You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/02/15 17:24:58 UTC
[1/4] cxf-fediz git commit: Allow redirection to the IdP for Logout
Repository: cxf-fediz
Updated Branches:
refs/heads/master 7bd84d3a8 -> 2681a2643
Allow redirection to the IdP for Logout
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/1d9ad00a
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/1d9ad00a
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/1d9ad00a
Branch: refs/heads/master
Commit: 1d9ad00add5a3ea39e8f4d501eb9971d4cc5f39e
Parents: 7bd84d3
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Feb 15 15:49:01 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Feb 15 15:49:01 2017 +0000
----------------------------------------------------------------------
services/oidc/src/main/conf/fediz_config.xml | 2 +-
.../logout/LogoutRedirectConstraintHandler.java | 66 ++++++++++++++++++++
.../service/oidc/logout/LogoutService.java | 41 ++----------
.../oidc/logout/SignoutQueryHandler.java | 58 -----------------
4 files changed, 72 insertions(+), 95 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1d9ad00a/services/oidc/src/main/conf/fediz_config.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/conf/fediz_config.xml b/services/oidc/src/main/conf/fediz_config.xml
index 9e2a5fe..c43fb57 100644
--- a/services/oidc/src/main/conf/fediz_config.xml
+++ b/services/oidc/src/main/conf/fediz_config.xml
@@ -52,7 +52,7 @@
</claimTypesRequested>
</protocol>
<logoutURL>/secure/logout</logoutURL>
- <logoutRedirectToConstraint>https://localhost.*/fediz-oidc/.*</logoutRedirectToConstraint>
+ <logoutRedirectToConstraint type="Class">org.apache.cxf.fediz.service.oidc.logout.LogoutRedirectConstraintHandler</logoutRedirectToConstraint>
</contextConfig>
</FedizConfig>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1d9ad00a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutRedirectConstraintHandler.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutRedirectConstraintHandler.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutRedirectConstraintHandler.java
new file mode 100644
index 0000000..b1100d7
--- /dev/null
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutRedirectConstraintHandler.java
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.oidc.logout;
+
+import java.io.IOException;
+import java.util.regex.Pattern;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.cxf.fediz.core.spi.ReplyConstraintCallback;
+import org.apache.cxf.fediz.service.oidc.handler.hrd.ApplicationContextProvider;
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.springframework.context.ApplicationContext;
+
+public class LogoutRedirectConstraintHandler implements CallbackHandler {
+
+ private static final String CLIENT_LOGOUT_URI = "client_logout_uri";
+
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ if (callbacks != null) {
+ for (Callback callback : callbacks) {
+ if (callback instanceof ReplyConstraintCallback) {
+ ReplyConstraintCallback replyConstraintCallback = (ReplyConstraintCallback)callback;
+ HttpServletRequest request = replyConstraintCallback.getRequest();
+ if (request != null && request.getParameter(OAuthConstants.CLIENT_ID) != null) {
+ String clientId = request.getParameter(OAuthConstants.CLIENT_ID);
+
+ ApplicationContext ctx = ApplicationContextProvider.getApplicationContext();
+ OAuthDataProvider dataManager = (OAuthDataProvider)ctx.getBean("oauthProvider");
+
+ Client client = dataManager.getClient(clientId);
+ String logoutUri = client.getProperties().get(CLIENT_LOGOUT_URI);
+ if (logoutUri != null) {
+ replyConstraintCallback.setReplyConstraint(Pattern.compile(logoutUri));
+ }
+ }
+ }
+ }
+ }
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1d9ad00a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
index d424ded..138ea55 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
@@ -68,43 +68,18 @@ public class LogoutService {
handler.handleLogout(client, subject);
}
}
- // Clear OIDC session now if core IDP will itself redirect to the client logout URI
+ // Clear OIDC session now
+ mc.getHttpServletRequest().getSession().invalidate();
// Redirect to the core IDP
URI idpLogoutUri = getAbsoluteIdpLogoutUri(client);
return Response.seeOther(idpLogoutUri).build();
}
- @GET
- @Path("/finalize")
- public Response finalizeLogoutGet() {
- // This method won't be needed if IDP will itself redirect to the client logout URI
- return doFinalizeLogout(mc.getUriInfo().getQueryParameters());
- }
- @POST
- @Path("/finalize")
- public Response finalizeLogoutPost(MultivaluedMap<String, String> params) {
- // This method won't be needed if IDP will itself redirect to the client logout URI
- return doFinalizeLogout(params);
- }
- protected Response doFinalizeLogout(MultivaluedMap<String, String> params) {
-
- // This method won't be needed if IDP will itself redirect to the client logout URI
-
-
- // Ensure this method is not called by skipping the initiate logout which is
- // why it may be simpler let IDP redirect directly to the client logout uri ?
-
- // Clear the OIDC session
-
- Client client = getClient(params);
- URI clientLogoutUri = getClientLogoutUri(client);
- return Response.seeOther(clientLogoutUri).build();
- }
-
private URI getClientLogoutUri(Client client) {
return URI.create(client.getProperties().get(CLIENT_LOGOUT_URI));
}
+
private Client getClient(MultivaluedMap<String, String> params) {
String clientId = params.getFirst(OAuthConstants.CLIENT_ID);
if (clientId == null) {
@@ -123,14 +98,8 @@ public class LogoutService {
private URI getAbsoluteIdpLogoutUri(Client client) {
UriBuilder ub = mc.getUriInfo().getAbsolutePathBuilder();
ub.path(relativeIdpLogoutUri);
- //TODO: include a logout uri as a uri parameter, either
- // 1. "/finalize" URI for the IDP to redirect to this service again
- // or
- // 2. may be let IDP redirect straight to getClientLogoutUri(client) ?
-
- UriBuilder ub2 = mc.getUriInfo().getAbsolutePathBuilder();
- ub2.path("finalize");
- ub.queryParam("wreply", ub2.build());
+ ub.queryParam("wreply", getClientLogoutUri(client));
+ ub.queryParam(OAuthConstants.CLIENT_ID, client.getClientId());
return ub.build();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1d9ad00a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/SignoutQueryHandler.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/SignoutQueryHandler.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/SignoutQueryHandler.java
deleted file mode 100644
index 97dd188..0000000
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/SignoutQueryHandler.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.service.oidc.logout;
-
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.cxf.fediz.core.spi.SignOutQueryCallback;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-
-/**
- * Set the client_id on the signout request to the IdP. This is needed after we redirect to the "finalize" method of
- * the LogoutService.
- */
-public class SignoutQueryHandler implements CallbackHandler {
-
- @Override
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
- if (callbacks != null) {
- for (Callback callback : callbacks) {
- if (callback instanceof SignOutQueryCallback) {
- SignOutQueryCallback signOutQueryCallback = (SignOutQueryCallback)callback;
- HttpServletRequest request = signOutQueryCallback.getRequest();
- if (request != null && request.getParameter(OAuthConstants.CLIENT_ID) != null) {
- Map<String, String> signOutQueryMap = new HashMap<>();
- signOutQueryMap.put(OAuthConstants.CLIENT_ID, request.getParameter(OAuthConstants.CLIENT_ID));
- signOutQueryCallback.setSignOutQueryParamMap(signOutQueryMap);
- }
- }
- }
- }
- }
-
-
-}
[2/4] cxf-fediz git commit: Removing WEB-INF stuff from idp-core
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/idp-servlet.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/idp-servlet.xml b/services/idp-core/src/main/webapp/WEB-INF/idp-servlet.xml
deleted file mode 100644
index e7c24ee..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/idp-servlet.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd">
-
- <import resource="config/idp-core-servlet.xml" />
-
- <!-- Define some mutable properties for the IdP -->
- <context:property-placeholder location="classpath:realm.properties" />
-
- <bean id="stsClientForRpAction" class="org.apache.cxf.fediz.service.idp.beans.STSClientAction">
- <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransport?wsdl" />
- <property name="wsdlEndpoint" value="Transport_Port" />
- <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
- </bean>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/security-config.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/security-config.xml b/services/idp-core/src/main/webapp/WEB-INF/security-config.xml
deleted file mode 100644
index e51f906..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/security-config.xml
+++ /dev/null
@@ -1,76 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:security="http://www.springframework.org/schema/security"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.2.xsd
- ">
-
- <context:property-placeholder location="classpath:realm.properties" />
-
- <import resource="config/security-krb-config.xml" />
- <import resource="config/security-clientcert-config.xml" />
- <import resource="config/security-up-config.xml" />
- <import resource="config/security-rs-config.xml" />
-
- <!-- DISABLE in production as it might log confidential information about the user -->
- <!-- <security:debug /> -->
-
- <!-- Configure Spring Security -->
-
- <!-- If enabled, you can't access the Service layer within the Spring Webflow -->
- <!-- The user has no role during the login phase of WS-Federation -->
- <security:global-method-security pre-post-annotations="enabled" />
-
- <!-- Redirects to a dedicated http config -->
- <bean id="fedizEntryPoint" class="org.apache.cxf.fediz.service.idp.FedizEntryPoint">
- <property name="realm" value="${realm-uri}" />
- <property name="configService" ref="config" />
- </bean>
-
- <!-- Main entry point for WS-Federation -->
- <security:http pattern="/federation" use-expressions="true" entry-point-ref="fedizEntryPoint">
- <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
- </security:http>
-
- <!-- Main entry point for SAML SSO -->
- <security:http pattern="/saml" use-expressions="true" entry-point-ref="fedizEntryPoint">
- <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
- </security:http>
-
- <security:authentication-manager alias="authenticationManagers">
- <security:authentication-provider ref="stsUPAuthProvider" />
- <security:authentication-provider ref="stsKrbAuthProvider" />
- <security:authentication-provider ref="stsClientCertAuthProvider" />
- </security:authentication-manager>
-
- <bean id="entitlementsEnricher"
- class="org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements" />
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/views/genericerror.jsp
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/views/genericerror.jsp b/services/idp-core/src/main/webapp/WEB-INF/views/genericerror.jsp
deleted file mode 100644
index c31c77c..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/views/genericerror.jsp
+++ /dev/null
@@ -1,11 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>IDP generic error page</title>
-</head>
-<body>
- <h1>Sorry, CXF Fediz IDP cannot satisfy your request.</h1>
- <p>Reason : ${reason}</p>
-</body>
-</html>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/views/idplist.jsp
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/views/idplist.jsp b/services/idp-core/src/main/webapp/WEB-INF/views/idplist.jsp
deleted file mode 100644
index 0a9cdb1..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/views/idplist.jsp
+++ /dev/null
@@ -1,33 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<%@page import="java.util.List"%>
-<%@page import="org.apache.cxf.fediz.service.idp.domain.Idp"%>
-<%@page import="org.apache.cxf.fediz.service.idp.domain.TrustedIdp"%>
-<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
-<html>
-<head>
-<title>Trusted IDP List</title>
-</head>
-<body>
- <h1>Trusted IDP List</h1>
- <i>Where are you from? Please, select one Identity Provider in the list which is able to authenticate you. </i>
- <form:form method="POST" id="idplist" name="idplist">
- <br />
- <% Idp idp = (Idp)request.getAttribute("idpConfig");
- List<TrustedIdp> trustedIDPs = idp.getTrustedIdps(); %>
- <select name="homeRealm">
- <% if (idp.isUseCurrentIdp()) { %>
- <option value="<%=idp.getRealm()%>" selected="selected" ><%=idp.getServiceDescription()%></option>
- <% }
- for (TrustedIdp trustedIDP : trustedIDPs) { %>
- <option value="<%=trustedIDP.getRealm()%>"><%=trustedIDP.getDescription()%></option>
- <% } %>
- </select>
- <br />
- <input type="hidden" id="execution" name="execution" value="${flowExecutionKey}"/>
- <br />
- <input type="submit" name="_eventId_submit" value="Select Home Realm" />
- <input type="submit" name="_eventId_cancel" value="Cancel" />
- </form:form>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/views/index.jsp
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/views/index.jsp b/services/idp-core/src/main/webapp/WEB-INF/views/index.jsp
deleted file mode 100644
index 1a1ef1d..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/views/index.jsp
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE>
-<META http-equiv=Content-Type content="text/html">
-</HEAD>
-<BODY>
-<P>
-<H3>Hello World</H3>
-<P></P>
-</BODY></HTML>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/views/samlsigninresponseform.jsp
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/views/samlsigninresponseform.jsp b/services/idp-core/src/main/webapp/WEB-INF/views/samlsigninresponseform.jsp
deleted file mode 100644
index 3e7dc36..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/views/samlsigninresponseform.jsp
+++ /dev/null
@@ -1,20 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
-
-<html>
-<head>
-<title>IDP SignIn Response Form</title>
-</head>
-<body>
- <form:form method="POST" id="samlsigninresponseform" name="samlsigninresponseform" action="${samlAction}" htmlEscape="true">
- <input type="hidden" name="SAMLResponse" value="${samlResponse}" /><br />
- <input type="hidden" name="RelayState" value="${relayState}" /><br />
- <noscript>
- <p>Script is disabled. Click Submit to continue.</p>
- <input type="submit" name="_eventId_submit" value="Submit" /><br />
- </noscript>
- </form:form>
- <script language="javascript">window.setTimeout('document.forms[0].submit()',0);</script>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/views/signinform.jsp
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/views/signinform.jsp b/services/idp-core/src/main/webapp/WEB-INF/views/signinform.jsp
deleted file mode 100644
index bcd7916..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/views/signinform.jsp
+++ /dev/null
@@ -1,72 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
-<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
-<html>
- <head>
- <title>IDP SignIn Request Form</title>
- <style type="text/css">
- .error {
- color: #a94442 !important;
- background-color: #f2dede !important;
- border-color: #ebccd1 !important;
- }
- .msg {
- padding: 15px;
- border: 1px solid transparent;
- border-radius: 4px;
- color: #31708f;
- background-color: #d9edf7;
- border-color: #bce8f1;
- margin: auto;
- text-align: center;
- margin-top: 5px;
- width: 60%;
- }
- h1 {
- font-size: 24px;
- margin-top: 25px;
- }
- body {
- font-family:arial;
- }
- label {
- width: 90px;
- display: inline-block;
- }
- #login_form {
- width: 250px;
- }
- #submit_button {
- float: right;
- margin: 5px 12px;
- }
- </style>
- </head>
- <body onload='document.signinform.username.focus();'>
- <img src="<c:url value='/images/apache-logo.png' />" alt="Apache Logo" style="margin:5px auto">
-
- <c:if test="${param.error != null}">
- <div class="msg error"><b>Login Failed</b><br />
- Username and password do not match. Please try again.</div>
- </c:if>
- <c:if test="${param.out != null}">
- <div class="msg info"><b>Logout successful</b></div>
- </c:if>
-
- <h1>Fediz IDP Login</h1>
-
- <form:form method="POST" id="signinform" name="signinform" action="login.do" >
- <div id="login_form">
- <label for="username">UserId</label>
- <input type="text" id="username" name="username" placeholder="username" />
- <br />
- <label for="password">Password</label>
- <input type="password" id="password" name="password" placeholder="password" />
- <br />
- <!--input type="hidden" id="execution" name="execution" value="${flowExecutionKey}"/-->
- <input type="submit" id="submit_button" name="authenticate" value="Authenticate" />
- </div>
- </form:form>
- </body>
-</html>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/views/signinresponseform.jsp
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/views/signinresponseform.jsp b/services/idp-core/src/main/webapp/WEB-INF/views/signinresponseform.jsp
deleted file mode 100644
index 7a98789..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/views/signinresponseform.jsp
+++ /dev/null
@@ -1,25 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
-
-<html>
-<head>
-<title>IDP SignIn Response Form</title>
-</head>
-<body>
- <form:form method="POST" id="signinresponseform" name="signinresponseform" action="${fedAction}" htmlEscape="true">
- <input type="hidden" name="wa" value="wsignin1.0" /><br />
- <input type="hidden" name="wresult" value="${fedWResult}" /><br />
- <% String wctx = (String)request.getAttribute("fedWCtx");
- if (wctx != null && !wctx.isEmpty()) { %>
- <input type="hidden" name="wctx" value="${fedWCtx}" /><br />
- <% } %>
- <input type="hidden" name="wtrealm" value="${fedWTrealm}" /><br />
- <noscript>
- <p>Script is disabled. Click Submit to continue.</p>
- <input type="submit" name="_eventId_submit" value="Submit" /><br />
- </noscript>
- </form:form>
- <script language="javascript">window.setTimeout('document.forms[0].submit()',0);</script>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/views/signoutconfirmationresponse.jsp
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/views/signoutconfirmationresponse.jsp b/services/idp-core/src/main/webapp/WEB-INF/views/signoutconfirmationresponse.jsp
deleted file mode 100644
index 3e7a547..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/views/signoutconfirmationresponse.jsp
+++ /dev/null
@@ -1,65 +0,0 @@
-<%@ page import="java.util.Map" %>
-<%@ page import="org.apache.cxf.fediz.service.idp.beans.SigninParametersCacheAction" %>
-<%@ page import="org.apache.cxf.fediz.service.idp.domain.Application" %>
-<%@ page import="org.apache.cxf.fediz.core.FederationConstants" %>
-<%@ page import="java.util.List" %>
-<%@ page import="java.util.Iterator" %>
-<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<title>IDP SignOut Confirmation Response Page</title>
-</head>
-<body>
- <%
- @SuppressWarnings("unchecked")
- Map<String, Application> rcm =
- (Map<String, Application>) request.getSession().getAttribute(SigninParametersCacheAction.ACTIVE_APPLICATIONS);
- String wreply = (String) request.getAttribute("wreply");
-
- if (rcm == null) {
- %>
- <p>You have already logged out</p>
- <%
- } else {
- %>
- <h1>Logout from the following Applications?</h1>
- <div>
- <%
- Iterator<Map.Entry<String, Application>> iterator = rcm.entrySet().iterator();
-
- while (iterator.hasNext()) {
- Application next = iterator.next().getValue();
- if (next != null) {
- %>
- <%= next.getServiceDisplayName() %>
- <br/>
- <%
- }
- }
- }
-
- if (rcm != null && !rcm.isEmpty()) {
- %>
- </div>
- <br/>
- <br/>
- <form:form method="POST" id="signoutconfirmationresponseform" name="signoutconfirmationresponseform">
- <input type="hidden" name="wa" value="wsignout1.0" />
- <input type="hidden" id="execution" name="execution" value="${flowExecutionKey}" />
- <input type="submit" name="_eventId_submit" value="Logout" />
- <%
- if (wreply != null && !wreply.isEmpty()) {
- %>
- <input type="hidden" name="wreply" value="<%= wreply%>" />
- <input type="submit" name="_eventId_cancel" value="Cancel" />
- <%
- }
- %>
- </form:form>
- <%
- }
- %>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/views/signoutresponse.jsp
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/views/signoutresponse.jsp b/services/idp-core/src/main/webapp/WEB-INF/views/signoutresponse.jsp
deleted file mode 100644
index 429c026..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/views/signoutresponse.jsp
+++ /dev/null
@@ -1,56 +0,0 @@
-<%@page import="org.opensaml.soap.wsfed.WSFedConstants"%>
-<%@ page import="java.util.Map" %>
-<%@ page import="org.apache.cxf.fediz.service.idp.beans.SigninParametersCacheAction" %>
-<%@ page import="org.apache.cxf.fediz.service.idp.domain.Application" %>
-<%@ page import="org.apache.cxf.fediz.core.FederationConstants" %>
-<%@ page import="java.util.List" %>
-<%@ page import="java.util.Iterator" %>
-<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<title>IDP SignOut Response Page</title>
-</head>
-<body>
- <%
- @SuppressWarnings("unchecked")
- Map<String, Application> apps =
- (Map<String, Application>) request.getAttribute(SigninParametersCacheAction.ACTIVE_APPLICATIONS);
- String wreply = (String) request.getAttribute("wreply");
-
- if (apps == null) {
- %>
- <p>You have already logged out</p>
- <%
- } else {
- %>
- <h1>CXF Fediz IDP successful logout.</h1>
-
- <p>
- <%
- Iterator<Map.Entry<String, Application>> iterator = apps.entrySet().iterator();
-
- while (iterator.hasNext()) {
- Application next = iterator.next().getValue();
- if (next != null) {
- %>
- <%= next.getServiceDisplayName() %>
- <img src="<%=next.getPassiveRequestorEndpoint() + "?" + FederationConstants.PARAM_ACTION
- + "=" + FederationConstants.ACTION_SIGNOUT_CLEANUP %>"/>
- <br/>
- <%
- }
- }
- %>
- </p>
- <%
- }
- if (wreply != null && !wreply.isEmpty()) {
- %>
- <p><a href="<%= wreply%>">continue</a></p>
- <%
- }
- %>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/web.xml b/services/idp-core/src/main/webapp/WEB-INF/web.xml
deleted file mode 100644
index 807fa23..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/web.xml
+++ /dev/null
@@ -1,131 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-
--->
-<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
- version="3.0" metadata-complete="true">
-
- <description>Fediz IDP</description>
- <display-name>Fediz IDP</display-name>
-
- <session-config>
- <cookie-config>
- <http-only>true</http-only>
- </cookie-config>
- <tracking-mode>COOKIE</tracking-mode>
- </session-config>
-
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/applicationContext.xml</param-value>
- </context-param>
-
- <context-param>
- <param-name>spring.profiles.active</param-name>
- <param-value>jpa</param-value>
- </context-param>
-
- <filter>
- <filter-name>encodingFilter</filter-name>
- <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
- <init-param>
- <param-name>encoding</param-name>
- <param-value>UTF-8</param-value>
- </init-param>
- <init-param>
- <param-name>forceEncoding</param-name>
- <param-value>true</param-value>
- </init-param>
- </filter>
- <filter-mapping>
- <filter-name>encodingFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
- <servlet>
- <servlet-name>idp</servlet-name>
- <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
- <init-param>
- <param-name>publishContext</param-name>
- <param-value>false</param-value>
- </init-param>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>idp</servlet-name>
- <url-pattern>/</url-pattern>
- <url-pattern>/federation</url-pattern>
- <url-pattern>/federation/up</url-pattern>
- <url-pattern>/federation/krb</url-pattern>
- <url-pattern>/federation/clientcert</url-pattern>
- <url-pattern>/saml</url-pattern>
- <url-pattern>/saml/up</url-pattern>
- <url-pattern>/saml/krb</url-pattern>
- <url-pattern>/saml/clientcert</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <servlet-name>metadata</servlet-name>
- <servlet-class>org.apache.cxf.fediz.service.idp.MetadataServlet</servlet-class>
- <init-param>
- <param-name>realm</param-name>
- <param-value>${realm-uri}</param-value>
- </init-param>
- </servlet>
- <servlet-mapping>
- <servlet-name>metadata</servlet-name>
- <url-pattern>/FederationMetadata/2007-06/FederationMetadata.xml</url-pattern>
- <url-pattern>/metadata/*</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <servlet-name>CXFServlet</servlet-name>
- <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>CXFServlet</servlet-name>
- <url-pattern>/services/*</url-pattern>
- </servlet-mapping>
-
- <listener>
- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
- </listener>
-
- <!-- Uncomment this when using JNDI DataSource -->
- <!-- The property jpa.platform must be updated in persistence.properties even you use JNDI Datasource -->
- <!--
- <resource-ref>
- <res-ref-name>jdbc/fedizDataSource</res-ref-name>
- <res-type>javax.sql.DataSource</res-type>
- <res-auth>Container</res-auth>
- </resource-ref>
- -->
-
-</web-app>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/resources/images/apache-logo.png
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/resources/images/apache-logo.png b/services/idp-core/src/main/webapp/resources/images/apache-logo.png
deleted file mode 100644
index 39b040e..0000000
Binary files a/services/idp-core/src/main/webapp/resources/images/apache-logo.png and /dev/null differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/resources/swagger/index.html
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/resources/swagger/index.html b/services/idp-core/src/main/webapp/resources/swagger/index.html
deleted file mode 100644
index 223cf1e..0000000
--- a/services/idp-core/src/main/webapp/resources/swagger/index.html
+++ /dev/null
@@ -1,156 +0,0 @@
-<!DOCTYPE html>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<html>
-<head>
- <meta charset="UTF-8">
- <!-- <ApacheFediz -->
- <!--<title>Swagger UI</title>-->
- <title>Swagger UI - Apache Fediz ${project.version}</title>
- <!-- </ApacheFediz -->
- <link rel="icon" type="image/png" href="images/favicon-32x32.png" sizes="32x32" />
- <link rel="icon" type="image/png" href="images/favicon-16x16.png" sizes="16x16" />
- <link href='css/typography.css' media='screen' rel='stylesheet' type='text/css'/>
- <link href='css/reset.css' media='screen' rel='stylesheet' type='text/css'/>
- <link href='css/screen.css' media='screen' rel='stylesheet' type='text/css'/>
- <link href='css/reset.css' media='print' rel='stylesheet' type='text/css'/>
- <link href='css/print.css' media='print' rel='stylesheet' type='text/css'/>
- <script src='lib/jquery-1.8.0.min.js' type='text/javascript'></script>
- <script src='lib/jquery.slideto.min.js' type='text/javascript'></script>
- <script src='lib/jquery.wiggle.min.js' type='text/javascript'></script>
- <script src='lib/jquery.ba-bbq.min.js' type='text/javascript'></script>
- <script src='lib/handlebars-2.0.0.js' type='text/javascript'></script>
- <script src='lib/underscore-min.js' type='text/javascript'></script>
- <script src='lib/backbone-min.js' type='text/javascript'></script>
- <script src='swagger-ui.js' type='text/javascript'></script>
- <script src='lib/highlight.7.3.pack.js' type='text/javascript'></script>
- <script src='lib/jsoneditor.min.js' type='text/javascript'></script>
- <script src='lib/marked.js' type='text/javascript'></script>
- <script src='lib/swagger-oauth.js' type='text/javascript'></script>
-
- <!-- Some basic translations -->
- <!-- <script src='lang/translator.js' type='text/javascript'></script> -->
- <!-- <script src='lang/ru.js' type='text/javascript'></script> -->
- <!-- <script src='lang/en.js' type='text/javascript'></script> -->
-
- <script type="text/javascript">
- $(function () {
- // <ApacheFediz>
- /*var url = window.location.search.match(/url=([^&]+)/);
- if (url && url.length > 1) {
- url = decodeURIComponent(url[1]);
- } else {
- url = "http://petstore.swagger.io/v2/swagger.json";
- }*/
- var url = window.location.href.substring(0, window.location.href.lastIndexOf('/')) + "/../services/rs/swagger.json";
- // </ApacheFediz>
- // Pre load translate...
- if(window.SwaggerTranslator) {
- window.SwaggerTranslator.translate();
- }
- window.swaggerUi = new SwaggerUi({
- url: url,
- dom_id: "swagger-ui-container",
- supportedSubmitMethods: ['get', 'post', 'put', 'delete', 'patch'],
- onComplete: function(swaggerApi, swaggerUi){
- if(typeof initOAuth == "function") {
- initOAuth({
- clientId: "your-client-id",
- clientSecret: "your-client-secret-if-required",
- realm: "your-realms",
- appName: "your-app-name",
- scopeSeparator: ",",
- additionalQueryStringParams: {}
- });
- }
- if(window.SwaggerTranslator) {
- window.SwaggerTranslator.translate();
- }
- $('pre code').each(function(i, e) {
- hljs.highlightBlock(e)
- });
- addApiKeyAuthorization();
- },
- onFailure: function(data) {
- log("Unable to Load SwaggerUI");
- },
- docExpansion: "none",
- jsonEditor: false,
- apisSorter: "alpha",
- defaultModelRendering: 'schema',
- showRequestHeaders: false
- });
- function addApiKeyAuthorization() {
- // <ApacheFediz>
- /*var key = encodeURIComponent($('#input_apiKey')[0].value);
- if (key && key.trim() != "") {
- var apiKeyAuth = new SwaggerClient.ApiKeyAuthorization("api_key", key, "query");
- window.swaggerUi.api.clientAuthorizations.add("api_key", apiKeyAuth);
- log("added key " + key);
- }*/
- var username = $('#input_username').val().trim();
- var password = $('#input_password').val().trim();
- if (username !== "" && password !== "") {
- window.swaggerUi.api.clientAuthorizations.add(
- "basicAuth", new SwaggerClient.PasswordAuthorization(username, password));
- }
- // </ApacheFediz>
- }
- // <ApacheFediz>
- //$('#input_apiKey').change(addApiKeyAuthorization);
- $("#input_username").blur(function () {
- addApiKeyAuthorization();
- });
- $("#input_password").blur(function () {
- addApiKeyAuthorization();
- });
- // </ApacheFediz>
- // if you have an apiKey you would like to pre-populate on the page for demonstration purposes...
- /*
- var apiKey = "myApiKeyXXXX123456789";
- $('#input_apiKey').val(apiKey);
- */
- window.swaggerUi.load();
- function log() {
- if ('console' in window) {
- console.log.apply(console, arguments);
- }
- }
- });
- </script>
-</head>
-
-<body class="swagger-section">
-<div id='header'>
- <div class="swagger-ui-wrap">
- <a id="logo" href="http://swagger.io">swagger</a>
- <form id='api_selector'>
- <!-- <ApacheFediz -->
- <!--<div class='input'><input placeholder="http://example.com/api" id="input_baseUrl" name="baseUrl" type="text"/></div>-->
- <!--<div class='input'><input placeholder="api_key" id="input_apiKey" name="apiKey" type="text"/></div>-->
- <!--<div class='input'><a id="explore" href="#" data-sw-translate>Explore</a></div>-->
- <div class='input'><input placeholder="username" id="input_username" name="username" type="text"/></div>
- <div class='input'><input placeholder="password" id="input_password" name="password" type="password"/></div>
- <!-- </ApacheFediz -->
- </form>
- </div>
-</div>
-
-<div id="message-bar" class="swagger-ui-wrap" data-sw-translate> </div>
-<div id="swagger-ui-container" class="swagger-ui-wrap"></div>
-</body>
-</html>
\ No newline at end of file
[4/4] cxf-fediz git commit: FEDIZ-191 - The HomeRealmReminder cookie
is not deleted after logout in the IdP
Posted by co...@apache.org.
FEDIZ-191 - The HomeRealmReminder cookie is not deleted after logout in the IdP
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/2681a264
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/2681a264
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/2681a264
Branch: refs/heads/master
Commit: 2681a2643a1d20bc0be348c827a4c3e54c72e0d7
Parents: 137858b
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Feb 15 17:08:13 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Feb 15 17:08:13 2017 +0000
----------------------------------------------------------------------
.../main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java | 1 +
1 file changed, 1 insertion(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2681a264/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java
index 6f84af1..edf9fde 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java
@@ -192,6 +192,7 @@ public final class WebUtils {
Cookie cookie = new Cookie(cookieName, cookieValue);
cookie.setSecure(true);
cookie.setMaxAge(-1);
+ cookie.setPath("/fediz-idp");
httpServletResponse.addCookie(cookie);
}
[3/4] cxf-fediz git commit: Removing WEB-INF stuff from idp-core
Posted by co...@apache.org.
Removing WEB-INF stuff from idp-core
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/137858bf
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/137858bf
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/137858bf
Branch: refs/heads/master
Commit: 137858bf2769f3e8854be1b3a1b39f4c83359f99
Parents: 1d9ad00
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Feb 15 16:30:29 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Feb 15 16:30:29 2017 +0000
----------------------------------------------------------------------
.../main/webapp/WEB-INF/applicationContext.xml | 61 ----
.../webapp/WEB-INF/config/idp-core-servlet.xml | 105 -------
.../config/security-clientcert-config.xml | 75 -----
.../WEB-INF/config/security-krb-config.xml | 84 ------
.../WEB-INF/config/security-rs-config.xml | 64 -----
.../WEB-INF/config/security-up-config.xml | 94 ------
.../flows/federation-validate-request.xml | 283 -------------------
.../WEB-INF/flows/saml-validate-request.xml | 259 -----------------
.../webapp/WEB-INF/flows/signin-request.xml | 171 -----------
.../webapp/WEB-INF/flows/signin-response.xml | 85 ------
.../main/webapp/WEB-INF/idp-config-realma.xml | 158 -----------
.../main/webapp/WEB-INF/idp-config-realmb.xml | 133 ---------
.../src/main/webapp/WEB-INF/idp-servlet.xml | 39 ---
.../src/main/webapp/WEB-INF/security-config.xml | 76 -----
.../main/webapp/WEB-INF/views/genericerror.jsp | 11 -
.../src/main/webapp/WEB-INF/views/idplist.jsp | 33 ---
.../src/main/webapp/WEB-INF/views/index.jsp | 25 --
.../WEB-INF/views/samlsigninresponseform.jsp | 20 --
.../main/webapp/WEB-INF/views/signinform.jsp | 72 -----
.../webapp/WEB-INF/views/signinresponseform.jsp | 25 --
.../views/signoutconfirmationresponse.jsp | 65 -----
.../webapp/WEB-INF/views/signoutresponse.jsp | 56 ----
.../idp-core/src/main/webapp/WEB-INF/web.xml | 131 ---------
.../webapp/resources/images/apache-logo.png | Bin 20928 -> 0 bytes
.../main/webapp/resources/swagger/index.html | 156 ----------
25 files changed, 2281 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/applicationContext.xml b/services/idp-core/src/main/webapp/WEB-INF/applicationContext.xml
deleted file mode 100644
index 68bcb0b..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/applicationContext.xml
+++ /dev/null
@@ -1,61 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:cxf="http://cxf.apache.org/core"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="http://cxf.apache.org/core
- http://cxf.apache.org/schemas/core.xsd
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd">
-
- <context:component-scan base-package="org.apache.cxf.fediz.service.idp.protocols" />
-
-
- <!-- Use http://www.baeldung.com/2012/02/06/properties-with-spring/ instead -->
- <bean
- class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
- <property name="locations">
- <list>
- <value>classpath:persistence.properties</value>
- </list>
- </property>
- <property name="ignoreResourceNotFound" value="true" />
- <property name="ignoreUnresolvablePlaceholders" value="true" />
- </bean>
-
- <import resource="classpath:META-INF/cxf/cxf.xml" />
-
- <import resource="security-config.xml" />
- <import resource="${idp-config}" />
- <import resource="classpath:cxf-tls.xml" />
- <import resource="classpath:persistenceContext.xml" />
- <import resource="classpath:restContext.xml" />
-
- <!--cxf:bus>
- <cxf:features>
- <cxf:logging />
- </cxf:features>
- </cxf:bus-->
-
-</beans>
-
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/config/idp-core-servlet.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/config/idp-core-servlet.xml b/services/idp-core/src/main/webapp/WEB-INF/config/idp-core-servlet.xml
deleted file mode 100644
index 3d62ad9..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/config/idp-core-servlet.xml
+++ /dev/null
@@ -1,105 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:webflow="http://www.springframework.org/schema/webflow-config"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:mvc="http://www.springframework.org/schema/mvc"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd
- http://www.springframework.org/schema/mvc
- http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
- http://www.springframework.org/schema/webflow-config
- http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.0.xsd">
-
- <context:component-scan base-package="org.apache.cxf.fediz.service.idp.beans" />
-
- <mvc:resources mapping="/images/**" location="/resources/images/" />
-
- <mvc:resources mapping="/swagger/**" location="/resources/swagger/" />
-
- <mvc:view-controller path="/" view-name="index" />
- <mvc:view-controller path="/federation/up/login" view-name="signinform" />
-
- <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
- <property name="prefix" value="/WEB-INF/views/" />
- <property name="suffix" value=".jsp" />
- </bean>
-
- <bean id="viewFactoryCreator" class="org.springframework.webflow.mvc.builder.MvcViewFactoryCreator">
- <property name="viewResolvers">
- <list>
- <ref bean="viewResolver" />
- </list>
- </property>
- </bean>
-
- <webflow:flow-builder-services id="builder" view-factory-creator="viewFactoryCreator" />
-
- <webflow:flow-registry id="flowRegistry" flow-builder-services="builder">
- <webflow:flow-location path="/WEB-INF/flows/federation-validate-request.xml" id="federation" />
- <webflow:flow-location path="/WEB-INF/flows/federation-validate-request.xml" id="federation/up" />
- <webflow:flow-location path="/WEB-INF/flows/federation-validate-request.xml" id="federation/krb" />
- <webflow:flow-location path="/WEB-INF/flows/federation-validate-request.xml" id="federation/clientcert" />
-
- <webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml" />
- <webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml/up" />
- <webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml/krb" />
- <webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml/clientcert" />
-
- <webflow:flow-location path="/WEB-INF/flows/signin-request.xml" id="signinRequest" />
- <webflow:flow-location path="/WEB-INF/flows/signin-response.xml" id="signinResponse" />
- </webflow:flow-registry>
-
- <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping" p:flowRegistry-ref="flowRegistry"
- p:order="2">
- </bean>
-
- <webflow:flow-executor id="flowExecutor" flow-registry="flowRegistry">
- <webflow:flow-execution-attributes>
- <webflow:always-redirect-on-pause value="false" />
- </webflow:flow-execution-attributes>
-
- <webflow:flow-execution-listeners>
- <webflow:listener ref="securityFlowExecutionListener" />
- </webflow:flow-execution-listeners>
- </webflow:flow-executor>
-
- <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerAdapter" p:flowExecutor-ref="flowExecutor" />
-
- <bean id="securityFlowExecutionListener" class="org.springframework.webflow.security.SecurityFlowExecutionListener">
- <property name="accessDecisionManager" ref="accessDecisionManager" />
- </bean>
-
- <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
- <property name="decisionVoters">
- <list>
- <bean class="org.springframework.security.access.vote.RoleVoter">
- <property name="rolePrefix" value="ROLE_" />
- </bean>
- <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
- </list>
- </property>
- </bean>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/config/security-clientcert-config.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/config/security-clientcert-config.xml b/services/idp-core/src/main/webapp/WEB-INF/config/security-clientcert-config.xml
deleted file mode 100644
index d40d0c9..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/config/security-clientcert-config.xml
+++ /dev/null
@@ -1,75 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:security="http://www.springframework.org/schema/security"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.2.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-4.3.xsd
- ">
-
- <!-- DISABLE in production as it might log confidential information about the user -->
- <!-- <security:debug /> -->
-
- <!-- SSL Client Cert entry point for WS-Federation -->
- <security:http pattern="/federation/clientcert" use-expressions="true">
- <security:custom-filter after="CHANNEL_FILTER" ref="stsClientCertPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
- <security:x509 />
- <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
- </security:http>
-
- <!-- SSL Client Cert entry point for SAML SSO -->
- <security:http pattern="/saml/clientcert" use-expressions="true">
- <security:custom-filter after="CHANNEL_FILTER" ref="stsClientCertPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
- <security:x509 />
- <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
- </security:http>
-
- <bean id="stsClientCertPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter">
- <property name="authenticationProvider" ref="stsClientCertAuthProvider" />
- </bean>
-
- <util:map id="securityProperties">
- <entry key="ws-security.username" value="idp-user" />
- <entry key="ws-security.password" value="idp-pass" />
- </util:map>
-
- <bean id="stsClientCertAuthProvider" class="org.apache.cxf.fediz.service.idp.STSPreAuthAuthenticationProvider">
- <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportUT?wsdl" />
- <property name="wsdlEndpoint" value="TransportUT_Port" />
- <property name="wsdlService" value="SecurityTokenService" />
- <property name="appliesTo" value="urn:fediz:idp" />
- <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
- <property name="properties" ref="securityProperties" />
- </bean>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/config/security-krb-config.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/config/security-krb-config.xml b/services/idp-core/src/main/webapp/WEB-INF/config/security-krb-config.xml
deleted file mode 100644
index b66044b..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/config/security-krb-config.xml
+++ /dev/null
@@ -1,84 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:security="http://www.springframework.org/schema/security"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.2.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-4.3.xsd
- ">
-
- <!-- DISABLE in production as it might log confidential information about the user -->
- <!-- <security:debug /> -->
-
- <!-- Kerberos entry point -->
- <bean id="kerberosEntryPoint"
- class="org.apache.cxf.fediz.service.idp.kerberos.KerberosEntryPoint" />
-
- <bean id="kerberosAuthenticationProcessingFilter"
- class="org.apache.cxf.fediz.service.idp.kerberos.KerberosAuthenticationProcessingFilter">
- <property name="authenticationManager" ref="authenticationManagers" />
- </bean>
-
- <security:http pattern="/federation/krb" use-expressions="true" entry-point-ref="kerberosEntryPoint">
- <security:custom-filter after="CHANNEL_FILTER" ref="stsKrbPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
- <security:custom-filter ref="kerberosAuthenticationProcessingFilter" position="BASIC_AUTH_FILTER" />
- <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
- </security:http>
-
- <security:http pattern="/saml/krb" use-expressions="true" entry-point-ref="kerberosEntryPoint">
- <security:custom-filter after="CHANNEL_FILTER" ref="stsKrbPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
- <security:custom-filter ref="kerberosAuthenticationProcessingFilter" position="BASIC_AUTH_FILTER" />
- <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
- </security:http>
-
- <bean id="stsKrbPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter">
- <property name="authenticationProvider" ref="stsKrbAuthProvider" />
- </bean>
-
- <!--<bean id="kerberosTokenValidator" class="org.apache.cxf.fediz.service.idp.kerberos.KerberosTokenValidator">
- <property name="contextName" value="bob" />
- <property name="serviceName" value="bob@service.ws.apache.org" />
- </bean>-->
-
- <!-- Kerberos authentication provider -->
- <bean id="stsKrbAuthProvider" class="org.apache.cxf.fediz.service.idp.STSKrbAuthenticationProvider">
- <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportKerberos?wsdl" />
- <property name="wsdlEndpoint" value="TransportKerberos_Port" />
- <property name="wsdlService" value="SecurityTokenService" />
- <property name="appliesTo" value="urn:fediz:idp" />
- <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
- <!-- <property name="kerberosTokenValidator" ref="kerberosTokenValidator" />
- <property name="requireDelegation" value="true" />-->
- </bean>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/config/security-rs-config.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/config/security-rs-config.xml b/services/idp-core/src/main/webapp/WEB-INF/config/security-rs-config.xml
deleted file mode 100644
index aa859b5..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/config/security-rs-config.xml
+++ /dev/null
@@ -1,64 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:security="http://www.springframework.org/schema/security"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.2.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-4.3.xsd
- ">
-
- <!-- DISABLE in production as it might log confidential information about the user -->
- <!-- <security:debug /> -->
-
- <security:http pattern="/services/rs/**" use-expressions="true" authentication-manager-ref="restAuthenticationManager">
- <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
- <security:intercept-url pattern="/services/rs/**" access="isAuthenticated()" />
- <security:http-basic />
- </security:http>
-
- <bean id="bCryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
-
- <bean id="defaultPasswordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder" />
-
- <security:authentication-manager id="restAuthenticationManager">
- <security:authentication-provider>
- <!-- <security:password-encoder ref="defaultPasswordEncoder" />-->
- <!-- <security:password-encoder hash="sha-256" base64="true" />-->
- <!--
- <security:password-encoder hash="sha-256" base64="true">
- <security:salt-source user-property="username" />
- </security:password-encoder>
- -->
- <security:user-service properties="classpath:/users.properties" />
- </security:authentication-provider>
- <security:authentication-provider ref="stsUPAuthProvider" />
- </security:authentication-manager>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/config/security-up-config.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/config/security-up-config.xml b/services/idp-core/src/main/webapp/WEB-INF/config/security-up-config.xml
deleted file mode 100644
index 2ba5f86..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/config/security-up-config.xml
+++ /dev/null
@@ -1,94 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:security="http://www.springframework.org/schema/security"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.2.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-4.3.xsd
- ">
-
- <!-- DISABLE in production as it might log confidential information about the user -->
- <!-- <security:debug /> -->
-
- <!-- HTTP/BA entry point for WS-Federation -->
- <security:http pattern="/federation/up/**" use-expressions="true">
- <security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAnonymous() or isAuthenticated()" />
- <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
- <security:http-basic />
- <!--security:form-login login-page='/federation/up/login'
- login-processing-url="/federation/up/login.do"
- authentication-failure-url="/federation/up/login?error"
- default-target-url="/"
- username-parameter="username"
- password-parameter="password"
- /-->
- <security:logout logout-url="/federation/up/logout"
- logout-success-url="/federation/up/login?out"
- delete-cookies="FEDIZ_HOME_REALM,JSESSIONID"
- invalidate-session="true"
- />
- </security:http>
-
- <!-- HTTP/BA entry point for SAML SSO -->
- <security:http pattern="/saml/up/**" use-expressions="true">
- <security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAnonymous() or isAuthenticated()" />
- <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
- <security:http-basic />
- <!--security:form-login login-page='/federation/up/login'
- login-processing-url="/federation/up/login.do"
- authentication-failure-url="/federation/up/login?error"
- default-target-url="/"
- username-parameter="username"
- password-parameter="password"
- /-->
- <security:logout logout-url="/saml/up/logout"
- logout-success-url="/saml/up/login?out"
- delete-cookies="FEDIZ_HOME_REALM,JSESSIONID"
- invalidate-session="true"
- />
- </security:http>
-
- <bean id="stsUPPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter">
- <property name="authenticationProvider" ref="stsUPAuthProvider" />
- </bean>
-
- <!-- U/P Authentication Provider -->
- <bean id="stsUPAuthProvider" class="org.apache.cxf.fediz.service.idp.STSUPAuthenticationProvider">
- <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportUT?wsdl" />
- <property name="wsdlEndpoint" value="TransportUT_Port" />
- <property name="wsdlService" value="SecurityTokenService" />
- <property name="appliesTo" value="urn:fediz:idp" />
- <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
- </bean>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp-core/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
deleted file mode 100644
index ea9ce68..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ /dev/null
@@ -1,283 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<flow xmlns="http://www.springframework.org/schema/webflow"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/webflow
- http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
-
- <decision-state id="evaluateProtocol">
- <on-entry>
- <set name="flowScope.idpConfig" value="config.getIDP(fedizEntryPoint.getRealm())" />
- </on-entry>
- <if test="requestParameters.wa == 'wsignin1.0'" then="selectWsFedProcess" />
- <if test="requestParameters.wa == 'wsignout1.0' or requestParameters.wa == 'wsignoutcleanup1.0'"
- then="selectWsFedProcess" />
- <if test="requestParameters.SAMLResponse != null" then="selectSAMLProcess"
- else="selectOIDCAuthorizationCodeFlowProcess"
- />
- </decision-state>
-
- <decision-state id="selectWsFedProcess">
- <on-entry>
- <set name="flowScope.wtrealm" value="requestParameters.wtrealm" />
- <set name="flowScope.wreply" value="requestParameters.wreply" />
- <set name="flowScope.wctx" value="requestParameters.wctx" />
- <set name="flowScope.request_context" value="requestParameters.wctx" />
- <set name="flowScope.wfresh" value="requestParameters.wfresh" />
- <set name="flowScope.whr" value="requestParameters.whr" />
- <set name="flowScope.wresult" value="requestParameters.wresult" />
- <set name="flowScope.wreq" value="requestParameters.wreq" />
- <evaluate expression="requestScope.getString('wauth','default')"
- result="flowScope.wauth" />
- </on-entry>
- <if test="requestParameters.wa == 'wsignout1.0' or requestParameters.wa == 'wsignoutcleanup1.0'"
- then="validateWReplyForSignout" />
- <if test="requestParameters.wresult != null and !requestParameters.wresult.isEmpty()"
- then="signinResponse" />
- <if test="requestParameters.wtrealm != null and !requestParameters.wtrealm.isEmpty()"
- then="signinRequest" else="viewBadRequest" />
- </decision-state>
-
- <decision-state id="selectSAMLProcess">
- <on-entry>
- <set name="flowScope.RelayState" value="requestParameters.RelayState" />
- <set name="flowScope.request_context" value="requestParameters.RelayState" />
- <set name="flowScope.SAMLResponse" value="requestParameters.SAMLResponse" />
- </on-entry>
- <if test="requestParameters.RelayState == null or requestParameters.RelayState.isEmpty()"
- then="viewBadRequest" />
- <if test="requestParameters.SAMLResponse == null or requestParameters.SAMLResponse.isEmpty()"
- then="viewBadRequest" else="signinResponse" />
- </decision-state>
-
- <decision-state id="selectOIDCAuthorizationCodeFlowProcess">
- <on-entry>
- <set name="flowScope.state" value="requestParameters.state" />
- <set name="flowScope.request_context" value="requestParameters.state" />
- <set name="flowScope.code" value="requestParameters.code" />
- </on-entry>
- <if test="requestParameters.code == null or requestParameters.code.isEmpty()"
- then="viewBadRequest" />
- <if test="requestParameters.state == null or requestParameters.state.isEmpty()"
- then="viewBadRequest" else="signinResponse" />
- </decision-state>
-
- <action-state id="validateWReplyForSignout">
- <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.wreply)"/>
- <transition on="yes" to="selectSignOutProcess" />
- <transition on="no" to="viewBadRequestAndLogout" />
- </action-state>
-
- <decision-state id="selectSignOutProcess">
- <if test="requestParameters.wa == 'wsignout1.0' and flowScope.idpConfig.rpSingleSignOutConfirmation == true
- or requestParameters.wa == 'wsignoutcleanup1.0' and flowScope.idpConfig.rpSingleSignOutCleanupConfirmation == true"
- then="viewSignoutConfirmation" else="invalidateSessionAction" />
- </decision-state>
-
- <subflow-state id="signinRequest" subflow="signinRequest">
- <input name="idpConfig" value="flowScope.idpConfig" />
- <input name="realm" value="flowScope.wtrealm" />
- <input name="wctx" value="flowScope.wctx" />
- <input name="wfresh" value="flowScope.wfresh" />
- <input name="wauth" value="flowScope.wauth" />
- <input name="home_realm" value="flowScope.whr" />
- <input name="protocol" value="'wsfed'" />
- <input name="return_address" value="flowScope.wreply" />
- <input name="request_context" value="flowScope.request_context" />
-
- <output name="home_realm" />
- <output name="idpToken" />
- <output name="trusted_idp_context" />
-
- <transition on="requestRpToken" to="requestRpToken">
- <set name="flowScope.whr" value="currentEvent.attributes.home_realm" />
- <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
- </transition>
- <transition on="viewBadRequest" to="viewBadRequest" />
- <transition on="scInternalServerError" to="scInternalServerError" />
- <transition on="redirectToTrustedIDP" to="processTrustedIdpProtocol">
- <set name="flowScope.whr" value="currentEvent.attributes.home_realm" />
- <set name="flowScope.trusted_idp_context" value="currentEvent.attributes.trusted_idp_context"/>
- </transition>
- <transition on="redirectToLocalIDP" to="redirectToLocalIDP">
- <set name="flowScope.wctx" value="currentEvent.attributes.wctx" />
- </transition>
- </subflow-state>
-
- <subflow-state id="signinResponse" subflow="signinResponse">
- <input name="idpConfig" value="flowScope.idpConfig" />
- <input name="wfresh" value="flowScope.wfresh" />
- <input name="request_context" value="flowScope.request_context" />
- <input name="wresult" value="flowScope.wresult" />
- <input name="RelayState" value="flowScope.RelayState" />
- <input name="SAMLResponse" value="flowScope.SAMLResponse" />
- <input name="state" value="flowScope.state" />
- <input name="code" value="flowScope.code" />
- <input name="home_realm" value="flowScope.whr" />
- <input name="protocol" value="'wsfed'" />
-
- <output name="realm" />
- <output name="return_address" />
- <output name="request_context" />
- <output name="home_realm" />
- <output name="idpToken" />
-
- <transition on="requestRpToken" to="requestRpToken">
- <set name="flowScope.whr" value="currentEvent.attributes.home_realm" />
- <set name="flowScope.wctx" value="currentEvent.attributes.request_context" />
- <set name="flowScope.wtrealm" value="currentEvent.attributes.realm" />
- <set name="flowScope.wreply" value="currentEvent.attributes.return_address" />
- <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
- </transition>
- <transition on="viewBadRequest" to="viewBadRequest" />
- <transition on="scInternalServerError" to="scInternalServerError" />
- </subflow-state>
-
- <!-- produce RP security token (as String type) -->
- <action-state id="requestRpToken">
- <on-entry>
- <evaluate expression="stsClientForRpAction.submit(flowRequestContext, flowScope.wtrealm, flowScope.whr)"
- result="flowScope.rpTokenElement"/>
- <evaluate expression="tokenSerializer.serialize(flowRequestContext, flowScope.rpTokenElement)"
- result="flowScope.rpToken"/>
- </on-entry>
- <evaluate expression="signinParametersCacheAction.storeRPConfigInSession(flowRequestContext)" />
- <transition to="isWReplyProvided" />
- <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
- <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
- </action-state>
-
- <action-state id="processTrustedIdpProtocol">
- <evaluate expression="trustedIdpProtocolAction.mapSignInRequest(flowRequestContext, flowScope.whr)"
- result="flowScope.remoteIdpUrl"/>
- <transition to="redirectToTrustedIDP" />
- <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
- </action-state>
-
- <action-state id="isWReplyProvided">
- <evaluate expression="flowScope.wreply != null" />
- <transition on="yes" to="formResponseView" >
- <set name="flowScope.signinResponseUrl" value="flowScope.wreply" />
- </transition>
- <transition on="no" to="formResponseView" >
- <set name="flowScope.signinResponseUrl" value="flowScope.wtrealm" />
- </transition>
- </action-state>
-
- <!-- normal exit point for login -->
- <!-- browser redirection (self-submitted form 'signinresponseform.jsp') -->
- <end-state id="formResponseView" view="signinresponseform">
- <on-entry>
- <evaluate expression="flowScope.signinResponseUrl" result="requestScope.fedAction" />
- <evaluate expression="flowScope.wtrealm" result="requestScope.fedWTrealm" />
- <evaluate expression="flowScope.wctx" result="requestScope.fedWCtx" />
- <evaluate expression="flowScope.rpToken" result="requestScope.fedWResult" />
- </on-entry>
- </end-state>
-
- <!-- abnormal exit point : Http 400 Bad Request -->
- <end-state id="viewBadRequest" view="genericerror">
- <on-entry>
- <evaluate
- expression="externalContext.nativeResponse.setStatus(400,flowRequestContext.currentTransition.toString())" />
- <!--<set name="requestScope.reason" value="flowRequestContext.currentTransition" />-->
- </on-entry>
- </end-state>
-
- <end-state id="viewBadRequestAndLogout" view="genericerror">
- <on-entry>
- <evaluate expression="homeRealmReminder.removeCookie(flowRequestContext)" />
- <evaluate expression="logoutAction.submit(flowRequestContext)" />
- <evaluate
- expression="externalContext.nativeResponse.setStatus(400,flowRequestContext.currentTransition.toString())" />
- <!--<set name="requestScope.reason" value="flowRequestContext.currentTransition" />-->
- </on-entry>
- </end-state>
-
- <!-- abnormal exit point : Http 500 Internal Server Error -->
- <end-state id="scInternalServerError" view="genericerror">
- <on-entry>
- <evaluate
- expression="externalContext.nativeResponse.setStatus(500,'IDP is unavailable, please contact the administrator')" />
- <set name="requestScope.reason"
- value="'IDP is unavailable, please contact the administrator'" />
- <set name="requestScope.stateException"
- value="flowScope.stateException" />
- <set name="requestScope.rootCauseException"
- value="flowScope.rootCauseException" />
- </on-entry>
- </end-state>
-
- <!-- normal exit point for logout -->
- <view-state id="viewSignoutConfirmation" view="signoutconfirmationresponse">
- <transition on="submit" to="invalidateSessionAction"/>
- <transition on="cancel" to="redirect" />
- </view-state>
-
- <view-state id="redirect" view="externalRedirect:#{flowScope.wreply}" />
-
- <!-- normal exit point for logout -->
- <end-state id="invalidateSessionAction" view="signoutresponse">
- <on-entry>
- <!-- store the realmConfigMap in the request map before we invalidate the session below.
- Its needed in the signoutresponse.jsp page -->
- <set name="externalContext.requestMap.realmConfigMap"
- value="externalContext.sessionMap.realmConfigMap"/>
- <set name="externalContext.requestMap.wreply" value="flowScope.wreply"/>
- <!-- there is no Saml token canceller in cxf STS...
- <evaluate expression="stsClientForRpAction.cancelTokens(flowRequestContext)" />
- -->
- <evaluate expression="homeRealmReminder.removeCookie(flowRequestContext)" />
- <evaluate expression="logoutAction.submit(flowRequestContext)" />
- </on-entry>
- </end-state>
-
- <!-- redirect to remote idp -->
- <end-state id="redirectToTrustedIDP" view="externalRedirect:#{flowScope.remoteIdpUrl}">
- <!--
- <on-entry>
- <set name="flowScope.remoteIdpUrl"
- value="flowScope.idpConfig.findTrustedIdp(flowScope.whr).url
- +'?wa=wsignin1.0'
- +'&wtrealm='+flowScope.idpConfig.realm
- +'&wreply='+flowScope.idpConfig.idpUrl
- +(flowScope.wfresh != null ? '&wfresh='+flowScope.wfresh : '')
- +(flowScope.wctx != null ? '&wctx='+flowScope.wctx : '')">
- </set>
- </on-entry>
- -->
- </end-state>
-
- <end-state id="redirectToLocalIDP" view="externalRedirect:#{flowScope.localIdpUrl}">
- <on-entry>
- <set name="flowScope.localIdpUrl"
- value="flowScope.idpConfig.idpUrl
- +'?wa=wsignin1.0'
- +'&wreply='+flowScope.wreply
- +'&wtrealm='+flowScope.wtrealm
- +(flowScope.wctx != null ? '&wctx='+flowScope.wctx : '')
- +(flowScope.wfresh != null ? '&wfresh='+flowScope.wfresh : '')
- +(flowScope.whr != null ? '&whr='+flowScope.whr : '')
- +(flowScope.wreq != null ? '&wreq='+flowScope.wreq : '')">
- </set>
- </on-entry>
- </end-state>
-
-</flow>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp-core/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
deleted file mode 100644
index 1f12890..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
+++ /dev/null
@@ -1,259 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<flow xmlns="http://www.springframework.org/schema/webflow"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/webflow
- http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
-
- <decision-state id="evaluateProtocol">
- <on-entry>
- <set name="flowScope.idpConfig" value="config.getIDP(fedizEntryPoint.getRealm())" />
- </on-entry>
- <if test="requestParameters.wa == 'wsignin1.0'" then="selectWsFedProcess" />
- <if test="requestParameters.SAMLRequest != null or requestParameters.SAMLResponse != null"
- then="selectSAMLProcess" else="selectOIDCAuthorizationCodeFlowProcess"
- />
- </decision-state>
-
- <decision-state id="selectWsFedProcess">
- <on-entry>
- <set name="flowScope.wresult" value="requestParameters.wresult" />
- <set name="flowScope.wctx" value="requestParameters.wctx" />
- <set name="flowScope.request_context" value="requestParameters.wctx" />
- </on-entry>
- <if test="requestParameters.wctx == null or requestParameters.wctx.isEmpty()"
- then="viewBadRequest" />
- <if test="requestParameters.wresult == null or requestParameters.wresult.isEmpty()"
- then="viewBadRequest" />
- <if test="requestParameters.wtrealm != null and !requestParameters.wtrealm.isEmpty()"
- then="signinResponse" else="viewBadRequest" />
- </decision-state>
-
- <decision-state id="selectSAMLProcess">
- <on-entry>
- <set name="flowScope.RelayState" value="requestParameters.RelayState" />
- <set name="flowScope.request_context" value="requestParameters.RelayState" />
- <set name="flowScope.SAMLResponse" value="requestParameters.SAMLResponse" />
- <set name="flowScope.SAMLRequest" value="requestParameters.SAMLRequest" />
- <set name="flowScope.Signature" value="requestParameters.Signature" />
- </on-entry>
- <if test="requestParameters.RelayState == null or requestParameters.RelayState.isEmpty()"
- then="viewBadRequest" />
- <if test="requestParameters.SAMLRequest != null and !requestParameters.SAMLRequest.isEmpty()"
- then="parseSAMLAuthnRequest" />
- <if test="requestParameters.SAMLResponse == null or requestParameters.SAMLResponse.isEmpty()"
- then="viewBadRequest" else="signinResponse" />
- </decision-state>
-
- <decision-state id="selectOIDCAuthorizationCodeFlowProcess">
- <on-entry>
- <set name="flowScope.state" value="requestParameters.state" />
- <set name="flowScope.request_context" value="requestParameters.state" />
- <set name="flowScope.code" value="requestParameters.code" />
- </on-entry>
- <if test="requestParameters.code == null or requestParameters.code.isEmpty()"
- then="viewBadRequest" />
- <if test="requestParameters.state == null or requestParameters.state.isEmpty()"
- then="viewBadRequest" else="signinResponse" />
- </decision-state>
-
- <action-state id="parseSAMLAuthnRequest">
- <evaluate expression="authnRequestParser.parseSAMLRequest(flowRequestContext, flowScope.idpConfig,
- flowScope.SAMLRequest, flowScope.Signature,
- flowScope.RelayState)" />
- <transition to="retrieveConsumerURL"/>
- <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
- </action-state>
-
- <action-state id="retrieveConsumerURL">
- <evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)"
- result="flowScope.consumerURL"/>
- <transition to="retrieveRealm"/>
- <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
- </action-state>
-
- <action-state id="retrieveRealm">
- <evaluate expression="authnRequestParser.retrieveRealm(flowRequestContext)"
- result="flowScope.realm"/>
- <transition to="signinRequest"/>
- <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
- </action-state>
-
- <subflow-state id="signinRequest" subflow="signinRequest">
- <input name="idpConfig" value="flowScope.idpConfig" />
- <input name="SAMLRequest" value="flowScope.SAMLRequest" />
- <input name="RelayState" value="flowScope.RelayState" />
- <input name="Signature" value="flowScope.Signature" />
- <input name="protocol" value="'samlsso'" />
- <input name="saml_authn_request" value="flowScope.saml_authn_request" />
- <input name="realm" value="flowScope.realm" />
- <input name="home_realm" value="null" />
- <input name="wfresh" value="null" />
- <input name="return_address" value="flowScope.consumerURL" />
- <input name="request_context" value="flowScope.request_context" />
-
- <output name="home_realm" />
- <output name="idpToken" />
- <output name="trusted_idp_context" />
-
- <transition on="requestRpToken" to="requestRpToken">
- <set name="flowScope.home_realm" value="currentEvent.attributes.home_realm" />
- <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
- </transition>
- <transition on="viewBadRequest" to="viewBadRequest" />
- <transition on="scInternalServerError" to="scInternalServerError" />
- <transition on="redirectToLocalIDP" to="redirectToLocalIDP" />
- <transition on="redirectToTrustedIDP" to="processTrustedIdpProtocol">
- <set name="flowScope.home_realm" value="currentEvent.attributes.home_realm" />
- <set name="flowScope.trusted_idp_context" value="currentEvent.attributes.trusted_idp_context"/>
- </transition>
- </subflow-state>
-
- <subflow-state id="signinResponse" subflow="signinResponse">
- <input name="idpConfig" value="flowScope.idpConfig" />
- <input name="wfresh" value="flowScope.wfresh" />
- <input name="request_context" value="flowScope.request_context" />
- <input name="wresult" value="flowScope.wresult" />
- <input name="RelayState" value="flowScope.RelayState" />
- <input name="SAMLResponse" value="flowScope.SAMLResponse" />
- <input name="state" value="flowScope.state" />
- <input name="code" value="flowScope.code" />
- <input name="home_realm" value="flowScope.whr" />
- <input name="protocol" value="'samlsso'" />
-
- <output name="home_realm" />
- <output name="idpToken" />
- <output name="saml_authn_request" />
- <output name="request_context" />
-
- <transition on="requestRpToken" to="requestRpToken">
- <set name="flowScope.home_realm" value="currentEvent.attributes.home_realm" />
- <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
- <set name="flowScope.saml_authn_request" value="currentEvent.attributes.saml_authn_request" />
- <set name="flowScope.RelayState" value="currentEvent.attributes.request_context" />
- </transition>
- <transition on="viewBadRequest" to="viewBadRequest" />
- <transition on="scInternalServerError" to="scInternalServerError" />
- </subflow-state>
-
- <!-- produce RP security token (as String type) -->
- <action-state id="requestRpToken">
- <on-entry>
- <evaluate expression="authnRequestParser.retrieveRealm(flowRequestContext)"
- result="flowScope.realm"/>
- <evaluate expression="stsClientForRpAction.submit(flowRequestContext, flowScope.realm, flowScope.home_realm)"
- result="flowScope.rpTokenElement"/>
- </on-entry>
- <evaluate expression="signinParametersCacheAction.storeRPConfigInSession(flowRequestContext)"/>
- <transition to="produceSAMLResponse" />
- <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
- <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
- </action-state>
-
- <action-state id="produceSAMLResponse">
- <on-entry>
- <evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)"
- result="flowScope.consumerURL"/>
- <evaluate expression="authnRequestParser.retrieveRequestId(flowRequestContext)"
- result="flowScope.requestId"/>
- <evaluate expression="authnRequestParser.retrieveRequestIssuer(flowRequestContext)"
- result="flowScope.requestIssuer"/>
- </on-entry>
- <evaluate expression="samlResponseCreator.createSAMLResponse(flowRequestContext, flowScope.idpConfig, flowScope.rpTokenElement,
- flowScope.consumerURL, flowScope.requestId, flowScope.requestIssuer)"
- result="flowScope.rpResponse"/>
- <transition to="formResponseView" />
- </action-state>
-
- <!-- normal exit point for login -->
- <!-- browser redirection (self-submitted form 'samlsigninresponseform.jsp') -->
- <end-state id="formResponseView" view="samlsigninresponseform">
- <on-entry>
- <evaluate expression="flowScope.consumerURL" result="requestScope.samlAction" />
- <evaluate expression="flowScope.RelayState" result="requestScope.relayState" />
- <evaluate expression="flowScope.rpResponse" result="requestScope.samlResponse" />
- </on-entry>
- </end-state>
-
- <action-state id="processTrustedIdpProtocol">
- <evaluate expression="trustedIdpProtocolAction.mapSignInRequest(flowRequestContext, flowScope.home_realm)"
- result="flowScope.remoteIdpUrl"/>
- <transition to="redirectToTrustedIDP" />
- <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
- </action-state>
-
- <!-- abnormal exit point -->
- <decision-state id="viewBadRequest">
- <on-entry>
- <evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)"
- result="requestScope.samlAction"/>
- </on-entry>
- <!-- See if we managed to at least parse the request to get the response URL -->
- <if test="requestScope.samlAction == null or requestScope.samlAction.isEmpty()"
- then="viewBadRequestParsingError" else="viewBadRequestResponse"/>
- </decision-state>
-
- <end-state id="viewBadRequestResponse" view="samlsigninresponseform">
- <on-entry>
- <evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)"
- result="requestScope.samlAction"/>
- <evaluate expression="authnRequestParser.retrieveRequestId(flowRequestContext)"
- result="flowScope.requestId"/>
- <evaluate expression="flowScope.RelayState" result="requestScope.relayState" />
- <evaluate expression="samlResponseErrorCreator.createSAMLResponse(flowRequestContext, true, flowScope.idpConfig,
- flowScope.requestId)"
- result="requestScope.samlResponse"/>
- </on-entry>
- </end-state>
-
- <!-- abnormal exit point : Http 400 Bad Request -->
- <end-state id="viewBadRequestParsingError" view="genericerror">
- <on-entry>
- <evaluate
- expression="externalContext.nativeResponse.setStatus(400,'Error parsing SAML Request')" />
- <set name="requestScope.reason" value="'Error parsing SAML Request'" />
- </on-entry>
- </end-state>
-
- <!-- abnormal exit point : Http 500 Internal Server Error -->
- <end-state id="scInternalServerError" view="genericerror">
- <on-entry>
- <evaluate
- expression="externalContext.nativeResponse.setStatus(500,'IDP is unavailable, please contact the administrator')" />
- <set name="requestScope.reason"
- value="'IDP is unavailable, please contact the administrator'" />
- <set name="requestScope.stateException"
- value="flowScope.stateException" />
- <set name="requestScope.rootCauseException"
- value="flowScope.rootCauseException" />
- </on-entry>
- </end-state>
-
- <end-state id="redirectToLocalIDP" view="externalRedirect:#{flowScope.localIdpUrl}">
- <on-entry>
- <evaluate expression="localRedirectCreator.createRedirectURL(flowRequestContext, flowScope.idpConfig)"
- result="flowScope.localIdpUrl"/>
- </on-entry>
- </end-state>
-
- <!-- redirect to remote idp -->
- <end-state id="redirectToTrustedIDP" view="externalRedirect:#{flowScope.remoteIdpUrl}" />
-
-</flow>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/flows/signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/flows/signin-request.xml b/services/idp-core/src/main/webapp/WEB-INF/flows/signin-request.xml
deleted file mode 100644
index 2a7b125..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/flows/signin-request.xml
+++ /dev/null
@@ -1,171 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<flow xmlns="http://www.springframework.org/schema/webflow"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="
- http://www.springframework.org/schema/webflow
- http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
-
- <input name="idpConfig" />
- <input name="wfresh" />
- <input name="saml_authn_request" />
- <input name="realm" />
- <input name="home_realm" />
- <input name="protocol" />
- <input name="return_address" />
- <input name="request_context" />
-
- <!-- ===== Home Realm Discovery ===== -->
-
- <decision-state id="processHRDSExpression">
- <on-entry>
- <evaluate expression="processHRDSExpressionAction.submit(flowRequestContext, flowScope.home_realm)"
- result="flowScope.home_realm" />
- </on-entry>
- <if test="flowScope.home_realm == null or flowScope.home_realm.trim().isEmpty()"
- then="provideIDPListForUser" else="checkIsThisIDP" />
- </decision-state>
-
- <decision-state id="provideIDPListForUser">
- <if test="flowScope.idpConfig.trustedIdps == null or idpConfig.trustedIdps.isEmpty()"
- then="checkDefaultToThisIDP" />
- <if test="flowScope.idpConfig.isProvideIdpList() == false"
- then="checkDefaultToThisIDP" else="showIDPList" />
- </decision-state>
-
- <decision-state id="checkDefaultToThisIDP">
- <if test="flowScope.idpConfig.isUseCurrentIdp()" then="homeRealmSignInEntryPoint"
- else="viewBadRequest" />
- </decision-state>
-
- <view-state id="showIDPList" view="idplist" model="trustedIDPSelection">
- <var name="trustedIDPSelection"
- class="org.apache.cxf.fediz.service.idp.model.TrustedIDPSelection" />
- <binder>
- <binding property="homeRealm" required="true" />
- </binder>
- <on-entry>
- <set name="requestScope.idPConfig" value="flowScope.idpConfig" />
- </on-entry>
- <transition on="submit" to="checkIsThisIDP" bind="true"
- validate="true">
- <set name="flowScope.home_realm" value="trustedIDPSelection.homeRealm" />
- <evaluate
- expression="homeRealmReminder.addCookie(flowRequestContext, flowScope.home_realm)" />
- </transition>
- <transition on="cancel" to="checkDefaultToThisIDP"
- bind="false" validate="false" />
- </view-state>
-
- <!-- Home Realm is known then we can store it in cookie -->
- <decision-state id="checkIsThisIDP">
- <if test="flowScope.idpConfig.realm.equals(flowScope.home_realm)"
- then="homeRealmSignInEntryPoint" else="checkRemoteIdpToken" />
- </decision-state>
-
- <!-- ===== Realm independent ===== -->
-
- <action-state id="validateReturnAddress">
- <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.return_address)
- and passiveRequestorValidator.isValid(flowRequestContext, flowScope.return_address, flowScope.realm)"/>
- <transition on="yes" to="requestRpToken" />
- <transition on="no" to="viewBadRequest" />
- </action-state>
-
- <!-- ===== Home Realm != this realm ===== -->
-
- <decision-state id="checkRemoteIdpToken">
- <if test="externalContext.sessionMap[flowScope.home_realm] != null"
- then="checkRemoteIdpTokenExpiry" else="redirectToTrustedIDP" />
- </decision-state>
-
- <action-state id="checkRemoteIdpTokenExpiry">
- <evaluate
- expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext) or
- protocol.equals('wsfed') and wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.home_realm, flowRequestContext)
- or protocol.equals('samlsso') and authnRequestParser.isForceAuthentication(flowRequestContext)" />
- <transition on="yes" to="redirectToTrustedIDP" />
- <transition on="no" to="validateReturnAddress" >
- <set name="flowScope.idpToken" value="externalContext.sessionMap[flowScope.home_realm]" />
- </transition>
- <transition on-exception="java.lang.Throwable" to="viewBadRequest" />
- </action-state>
-
- <!-- ===== Home Realm == this realm ===== -->
-
- <decision-state id="homeRealmSignInEntryPoint">
- <on-entry>
- <!-- Here, home realm is guaranteed to be THIS realm -->
- <set name="flowScope.home_realm" value="flowScope.idpConfig.realm" />
- </on-entry>
-
- <!-- check presence of cached IDP token for THIS realm -->
- <if test="externalContext.sessionMap[flowScope.home_realm] == null"
- then="cacheSecurityToken" else="checkLocalIdPTokenExpiry" />
- </decision-state>
-
- <action-state id="checkLocalIdPTokenExpiry">
- <evaluate
- expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext) or
- protocol.equals('wsfed') and wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.home_realm, flowRequestContext)
- or protocol.equals('samlsso') and authnRequestParser.isForceAuthentication(flowRequestContext)" />
- <transition on="yes" to="redirectToLocalIDP" />
- <transition on="no" to="validateReturnAddress">
- <set name="flowScope.idpToken" value="externalContext.sessionMap[flowScope.home_realm]" />
- </transition>
- <transition on-exception="java.lang.Throwable" to="viewBadRequest" />
- </action-state>
-
- <end-state id="redirectToLocalIDP">
- <on-entry>
- <evaluate expression="logoutAction.submit(flowRequestContext)" />
- </on-entry>
- <output name="home_realm" value="flowScope.home_realm" />
- </end-state>
-
- <action-state id="cacheSecurityToken">
- <secured attributes="IS_AUTHENTICATED_FULLY" />
- <evaluate expression="cacheSecurityToken.submit(flowRequestContext)" />
- <transition to="validateReturnAddress">
- <set name="flowScope.idpToken" value="externalContext.sessionMap[flowScope.home_realm]" />
- </transition>
- </action-state>
-
- <!-- ============================================================================================================= -->
-
- <!-- normal exit point -->
- <end-state id="requestRpToken">
- <output name="home_realm" value="flowScope.home_realm" />
- <output name="idpToken" value="flowScope.idpToken" />
- </end-state>
-
- <!-- abnormal exit point -->
- <end-state id="viewBadRequest" />
-
- <!-- redirects to requestor idp -->
- <end-state id="redirectToTrustedIDP">
- <on-entry>
- <evaluate expression="signinParametersCacheAction.store(flowRequestContext, protocol)" />
- </on-entry>
- <output name="home_realm" value="flowScope.home_realm" />
- <output name="trusted_idp_context" value="flowScope.trusted_idp_context" />
- </end-state>
-
-</flow>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/flows/signin-response.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/flows/signin-response.xml b/services/idp-core/src/main/webapp/WEB-INF/flows/signin-response.xml
deleted file mode 100644
index ebfbf1f..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/flows/signin-response.xml
+++ /dev/null
@@ -1,85 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<!--
-Process a response from a trusted third party IdP. It starts by restoring the original request parameters for the current context.
-It then converts the response from the third party IdP into a SecurityToken via the TrustedIdPProtocolAction. It then exits this
-subflow to get a RP token from the STS.
- -->
-<flow xmlns="http://www.springframework.org/schema/webflow"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="
- http://www.springframework.org/schema/webflow
- http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
-
- <input name="idpConfig" />
- <input name="request_context" />
- <input name="wresult" />
- <input name="RelayState" />
- <input name="SAMLResponse" />
- <input name="state" />
- <input name="code" />
- <input name="home_realm" />
- <input name="protocol" />
-
- <on-start>
- <!-- restore the original request parameters for the current context -->
- <evaluate expression="signinParametersCacheAction.restore(flowRequestContext, request_context, protocol)" />
- </on-start>
-
- <!-- validate token issued by requestor IDP given its home realm -->
- <action-state id="validateToken">
- <evaluate expression="trustedIdpProtocolAction.mapSignInResponse(flowRequestContext, home_realm)"
- result="flowScope.idpToken" result-type="org.apache.cxf.ws.security.tokenstore.SecurityToken" />
- <transition to="checkCacheTrustedIdpToken" />
- <transition
- on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
- <transition
- on-exception="javax.ws.rs.BadRequestException" to="viewBadRequest" />
- <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
- </action-state>
-
- <action-state id="checkCacheTrustedIdpToken">
- <evaluate expression="idpConfig.findTrustedIdp(flowScope.home_realm).cacheTokens" />
- <transition on="yes" to="requestRpToken">
- <set name="externalContext.sessionMap[flowScope.home_realm]"
- value="flowScope.idpToken" />
- </transition>
- <transition on="no" to="requestRpToken" />
- </action-state>
-
- <end-state id="requestRpToken">
- <output name="home_realm" value="flowScope.home_realm" />
- <output name="request_context" value="flowScope.request_context" />
- <output name="return_address" value="flowScope.return_address" />
- <output name="realm" value="flowScope.realm" />
- <output name="idpToken" value="flowScope.idpToken" />
- <output name="saml_authn_request" value="flowScope.saml_authn_request" />
- </end-state>
-
- <!-- abnormal exit point : Http 400 Bad Request -->
- <end-state id="viewBadRequest">
- <output name="saml_authn_request" value="flowScope.saml_authn_request" />
- <output name="RelayState" value="flowScope.RelayState" />
- </end-state>
-
- <!-- abnormal exit point : Http 500 Internal Server Error -->
- <end-state id="scInternalServerError" />
-
-</flow>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/idp-config-realma.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/idp-config-realma.xml b/services/idp-core/src/main/webapp/WEB-INF/idp-config-realma.xml
deleted file mode 100644
index 8e66b57..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/idp-config-realma.xml
+++ /dev/null
@@ -1,158 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans profile="spring" xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-4.3.xsd
- ">
-
- <context:property-placeholder location="classpath:realm.properties" />
-
- <bean id="config"
- class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
- <property name="idpConfigs">
- <util:list>
- <ref bean="idp-realmA" />
- </util:list>
- </property>
- <property name="serviceConfigs">
- <util:list>
- <ref bean="srv-fedizhelloworld" />
- </util:list>
- </property>
- </bean>
-
- <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.model.IDPConfig">
- <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
- <property name="uri" value="realma" />
- <!--<property name="hrds" value="" /> --> <!-- TBD, not defined, provide list if enabled -->
- <property name="provideIdpList" value="true" />
- <property name="useCurrentIdp" value="true" />
- <property name="certificate" value="stsKeystoreA.properties" />
- <property name="certificatePassword" value="realma" />
- <property name="stsUrl"
- value="https://localhost:0/fediz-idp-sts/REALMA" />
- <property name="idpUrl"
- value="https://localhost:${realmA.port}/fediz-idp/federation" />
- <property name="supportedProtocols">
- <util:list>
- <value>http://docs.oasis-open.org/wsfed/federation/200706
- </value>
- <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
- </value>
- </util:list>
- </property>
- <property name="services">
- <util:map>
- <entry key="urn:org:apache:cxf:fediz:fedizhelloworld"
- value-ref="srv-fedizhelloworld" />
- </util:map>
- </property>
- <property name="authenticationURIs">
- <util:map>
- <entry key="default" value="federation/up" />
- <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey"
- value="federation/krb" />
- <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default"
- value="federation/up" />
- <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl"
- value="federation/clientcert" />
- </util:map>
- </property>
- <property name="trustedIdps">
- <util:map>
- <entry key="urn:org:apache:cxf:fediz:idp:realm-B"
- value-ref="trusted-idp-realmB" />
- </util:map>
- </property>
- <property name="serviceDisplayName" value="REALM A" />
- <property name="serviceDescription" value="IDP of Realm A" />
- <property name="rpSingleSignOutConfirmation" value="true"/>
- <property name="rpSingleSignOutCleanupConfirmation" value="false"/>
- </bean>
-
- <bean id="trusted-idp-realmB"
- class="org.apache.cxf.fediz.service.idp.model.TrustedIDPConfig">
- <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
- <property name="cacheTokens" value="true" />
- <property name="url"
- value="https://localhost:${realmB.port}/fediz-idp-remote/federation" />
- <property name="certificate" value="realmb.cert" />
- <property name="trustType" value="PEER_TRUST" /> <!-- Required for Fediz Core, Process SignInResponse -->
- <property name="protocol"
- value="http://docs.oasis-open.org/wsfed/federation/200706" />
- <property name="federationType" value="FEDERATE_IDENTITY" /> <!-- Required for STS Relationship -->
- <property name="name" value="REALM B" />
- <property name="description" value="IDP of Realm B" />
- <!-- todo true / false prop for propagate sign-out of other realms !?-->
- </bean>
-
- <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.model.ServiceConfig">
- <property name="realm"
- value="urn:org:apache:cxf:fediz:fedizhelloworld" />
- <property name="protocol"
- value="http://docs.oasis-open.org/wsfed/federation/200706" />
- <property name="serviceDisplayName" value="Fedizhelloworld" />
- <property name="serviceDescription"
- value="Web Application to illustrate WS-Federation" />
- <property name="role" value="ApplicationServiceType" />
- <property name="tokenType"
- value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
- <property name="lifeTime" value="3600" />
- <!-- <property name="encryptionCertificate" value="" /> -->
- <property name="requestedClaims">
- <util:list>
- <bean
- class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
- <property name="optional" value="false" />
- </bean>
- <bean
- class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
- <property name="optional" value="false" />
- </bean>
- <bean
- class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
- <property name="optional" value="false" />
- </bean>
- <bean
- class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
- <property name="optional" value="true" />
- </bean>
- </util:list>
- </property>
- </bean>
-
-</beans>
-
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/idp-config-realmb.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/idp-config-realmb.xml b/services/idp-core/src/main/webapp/WEB-INF/idp-config-realmb.xml
deleted file mode 100644
index 9494587..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/idp-config-realmb.xml
+++ /dev/null
@@ -1,133 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans profile="spring" xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-4.3.xsd">
-
- <context:property-placeholder location="classpath:realm.properties" />
-
- <bean id="config"
- class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
- <property name="idpConfigs">
- <util:list>
- <ref bean="idp-realmB" />
- </util:list>
- </property>
- <property name="serviceConfigs">
- <util:list>
- <ref bean="idp-realmA" />
- </util:list>
- </property>
- </bean>
-
- <bean id="idp-realmB" class="org.apache.cxf.fediz.service.idp.model.IDPConfig">
- <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
- <property name="uri" value="realmb" />
- <!--<property name="hrds" value="" /> --> <!-- TBD, not defined, provide list if enabled -->
- <property name="provideIdpList" value="false" />
- <property name="useCurrentIdp" value="true" />
- <property name="certificate" value="stsKeystoreB.properties" />
- <property name="certificatePassword" value="realmb" />
- <property name="stsUrl"
- value="https://localhost:0/fediz-idp-sts/REALMB" />
- <property name="idpUrl"
- value="https://localhost:${realmB.port}/fediz-idp-remote/federation" />
- <property name="supportedProtocols">
- <util:list>
- <value>http://docs.oasis-open.org/wsfed/federation/200706
- </value>
- <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
- </value>
- </util:list>
- </property>
- <property name="services">
- <util:map>
- <entry key="urn:org:apache:cxf:fediz:idp:realm-A"
- value-ref="idp-realmA" />
- </util:map>
- </property>
- <property name="authenticationURIs">
- <util:map>
- <entry key="default" value="federation/up" />
- <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey"
- value="federation/krb" />
- <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default"
- value="federation/up" />
- <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl"
- value="federation/clientcert" />
- </util:map>
- </property>
- <property name="serviceDisplayName" value="REALM B" />
- <property name="serviceDescription" value="IDP of Realm B" />
- <property name="rpSingleSignOutConfirmation" value="true"/>
- <property name="rpSingleSignOutCleanupConfirmation" value="false"/>
- </bean>
-
- <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.model.ServiceConfig">
- <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
- <property name="protocol"
- value="http://docs.oasis-open.org/wsfed/federation/200706" />
- <property name="serviceDisplayName" value="Resource IDP Realm A" />
- <property name="serviceDescription" value="Resource IDP Realm A" />
- <property name="role" value="SecurityTokenServiceType" />
- <property name="tokenType"
- value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
- <property name="lifeTime" value="3600" />
- <!-- <property name="encryptionCertificate" value="" /> -->
- <property name="requestedClaims">
- <util:list>
- <bean
- class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
- <property name="optional" value="false" />
- </bean>
- <bean
- class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
- <property name="optional" value="false" />
- </bean>
- <bean
- class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
- <property name="optional" value="false" />
- </bean>
- <bean
- class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
- <property name="optional" value="false" />
- </bean>
- </util:list>
- </property>
- </bean>
-
-</beans>
-