You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/12/05 13:02:40 UTC
[3/3] cxf-fediz git commit: FEDIZ-182 - Add support for bridging from
SAML SSO -> OIDC
FEDIZ-182 - Add support for bridging from SAML SSO -> OIDC
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/0b04bdd5
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/0b04bdd5
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/0b04bdd5
Branch: refs/heads/master
Commit: 0b04bdd50c6da961cf54b060bb600c38599a66b1
Parents: f20a014
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Dec 5 13:02:14 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Dec 5 13:02:14 2016 +0000
----------------------------------------------------------------------
.../WEB-INF/flows/saml-validate-request.xml | 14 +-
.../cxf/fediz/integrationtests/SAMLSSOTest.java | 75 +++++++-
.../samlsso/src/test/resources/cxf-service.xml | 2 +-
.../src/test/resources/fediz_config_wsfed.xml | 176 -------------------
.../test/resources/realma/entities-realma.xml | 25 ++-
.../src/test/resources/rp/cxf-service.xml | 25 +++
6 files changed, 129 insertions(+), 188 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0b04bdd5/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
index 7cda428..36ac3a8 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
@@ -28,7 +28,7 @@
</on-entry>
<if test="requestParameters.wa == 'wsignin1.0'" then="selectWsFedProcess" />
<if test="requestParameters.SAMLRequest != null or requestParameters.SAMLResponse != null"
- then="selectSAMLProcess" else="viewBadRequest"
+ then="selectSAMLProcess" else="selectOIDCAuthorizationCodeFlowProcess"
/>
</decision-state>
@@ -62,6 +62,18 @@
then="viewBadRequest" else="signinResponse" />
</decision-state>
+ <decision-state id="selectOIDCAuthorizationCodeFlowProcess">
+ <on-entry>
+ <set name="flowScope.state" value="requestParameters.state" />
+ <set name="flowScope.request_context" value="requestParameters.state" />
+ <set name="flowScope.code" value="requestParameters.code" />
+ </on-entry>
+ <if test="requestParameters.code == null or requestParameters.code.isEmpty()"
+ then="viewBadRequest" />
+ <if test="requestParameters.state == null or requestParameters.state.isEmpty()"
+ then="viewBadRequest" else="signinResponse" />
+ </decision-state>
+
<subflow-state id="signinSAMLRequest" subflow="signinSAMLRequest">
<input name="idpConfig" value="flowScope.idpConfig" />
<input name="SAMLRequest" value="flowScope.SAMLRequest" />
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0b04bdd5/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
index 61f79d6..a3d9dff 100644
--- a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
+++ b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
@@ -22,14 +22,19 @@ package org.apache.cxf.fediz.integrationtests;
import java.io.File;
import java.io.IOException;
+import java.net.URL;
+import java.util.ArrayList;
import javax.servlet.ServletException;
import com.gargoylesoftware.htmlunit.CookieManager;
+import com.gargoylesoftware.htmlunit.HttpMethod;
import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.WebRequest;
import com.gargoylesoftware.htmlunit.html.HtmlForm;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
+import com.gargoylesoftware.htmlunit.util.NameValuePair;
import com.gargoylesoftware.htmlunit.xml.XmlPage;
import org.apache.catalina.LifecycleException;
@@ -149,12 +154,6 @@ public class SAMLSSOTest {
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "samlssoWebapp");
server.addWebapp("/samlsso", rpWebapp.getAbsolutePath());
-
- /*
- rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
- cxt = server.addWebapp("/oidc", rpWebapp.getAbsolutePath());
- cxt.getPipeline().addValve(fa);
- */
}
server.start();
@@ -229,6 +228,19 @@ public class SAMLSSOTest {
Assert.assertTrue(bodyTextContent.contains("This is the double number response"));
}
+
+ @org.junit.Test
+ public void testOIDC() throws Exception {
+ String url = "https://localhost:" + getRpHttpsPort() + "/samlsso/app3/services/25";
+ String user = "ALICE"; // realm b credentials
+ String password = "ECILA";
+
+ final String bodyTextContent =
+ loginOIDC(url, user, password, idpOIDCHttpsPort, idpHttpsPort);
+
+ Assert.assertTrue(bodyTextContent.contains("This is the double number response"));
+ }
+
private static String login(String url, String user, String password,
String idpPort, String rpIdpPort) throws IOException {
@@ -300,7 +312,6 @@ public class SAMLSSOTest {
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- System.out.println("IDP: " + idpPage.asXml());
// Now redirect back to the RP
final HtmlForm form = idpPage.getFormByName("samlsigninresponseform");
@@ -312,4 +323,54 @@ public class SAMLSSOTest {
return rpPage.asXml();
}
+ private static String loginOIDC(String url, String user, String password,
+ String idpPort, String rpIdpPort) throws IOException {
+ //
+ // Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for
+ // "realm b".
+ //
+ final WebClient webClient = new WebClient();
+ CookieManager cookieManager = new CookieManager();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(idpPort)),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+
+ // The decision page is returned as XML for some reason. So parse it and send a form response back.
+ HtmlPage oidcIdpConfirmationPage = webClient.getPage(url);
+ final HtmlForm oidcForm = oidcIdpConfirmationPage.getForms().get(0);
+
+ WebRequest request = new WebRequest(new URL(oidcForm.getActionAttribute()), HttpMethod.POST);
+
+ request.setRequestParameters(new ArrayList<NameValuePair>());
+ String clientId = oidcForm.getInputByName("client_id").getValueAttribute();
+ request.getRequestParameters().add(new NameValuePair("client_id", clientId));
+ String redirectUri = oidcForm.getInputByName("redirect_uri").getValueAttribute();
+ request.getRequestParameters().add(new NameValuePair("redirect_uri", redirectUri));
+ String scope = oidcForm.getInputByName("scope").getValueAttribute();
+ request.getRequestParameters().add(new NameValuePair("scope", scope));
+ String state = oidcForm.getInputByName("state").getValueAttribute();
+ request.getRequestParameters().add(new NameValuePair("state", state));
+ String authToken = oidcForm.getInputByName("session_authenticity_token").getValueAttribute();
+ request.getRequestParameters().add(new NameValuePair("session_authenticity_token", authToken));
+ request.getRequestParameters().add(new NameValuePair("oauthDecision", "allow"));
+
+ HtmlPage idpPage = webClient.getPage(request);
+
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+
+ // Now redirect back to the RP
+ final HtmlForm form = idpPage.getFormByName("samlsigninresponseform");
+
+ final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+
+ final XmlPage rpPage = button.click();
+
+ webClient.close();
+ return rpPage.asXml();
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0b04bdd5/systests/federation/samlsso/src/test/resources/cxf-service.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/cxf-service.xml b/systests/federation/samlsso/src/test/resources/cxf-service.xml
index a03d3fa..eba2446 100644
--- a/systests/federation/samlsso/src/test/resources/cxf-service.xml
+++ b/systests/federation/samlsso/src/test/resources/cxf-service.xml
@@ -63,7 +63,7 @@
<constructor-arg><value>Fediz IdP</value></constructor-arg>
<property name="redirectUris">
<util:list value-type="java.lang.String">
- <value>https://localhost:${idp.https.port}/fediz-idp/federation</value>
+ <value>https://localhost:${idp.https.port}/fediz-idp/saml</value>
</util:list>
</property>
<property name="allowedGrantTypes">
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0b04bdd5/systests/federation/samlsso/src/test/resources/fediz_config_wsfed.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/fediz_config_wsfed.xml b/systests/federation/samlsso/src/test/resources/fediz_config_wsfed.xml
deleted file mode 100644
index c63530b..0000000
--- a/systests/federation/samlsso/src/test/resources/fediz_config_wsfed.xml
+++ /dev/null
@@ -1,176 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file.
- Keystore referenced below must have IDP STS' public cert included in it. This example re-uses the Tomcat SSL
- keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead.
--->
-<FedizConfig>
- <contextConfig name="/wsfed">
- <audienceUris>
- <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
- </audienceUris>
- <certificateStores>
- <trustManager>
- <keyStore file="test-classes/clienttrust.jks"
- password="storepass" type="JKS" />
- </trustManager>
- </certificateStores>
- <trustedIssuers>
- <issuer certificateValidation="PeerTrust" />
- </trustedIssuers>
- <maximumClockSkew>1000</maximumClockSkew>
- <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:type="federationProtocolType" version="1.0.0">
- <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
- <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
- <roleDelimiter>,</roleDelimiter>
- <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
- <freshness>10</freshness>
- <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-B</homeRealm>
- <claimTypesRequested>
- <claimType type="a particular claim type"
- optional="true" />
- </claimTypesRequested>
- </protocol>
- <logoutURL>/secure/logout</logoutURL>
- <logoutRedirectTo>/index.html</logoutRedirectTo>
- </contextConfig>
- <contextConfig name="/samlsso">
- <audienceUris>
- <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
- </audienceUris>
- <certificateStores>
- <trustManager>
- <keyStore file="test-classes/clienttrust.jks"
- password="storepass" type="JKS" />
- </trustManager>
- </certificateStores>
- <trustedIssuers>
- <issuer certificateValidation="PeerTrust" />
- </trustedIssuers>
- <maximumClockSkew>1000</maximumClockSkew>
- <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:type="federationProtocolType" version="1.0.0">
- <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
- <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
- <roleDelimiter>,</roleDelimiter>
- <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
- <freshness>10</freshness>
- <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-C</homeRealm>
- <claimTypesRequested>
- <claimType type="a particular claim type"
- optional="true" />
- </claimTypesRequested>
- </protocol>
- <logoutURL>/secure/logout</logoutURL>
- <logoutRedirectTo>/index.html</logoutRedirectTo>
- </contextConfig>
- <contextConfig name="/samlssocustom">
- <audienceUris>
- <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
- </audienceUris>
- <certificateStores>
- <trustManager>
- <keyStore file="test-classes/clienttrust.jks"
- password="storepass" type="JKS" />
- </trustManager>
- </certificateStores>
- <trustedIssuers>
- <issuer certificateValidation="PeerTrust" />
- </trustedIssuers>
- <maximumClockSkew>1000</maximumClockSkew>
- <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:type="federationProtocolType" version="1.0.0">
- <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
- <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
- <roleDelimiter>,</roleDelimiter>
- <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
- <freshness>10</freshness>
- <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-D</homeRealm>
- <claimTypesRequested>
- <claimType type="a particular claim type"
- optional="true" />
- </claimTypesRequested>
- </protocol>
- <logoutURL>/secure/logout</logoutURL>
- <logoutRedirectTo>/index.html</logoutRedirectTo>
- </contextConfig>
- <contextConfig name="/samlssocustompost">
- <audienceUris>
- <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
- </audienceUris>
- <certificateStores>
- <trustManager>
- <keyStore file="test-classes/clienttrust.jks"
- password="storepass" type="JKS" />
- </trustManager>
- </certificateStores>
- <trustedIssuers>
- <issuer certificateValidation="PeerTrust" />
- </trustedIssuers>
- <maximumClockSkew>1000</maximumClockSkew>
- <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:type="federationProtocolType" version="1.0.0">
- <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
- <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
- <roleDelimiter>,</roleDelimiter>
- <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
- <freshness>10</freshness>
- <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-E</homeRealm>
- <claimTypesRequested>
- <claimType type="a particular claim type"
- optional="true" />
- </claimTypesRequested>
- </protocol>
- <logoutURL>/secure/logout</logoutURL>
- <logoutRedirectTo>/index.html</logoutRedirectTo>
- </contextConfig>
- <contextConfig name="/oidc">
- <audienceUris>
- <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
- </audienceUris>
- <certificateStores>
- <trustManager>
- <keyStore file="test-classes/clienttrust.jks"
- password="storepass" type="JKS" />
- </trustManager>
- </certificateStores>
- <trustedIssuers>
- <issuer certificateValidation="PeerTrust" />
- </trustedIssuers>
- <maximumClockSkew>1000</maximumClockSkew>
- <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:type="federationProtocolType" version="1.0.0">
- <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
- <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
- <roleDelimiter>,</roleDelimiter>
- <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
- <freshness>10</freshness>
- <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-F</homeRealm>
- <claimTypesRequested>
- <claimType type="a particular claim type"
- optional="true" />
- </claimTypesRequested>
- </protocol>
- <logoutURL>/secure/logout</logoutURL>
- <logoutRedirectTo>/index.html</logoutRedirectTo>
- </contextConfig>
-</FedizConfig>
-
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0b04bdd5/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml b/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
index c0dd89b..6e840f5 100644
--- a/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
+++ b/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
@@ -61,6 +61,7 @@
<util:list>
<ref bean="srv-fedizhelloworld-realmB" />
<ref bean="srv-fedizhelloworld-realmC" />
+ <ref bean="srv-fedizhelloworld-realmD" />
</util:list>
</property>
<property name="trustedIdps">
@@ -116,7 +117,7 @@
<bean id="trusted-idp-realmD"
class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity">
- <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-F" />
+ <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-D" />
<property name="cacheTokens" value="true" />
<property name="url" value="https://localhost:${idp.oidc.https.port}/idpoidc/services/authorize" />
<property name="certificate" value="realmb.cert" />
@@ -138,7 +139,7 @@
<property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-B" />
<property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
<property name="serviceDisplayName" value="Fedizhelloworld" />
- <property name="serviceDescription" value="Web Application to illustrate WS-Federation" />
+ <property name="serviceDescription" value="Web Application to illustrate SAML SSO" />
<property name="role" value="ApplicationServiceType" />
<property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
<property name="lifeTime" value="3600" />
@@ -151,7 +152,20 @@
<property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-C" />
<property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
<property name="serviceDisplayName" value="Fedizhelloworld" />
- <property name="serviceDescription" value="Web Application to illustrate WS-Federation" />
+ <property name="serviceDescription" value="Web Application to illustrate SAML SSO" />
+ <property name="role" value="ApplicationServiceType" />
+ <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+ <property name="lifeTime" value="3600" />
+ <property name="passiveRequestorEndpointConstraint"
+ value="https://localhost:(\d)*/(\w)*/racs/.*" />
+ <property name="validatingCertificate" value="realma.cert" />
+ </bean>
+
+ <bean id="srv-fedizhelloworld-realmD" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
+ <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-D" />
+ <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
+ <property name="serviceDisplayName" value="Fedizhelloworld" />
+ <property name="serviceDescription" value="Web Application to illustrate SAML SSO" />
<property name="role" value="ApplicationServiceType" />
<property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
<property name="lifeTime" value="3600" />
@@ -171,6 +185,11 @@
<property name="optional" value="false" />
</bean>
<bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+ <property name="application" ref="srv-fedizhelloworld-realmD" />
+ <property name="claim" ref="claim_role" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
<property name="application" ref="srv-fedizhelloworld-realmB" />
<property name="claim" ref="claim_givenname" />
<property name="optional" value="false" />
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0b04bdd5/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml b/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
index 6f8d70a..11f179d 100644
--- a/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
+++ b/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
@@ -111,6 +111,31 @@
<ref bean="authorizationInterceptor"/>
</jaxrs:inInterceptors>
</jaxrs:server>
+
+ <bean id="ssoFilterApp3" class="org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter">
+ <property name="idpServiceAddress" value="https://localhost:${idp.https.port}/fediz-idp/saml/up"/>
+ <property name="assertionConsumerServiceAddress"
+ value="/racs/sso"/>
+ <property name="stateProvider" ref="stateManager"/>
+ <property name="addEndpointAddressToContext" value="true"/>
+ <property name="signRequest" value="true"/>
+ <property name="signaturePropertiesFile" value="stsKeystoreA.properties"/>
+ <property name="callbackHandler" ref="callbackHandler"/>
+ <property name="signatureUsername" value="realma" />
+ <property name="issuerId" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-D" />
+ </bean>
+
+ <jaxrs:server address="/app3">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="ssoFilterApp3"/>
+ </jaxrs:providers>
+ <jaxrs:inInterceptors>
+ <ref bean="authorizationInterceptor"/>
+ </jaxrs:inInterceptors>
+ </jaxrs:server>
<bean id="consumerService" class="org.apache.cxf.rs.security.saml.sso.RequestAssertionConsumerService">
<property name="stateProvider" ref="stateManager"/>