You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@stratos.apache.org by ud...@apache.org on 2014/12/05 17:23:21 UTC
[2/6] stratos git commit: add identity.xml and
application-authentication.xml to product
add identity.xml and application-authentication.xml to product
Project: http://git-wip-us.apache.org/repos/asf/stratos/repo
Commit: http://git-wip-us.apache.org/repos/asf/stratos/commit/7aadf446
Tree: http://git-wip-us.apache.org/repos/asf/stratos/tree/7aadf446
Diff: http://git-wip-us.apache.org/repos/asf/stratos/diff/7aadf446
Branch: refs/heads/master
Commit: 7aadf446fc1c272b41e7219860cb8bda8ef084c1
Parents: 7ca80c9
Author: Udara Liyanage <ud...@wso2.com>
Authored: Fri Dec 5 19:24:58 2014 +0530
Committer: Udara Liyanage <ud...@wso2.com>
Committed: Fri Dec 5 19:31:33 2014 +0530
----------------------------------------------------------------------
.../modules/distribution/src/assembly/bin.xml | 14 +-
.../distribution/src/main/conf/identity.xml | 258 +++++++++++++++++++
.../security/application-authentication.xml | 123 +++++++++
products/stratos/pom.xml | 18 +-
.../config/all/repository/conf/identity.xml | 245 ++++++++++++++++++
.../security/application-authentication.xml | 123 +++++++++
tools/stratos-installer/setup.sh | 7 +
7 files changed, 778 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/stratos/blob/7aadf446/products/stratos/modules/distribution/src/assembly/bin.xml
----------------------------------------------------------------------
diff --git a/products/stratos/modules/distribution/src/assembly/bin.xml b/products/stratos/modules/distribution/src/assembly/bin.xml
index a9ce001..07b7de4 100755
--- a/products/stratos/modules/distribution/src/assembly/bin.xml
+++ b/products/stratos/modules/distribution/src/assembly/bin.xml
@@ -316,7 +316,6 @@
<directory>../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/</directory>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/</outputDirectory>
<includes>
- <include>**/identity.xml</include>
<include>**/rule-engine-config.xml</include>
</includes>
</fileSet>
@@ -663,6 +662,19 @@
<filtered>true</filtered>
<fileMode>755</fileMode>
</file>
+ <!--iindentity.xml and application-authentication.xml for oAuth feature -->
+ <file>
+ <source>src/main/conf/identity.xml</source>
+ <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf</outputDirectory>
+ <filtered>true</filtered>
+ <fileMode>755</fileMode>
+ </file>
+ <file>
+ <source>src/main/conf/security/application-authentication.xml</source>
+ <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/security/</outputDirectory>
+ <filtered>true</filtered>
+ <fileMode>755</fileMode>
+ </file>
<file>
<source>src/main/conf/metadataservice.xml</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf</outputDirectory>
http://git-wip-us.apache.org/repos/asf/stratos/blob/7aadf446/products/stratos/modules/distribution/src/main/conf/identity.xml
----------------------------------------------------------------------
diff --git a/products/stratos/modules/distribution/src/main/conf/identity.xml b/products/stratos/modules/distribution/src/main/conf/identity.xml
new file mode 100644
index 0000000..a63f8e6
--- /dev/null
+++ b/products/stratos/modules/distribution/src/main/conf/identity.xml
@@ -0,0 +1,258 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!-- ~ Copyright (c) 2005-2011, WSO2 Inc. (http://www.wso2.org) All Rights
+ Reserved. ~ ~ WSO2 Inc. licenses this file to you under the Apache License,
+ ~ Version 2.0 (the "License"); you may not use this file except ~ in compliance
+ with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~ ~ Unless required by applicable law or agreed to in writing, ~ software
+ distributed under the License is distributed on an ~ "AS IS" BASIS, WITHOUT
+ WARRANTIES OR CONDITIONS OF ANY ~ KIND, either express or implied. See the
+ License for the ~ specific language governing permissions and limitations
+ ~ under the License. -->
+
+<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
+
+ <JDBCPersistenceManager>
+ <DataSource>
+ <!-- Include a data source name (jndiConfigName) from the set of data
+ sources defined in master-datasources.xml -->
+ <Name>jdbc/WSO2CarbonDB</Name>
+ </DataSource>
+ <!-- If the identity database is created from another place and if it is
+ required to skip schema initialization during the server start up, set the
+ following property to "true". -->
+ <!-- <SkipDBSchemaCreation>false</SkipDBSchemaCreation> -->
+ </JDBCPersistenceManager>
+
+ <!-- Security configurations -->
+ <Security>
+ <UserTrustedRPStore>
+ <Location>${carbon.home}/repository/resources/security/userRP.jks
+ </Location>
+ <!-- Keystore type (JKS/PKCS12 etc.) -->
+ <Type>JKS</Type>
+ <!-- Keystore password -->
+ <Password>wso2carbon</Password>
+ <!-- Private Key password -->
+ <KeyPassword>wso2carbon</KeyPassword>
+ </UserTrustedRPStore>
+
+ <!-- The directory under which all other KeyStore files will be stored -->
+ <KeyStoresDir>${carbon.home}/conf/keystores</KeyStoresDir>
+ </Security>
+
+ <Identity>
+ <IssuerPolicy>SelfAndManaged</IssuerPolicy>
+ <TokenValidationPolicy>CertValidate</TokenValidationPolicy>
+ <BlackList></BlackList>
+ <WhiteList></WhiteList>
+ <System>
+ <KeyStore></KeyStore>
+ <StorePass></StorePass>
+ </System>
+ </Identity>
+
+ <OpenID>
+ <OpenIDServerUrl>https://localhost:9443/openidserver</OpenIDServerUrl>
+ <OpenIDUserPattern>https://localhost:9443/openid/</OpenIDUserPattern>
+ <!-- If the users must be prompted for approval -->
+ <OpenIDSkipUserConsent>false</OpenIDSkipUserConsent>
+ <!-- Expiry time of the OpenID RememberMe token in minutes -->
+ <OpenIDRememberMeExpiry>7200</OpenIDRememberMeExpiry>
+ <!-- Multifactor Authentication configuration -->
+ <UseMultifactorAuthentication>false</UseMultifactorAuthentication>
+ <!-- To enable or disable openid dumb mode -->
+ <DisableOpenIDDumbMode>false</DisableOpenIDDumbMode>
+ <!-- remember me session timeout in seconds -->
+ <SessionTimeout>36000</SessionTimeout>
+ <!-- skips authentication if valid SAML2 Web SSO browser session available -->
+ <AcceptSAMLSSOLogin>false</AcceptSAMLSSOLogin>
+ <ClaimsRetrieverImplClass>org.wso2.carbon.identity.provider.openid.claims.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
+ </OpenID>
+
+ <OAuth>
+ <RequestTokenUrl>https://localhost:9443/oauth/request-token</RequestTokenUrl>
+ <AccessTokenUrl>https://localhost:9443/oauth/access-token</AccessTokenUrl>
+ <AuthorizeUrl>https://localhost:9443/oauth/authorize-url</AuthorizeUrl>
+ <!-- Default validity period for Authorization Code in seconds -->
+ <AuthorizationCodeDefaultValidityPeriod>300</AuthorizationCodeDefaultValidityPeriod>
+ <!-- Default validity period for user access tokens in seconds -->
+ <AccessTokenDefaultValidityPeriod>3602</AccessTokenDefaultValidityPeriod>
+ <!-- Default validity period for application access tokens in seconds -->
+ <UserAccessTokenDefaultValidityPeriod>3603</UserAccessTokenDefaultValidityPeriod>
+ <!-- Validity period for refresh token -->
+ <RefreshTokenValidityPeriod>84600</RefreshTokenValidityPeriod>
+ <!-- Timestamp skew in seconds -->
+ <TimestampSkew>300</TimestampSkew>
+ <!-- Enable OAuth caching -->
+ <EnableOAuthCache>true</EnableOAuthCache>
+ <!-- Enable renewal of refresh token for refresh_token grant -->
+ <RenewRefreshTokenForRefreshGrant>true</RenewRefreshTokenForRefreshGrant>
+ <!-- Process the token before storing it in database, e.g. encrypting -->
+ <TokenPersistenceProcessor>org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor</TokenPersistenceProcessor>
+ <!-- Supported Client Autnetication Methods -->
+ <ClientAuthHandlers>
+ <ClientAuthHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.clientauth.BasicAuthClientAuthHandler</ClientAuthHandlerImplClass>
+ </ClientAuthHandlers>
+ <!-- Supported Response Types -->
+ <SupportedResponseTypes>
+ <SupportedResponseType>
+ <ResponseTypeName>token</ResponseTypeName>
+ <ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler</ResponseTypeHandlerImplClass>
+ </SupportedResponseType>
+ <SupportedResponseType>
+ <ResponseTypeName>code</ResponseTypeName>
+ <ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.CodeResponseTypeHandler</ResponseTypeHandlerImplClass>
+ </SupportedResponseType>
+ </SupportedResponseTypes>
+ <!-- Supported Grant Types -->
+ <SupportedGrantTypes>
+ <SupportedGrantType>
+ <GrantTypeName>authorization_code</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationCodeGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>password</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <!--
+ <SupportedGrantType>
+ <GrantTypeName>password</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.udara.handlers.MyPasswordGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ -->
+ <SupportedGrantType>
+ <GrantTypeName>refresh_token</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>client_credentials</GrantTypeName>
+ <!--<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.ClientCredentialsGrantHandler</GrantTypeHandlerImplClass>-->
+ <GrantTypeHandlerImplClass>org.udara.handlers.ClientCredentialsGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>urn:ietf:params:oauth:grant-type:saml2-bearer</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>iwa:ntlm</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.NTLMAuthenticationGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ </SupportedGrantTypes>
+ <OAuthCallbackHandlers>
+ <OAuthCallbackHandler Class="org.wso2.carbon.identity.oauth.callback.DefaultCallbackHandler" />
+ </OAuthCallbackHandlers>
+ <!--TokenValidators>
+ <TokenValidator type="bearer" class="org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator"/>
+ </TokenValidators-->
+ <!-- Assertions can be used to embedd parameters into access token. -->
+ <EnableAssertions>
+ <UserName>false</UserName>
+ </EnableAssertions>
+
+ <!-- This should be set to true when using multiple user stores and keys
+ should saved into different tables according to the user store. By default
+ all the application keys are saved in to the same table. UserName Assertion
+ should be 'true' to use this. -->
+ <EnableAccessTokenPartitioning>false</EnableAccessTokenPartitioning>
+ <!-- user store domain names and mapping to new table name. eg: if you
+ provide 'A:foo.com', foo.com should be the user store domain name and 'A'
+ represent the relavant mapping of token store table, i.e. tokens will be
+ added to a table called IDN_OAUTH2_ACCESS_TOKEN_A. -->
+ <AccessTokenPartitioningDomains><!-- A:foo.com, B:bar.com -->
+ </AccessTokenPartitioningDomains>
+ <AuthorizationContextTokenGeneration>
+ <Enabled>false</Enabled>
+ <TokenGeneratorImplClass>org.wso2.carbon.identity.oauth2.authcontext.JWTTokenGenerator</TokenGeneratorImplClass>
+ <ClaimsRetrieverImplClass>org.wso2.carbon.identity.oauth2.authcontext.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
+ <ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI>
+ <SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
+ <AuthorizationContextTTL>15</AuthorizationContextTTL>
+ </AuthorizationContextTokenGeneration>
+ <SAML2Grant>
+ <!--SAML2TokenHandler></SAML2TokenHandler-->
+ </SAML2Grant>
+ <OpenIDConnect>
+ <IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
+ <IDTokenIssuerID>https://localhost:9443/oauth2endpoints/token</IDTokenIssuerID>
+ <IDTokenSubjectClaim>http://wso2.org/claims/givenname</IDTokenSubjectClaim>
+ <IDTokenCustomClaimsCallBackHandler>org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback</IDTokenCustomClaimsCallBackHandler>
+ <IDTokenExpiration>-1</IDTokenExpiration>
+ <UserInfoEndpointClaimDialect>http://wso2.org/claims</UserInfoEndpointClaimDialect>
+ <UserInfoEndpointClaimRetriever>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever</UserInfoEndpointClaimRetriever>
+ <UserInfoEndpointRequestValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator</UserInfoEndpointRequestValidator>
+ <UserInfoEndpointAccessTokenValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator</UserInfoEndpointAccessTokenValidator>
+ <UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder</UserInfoEndpointResponseBuilder>
+ <SkipUserConsent>false</SkipUserConsent>
+ </OpenIDConnect>
+ </OAuth>
+
+ <MultifactorAuthentication>
+ <XMPPSettings>
+ <XMPPConfig>
+ <XMPPProvider>gtalk</XMPPProvider>
+ <XMPPServer>talk.google.com</XMPPServer>
+ <XMPPPort>5222</XMPPPort>
+ <XMPPExt>gmail.com</XMPPExt>
+ <XMPPUserName>multifactor1@gmail.com</XMPPUserName>
+ <XMPPPassword>wso2carbon</XMPPPassword>
+ </XMPPConfig>
+ </XMPPSettings>
+ </MultifactorAuthentication>
+
+ <SSOService>
+ <EntityId>localhost</EntityId>
+ <IdentityProviderURL>https://localhost:9443/samlsso</IdentityProviderURL>
+ <SingleLogoutRetryCount>5</SingleLogoutRetryCount>
+ <SingleLogoutRetryInterval>60000</SingleLogoutRetryInterval> <!-- in milli seconds -->
+ <TenantPartitioningEnabled>false</TenantPartitioningEnabled>
+ <SessionTimeout>36000</SessionTimeout> <!-- remember me session timeout in seconds -->
+ <!-- skips authentication if valid SAML2 Web SSO browser session available -->
+ <AttributeStatementBuilder>org.wso2.carbon.identity.sso.saml.attributes.UserAttributeStatementBuilder</AttributeStatementBuilder>
+ <AttributesClaimDialect>http://wso2.org/claims</AttributesClaimDialect>
+ <AcceptOpenIDLogin>false</AcceptOpenIDLogin>
+ <ClaimsRetrieverImplClass>org.wso2.carbon.identity.sso.saml.builders.claims.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
+ <SAMLSSOEncrypter>org.wso2.carbon.identity.sso.saml.builders.encryption.DefaultSSOEncrypter</SAMLSSOEncrypter>
+ <SAMLSSOSigner>org.wso2.carbon.identity.sso.saml.builders.signature.DefaultSSOSigner</SAMLSSOSigner>
+ <SAML2HTTPRedirectSignatureValidator>org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectDeflateSignatureValidator</SAML2HTTPRedirectSignatureValidator>
+ <!--SAMLSSOResponseBuilder>org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder</SAMLSSOResponseBuilder-->
+
+ <!-- SAML Token validity period in minutes -->
+ <SAMLResponseValidityPeriod>5</SAMLResponseValidityPeriod>
+ <UseAuthenticatedUserDomain>false</UseAuthenticatedUserDomain>
+ </SSOService>
+
+ <EntitlementSettings>
+ <!-- Uncomment this to enable on-demand policy loading -->
+ <!--OnDemandPolicyLoading> <Enable>true</Enable> <MaxInMemoryPolicies>100</MaxInMemoryPolicies>
+ </OnDemandPolicyLoading -->
+ <DecisionCaching>
+ <Enable>true</Enable>
+ <CachingInterval>36000</CachingInterval>
+ </DecisionCaching>
+ <AttributeCaching>
+ <Enable>true</Enable>
+ </AttributeCaching>
+ <ThirftBasedEntitlementConfig>
+ <EnableThriftService>true</EnableThriftService>
+ <ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
+ <ClientTimeout>10000</ClientTimeout>
+ <KeyStore>
+ <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+ <Password>wso2carbon</Password>
+ </KeyStore>
+ </ThirftBasedEntitlementConfig>
+ </EntitlementSettings>
+
+ <SCIMAuthenticators>
+ <Authenticator class="org.wso2.carbon.identity.scim.provider.auth.BasicAuthHandler">
+ <Property name="Priority">5</Property>
+ </Authenticator>
+ <Authenticator class="org.wso2.carbon.identity.scim.provider.auth.OAuthHandler">
+ <Property name="Priority">10</Property>
+ <Property name="AuthorizationServer">local://services</Property>
+ <!--Property name="AuthorizationServer">https://localhost:9443/services</Property>
+ <Property name="UserName">admin</Property>
+ <Property name="Password">admin</Property-->
+ </Authenticator>
+ </SCIMAuthenticators>
+</Server>
http://git-wip-us.apache.org/repos/asf/stratos/blob/7aadf446/products/stratos/modules/distribution/src/main/conf/security/application-authentication.xml
----------------------------------------------------------------------
diff --git a/products/stratos/modules/distribution/src/main/conf/security/application-authentication.xml b/products/stratos/modules/distribution/src/main/conf/security/application-authentication.xml
new file mode 100644
index 0000000..695711c
--- /dev/null
+++ b/products/stratos/modules/distribution/src/main/conf/security/application-authentication.xml
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!-- ~ Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights
+ Reserved. ~ ~ WSO2 Inc. licenses this file to you under the Apache License,
+ ~ Version 2.0 (the "License"); you may not use this file except ~ in compliance
+ with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~ ~ Unless required by applicable law or agreed to in writing, ~ software
+ distributed under the License is distributed on an ~ "AS IS" BASIS, WITHOUT
+ WARRANTIES OR CONDITIONS OF ANY ~ KIND, either express or implied. See the
+ License for the ~ specific language governing permissions and limitations
+ ~ under the License. -->
+
+<ApplicationAuthentication xmlns="http://wso2.org/projects/carbon/application-authentication.xml">
+
+ <JDBCPersistenceManager>
+ <DataSource>
+ <!-- Include a data source name (jndiConfigName) from the set of data
+ sources defined in master-datasources.xml -->
+ <!--Name>jdbc/WSO2_IDP_DB</Name-->
+ <Name>jdbc/WSO2CarbonDB</Name>
+ </DataSource>
+ </JDBCPersistenceManager>
+
+ <!--
+ ProxyMode allows framework to operate in either 'smart' mode
+ or 'dumb' mode.
+ smart = both local and federated authentication is supported
+ dumb = only federated authentication is supported
+ -->
+ <ProxyMode>smart</ProxyMode>
+
+ <!--
+ AuthenticationEndpointURL is location of the web app containing
+ the authentication related pages
+ -->
+ <AuthenticationEndpointURL>/authenticationendpoint/login.do</AuthenticationEndpointURL>
+
+ <!--
+ Extensions allow extending the default behaviour of the authentication
+ process.
+ -->
+ <Extensions>
+ <RequestCoordinator>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator</RequestCoordinator>
+ <AuthenticationRequestHandler>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler</AuthenticationRequestHandler>
+ <LogoutRequestHandler>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultLogoutRequestHandler</LogoutRequestHandler>
+ <StepBasedSequenceHandler>org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler</StepBasedSequenceHandler>
+ <RequestPathBasedSequenceHandler>org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultRequestPathBasedSequenceHandler</RequestPathBasedSequenceHandler>
+ <StepHandler>org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler</StepHandler>
+ <HomeRealmDiscoverer>org.wso2.carbon.identity.application.authentication.framework.handler.hrd.impl.DefaultHomeRealmDiscoverer</HomeRealmDiscoverer>
+ <ClaimHandler>org.wso2.carbon.identity.application.authentication.framework.handler.claims.impl.DefaultClaimHandler</ClaimHandler>
+ <ProvisioningHandler>org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.impl.DefaultProvisioningHandler</ProvisioningHandler>
+ </Extensions>
+
+ <!--
+ AuthenticatorNameMappings allow specifying an authenticator
+ against a pre-defined alias (which will be used by other components.
+ E.g. Application Mgt component). This enables the usage of a custom
+ authenticator in place of an authenticator that gets packed with the
+ distribution.
+ -->
+ <AuthenticatorNameMappings>
+ <AuthenticatorNameMapping name="BasicAuthenticator" alias="basic" />
+ <AuthenticatorNameMapping name="OAuthRequestPathAuthenticator" alias="oauth-bearer" />
+ <AuthenticatorNameMapping name="BasicAuthRequestPathAuthenticator" alias="basic-auth" />
+ <AuthenticatorNameMapping name="IWAAuthenticator" alias="iwa" />
+ <AuthenticatorNameMapping name="SAMLSSOAuthenticator" alias="samlsso" />
+ <AuthenticatorNameMapping name="OpenIDConnectAuthenticator" alias="openidconnect" />
+ <AuthenticatorNameMapping name="OpenIDAuthenticator" alias="openid" />
+ <AuthenticatorNameMapping name="PassiveSTSAuthenticator" alias="passive-sts" />
+ </AuthenticatorNameMappings>
+
+ <!--
+ AuthenticatorConfigs allow specifying various configurations needed
+ by the authenticators by using any number of \'Parameter\' elements
+ E.g.
+ <AuthenticatorConfig name="CustomAuthenticator" enabled="true" />
+ <Parameter name="paramName1">paramValue</Parameter>
+ <Parameter name="paramName2">paramValue</Parameter>
+ </AuthenticatorConfig>
+ -->
+ <AuthenticatorConfigs>
+ <AuthenticatorConfig name="BasicAuthenticator" enabled="true" />
+ <AuthenticatorConfig name="OAuthRequestPathAuthenticator" enabled="true" />
+ <AuthenticatorConfig name="BasicAuthRequestPathAuthenticator" enabled="true" />
+ <AuthenticatorConfig name="SAMLSSOAuthenticator" enabled="true">
+ <!--Parameter name="SAMLSSOManager">org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAMLSSOManager</Parameter-->
+ </AuthenticatorConfig>
+ <AuthenticatorConfig name="OpenIDConnectAuthenticator" enabled="true">
+ <!--Parameter name="IDTokenHandler">org.wso2.carbon.identity.application.authenticator.oidc.DefaultIDTokenHandler</Parameter-->
+ <!--Parameter name="ClaimsRetriever">org.wso2.carbon.identity.application.authenticator.oidc.OIDCUserInfoClaimsRetriever</Parameter-->
+ </AuthenticatorConfig>
+ <AuthenticatorConfig name="OpenIDAuthenticator" enabled="true">
+ <Parameter name="LoginPage">/authenticationendpoint/login.do</Parameter>
+ <Parameter name="TrustStorePath">/repository/resources/security/client-truststore.jks</Parameter>
+ <Parameter name="TrustStorePassword">wso2carbon</Parameter>
+ <!--Parameter name="OpenIDManager">org.wso2.carbon.identity.application.authenticator.openid.manager.DefaultOpenIDManager</Parameter>
+ <Parameter name="AttributesRequestor">org.wso2.carbon.identity.application.authenticator.openid.manager.SampleAttributesRequestor</Parameter-->
+ </AuthenticatorConfig>
+ </AuthenticatorConfigs>
+
+ <!--
+ Sequences allow specifying authentication flows for different
+ registered applications. \'default\' sequence is taken if an
+ application specific sequence doesn't exist in this file or
+ in the Application Mgt module.
+ -->
+ <Sequences>
+ <!-- Default Sequence. This is mandatory -->
+ <Sequence appId="default">
+ <Step order="1">
+ <Authenticator name="BasicAuthenticator"/>
+ </Step>
+ </Sequence>
+ </Sequences>
+
+ <ServiceProvidersManagement>
+ <ApplicationDAO>org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl</ApplicationDAO>
+ <OAuthOIDCClientDAO>org.wso2.carbon.identity.application.mgt.dao.impl.OAuthApplicationDAOImpl</OAuthOIDCClientDAO>
+ <SAMLClientDAO>org.wso2.carbon.identity.application.mgt.dao.impl.SAMLApplicationDAOImpl</SAMLClientDAO>
+ <SystemIDPDAO>org.wso2.carbon.identity.application.mgt.dao.impl.IdentityProviderDAOImpl</SystemIDPDAO>
+ <ClaimDialect>http://wso2.org/claims</ClaimDialect>
+ </ServiceProvidersManagement>
+
+</ApplicationAuthentication>
http://git-wip-us.apache.org/repos/asf/stratos/blob/7aadf446/products/stratos/pom.xml
----------------------------------------------------------------------
diff --git a/products/stratos/pom.xml b/products/stratos/pom.xml
index abb2334..fcc5034 100755
--- a/products/stratos/pom.xml
+++ b/products/stratos/pom.xml
@@ -194,19 +194,19 @@
<version>${stratos.component.version}</version>
</dependency>
<dependency>
- <groupId>org.apache.stratos</groupId>
- <artifactId>org.apache.stratos.tenant.mgt</artifactId>
- <version>${project.version}</version>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.tenant.mgt</artifactId>
+ <version>2.2.2</version>
</dependency>
<dependency>
- <groupId>org.apache.stratos</groupId>
- <artifactId>org.apache.stratos.tenant.mgt.email.sender</artifactId>
- <version>${project.version}</version>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.tenant.mgt.email.sender</artifactId>
+ <version>2.2.0</version>
</dependency>
<dependency>
- <groupId>org.apache.stratos</groupId>
- <artifactId>org.apache.stratos.tenant.mgt.core</artifactId>
- <version>${project.version}</version>
+ <groupId>org.wso2.carbon</groupId>
+ <artifactId>org.wso2.carbon.tenant.mgt.core</artifactId>
+ <version>2.2.0</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
http://git-wip-us.apache.org/repos/asf/stratos/blob/7aadf446/tools/stratos-installer/config/all/repository/conf/identity.xml
----------------------------------------------------------------------
diff --git a/tools/stratos-installer/config/all/repository/conf/identity.xml b/tools/stratos-installer/config/all/repository/conf/identity.xml
new file mode 100755
index 0000000..42bd801
--- /dev/null
+++ b/tools/stratos-installer/config/all/repository/conf/identity.xml
@@ -0,0 +1,245 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!-- ~ Copyright (c) 2005-2011, WSO2 Inc. (http://www.wso2.org) All Rights
+ Reserved. ~ ~ WSO2 Inc. licenses this file to you under the Apache License,
+ ~ Version 2.0 (the "License"); you may not use this file except ~ in compliance
+ with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~ ~ Unless required by applicable law or agreed to in writing, ~ software
+ distributed under the License is distributed on an ~ "AS IS" BASIS, WITHOUT
+ WARRANTIES OR CONDITIONS OF ANY ~ KIND, either express or implied. See the
+ License for the ~ specific language governing permissions and limitations
+ ~ under the License. -->
+
+<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
+
+ <JDBCPersistenceManager>
+ <DataSource>
+ <!-- Include a data source name (jndiConfigName) from the set of data
+ sources defined in master-datasources.xml -->
+ <Name>jdbc/WSO2CarbonDB</Name>
+ </DataSource>
+ <!-- If the identity database is created from another place and if it is
+ required to skip schema initialization during the server start up, set the
+ following property to "true". -->
+ <!-- <SkipDBSchemaCreation>false</SkipDBSchemaCreation> -->
+ </JDBCPersistenceManager>
+
+ <!-- Security configurations -->
+ <Security>
+ <UserTrustedRPStore>
+ <Location>${carbon.home}/repository/resources/security/userRP.jks
+ </Location>
+ <!-- Keystore type (JKS/PKCS12 etc.) -->
+ <Type>JKS</Type>
+ <!-- Keystore password -->
+ <Password>wso2carbon</Password>
+ <!-- Private Key password -->
+ <KeyPassword>wso2carbon</KeyPassword>
+ </UserTrustedRPStore>
+
+ <!-- The directory under which all other KeyStore files will be stored -->
+ <KeyStoresDir>${carbon.home}/conf/keystores</KeyStoresDir>
+ </Security>
+
+ <Identity>
+ <IssuerPolicy>SelfAndManaged</IssuerPolicy>
+ <TokenValidationPolicy>CertValidate</TokenValidationPolicy>
+ <BlackList></BlackList>
+ <WhiteList></WhiteList>
+ <System>
+ <KeyStore></KeyStore>
+ <StorePass></StorePass>
+ </System>
+ </Identity>
+
+ <OpenID>
+ <OpenIDServerUrl>https://localhost:9443/openidserver</OpenIDServerUrl>
+ <OpenIDUserPattern>https://localhost:9443/openid/</OpenIDUserPattern>
+ <!-- If the users must be prompted for approval -->
+ <OpenIDSkipUserConsent>false</OpenIDSkipUserConsent>
+ <!-- Expiry time of the OpenID RememberMe token in minutes -->
+ <OpenIDRememberMeExpiry>7200</OpenIDRememberMeExpiry>
+ <!-- Multifactor Authentication configuration -->
+ <UseMultifactorAuthentication>false</UseMultifactorAuthentication>
+ <!-- To enable or disable openid dumb mode -->
+ <DisableOpenIDDumbMode>false</DisableOpenIDDumbMode>
+ <!-- remember me session timeout in seconds -->
+ <SessionTimeout>36000</SessionTimeout>
+ <!-- skips authentication if valid SAML2 Web SSO browser session available -->
+ <AcceptSAMLSSOLogin>false</AcceptSAMLSSOLogin>
+ <ClaimsRetrieverImplClass>org.wso2.carbon.identity.provider.openid.claims.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
+ </OpenID>
+
+ <OAuth>
+ <RequestTokenUrl>https://localhost:9443/oauth/request-token</RequestTokenUrl>
+ <AccessTokenUrl>https://localhost:9443/oauth/access-token</AccessTokenUrl>
+ <AuthorizeUrl>https://localhost:9443/oauth/authorize-url</AuthorizeUrl>
+ <!-- Default validity period for Authorization Code in seconds -->
+ <AuthorizationCodeDefaultValidityPeriod>300</AuthorizationCodeDefaultValidityPeriod>
+ <!-- Default validity period for user access tokens in seconds -->
+ <AccessTokenDefaultValidityPeriod>3600</AccessTokenDefaultValidityPeriod>
+ <!-- Default validity period for application access tokens in seconds -->
+ <UserAccessTokenDefaultValidityPeriod>3600</UserAccessTokenDefaultValidityPeriod>
+ <!-- Validity period for refresh token -->
+ <RefreshTokenValidityPeriod>84600</RefreshTokenValidityPeriod>
+ <!-- Timestamp skew in seconds -->
+ <TimestampSkew>300</TimestampSkew>
+ <!-- Enable OAuth caching -->
+ <EnableOAuthCache>true</EnableOAuthCache>
+ <!-- Enable renewal of refresh token for refresh_token grant -->
+ <RenewRefreshTokenForRefreshGrant>true</RenewRefreshTokenForRefreshGrant>
+ <!-- Process the token before storing it in database, e.g. encrypting -->
+ <TokenPersistenceProcessor>org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor</TokenPersistenceProcessor>
+ <!-- Supported Client Autnetication Methods -->
+ <ClientAuthHandlers>
+ <ClientAuthHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.clientauth.BasicAuthClientAuthHandler</ClientAuthHandlerImplClass>
+ </ClientAuthHandlers>
+ <!-- Supported Response Types -->
+ <SupportedResponseTypes>
+ <SupportedResponseType>
+ <ResponseTypeName>token</ResponseTypeName>
+ <ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler</ResponseTypeHandlerImplClass>
+ </SupportedResponseType>
+ <SupportedResponseType>
+ <ResponseTypeName>code</ResponseTypeName>
+ <ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.CodeResponseTypeHandler</ResponseTypeHandlerImplClass>
+ </SupportedResponseType>
+ </SupportedResponseTypes>
+ <!-- Supported Grant Types -->
+ <SupportedGrantTypes>
+ <SupportedGrantType>
+ <GrantTypeName>authorization_code</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationCodeGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>password</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>refresh_token</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>client_credentials</GrantTypeName>
+ <!--<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.ClientCredentialsGrantHandler</GrantTypeHandlerImplClass>-->
+ <GrantTypeHandlerImplClass>org.apache.stratos.custom.handlers.granttype.ClientCredentialsGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>urn:ietf:params:oauth:grant-type:saml2-bearer</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ <SupportedGrantType>
+ <GrantTypeName>iwa:ntlm</GrantTypeName>
+ <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.NTLMAuthenticationGrantHandler</GrantTypeHandlerImplClass>
+ </SupportedGrantType>
+ </SupportedGrantTypes>
+ <OAuthCallbackHandlers>
+ <OAuthCallbackHandler Class="org.wso2.carbon.identity.oauth.callback.DefaultCallbackHandler" />
+ </OAuthCallbackHandlers>
+ <!--TokenValidators>
+ <TokenValidator type="bearer" class="org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator"/>
+ </TokenValidators-->
+ <!-- Assertions can be used to embedd parameters into access token. -->
+ <EnableAssertions>
+ <UserName>false</UserName>
+ </EnableAssertions>
+
+ <!-- This should be set to true when using multiple user stores and keys
+ should saved into different tables according to the user store. By default
+ all the application keys are saved in to the same table. UserName Assertion
+ should be 'true' to use this. -->
+ <EnableAccessTokenPartitioning>false</EnableAccessTokenPartitioning>
+ <!-- user store domain names and mapping to new table name. eg: if you
+ provide 'A:foo.com', foo.com should be the user store domain name and 'A'
+ represent the relavant mapping of token store table, i.e. tokens will be
+ added to a table called IDN_OAUTH2_ACCESS_TOKEN_A. -->
+ <AccessTokenPartitioningDomains><!-- A:foo.com, B:bar.com -->
+ </AccessTokenPartitioningDomains>
+ <AuthorizationContextTokenGeneration>
+ <Enabled>false</Enabled>
+ <TokenGeneratorImplClass>org.wso2.carbon.identity.oauth2.authcontext.JWTTokenGenerator</TokenGeneratorImplClass>
+ <ClaimsRetrieverImplClass>org.wso2.carbon.identity.oauth2.authcontext.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
+ <ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI>
+ <SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
+ <AuthorizationContextTTL>15</AuthorizationContextTTL>
+ </AuthorizationContextTokenGeneration>
+ <SAML2Grant>
+ <!--SAML2TokenHandler></SAML2TokenHandler-->
+ </SAML2Grant>
+ <OpenIDConnect>
+ <IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
+ <IDTokenIssuerID>https://localhost:9443/oauth2endpoints/token</IDTokenIssuerID>
+ <IDTokenSubjectClaim>http://wso2.org/claims/givenname</IDTokenSubjectClaim>
+ <IDTokenCustomClaimsCallBackHandler>org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback</IDTokenCustomClaimsCallBackHandler>
+ <IDTokenExpiration>3600</IDTokenExpiration>
+ <UserInfoEndpointClaimDialect>http://wso2.org/claims</UserInfoEndpointClaimDialect>
+ <UserInfoEndpointClaimRetriever>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever</UserInfoEndpointClaimRetriever>
+ <UserInfoEndpointRequestValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator</UserInfoEndpointRequestValidator>
+ <UserInfoEndpointAccessTokenValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator</UserInfoEndpointAccessTokenValidator>
+ <UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder</UserInfoEndpointResponseBuilder>
+ <SkipUserConsent>false</SkipUserConsent>
+ </OpenIDConnect>
+ </OAuth>
+
+
+ <MultifactorAuthentication>
+ <XMPPSettings>
+ <XMPPConfig>
+ <XMPPProvider>gtalk</XMPPProvider>
+ <XMPPServer>talk.google.com</XMPPServer>
+ <XMPPPort>5222</XMPPPort>
+ <XMPPExt>gmail.com</XMPPExt>
+ <XMPPUserName>multifactor1@gmail.com</XMPPUserName>
+ <XMPPPassword>wso2carbon</XMPPPassword>
+ </XMPPConfig>
+ </XMPPSettings>
+ </MultifactorAuthentication>
+
+ <SSOService>
+ <IdentityProviderURL>https://localhost:9443/samlsso</IdentityProviderURL>
+ <SingleLogoutRetryCount>5</SingleLogoutRetryCount>
+ <SingleLogoutRetryInterval>60000</SingleLogoutRetryInterval> <!-- in milli seconds -->
+ <TenantPartitioningEnabled>false</TenantPartitioningEnabled>
+ <SessionTimeout>36000</SessionTimeout> <!-- remember me session timeout in seconds -->
+ <!-- skips authentication if valid SAML2 Web SSO browser session available -->
+ <AttributeStatementBuilder>org.wso2.carbon.identity.sso.saml.attributes.UserAttributeStatementBuilder</AttributeStatementBuilder>
+ <AttributesClaimDialect>http://wso2.org/claims</AttributesClaimDialect>
+ <AcceptOpenIDLogin>false</AcceptOpenIDLogin>
+ <ClaimsRetrieverImplClass>org.wso2.carbon.identity.sso.saml.builders.claims.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
+ <!-- SAML Token validity period in minutes -->
+ <SAMLResponseValidityPeriod>5</SAMLResponseValidityPeriod>
+ </SSOService>
+
+ <EntitlementSettings>
+ <!-- Uncomment this to enable on-demand policy loading -->
+ <!--OnDemandPolicyLoading> <Enable>true</Enable> <MaxInMemoryPolicies>100</MaxInMemoryPolicies>
+ </OnDemandPolicyLoading -->
+ <DecisionCaching>
+ <Enable>true</Enable>
+ <CachingInterval>36000</CachingInterval>
+ </DecisionCaching>
+ <AttributeCaching>
+ <Enable>true</Enable>
+ </AttributeCaching>
+ <ThirftBasedEntitlementConfig>
+ <EnableThriftService>true</EnableThriftService>
+ <ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
+ <ClientTimeout>10000</ClientTimeout>
+ <KeyStore>
+ <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+ <Password>wso2carbon</Password>
+ </KeyStore>
+ </ThirftBasedEntitlementConfig>
+ </EntitlementSettings>
+ <SCIMAuthenticators>
+ <Authenticator class="org.wso2.carbon.identity.scim.provider.auth.BasicAuthHandler">
+ <Property name="Priority">5</Property>
+ </Authenticator>
+ <Authenticator class="org.wso2.carbon.identity.scim.provider.auth.OAuthHandler">
+ <Property name="Priority">10</Property>
+ <Property name="AuthorizationServer">local://services</Property>
+ <!--Property name="AuthorizationServer">https://localhost:9443/services</Property>
+ <Property name="UserName">admin</Property>
+ <Property name="Password">admin</Property-->
+ </Authenticator>
+ </SCIMAuthenticators>
+</Server>
http://git-wip-us.apache.org/repos/asf/stratos/blob/7aadf446/tools/stratos-installer/config/all/repository/conf/security/application-authentication.xml
----------------------------------------------------------------------
diff --git a/tools/stratos-installer/config/all/repository/conf/security/application-authentication.xml b/tools/stratos-installer/config/all/repository/conf/security/application-authentication.xml
new file mode 100644
index 0000000..695711c
--- /dev/null
+++ b/tools/stratos-installer/config/all/repository/conf/security/application-authentication.xml
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!-- ~ Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights
+ Reserved. ~ ~ WSO2 Inc. licenses this file to you under the Apache License,
+ ~ Version 2.0 (the "License"); you may not use this file except ~ in compliance
+ with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~ ~ Unless required by applicable law or agreed to in writing, ~ software
+ distributed under the License is distributed on an ~ "AS IS" BASIS, WITHOUT
+ WARRANTIES OR CONDITIONS OF ANY ~ KIND, either express or implied. See the
+ License for the ~ specific language governing permissions and limitations
+ ~ under the License. -->
+
+<ApplicationAuthentication xmlns="http://wso2.org/projects/carbon/application-authentication.xml">
+
+ <JDBCPersistenceManager>
+ <DataSource>
+ <!-- Include a data source name (jndiConfigName) from the set of data
+ sources defined in master-datasources.xml -->
+ <!--Name>jdbc/WSO2_IDP_DB</Name-->
+ <Name>jdbc/WSO2CarbonDB</Name>
+ </DataSource>
+ </JDBCPersistenceManager>
+
+ <!--
+ ProxyMode allows framework to operate in either 'smart' mode
+ or 'dumb' mode.
+ smart = both local and federated authentication is supported
+ dumb = only federated authentication is supported
+ -->
+ <ProxyMode>smart</ProxyMode>
+
+ <!--
+ AuthenticationEndpointURL is location of the web app containing
+ the authentication related pages
+ -->
+ <AuthenticationEndpointURL>/authenticationendpoint/login.do</AuthenticationEndpointURL>
+
+ <!--
+ Extensions allow extending the default behaviour of the authentication
+ process.
+ -->
+ <Extensions>
+ <RequestCoordinator>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator</RequestCoordinator>
+ <AuthenticationRequestHandler>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler</AuthenticationRequestHandler>
+ <LogoutRequestHandler>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultLogoutRequestHandler</LogoutRequestHandler>
+ <StepBasedSequenceHandler>org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler</StepBasedSequenceHandler>
+ <RequestPathBasedSequenceHandler>org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultRequestPathBasedSequenceHandler</RequestPathBasedSequenceHandler>
+ <StepHandler>org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler</StepHandler>
+ <HomeRealmDiscoverer>org.wso2.carbon.identity.application.authentication.framework.handler.hrd.impl.DefaultHomeRealmDiscoverer</HomeRealmDiscoverer>
+ <ClaimHandler>org.wso2.carbon.identity.application.authentication.framework.handler.claims.impl.DefaultClaimHandler</ClaimHandler>
+ <ProvisioningHandler>org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.impl.DefaultProvisioningHandler</ProvisioningHandler>
+ </Extensions>
+
+ <!--
+ AuthenticatorNameMappings allow specifying an authenticator
+ against a pre-defined alias (which will be used by other components.
+ E.g. Application Mgt component). This enables the usage of a custom
+ authenticator in place of an authenticator that gets packed with the
+ distribution.
+ -->
+ <AuthenticatorNameMappings>
+ <AuthenticatorNameMapping name="BasicAuthenticator" alias="basic" />
+ <AuthenticatorNameMapping name="OAuthRequestPathAuthenticator" alias="oauth-bearer" />
+ <AuthenticatorNameMapping name="BasicAuthRequestPathAuthenticator" alias="basic-auth" />
+ <AuthenticatorNameMapping name="IWAAuthenticator" alias="iwa" />
+ <AuthenticatorNameMapping name="SAMLSSOAuthenticator" alias="samlsso" />
+ <AuthenticatorNameMapping name="OpenIDConnectAuthenticator" alias="openidconnect" />
+ <AuthenticatorNameMapping name="OpenIDAuthenticator" alias="openid" />
+ <AuthenticatorNameMapping name="PassiveSTSAuthenticator" alias="passive-sts" />
+ </AuthenticatorNameMappings>
+
+ <!--
+ AuthenticatorConfigs allow specifying various configurations needed
+ by the authenticators by using any number of \'Parameter\' elements
+ E.g.
+ <AuthenticatorConfig name="CustomAuthenticator" enabled="true" />
+ <Parameter name="paramName1">paramValue</Parameter>
+ <Parameter name="paramName2">paramValue</Parameter>
+ </AuthenticatorConfig>
+ -->
+ <AuthenticatorConfigs>
+ <AuthenticatorConfig name="BasicAuthenticator" enabled="true" />
+ <AuthenticatorConfig name="OAuthRequestPathAuthenticator" enabled="true" />
+ <AuthenticatorConfig name="BasicAuthRequestPathAuthenticator" enabled="true" />
+ <AuthenticatorConfig name="SAMLSSOAuthenticator" enabled="true">
+ <!--Parameter name="SAMLSSOManager">org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAMLSSOManager</Parameter-->
+ </AuthenticatorConfig>
+ <AuthenticatorConfig name="OpenIDConnectAuthenticator" enabled="true">
+ <!--Parameter name="IDTokenHandler">org.wso2.carbon.identity.application.authenticator.oidc.DefaultIDTokenHandler</Parameter-->
+ <!--Parameter name="ClaimsRetriever">org.wso2.carbon.identity.application.authenticator.oidc.OIDCUserInfoClaimsRetriever</Parameter-->
+ </AuthenticatorConfig>
+ <AuthenticatorConfig name="OpenIDAuthenticator" enabled="true">
+ <Parameter name="LoginPage">/authenticationendpoint/login.do</Parameter>
+ <Parameter name="TrustStorePath">/repository/resources/security/client-truststore.jks</Parameter>
+ <Parameter name="TrustStorePassword">wso2carbon</Parameter>
+ <!--Parameter name="OpenIDManager">org.wso2.carbon.identity.application.authenticator.openid.manager.DefaultOpenIDManager</Parameter>
+ <Parameter name="AttributesRequestor">org.wso2.carbon.identity.application.authenticator.openid.manager.SampleAttributesRequestor</Parameter-->
+ </AuthenticatorConfig>
+ </AuthenticatorConfigs>
+
+ <!--
+ Sequences allow specifying authentication flows for different
+ registered applications. \'default\' sequence is taken if an
+ application specific sequence doesn't exist in this file or
+ in the Application Mgt module.
+ -->
+ <Sequences>
+ <!-- Default Sequence. This is mandatory -->
+ <Sequence appId="default">
+ <Step order="1">
+ <Authenticator name="BasicAuthenticator"/>
+ </Step>
+ </Sequence>
+ </Sequences>
+
+ <ServiceProvidersManagement>
+ <ApplicationDAO>org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl</ApplicationDAO>
+ <OAuthOIDCClientDAO>org.wso2.carbon.identity.application.mgt.dao.impl.OAuthApplicationDAOImpl</OAuthOIDCClientDAO>
+ <SAMLClientDAO>org.wso2.carbon.identity.application.mgt.dao.impl.SAMLApplicationDAOImpl</SAMLClientDAO>
+ <SystemIDPDAO>org.wso2.carbon.identity.application.mgt.dao.impl.IdentityProviderDAOImpl</SystemIDPDAO>
+ <ClaimDialect>http://wso2.org/claims</ClaimDialect>
+ </ServiceProvidersManagement>
+
+</ApplicationAuthentication>
http://git-wip-us.apache.org/repos/asf/stratos/blob/7aadf446/tools/stratos-installer/setup.sh
----------------------------------------------------------------------
diff --git a/tools/stratos-installer/setup.sh b/tools/stratos-installer/setup.sh
index ae88b32..39ddf29 100755
--- a/tools/stratos-installer/setup.sh
+++ b/tools/stratos-installer/setup.sh
@@ -436,10 +436,14 @@ function sm_setup() {
pushd $resource_path
${SED} -i "s@USERSTORE_DB_SCHEMA@$userstore_db_schema@g" mysql.sql
+ ${SED} -i "s@USERSTORE_DB_SCHEMA@$userstore_db_schema@g" security-mysql.sql
+ ${SED} -i "s@USERSTORE_DB_SCHEMA@$userstore_db_schema@g" application-mysql.sql
popd
mysql -u$userstore_db_user -p$userstore_db_pass < $resource_path/mysql.sql
+ mysql -u$userstore_db_user -p$userstore_db_pass < $resource_path/security-mysql.sql
+ mysql -u$userstore_db_user -p$userstore_db_pass < $resource_path/application-mysql.sql
echo "End configuring the SM"
}
@@ -629,6 +633,9 @@ mv -f ./hosts.tmp /etc/hosts
echo 'Changing owner of '$stratos_path' to '$host_user:$host_user
chown -R $host_user:$host_user $stratos_path
+cp -f ./config/all/repository/conf/identity.xml $stratos_extract_path/repository/conf/
+cp -f ./config/all/repository/conf/security/application-authentication.xml $stratos_extract_path/repository/conf/security/
+
echo "Apache Stratos configuration completed successfully"
if [[ $auto_start_servers != "true" ]]; then