD, not defined, provide list if enabled -->
-        <property name="provideIdpList" value="false" />
-        <property name="useCurrentIdp" value="true" />
-        <property name="certificate" value="stsKeystoreB.properties" />
-        <property name="certificatePassword" value="realmb" />
-        <property name="stsUrl"
-            value="https://localhost:0/fediz-idp-sts/REALMB" />
-        <property name="idpUrl"
-            value="https://localhost:${realmB.port}/fediz-idp-remote/federation" />
-        <property name="supportedProtocols">
-            <util:list>
-                <value>http://docs.oasis-open.org/wsfed/federation/200706
-                </value>
-                <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
-                </value>
-            </util:list>
-        </property>
-        <property name="services">
-            <util:map>
-                <entry key="urn:org:apache:cxf:fediz:idp:realm-A"
-                    value-ref="idp-realmA" />
-            </util:map>
-        </property>
-        <property name="authenticationURIs">
-            <util:map>
-                <entry key="default" value="federation/up" />
-                <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey" 
-                       value="federation/krb" />
-                <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default"
-                       value="federation/up" />
-                <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl"
-                       value="federation/clientcert" />
-            </util:map>
-        </property>
-        <property name="serviceDisplayName" value="REALM B" />
-        <property name="serviceDescription" value="IDP of Realm B" />
-        <property name="rpSingleSignOutConfirmation" value="true"/>
-        <property name="rpSingleSignOutCleanupConfirmation" value="false"/>
-    </bean>
-
-    <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.model.ServiceConfig">
-        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
-        <property name="protocol"
-            value="http://docs.oasis-open.org/wsfed/federation/200706" />
-        <property name="serviceDisplayName" value="Resource IDP Realm A" />
-        <property name="serviceDescription" value="Resource IDP Realm A" />
-        <property name="role" value="SecurityTokenServiceType" />
-        <property name="tokenType"
-            value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
-        <property name="lifeTime" value="3600" />
-        <!-- <property name="encryptionCertificate" value="" /> -->
-        <property name="requestedClaims">
-            <util:list>
-                <bean
-                    class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
-                    <property name="claimType"
-                        value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
-                    <property name="optional" value="false" />
-                </bean>
-                <bean
-                    class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
-                    <property name="claimType"
-                        value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
-                    <property name="optional" value="false" />
-                </bean>
-                <bean
-                    class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
-                    <property name="claimType"
-                        value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
-                    <property name="optional" value="false" />
-                </bean>
-                <bean
-                    class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
-                    <property name="claimType"
-                        value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
-                    <property name="optional" value="false" />
-                </bean>
-            </util:list>
-        </property>
-    </bean>
-
-</beans>
-


Mime
View raw message