You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/03/02 18:17:27 UTC
[1/2] cxf-fediz git commit: Adding a system test for federating two
WS-Federation IdPs. - The test is @Ignore'd for now. It works fine when
accessed via a web browser....having some trouble getting htmlunit to work
with it though
Repository: cxf-fediz
Updated Branches:
refs/heads/master 518aab741 -> 2477283fe
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/realmb/security-config.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/realmb/security-config.xml b/systests/federation/wsfed/src/test/resources/realmb/security-config.xml
new file mode 100644
index 0000000..7b5b522
--- /dev/null
+++ b/systests/federation/wsfed/src/test/resources/realmb/security-config.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:security="http://www.springframework.org/schema/security"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/security
+ http://www.springframework.org/schema/security/spring-security-3.1.xsd
+ ">
+
+ <context:property-placeholder location="classpath:realm.properties"/>
+
+ <!-- DISABLE in production as it might log confidential information about the user -->
+ <!-- <security:debug /> -->
+
+ <!-- Configure Spring Security -->
+
+ <!-- If enabled, you can't access the Service layer within the Spring Webflow -->
+ <!-- The user has no role during the login phase of WS-Federation -->
+ <security:global-method-security pre-post-annotations="enabled"/>
+
+ <security:http pattern="/services/rs/**" use-expressions="true" authentication-manager-ref="restAuthenticationManager">
+ <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
+ <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
+ <security:intercept-url pattern="/services/rs/**" access="isAuthenticated()"/>
+ <security:http-basic />
+ </security:http>
+
+ <bean id="bCryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
+
+ <bean id="defaultPasswordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder" />
+
+ <security:authentication-manager id="restAuthenticationManager">
+ <security:authentication-provider>
+ <!-- <security:password-encoder ref="defaultPasswordEncoder"/>-->
+ <!-- <security:password-encoder hash="sha-256" base64="true" />-->
+ <!--
+ <security:password-encoder hash="sha-256" base64="true">
+ <security:salt-source user-property="username"/>
+ </security:password-encoder>
+ -->
+ <security:user-service properties="classpath:/users.properties" />
+ </security:authentication-provider>
+ <security:authentication-provider ref="stsAuthProvider" />
+ </security:authentication-manager>
+
+ <security:http use-expressions="true">
+ <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
+ <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
+ <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous() or isAuthenticated()" />
+
+ <!-- MUST be http-basic thus systests run fine -->
+ <!--<security:form-login />-->
+ <security:http-basic />
+ <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
+ </security:http>
+
+ <security:authentication-manager>
+ <security:authentication-provider ref="stsAuthProvider" />
+ </security:authentication-manager>
+
+ <bean id="stsPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter" />
+
+ <bean id="entitlementsEnricher" class="org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements" />
+
+ <bean id="stsAuthProvider" class="org.apache.cxf.fediz.service.idp.STSAuthenticationProvider">
+ <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts-realmb/${realm.STS_URI}/STSServiceTransportUT?wsdl"/>
+ <property name="wsdlEndpoint" value="TransportUT_Port"/>
+ <property name="wsdlService" value="SecurityTokenService"/>
+ <property name="appliesTo" value="urn:fediz:idp"/>
+ <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
+ </bean>
+
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/server.jks
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/server.jks b/systests/federation/wsfed/src/test/resources/server.jks
new file mode 100644
index 0000000..2f0fdf3
Binary files /dev/null and b/systests/federation/wsfed/src/test/resources/server.jks differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/ststrust.jks
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/ststrust.jks b/systests/federation/wsfed/src/test/resources/ststrust.jks
new file mode 100644
index 0000000..911945c
Binary files /dev/null and b/systests/federation/wsfed/src/test/resources/ststrust.jks differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/web.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/web.xml b/systests/federation/wsfed/src/test/resources/web.xml
new file mode 100644
index 0000000..0719288
--- /dev/null
+++ b/systests/federation/wsfed/src/test/resources/web.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+
+-->
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0" metadata-complete="true">
+
+ <description>Fediz IDP</description>
+ <display-name>Fediz IDP</display-name>
+
+ <context-param>
+ <param-name>contextConfigLocation</param-name>
+ <param-value>/WEB-INF/applicationContext.xml</param-value>
+ </context-param>
+
+ <context-param>
+ <param-name>spring.profiles.active</param-name>
+ <param-value>jpa</param-value>
+ </context-param>
+
+ <filter>
+ <filter-name>springSecurityFilterChain</filter-name>
+ <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>springSecurityFilterChain</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+
+ <servlet>
+ <servlet-name>idp</servlet-name>
+ <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+ <init-param>
+ <param-name>publishContext</param-name>
+ <param-value>false</param-value>
+ </init-param>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet>
+ <servlet-name>metadata</servlet-name>
+ <servlet-class>org.apache.cxf.fediz.service.idp.MetadataServlet</servlet-class>
+ <init-param>
+ <param-name>realm</param-name>
+ <param-value>urn:org:apache:cxf:fediz:idp:realm-B</param-value>
+ </init-param>
+ </servlet>
+
+ <servlet>
+ <servlet-name>CXFServlet</servlet-name>
+ <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>CXFServlet</servlet-name>
+ <url-pattern>/services/*</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>idp</servlet-name>
+ <url-pattern>/federation</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>metadata</servlet-name>
+ <url-pattern>/FederationMetadata/2007-06/FederationMetadata.xml</url-pattern>
+ </servlet-mapping>
+
+ <listener>
+ <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+ </listener>
+
+ <!-- Uncomment this when using JNDI DataSource -->
+ <!-- The property jpa.platform must be updated in persistence.properties even you use JNDI Datasource -->
+ <!--
+ <resource-ref>
+ <res-ref-name>jdbc/fedizDataSource</res-ref-name>
+ <res-type>javax.sql.DataSource</res-type>
+ <res-auth>Container</res-auth>
+ </resource-ref>
+ -->
+
+</web-app>
[2/2] cxf-fediz git commit: Adding a system test for federating two
WS-Federation IdPs. - The test is @Ignore'd for now. It works fine when
accessed via a web browser....having some trouble getting htmlunit to work
with it though
Posted by co...@apache.org.
Adding a system test for federating two WS-Federation IdPs.
- The test is @Ignore'd for now. It works fine when accessed via a web browser....having some trouble getting htmlunit to work with it though
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/2477283f
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/2477283f
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/2477283f
Branch: refs/heads/master
Commit: 2477283fe1d3727c10cd4b8ff935756185179eda
Parents: 518aab7
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Mar 2 17:16:49 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Mar 2 17:16:49 2015 +0000
----------------------------------------------------------------------
systests/federation/pom.xml | 1 +
systests/federation/wsfed/pom.xml | 327 +++++++++++++
.../cxf/fediz/integrationtests/WSFedTest.java | 300 ++++++++++++
.../wsfed/src/test/resources/client.jks | Bin 0 -> 2060 bytes
.../src/test/resources/fediz_config_wsfed.xml | 38 ++
.../test/resources/realma/entities-realma.xml | 465 +++++++++++++++++++
.../test/resources/realmb/entities-realmb.xml | 422 +++++++++++++++++
.../src/test/resources/realmb/idp-servlet.xml | 133 ++++++
.../resources/realmb/persistence.properties | 15 +
.../src/test/resources/realmb/realm.properties | 6 +
.../test/resources/realmb/security-config.xml | 96 ++++
.../wsfed/src/test/resources/server.jks | Bin 0 -> 1863 bytes
.../wsfed/src/test/resources/ststrust.jks | Bin 0 -> 2561 bytes
.../federation/wsfed/src/test/resources/web.xml | 102 ++++
14 files changed, 1905 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/pom.xml
----------------------------------------------------------------------
diff --git a/systests/federation/pom.xml b/systests/federation/pom.xml
index b69e6e5..870a9b4 100644
--- a/systests/federation/pom.xml
+++ b/systests/federation/pom.xml
@@ -32,6 +32,7 @@
<modules>
<module>samlsso</module>
+ <module>wsfed</module>
</modules>
</project>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/pom.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/pom.xml b/systests/federation/wsfed/pom.xml
new file mode 100644
index 0000000..f07e969
--- /dev/null
+++ b/systests/federation/wsfed/pom.xml
@@ -0,0 +1,327 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.cxf.fediz.systests</groupId>
+ <artifactId>fediz-systests-federation</artifactId>
+ <version>1.2.0-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+ <groupId>org.apache.cxf.fediz.systests.federation</groupId>
+ <artifactId>fediz-systests-federation-wsfed</artifactId>
+ <name>Apache Fediz Federation Systests Tomcat 7 WS-Federation</name>
+ <packaging>jar</packaging>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-core</artifactId>
+ <version>${tomcat.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-logging-juli</artifactId>
+ <version>${tomcat.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jdt.core.compiler</groupId>
+ <artifactId>ecj</artifactId>
+ <version>3.7.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-jasper</artifactId>
+ <version>${tomcat.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>${junit.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf.fediz</groupId>
+ <artifactId>fediz-tomcat</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf.fediz.systests</groupId>
+ <artifactId>fediz-systests-tests</artifactId>
+ <version>${project.version}</version>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ <version>${slf4j.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-jdk14</artifactId>
+ <version>${slf4j.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>hsqldb</groupId>
+ <artifactId>hsqldb</artifactId>
+ <version>${hsqldb.version}</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ <build>
+ <testResources>
+ <testResource>
+ <directory>src/test/resources</directory>
+ <filtering>true</filtering>
+ <includes>
+ <include>**/fediz_config*.xml</include>
+ </includes>
+ </testResource>
+ <testResource>
+ <directory>src/test/resources</directory>
+ <filtering>false</filtering>
+ <excludes>
+ <exclude>**/fediz_config*.xml</exclude>
+ </excludes>
+ </testResource>
+ </testResources>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>build-helper-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>reserve-network-port</id>
+ <goals>
+ <goal>reserve-network-port</goal>
+ </goals>
+ <phase>initialize</phase>
+ <configuration>
+ <portNames>
+ <portName>idp.https.port</portName>
+ <portName>idp.realmb.https.port</portName>
+ <portName>rp.https.port</portName>
+ </portNames>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>copy-idp-sts</id>
+ <phase>generate-resources</phase>
+ <goals>
+ <goal>unpack</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>org.apache.cxf.fediz</groupId>
+ <artifactId>fediz-idp</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/tomcat/idp/webapps/fediz-idp</outputDirectory>
+ </artifactItem>
+ <artifactItem>
+ <groupId>org.apache.cxf.fediz</groupId>
+ <artifactId>fediz-idp-sts</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/tomcat/idp/webapps/fediz-idp-sts</outputDirectory>
+ </artifactItem>
+ <artifactItem>
+ <groupId>org.apache.cxf.fediz.systests</groupId>
+ <artifactId>fediz-systests-simpleWebapp</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/tomcat/rp/webapps/simpleWebapp</outputDirectory>
+ </artifactItem>
+ <artifactItem>
+ <groupId>org.apache.cxf.fediz</groupId>
+ <artifactId>fediz-idp</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/tomcat/idprealmb/webapps/fediz-idp-realmb</outputDirectory>
+ </artifactItem>
+ <artifactItem>
+ <groupId>org.apache.cxf.fediz</groupId>
+ <artifactId>fediz-idp-sts</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/tomcat/idprealmb/webapps/fediz-idp-sts-realmb</outputDirectory>
+ </artifactItem>
+ </artifactItems>
+ <outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename>
+ <overWriteSnapshots>true</overWriteSnapshots>
+ <overWriteIfNewer>true</overWriteIfNewer>
+ <stripVersion>true</stripVersion>
+ </configuration>
+ </execution>
+ <execution>
+ <id>copy-xalan-to-idp</id>
+ <phase>generate-resources</phase>
+ <goals>
+ <goal>copy</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>xalan</groupId>
+ <artifactId>xalan</artifactId>
+ <version>${xalan.version}</version>
+ <outputDirectory>target/tomcat/idp/webapps/fediz-idp/WEB-INF/lib</outputDirectory>
+ </artifactItem>
+ </artifactItems>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-resources-plugin</artifactId>
+ <version>2.7</version>
+ <executions>
+ <execution>
+ <id>copy-entities-to-idp</id>
+ <phase>generate-test-sources</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp/WEB-INF/classes</outputDirectory>
+ <resources>
+ <resource>
+ <directory>${basedir}/src/test/resources/realma</directory>
+ <includes>
+ <include>entities-realma.xml</include>
+ </includes>
+ <filtering>true</filtering>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ <execution>
+ <id>copy-entities-to-remote-idp</id>
+ <phase>generate-test-sources</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${basedir}/target/tomcat/idprealmb/webapps/fediz-idp-realmb/WEB-INF/classes</outputDirectory>
+ <resources>
+ <resource>
+ <directory>${basedir}/src/test/resources/realmb</directory>
+ <includes>
+ <include>entities-realmb.xml</include>
+ <include>realm.properties</include>
+ <include>persistence.properties</include>
+ </includes>
+ <filtering>true</filtering>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ <execution>
+ <id>copy-entities-to-remote-idp2</id>
+ <phase>generate-test-sources</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${basedir}/target/tomcat/idprealmb/webapps/fediz-idp-realmb/WEB-INF</outputDirectory>
+ <resources>
+ <resource>
+ <directory>${basedir}/src/test/resources/realmb</directory>
+ <includes>
+ <include>idp-servlet.xml</include>
+ <include>security-config.xml</include>
+ </includes>
+ <filtering>true</filtering>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-failsafe-plugin</artifactId>
+ <inherited>true</inherited>
+ <executions>
+ <execution>
+ <id>integration-test</id>
+ <phase>integration-test</phase>
+ <goals>
+ <goal>integration-test</goal>
+ </goals>
+ <configuration>
+ <skip>false</skip>
+ <systemPropertyVariables>
+ <wt.headless>true</wt.headless>
+ <idp.https.port>${idp.https.port}</idp.https.port>
+ <idp.realmb.https.port>${idp.realmb.https.port}</idp.realmb.https.port>
+ <rp.https.port>${rp.https.port}</rp.https.port>
+ </systemPropertyVariables>
+ <includes>
+ <include>**/integrationtests/**</include>
+ </includes>
+ <argLine>-Xms512m -Xmx1024m
+ -XX:MaxPermSize=256m</argLine>
+ </configuration>
+ </execution>
+ <execution>
+ <id>verify</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>verify</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <inherited>true</inherited>
+ <configuration>
+ <excludes>
+ <exclude>**/integrationtests/**</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java b/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java
new file mode 100644
index 0000000..5816a02
--- /dev/null
+++ b/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java
@@ -0,0 +1,300 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+
+import java.io.File;
+import java.io.IOException;
+
+import com.gargoylesoftware.htmlunit.CookieManager;
+import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.html.HtmlForm;
+import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.cxf.fediz.core.ClaimTypes;
+import org.apache.cxf.fediz.tomcat.FederationAuthenticator;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+
+/**
+ * This is a test for federation in the IdP. The RP application is configured to use a home realm of "realm b". The
+ * client gets redirected to the IdP for "realm a", which in turn redirects to the IdP for "realm b". The user
+ * authenticates + is redirected back to the IdP for "realm a" to get a SAML token from the STS + then back to the
+ * application.
+ */
+public class WSFedTest {
+
+ static String idpHttpsPort;
+ static String idpRealmbHttpsPort;
+ static String rpHttpsPort;
+
+ private static Tomcat idpServer;
+ private static Tomcat idpRealmbServer;
+ private static Tomcat rpServer;
+
+ @BeforeClass
+ public static void init() {
+ System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+ System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+ System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
+ idpHttpsPort = System.getProperty("idp.https.port");
+ Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+ idpRealmbHttpsPort = System.getProperty("idp.realmb.https.port");
+ Assert.assertNotNull("Property 'idp.realmb.https.port' null", idpRealmbHttpsPort);
+ rpHttpsPort = System.getProperty("rp.https.port");
+ Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+ initIdp();
+ initRealmbIdp();
+ initRp();
+ }
+
+ private static void initIdp() {
+ try {
+ idpServer = new Tomcat();
+ idpServer.setPort(0);
+ String currentDir = new File(".").getCanonicalPath();
+ idpServer.setBaseDir(currentDir + File.separator + "target");
+
+ idpServer.getHost().setAppBase("tomcat/idp/webapps");
+ idpServer.getHost().setAutoDeploy(true);
+ idpServer.getHost().setDeployOnStartup(true);
+
+ Connector httpsConnector = new Connector();
+ httpsConnector.setPort(Integer.parseInt(idpHttpsPort));
+ httpsConnector.setSecure(true);
+ httpsConnector.setScheme("https");
+ //httpsConnector.setAttribute("keyAlias", keyAlias);
+ httpsConnector.setAttribute("keystorePass", "tompass");
+ httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("truststorePass", "tompass");
+ httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("clientAuth", "want");
+ // httpsConnector.setAttribute("clientAuth", "false");
+ httpsConnector.setAttribute("sslProtocol", "TLS");
+ httpsConnector.setAttribute("SSLEnabled", true);
+
+ idpServer.getService().addConnector(httpsConnector);
+
+ idpServer.addWebapp("/fediz-idp-sts", "fediz-idp-sts");
+ idpServer.addWebapp("/fediz-idp", "fediz-idp");
+
+ idpServer.start();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ private static void initRealmbIdp() {
+ try {
+ idpRealmbServer = new Tomcat();
+ idpRealmbServer.setPort(0);
+ String currentDir = new File(".").getCanonicalPath();
+ idpRealmbServer.setBaseDir(currentDir + File.separator + "target");
+
+ idpRealmbServer.getHost().setAppBase("tomcat/idprealmb/webapps");
+ idpRealmbServer.getHost().setAutoDeploy(true);
+ idpRealmbServer.getHost().setDeployOnStartup(true);
+
+ Connector httpsConnector = new Connector();
+ httpsConnector.setPort(Integer.parseInt(idpRealmbHttpsPort));
+ httpsConnector.setSecure(true);
+ httpsConnector.setScheme("https");
+ //httpsConnector.setAttribute("keyAlias", keyAlias);
+ httpsConnector.setAttribute("keystorePass", "tompass");
+ httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("truststorePass", "tompass");
+ httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("clientAuth", "want");
+ // httpsConnector.setAttribute("clientAuth", "false");
+ httpsConnector.setAttribute("sslProtocol", "TLS");
+ httpsConnector.setAttribute("SSLEnabled", true);
+
+ idpRealmbServer.getService().addConnector(httpsConnector);
+
+ idpRealmbServer.addWebapp("/fediz-idp-sts-realmb", "fediz-idp-sts-realmb");
+ idpRealmbServer.addWebapp("/fediz-idp-realmb", "fediz-idp-realmb");
+
+ idpRealmbServer.start();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ private static void initRp() {
+ try {
+ rpServer = new Tomcat();
+ rpServer.setPort(0);
+ String currentDir = new File(".").getCanonicalPath();
+ rpServer.setBaseDir(currentDir + File.separator + "target");
+
+ rpServer.getHost().setAppBase("tomcat/rp/webapps");
+ rpServer.getHost().setAutoDeploy(true);
+ rpServer.getHost().setDeployOnStartup(true);
+
+ Connector httpsConnector = new Connector();
+ httpsConnector.setPort(Integer.parseInt(rpHttpsPort));
+ httpsConnector.setSecure(true);
+ httpsConnector.setScheme("https");
+ //httpsConnector.setAttribute("keyAlias", keyAlias);
+ httpsConnector.setAttribute("keystorePass", "tompass");
+ httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("truststorePass", "tompass");
+ httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+ // httpsConnector.setAttribute("clientAuth", "false");
+ httpsConnector.setAttribute("clientAuth", "want");
+ httpsConnector.setAttribute("sslProtocol", "TLS");
+ httpsConnector.setAttribute("SSLEnabled", true);
+
+ rpServer.getService().addConnector(httpsConnector);
+
+ //Context ctx =
+ Context cxt = rpServer.addWebapp("/fedizhelloworld", "simpleWebapp");
+ FederationAuthenticator fa = new FederationAuthenticator();
+ fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ + "test-classes" + File.separator + "fediz_config_wsfed.xml");
+ cxt.getPipeline().addValve(fa);
+
+
+ rpServer.start();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ @AfterClass
+ public static void cleanup() {
+ try {
+ if (idpServer.getServer() != null
+ && idpServer.getServer().getState() != LifecycleState.DESTROYED) {
+ if (idpServer.getServer().getState() != LifecycleState.STOPPED) {
+ idpServer.stop();
+ }
+ idpServer.destroy();
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ try {
+ if (rpServer.getServer() != null
+ && rpServer.getServer().getState() != LifecycleState.DESTROYED) {
+ if (rpServer.getServer().getState() != LifecycleState.STOPPED) {
+ rpServer.stop();
+ }
+ rpServer.destroy();
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ public String getIdpHttpsPort() {
+ return idpHttpsPort;
+ }
+
+ public String getIdpRealmbHttpsPort() {
+ return idpRealmbHttpsPort;
+ }
+
+ public String getRpHttpsPort() {
+ return rpHttpsPort;
+ }
+
+ public String getServletContextName() {
+ return "fedizhelloworld";
+ }
+
+ @org.junit.Test
+ @org.junit.Ignore
+ public void testWSFed() throws Exception {
+ String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
+ // System.out.println(url);
+ // Thread.sleep(60 * 2 * 1000);
+ String user = "ALICE"; // realm b credentials
+ String password = "ECILA";
+
+ // Note passing the realm b port here to set the user/password on
+ CookieManager cookieManager = new CookieManager();
+ final String bodyTextContent =
+ loginWithCookieManager(url, user, password, getIdpRealmbHttpsPort(), cookieManager);
+
+ Assert.assertTrue("Principal not " + user,
+ bodyTextContent.contains("userPrincipal=" + user));
+ Assert.assertTrue("User " + user + " does not have role Admin",
+ bodyTextContent.contains("role:Admin=false"));
+ Assert.assertTrue("User " + user + " does not have role Manager",
+ bodyTextContent.contains("role:Manager=false"));
+ Assert.assertTrue("User " + user + " must have role User",
+ bodyTextContent.contains("role:User=true"));
+
+ String claim = ClaimTypes.FIRSTNAME.toString();
+ Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
+ bodyTextContent.contains(claim + "=Alice"));
+ claim = ClaimTypes.LASTNAME.toString();
+ Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
+ bodyTextContent.contains(claim + "=Smith"));
+ claim = ClaimTypes.EMAILADDRESS.toString();
+ Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
+ bodyTextContent.contains(claim + "=alice@realma.org"));
+
+ }
+
+ public static String loginWithCookieManager(String url, String user, String password,
+ String idpPort, CookieManager cookieManager) throws IOException {
+ final WebClient webClient = new WebClient();
+ // webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(idpPort)),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ final HtmlPage idpPage = webClient.getPage(url);
+ System.out.println("IDPPAGE: " + idpPage.asXml());
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+
+ final HtmlForm form = idpPage.getFormByName("signinresponseform");
+
+ final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+
+ final HtmlPage rpPage = button.click();
+ Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
+
+ return rpPage.getBody().getTextContent();
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/client.jks
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/client.jks b/systests/federation/wsfed/src/test/resources/client.jks
new file mode 100644
index 0000000..720dbda
Binary files /dev/null and b/systests/federation/wsfed/src/test/resources/client.jks differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/fediz_config_wsfed.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/fediz_config_wsfed.xml b/systests/federation/wsfed/src/test/resources/fediz_config_wsfed.xml
new file mode 100644
index 0000000..8137315
--- /dev/null
+++ b/systests/federation/wsfed/src/test/resources/fediz_config_wsfed.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file.
+ Keystore referenced below must have IDP STS' public cert included in it. This example re-uses the Tomcat SSL
+ keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead.
+-->
+<FedizConfig>
+ <contextConfig name="/fedizhelloworld">
+ <audienceUris>
+ <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="test-classes/ststrust.jks"
+ password="storepass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:type="federationProtocolType" version="1.0.0">
+ <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+ <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+ <roleDelimiter>,</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <freshness>10</freshness>
+ <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-B</homeRealm>
+ <claimTypesRequested>
+ <claimType type="a particular claim type"
+ optional="true" />
+ </claimTypesRequested>
+ </protocol>
+ <logoutURL>/secure/logout</logoutURL>
+ <logoutRedirectTo>/index.html</logoutRedirectTo>
+ </contextConfig>
+</FedizConfig>
+
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml b/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml
new file mode 100644
index 0000000..418c03a
--- /dev/null
+++ b/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml
@@ -0,0 +1,465 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+
+ <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.service.jpa.IdpEntity">
+ <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
+ <property name="uri" value="realma" />
+ <property name="provideIdpList" value="true" />
+ <property name="useCurrentIdp" value="true" />
+ <property name="certificate" value="stsKeystoreA.properties" />
+ <property name="certificatePassword" value="realma" />
+ <property name="stsUrl" value="https://localhost:${idp.https.port}/fediz-idp-sts/REALMA" />
+ <property name="idpUrl" value="https://localhost:${idp.https.port}/fediz-idp/federation" />
+ <property name="rpSingleSignOutConfirmation" value="true"/>
+ <property name="supportedProtocols">
+ <util:list>
+ <value>http://docs.oasis-open.org/wsfed/federation/200706
+ </value>
+ <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
+ </value>
+ </util:list>
+ </property>
+ <property name="tokenTypesOffered">
+ <util:list>
+ <value>urn:oasis:names:tc:SAML:1.0:assertion</value>
+ <value>urn:oasis:names:tc:SAML:2.0:assertion</value>
+ </util:list>
+ </property>
+ <property name="authenticationURIs">
+ <util:map>
+ <entry key="default" value="/login/default" />
+ </util:map>
+ </property>
+ <property name="serviceDisplayName" value="REALM A" />
+ <property name="serviceDescription" value="IDP of Realm A" />
+ <property name="applications">
+ <util:list>
+ <ref bean="srv-fedizhelloworld" />
+ </util:list>
+ </property>
+ <property name="trustedIdps">
+ <util:list>
+ <ref bean="trusted-idp-realmB" />
+ </util:list>
+ </property>
+ <property name="claimTypesOffered">
+ <util:list>
+ <ref bean="claim_role" />
+ <ref bean="claim_surname" />
+ <ref bean="claim_givenname" />
+ <ref bean="claim_email" />
+ </util:list>
+ </property>
+ </bean>
+
+ <bean id="trusted-idp-realmB"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity">
+ <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
+ <property name="cacheTokens" value="true" />
+ <property name="url" value="https://localhost:${idp.realmb.https.port}/fediz-idp-realmb/federation" />
+ <property name="certificate" value="realmb.cert" />
+ <property name="trustType" value="PEER_TRUST" />
+ <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
+ <property name="federationType" value="FEDERATE_IDENTITY" />
+ <property name="name" value="Realm B" />
+ <property name="description" value="Realm B description" />
+ </bean>
+
+ <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
+ <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" />
+ <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
+ <property name="serviceDisplayName" value="Fedizhelloworld" />
+ <property name="serviceDescription" value="Web Application to illustrate WS-Federation" />
+ <property name="role" value="ApplicationServiceType" />
+ <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+ <property name="lifeTime" value="3600" />
+ </bean>
+
+ <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+ <property name="application" ref="srv-fedizhelloworld" />
+ <property name="claim" ref="claim_role" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+ <property name="application" ref="srv-fedizhelloworld" />
+ <property name="claim" ref="claim_givenname" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+ <property name="application" ref="srv-fedizhelloworld" />
+ <property name="claim" ref="claim_surname" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+ <property name="application" ref="srv-fedizhelloworld" />
+ <property name="claim" ref="claim_email" />
+ <property name="optional" value="false" />
+ </bean>
+
+ <bean id="claim_role"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+ <property name="claimType"
+ value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
+ <property name="displayName"
+ value="role" />
+ <property name="description"
+ value="Description for role" />
+ </bean>
+ <bean id="claim_givenname"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+ <property name="claimType"
+ value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
+ <property name="displayName"
+ value="firstname" />
+ <property name="description"
+ value="Description for firstname" />
+ </bean>
+ <bean id="claim_surname"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+ <property name="claimType"
+ value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
+ <property name="displayName"
+ value="lastname" />
+ <property name="description"
+ value="Description for lastname" />
+ </bean>
+ <bean id="claim_email"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+ <property name="claimType"
+ value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
+ <property name="displayName"
+ value="email" />
+ <property name="description"
+ value="Description for email" />
+ </bean>
+
+
+ <bean id="entitlement_claim_list"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="CLAIM_LIST" />
+ <property name="description"
+ value="Description for CLAIM_LIST" />
+ </bean>
+ <bean id="entitlement_claim_create"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="CLAIM_CREATE" />
+ <property name="description"
+ value="Description for CLAIM_CREATE" />
+ </bean>
+ <bean id="entitlement_claim_read"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="CLAIM_READ" />
+ <property name="description"
+ value="Description for CLAIM_READ" />
+ </bean>
+ <bean id="entitlement_claim_update"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="CLAIM_UPDATE" />
+ <property name="description"
+ value="Description for CLAIM_UPDATE" />
+ </bean>
+ <bean id="entitlement_claim_delete"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="CLAIM_DELETE" />
+ <property name="description"
+ value="Description for CLAIM_DELETE" />
+ </bean>
+
+ <bean id="entitlement_application_list"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="APPLICATION_LIST" />
+ <property name="description"
+ value="Description for APPLICATION_LIST" />
+ </bean>
+ <bean id="entitlement_application_create"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="APPLICATION_CREATE" />
+ <property name="description"
+ value="Description for APPLICATION_CREATE" />
+ </bean>
+ <bean id="entitlement_application_read"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="APPLICATION_READ" />
+ <property name="description"
+ value="Description for APPLICATION_READ" />
+ </bean>
+ <bean id="entitlement_application_update"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="APPLICATION_UPDATE" />
+ <property name="description"
+ value="Description for APPLICATION_UPDATE" />
+ </bean>
+ <bean id="entitlement_application_delete"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="APPLICATION_DELETE" />
+ <property name="description"
+ value="Description for APPLICATION_DELETE" />
+ </bean>
+
+ <bean id="entitlement_trustedidp_list"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="TRUSTEDIDP_LIST" />
+ <property name="description"
+ value="Description for TRUSTEDIDP_LIST" />
+ </bean>
+ <bean id="entitlement_trustedidp_create"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="TRUSTEDIDP_CREATE" />
+ <property name="description"
+ value="Description for TRUSTEDIDP_CREATE" />
+ </bean>
+ <bean id="entitlement_trustedidp_read"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="TRUSTEDIDP_READ" />
+ <property name="description"
+ value="Description for TRUSTEDIDP_READ" />
+ </bean>
+ <bean id="entitlement_trustedidp_update"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="TRUSTEDIDP_UPDATE" />
+ <property name="description"
+ value="Description for TRUSTEDIDP_UPDATE" />
+ </bean>
+ <bean id="entitlement_trustedidp_delete"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="TRUSTEDIDP_DELETE" />
+ <property name="description"
+ value="Description for TRUSTEDIDP_DELETE" />
+ </bean>
+
+ <bean id="entitlement_idp_list"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="IDP_LIST" />
+ <property name="description"
+ value="Description for IDP_LIST" />
+ </bean>
+ <bean id="entitlement_idp_create"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="IDP_CREATE" />
+ <property name="description"
+ value="Description for IDP_CREATE" />
+ </bean>
+ <bean id="entitlement_idp_read"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="IDP_READ" />
+ <property name="description"
+ value="Description for IDP_READ" />
+ </bean>
+ <bean id="entitlement_idp_update"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="IDP_UPDATE" />
+ <property name="description"
+ value="Description for IDP_UPDATE" />
+ </bean>
+ <bean id="entitlement_idp_delete"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="IDP_DELETE" />
+ <property name="description"
+ value="Description for IDP_DELETE" />
+ </bean>
+
+ <bean id="entitlement_role_list"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ROLE_LIST" />
+ <property name="description"
+ value="Description for ROLE_LIST" />
+ </bean>
+ <bean id="entitlement_role_create"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ROLE_CREATE" />
+ <property name="description"
+ value="Description for ROLE_CREATE" />
+ </bean>
+ <bean id="entitlement_role_read"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ROLE_READ" />
+ <property name="description"
+ value="Description for ROLE_READ" />
+ </bean>
+ <bean id="entitlement_role_update"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ROLE_UPDATE" />
+ <property name="description"
+ value="Description for ROLE_UPDATE" />
+ </bean>
+ <bean id="entitlement_role_delete"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ROLE_DELETE" />
+ <property name="description"
+ value="Description for ROLE_DELETE" />
+ </bean>
+
+ <bean id="entitlement_entitlement_list"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ENTITLEMENT_LIST" />
+ <property name="description"
+ value="Description for ENTITLEMENT_LIST" />
+ </bean>
+ <bean id="entitlement_entitlement_create"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ENTITLEMENT_CREATE" />
+ <property name="description"
+ value="Description for ENTITLEMENT_CREATE" />
+ </bean>
+ <bean id="entitlement_entitlement_read"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ENTITLEMENT_READ" />
+ <property name="description"
+ value="Description for ENTITLEMENT_READ" />
+ </bean>
+ <bean id="entitlement_entitlement_update"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ENTITLEMENT_UPDATE" />
+ <property name="description"
+ value="Description for ENTITLEMENT_UPDATE" />
+ </bean>
+ <bean id="entitlement_entitlement_delete"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ENTITLEMENT_DELETE" />
+ <property name="description"
+ value="Description for ENTITLEMENT_DELETE" />
+ </bean>
+
+ <bean id="role_admin"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+ <property name="name"
+ value="ADMIN" />
+ <property name="description"
+ value="This is the administrator role with full access" />
+ <property name="entitlements">
+ <util:list>
+ <ref bean="entitlement_claim_list" />
+ <ref bean="entitlement_claim_create" />
+ <ref bean="entitlement_claim_read" />
+ <ref bean="entitlement_claim_update" />
+ <ref bean="entitlement_claim_delete" />
+ <ref bean="entitlement_idp_list" />
+ <ref bean="entitlement_idp_create" />
+ <ref bean="entitlement_idp_read" />
+ <ref bean="entitlement_idp_update" />
+ <ref bean="entitlement_idp_delete" />
+ <ref bean="entitlement_trustedidp_list" />
+ <ref bean="entitlement_trustedidp_create" />
+ <ref bean="entitlement_trustedidp_read" />
+ <ref bean="entitlement_trustedidp_update" />
+ <ref bean="entitlement_trustedidp_delete" />
+ <ref bean="entitlement_application_list" />
+ <ref bean="entitlement_application_create" />
+ <ref bean="entitlement_application_read" />
+ <ref bean="entitlement_application_update" />
+ <ref bean="entitlement_application_delete" />
+ <ref bean="entitlement_role_list" />
+ <ref bean="entitlement_role_create" />
+ <ref bean="entitlement_role_read" />
+ <ref bean="entitlement_role_update" />
+ <ref bean="entitlement_role_delete" />
+ <ref bean="entitlement_entitlement_list" />
+ <ref bean="entitlement_entitlement_create" />
+ <ref bean="entitlement_entitlement_read" />
+ <ref bean="entitlement_entitlement_update" />
+ <ref bean="entitlement_entitlement_delete" />
+ </util:list>
+ </property>
+ </bean>
+ <bean id="role_user"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+ <property name="name"
+ value="USER" />
+ <property name="description"
+ value="This is the user role with read access" />
+ <property name="entitlements">
+ <util:list>
+ <ref bean="entitlement_claim_list" />
+ <ref bean="entitlement_claim_read" />
+ <ref bean="entitlement_idp_list" />
+ <ref bean="entitlement_idp_read" />
+ <ref bean="entitlement_trustedidp_list" />
+ <ref bean="entitlement_trustedidp_read" />
+ <ref bean="entitlement_application_list" />
+ <ref bean="entitlement_application_read" />
+ <ref bean="entitlement_role_list" />
+ <ref bean="entitlement_role_read" />
+ <ref bean="entitlement_entitlement_list" />
+ <ref bean="entitlement_entitlement_read" />
+ </util:list>
+ </property>
+ </bean>
+ <bean id="role_idp_login"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+ <property name="name"
+ value="IDP_LOGIN" />
+ <property name="description"
+ value="This is the IDP login role which is applied to Users during the IDP SSO" />
+ <property name="entitlements">
+ <util:list>
+ <ref bean="entitlement_claim_list" />
+ <ref bean="entitlement_claim_read" />
+ <ref bean="entitlement_idp_list" />
+ <ref bean="entitlement_idp_read" />
+ <ref bean="entitlement_trustedidp_list" />
+ <ref bean="entitlement_trustedidp_read" />
+ <ref bean="entitlement_application_list" />
+ <ref bean="entitlement_application_read" />
+ </util:list>
+ </property>
+ </bean>
+
+
+
+</beans>
+
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/realmb/entities-realmb.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/realmb/entities-realmb.xml b/systests/federation/wsfed/src/test/resources/realmb/entities-realmb.xml
new file mode 100644
index 0000000..9e24cb2
--- /dev/null
+++ b/systests/federation/wsfed/src/test/resources/realmb/entities-realmb.xml
@@ -0,0 +1,422 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+
+ <bean id="idp-realmB" class="org.apache.cxf.fediz.service.idp.service.jpa.IdpEntity">
+ <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
+ <property name="uri" value="realmb" />
+ <property name="provideIdpList" value="false" />
+ <property name="useCurrentIdp" value="true" />
+ <property name="certificate" value="stsKeystoreB.properties" />
+ <property name="certificatePassword" value="realmb" />
+ <property name="stsUrl" value="https://localhost:${idp.realmb.https.port}/fediz-idp-sts-realmb/REALMB" />
+ <property name="idpUrl" value="https://localhost:${idp.realmb.https.port}/fediz-idp-realmb/federation" />
+ <property name="supportedProtocols">
+ <util:list>
+ <value>http://docs.oasis-open.org/wsfed/federation/200706
+ </value>
+ <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
+ </value>
+ </util:list>
+ </property>
+ <property name="tokenTypesOffered">
+ <util:list>
+ <value>urn:oasis:names:tc:SAML:1.0:assertion</value>
+ <value>urn:oasis:names:tc:SAML:2.0:assertion</value>
+ </util:list>
+ </property>
+ <property name="authenticationURIs">
+ <util:map>
+ <entry key="default" value="/login/default" />
+ </util:map>
+ </property>
+ <property name="serviceDisplayName" value="REALM B" />
+ <property name="serviceDescription" value="IDP of Realm B" />
+ <property name="applications">
+ <util:list>
+ <ref bean="idp-realmA" />
+ </util:list>
+ </property>
+ <property name="claimTypesOffered">
+ <util:list>
+ <ref bean="claim_role" />
+ <ref bean="claim_surname" />
+ <ref bean="claim_givenname" />
+ <ref bean="claim_email" />
+ </util:list>
+ </property>
+ </bean>
+
+ <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
+ <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
+ <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
+ <property name="serviceDisplayName" value="Resource IDP Realm A" />
+ <property name="serviceDescription" value="Resource IDP Realm A" />
+ <property name="role" value="SecurityTokenServiceType" />
+ <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+ <property name="lifeTime" value="3600" />
+ </bean>
+
+ <bean id="claim_role"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+ <property name="claimType"
+ value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
+ <property name="displayName"
+ value="role" />
+ <property name="description"
+ value="Description for role" />
+ </bean>
+ <bean id="claim_givenname"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+ <property name="claimType"
+ value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
+ <property name="displayName"
+ value="firstname" />
+ <property name="description"
+ value="Description for firstname" />
+ </bean>
+ <bean id="claim_surname"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+ <property name="claimType"
+ value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
+ <property name="displayName"
+ value="lastname" />
+ <property name="description"
+ value="Description for lastname" />
+ </bean>
+ <bean id="claim_email"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+ <property name="claimType"
+ value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
+ <property name="displayName"
+ value="email" />
+ <property name="description"
+ value="Description for email" />
+ </bean>
+
+ <bean id="entitlement_claim_list"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="CLAIM_LIST" />
+ <property name="description"
+ value="Description for CLAIM_LIST" />
+ </bean>
+ <bean id="entitlement_claim_create"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="CLAIM_CREATE" />
+ <property name="description"
+ value="Description for CLAIM_CREATE" />
+ </bean>
+ <bean id="entitlement_claim_read"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="CLAIM_READ" />
+ <property name="description"
+ value="Description for CLAIM_READ" />
+ </bean>
+ <bean id="entitlement_claim_update"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="CLAIM_UPDATE" />
+ <property name="description"
+ value="Description for CLAIM_UPDATE" />
+ </bean>
+ <bean id="entitlement_claim_delete"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="CLAIM_DELETE" />
+ <property name="description"
+ value="Description for CLAIM_DELETE" />
+ </bean>
+
+ <bean id="entitlement_application_list"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="APPLICATION_LIST" />
+ <property name="description"
+ value="Description for APPLICATION_LIST" />
+ </bean>
+ <bean id="entitlement_application_create"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="APPLICATION_CREATE" />
+ <property name="description"
+ value="Description for APPLICATION_CREATE" />
+ </bean>
+ <bean id="entitlement_application_read"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="APPLICATION_READ" />
+ <property name="description"
+ value="Description for APPLICATION_READ" />
+ </bean>
+ <bean id="entitlement_application_update"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="APPLICATION_UPDATE" />
+ <property name="description"
+ value="Description for APPLICATION_UPDATE" />
+ </bean>
+ <bean id="entitlement_application_delete"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="APPLICATION_DELETE" />
+ <property name="description"
+ value="Description for APPLICATION_DELETE" />
+ </bean>
+
+ <bean id="entitlement_trustedidp_list"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="TRUSTEDIDP_LIST" />
+ <property name="description"
+ value="Description for TRUSTEDIDP_LIST" />
+ </bean>
+ <bean id="entitlement_trustedidp_create"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="TRUSTEDIDP_CREATE" />
+ <property name="description"
+ value="Description for TRUSTEDIDP_CREATE" />
+ </bean>
+ <bean id="entitlement_trustedidp_read"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="TRUSTEDIDP_READ" />
+ <property name="description"
+ value="Description for TRUSTEDIDP_READ" />
+ </bean>
+ <bean id="entitlement_trustedidp_update"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="TRUSTEDIDP_UPDATE" />
+ <property name="description"
+ value="Description for TRUSTEDIDP_UPDATE" />
+ </bean>
+ <bean id="entitlement_trustedidp_delete"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="TRUSTEDIDP_DELETE" />
+ <property name="description"
+ value="Description for TRUSTEDIDP_DELETE" />
+ </bean>
+
+ <bean id="entitlement_idp_list"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="IDP_LIST" />
+ <property name="description"
+ value="Description for IDP_LIST" />
+ </bean>
+ <bean id="entitlement_idp_create"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="IDP_CREATE" />
+ <property name="description"
+ value="Description for IDP_CREATE" />
+ </bean>
+ <bean id="entitlement_idp_read"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="IDP_READ" />
+ <property name="description"
+ value="Description for IDP_READ" />
+ </bean>
+ <bean id="entitlement_idp_update"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="IDP_UPDATE" />
+ <property name="description"
+ value="Description for IDP_UPDATE" />
+ </bean>
+ <bean id="entitlement_idp_delete"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="IDP_DELETE" />
+ <property name="description"
+ value="Description for IDP_DELETE" />
+ </bean>
+
+ <bean id="entitlement_role_list"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ROLE_LIST" />
+ <property name="description"
+ value="Description for ROLE_LIST" />
+ </bean>
+ <bean id="entitlement_role_create"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ROLE_CREATE" />
+ <property name="description"
+ value="Description for ROLE_CREATE" />
+ </bean>
+ <bean id="entitlement_role_read"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ROLE_READ" />
+ <property name="description"
+ value="Description for ROLE_READ" />
+ </bean>
+ <bean id="entitlement_role_update"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ROLE_UPDATE" />
+ <property name="description"
+ value="Description for ROLE_UPDATE" />
+ </bean>
+ <bean id="entitlement_role_delete"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ROLE_DELETE" />
+ <property name="description"
+ value="Description for ROLE_DELETE" />
+ </bean>
+
+ <bean id="entitlement_entitlement_list"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ENTITLEMENT_LIST" />
+ <property name="description"
+ value="Description for ENTITLEMENT_LIST" />
+ </bean>
+ <bean id="entitlement_entitlement_create"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ENTITLEMENT_CREATE" />
+ <property name="description"
+ value="Description for ENTITLEMENT_CREATE" />
+ </bean>
+ <bean id="entitlement_entitlement_read"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ENTITLEMENT_READ" />
+ <property name="description"
+ value="Description for ENTITLEMENT_READ" />
+ </bean>
+ <bean id="entitlement_entitlement_update"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ENTITLEMENT_UPDATE" />
+ <property name="description"
+ value="Description for ENTITLEMENT_UPDATE" />
+ </bean>
+ <bean id="entitlement_entitlement_delete"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ENTITLEMENT_DELETE" />
+ <property name="description"
+ value="Description for ENTITLEMENT_DELETE" />
+ </bean>
+
+ <bean id="role_admin"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+ <property name="name"
+ value="ADMIN" />
+ <property name="description"
+ value="This is the administrator role with full access" />
+ <property name="entitlements">
+ <util:list>
+ <ref bean="entitlement_claim_list" />
+ <ref bean="entitlement_claim_create" />
+ <ref bean="entitlement_claim_read" />
+ <ref bean="entitlement_claim_update" />
+ <ref bean="entitlement_claim_delete" />
+ <ref bean="entitlement_idp_list" />
+ <ref bean="entitlement_idp_create" />
+ <ref bean="entitlement_idp_read" />
+ <ref bean="entitlement_idp_update" />
+ <ref bean="entitlement_idp_delete" />
+ <ref bean="entitlement_trustedidp_list" />
+ <ref bean="entitlement_trustedidp_create" />
+ <ref bean="entitlement_trustedidp_read" />
+ <ref bean="entitlement_trustedidp_update" />
+ <ref bean="entitlement_trustedidp_delete" />
+ <ref bean="entitlement_application_list" />
+ <ref bean="entitlement_application_create" />
+ <ref bean="entitlement_application_read" />
+ <ref bean="entitlement_application_update" />
+ <ref bean="entitlement_application_delete" />
+ <ref bean="entitlement_role_list" />
+ <ref bean="entitlement_role_create" />
+ <ref bean="entitlement_role_read" />
+ <ref bean="entitlement_role_update" />
+ <ref bean="entitlement_role_delete" />
+ <ref bean="entitlement_entitlement_list" />
+ <ref bean="entitlement_entitlement_create" />
+ <ref bean="entitlement_entitlement_read" />
+ <ref bean="entitlement_entitlement_update" />
+ <ref bean="entitlement_entitlement_delete" />
+ </util:list>
+ </property>
+ </bean>
+ <bean id="role_user"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+ <property name="name"
+ value="USER" />
+ <property name="description"
+ value="This is the user role with read access" />
+ <property name="entitlements">
+ <util:list>
+ <ref bean="entitlement_claim_list" />
+ <ref bean="entitlement_claim_read" />
+ <ref bean="entitlement_idp_list" />
+ <ref bean="entitlement_idp_read" />
+ <ref bean="entitlement_trustedidp_list" />
+ <ref bean="entitlement_trustedidp_read" />
+ <ref bean="entitlement_application_list" />
+ <ref bean="entitlement_application_read" />
+ <ref bean="entitlement_role_list" />
+ <ref bean="entitlement_role_read" />
+ <ref bean="entitlement_entitlement_list" />
+ <ref bean="entitlement_entitlement_read" />
+ </util:list>
+ </property>
+ </bean>
+ <bean id="role_idp_login"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+ <property name="name"
+ value="IDP_LOGIN" />
+ <property name="description"
+ value="This is the IDP login role which is applied to Users during the IDP SSO" />
+ <property name="entitlements">
+ <util:list>
+ <ref bean="entitlement_claim_list" />
+ <ref bean="entitlement_claim_read" />
+ <ref bean="entitlement_idp_list" />
+ <ref bean="entitlement_idp_read" />
+ <ref bean="entitlement_trustedidp_list" />
+ <ref bean="entitlement_trustedidp_read" />
+ <ref bean="entitlement_application_list" />
+ <ref bean="entitlement_application_read" />
+ </util:list>
+ </property>
+ </bean>
+
+</beans>
+
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/realmb/idp-servlet.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/realmb/idp-servlet.xml b/systests/federation/wsfed/src/test/resources/realmb/idp-servlet.xml
new file mode 100644
index 0000000..2042e8e
--- /dev/null
+++ b/systests/federation/wsfed/src/test/resources/realmb/idp-servlet.xml
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:webflow="http://www.springframework.org/schema/webflow-config"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/webflow-config
+ http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.0.xsd">
+
+ <context:property-placeholder location="classpath:realm.properties" />
+
+ <context:component-scan base-package="org.apache.cxf.fediz.service.idp.beans" />
+
+ <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping"
+ p:flowRegistry-ref="flowRegistry" p:order="2">
+ </bean>
+
+ <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerAdapter"
+ p:flowExecutor-ref="flowExecutor" />
+
+ <webflow:flow-executor id="flowExecutor"
+ flow-registry="flowRegistry">
+ <webflow:flow-execution-attributes>
+ <webflow:always-redirect-on-pause
+ value="false" />
+ </webflow:flow-execution-attributes>
+
+ <webflow:flow-execution-listeners>
+ <webflow:listener ref="securityFlowExecutionListener" />
+ </webflow:flow-execution-listeners>
+ </webflow:flow-executor>
+
+ <bean id="securityFlowExecutionListener"
+ class="org.springframework.webflow.security.SecurityFlowExecutionListener">
+ <property name="accessDecisionManager" ref="accessDecisionManager" />
+ </bean>
+
+ <bean id="accessDecisionManager"
+ class="org.springframework.security.access.vote.AffirmativeBased">
+ <property name="decisionVoters">
+ <list>
+ <bean
+ class="org.springframework.security.access.vote.RoleVoter">
+ <property name="rolePrefix" value="ROLE_" />
+ </bean>
+ <bean
+ class="org.springframework.security.access.vote.AuthenticatedVoter" />
+ </list>
+ </property>
+ </bean>
+
+ <webflow:flow-registry id="flowRegistry"
+ flow-builder-services="builder">
+ <webflow:flow-location
+ path="/WEB-INF/federation-validate-request.xml" id="federation" />
+ <webflow:flow-location path="/WEB-INF/federation-signin-request.xml"
+ id="signinRequest" />
+ <webflow:flow-location path="/WEB-INF/federation-signin-response.xml"
+ id="signinResponse" />
+ </webflow:flow-registry>
+
+ <webflow:flow-builder-services id="builder"
+ view-factory-creator="viewFactoryCreator" expression-parser="expressionParser" />
+
+ <bean id="expressionParser"
+ class="org.springframework.webflow.expression.WebFlowOgnlExpressionParser" />
+
+ <bean id="viewFactoryCreator"
+ class="org.springframework.webflow.mvc.builder.MvcViewFactoryCreator">
+ <property name="viewResolvers">
+ <list>
+ <ref local="viewResolver" />
+ </list>
+ </property>
+ </bean>
+
+ <bean id="viewResolver"
+ class="org.springframework.web.servlet.view.InternalResourceViewResolver">
+ <property name="prefix" value="/WEB-INF/" />
+ <property name="suffix" value=".jsp" />
+ </bean>
+
+ <bean id="stsClientForRpAction"
+ class="org.apache.cxf.fediz.service.idp.beans.STSClientAction">
+ <property name="wsdlLocation"
+ value="https://localhost:0/fediz-idp-sts-realmb/${realm.STS_URI}/STSServiceTransport?wsdl" />
+ <property name="wsdlEndpoint" value="Transport_Port" />
+ <property name="tokenType"
+ value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+ </bean>
+
+ <bean id="signInParamCacheAction"
+ class="org.apache.cxf.fediz.service.idp.beans.SigninParametersCacheAction" />
+
+ <bean id="logoutAction" class="org.apache.cxf.fediz.service.idp.beans.LogoutAction" />
+
+ <bean id="wfreshParser" class="org.apache.cxf.fediz.service.idp.beans.WfreshParser" />
+
+ <bean id="cacheTokenForWauthAction"
+ class="org.apache.cxf.fediz.service.idp.beans.CacheTokenForWauthAction" />
+
+ <bean id="processHRDSExpressionAction"
+ class="org.apache.cxf.fediz.service.idp.beans.ProcessHRDSExpressionAction" />
+
+ <bean id="homeRealmReminder"
+ class="org.apache.cxf.fediz.service.idp.beans.HomeRealmReminder" />
+
+ <bean id="trustedIdpProtocolAction"
+ class="org.apache.cxf.fediz.service.idp.beans.TrustedIdpProtocolAction" />
+
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/realmb/persistence.properties
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/realmb/persistence.properties b/systests/federation/wsfed/src/test/resources/realmb/persistence.properties
new file mode 100644
index 0000000..2628714
--- /dev/null
+++ b/systests/federation/wsfed/src/test/resources/realmb/persistence.properties
@@ -0,0 +1,15 @@
+#jpa.driverClassName=org.apache.derby.jdbc.ClientDriver
+#jpa.url=jdbc:derby://localhost:1527/Fediz
+#jpa.username=admin
+#jpa.password=admin
+#jpa.defaultData=true
+#jpa.platform=DerbyDictionary
+
+
+jpa.driverClassName=org.hsqldb.jdbcDriver
+#jpa.url=jdbc:hsqldb:target/fediz/db/myDB;shutdown=true
+jpa.url=jdbc:hsqldb:target/db/realmb/myDB;shutdown=true
+jpa.username=sa
+jpa.password=
+jpa.defaultData=true
+jpa.platform=HSQLDictionary
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/realmb/realm.properties
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/realmb/realm.properties b/systests/federation/wsfed/src/test/resources/realmb/realm.properties
new file mode 100644
index 0000000..41d04cd
--- /dev/null
+++ b/systests/federation/wsfed/src/test/resources/realmb/realm.properties
@@ -0,0 +1,6 @@
+realm.STS_URI=REALMB
+realmA.port=${idp.https.port}
+realmB.port=${idp.realmb.https.port}
+idp-config=idp-config-realmb.xml
+db-load-config=entities-realmb.xml
+realm-uri=urn:org:apache:cxf:fediz:idp:realm-B