You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/11/04 15:26:59 UTC
[2/6] cxf-fediz git commit: Folded OIDC federation tests into wsfed
Folded OIDC federation tests into wsfed
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/fff27918
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/fff27918
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/fff27918
Branch: refs/heads/master
Commit: fff27918a773108eaf9f95e945d0ee581f4d6a46
Parents: d4b4919
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Nov 4 11:15:43 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Nov 4 11:15:43 2016 +0000
----------------------------------------------------------------------
systests/federation/oidc/pom.xml | 290 -----------
.../cxf/fediz/integrationtests/OIDCTest.java | 271 -----------
.../oidc/src/test/resources/cxf-service.xml | 130 -----
.../oidc/src/test/resources/entities-realma.xml | 480 -------------------
.../src/test/resources/fediz_config_oidc.xml | 56 ---
systests/federation/pom.xml | 1 -
systests/federation/wsfed/pom.xml | 29 ++
.../cxf/fediz/integrationtests/WSFedTest.java | 125 ++++-
.../wsfed/src/test/resources/cxf-service.xml | 130 +++++
.../src/test/resources/fediz_config_wsfed.xml | 30 ++
.../test/resources/realma/entities-realma.xml | 21 +
11 files changed, 324 insertions(+), 1239 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fff27918/systests/federation/oidc/pom.xml
----------------------------------------------------------------------
diff --git a/systests/federation/oidc/pom.xml b/systests/federation/oidc/pom.xml
deleted file mode 100644
index 2d8170d..0000000
--- a/systests/federation/oidc/pom.xml
+++ /dev/null
@@ -1,290 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.cxf.fediz.systests</groupId>
- <artifactId>fediz-systests-federation</artifactId>
- <version>1.3.2-SNAPSHOT</version>
- <relativePath>../pom.xml</relativePath>
- </parent>
- <groupId>org.apache.cxf.fediz.systests.federation</groupId>
- <artifactId>fediz-systests-federation-oidc</artifactId>
- <name>Apache Fediz Federation Systests Tomcat 7 OIDC</name>
- <packaging>jar</packaging>
- <properties>
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
- </properties>
- <dependencies>
- <dependency>
- <groupId>org.apache.tomcat.embed</groupId>
- <artifactId>tomcat-embed-core</artifactId>
- <version>${tomcat7.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.tomcat.embed</groupId>
- <artifactId>tomcat-embed-logging-juli</artifactId>
- <version>${tomcat7.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.eclipse.jdt.core.compiler</groupId>
- <artifactId>ecj</artifactId>
- <version>${ecj.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.tomcat.embed</groupId>
- <artifactId>tomcat-embed-jasper</artifactId>
- <version>${tomcat7.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>${junit.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf.fediz</groupId>
- <artifactId>fediz-tomcat7</artifactId>
- <version>${project.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf.fediz.systests</groupId>
- <artifactId>fediz-systests-tests</artifactId>
- <version>${project.version}</version>
- <type>test-jar</type>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- <version>${slf4j.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-jdk14</artifactId>
- <version>${slf4j.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.hsqldb</groupId>
- <artifactId>hsqldb</artifactId>
- <version>${hsqldb.version}</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
- <build>
- <testResources>
- <testResource>
- <directory>src/test/resources</directory>
- <filtering>true</filtering>
- <includes>
- <include>**/fediz_config*.xml</include>
- </includes>
- </testResource>
- <testResource>
- <directory>src/test/resources</directory>
- <filtering>false</filtering>
- <excludes>
- <exclude>**/fediz_config*.xml</exclude>
- </excludes>
- </testResource>
- </testResources>
- <plugins>
- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>build-helper-maven-plugin</artifactId>
- <executions>
- <execution>
- <id>reserve-network-port</id>
- <goals>
- <goal>reserve-network-port</goal>
- </goals>
- <phase>initialize</phase>
- <configuration>
- <portNames>
- <portName>idp.https.port</portName>
- <portName>idp.oidc.https.port</portName>
- <portName>rp.https.port</portName>
- </portNames>
- </configuration>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-dependency-plugin</artifactId>
- <executions>
- <execution>
- <id>copy-idp-sts</id>
- <phase>generate-resources</phase>
- <goals>
- <goal>unpack</goal>
- </goals>
- <configuration>
- <artifactItems>
- <artifactItem>
- <groupId>org.apache.cxf.fediz</groupId>
- <artifactId>fediz-idp</artifactId>
- <version>${project.version}</version>
- <type>war</type>
- <overWrite>true</overWrite>
- <outputDirectory>target/tomcat/idp/webapps/fediz-idp</outputDirectory>
- </artifactItem>
- <artifactItem>
- <groupId>org.apache.cxf.fediz</groupId>
- <artifactId>fediz-idp-sts</artifactId>
- <version>${project.version}</version>
- <type>war</type>
- <overWrite>true</overWrite>
- <outputDirectory>target/tomcat/idp/webapps/fediz-idp-sts</outputDirectory>
- </artifactItem>
- <artifactItem>
- <groupId>org.apache.cxf.fediz.systests.federation</groupId>
- <artifactId>fediz-systests-federation-oidcIdpWebapp</artifactId>
- <version>${project.version}</version>
- <type>war</type>
- <overWrite>true</overWrite>
- <outputDirectory>target/tomcat/idpoidc/webapps/idpoidc</outputDirectory>
- </artifactItem>
- <artifactItem>
- <groupId>org.apache.cxf.fediz.systests.webapps</groupId>
- <artifactId>fediz-systests-webapps-simple</artifactId>
- <version>${project.version}</version>
- <type>war</type>
- <overWrite>true</overWrite>
- <outputDirectory>target/tomcat/rp/webapps/simpleWebapp</outputDirectory>
- </artifactItem>
- <artifactItem>
- <groupId>org.apache.cxf.fediz.systests</groupId>
- <artifactId>fediz-systests-tests</artifactId>
- <version>${project.version}</version>
- <classifier>tests</classifier>
- <type>jar</type>
- <overWrite>true</overWrite>
- <outputDirectory>target/test-classes</outputDirectory>
- <includes>**/*.jks</includes>
- </artifactItem>
- </artifactItems>
- <outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename>
- <overWriteSnapshots>true</overWriteSnapshots>
- <overWriteIfNewer>true</overWriteIfNewer>
- <stripVersion>true</stripVersion>
- </configuration>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <artifactId>maven-resources-plugin</artifactId>
- <version>2.7</version>
- <executions>
- <execution>
- <id>copy-entities-to-idp</id>
- <phase>generate-test-sources</phase>
- <goals>
- <goal>copy-resources</goal>
- </goals>
- <configuration>
- <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp/WEB-INF/classes</outputDirectory>
- <resources>
- <resource>
- <directory>${basedir}/src/test/resources</directory>
- <includes>
- <include>entities-realma.xml</include>
- </includes>
- <filtering>true</filtering>
- </resource>
- </resources>
- </configuration>
- </execution>
- <execution>
- <id>copy-entities-to-oidc-idp</id>
- <phase>generate-test-sources</phase>
- <goals>
- <goal>copy-resources</goal>
- </goals>
- <configuration>
- <outputDirectory>${basedir}/target/tomcat/idpoidc/webapps/idpoidc/WEB-INF</outputDirectory>
- <resources>
- <resource>
- <directory>${basedir}/src/test/resources</directory>
- <includes>
- <include>cxf-service.xml</include>
- </includes>
- <filtering>true</filtering>
- </resource>
- </resources>
- </configuration>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <artifactId>maven-failsafe-plugin</artifactId>
- <inherited>true</inherited>
- <executions>
- <execution>
- <id>integration-test</id>
- <phase>integration-test</phase>
- <goals>
- <goal>integration-test</goal>
- </goals>
- <configuration>
- <skip>${skipTests}</skip>
- <systemPropertyVariables>
- <wt.headless>true</wt.headless>
- <idp.https.port>${idp.https.port}</idp.https.port>
- <idp.oidc.https.port>${idp.oidc.https.port}</idp.oidc.https.port>
- <rp.https.port>${rp.https.port}</rp.https.port>
- </systemPropertyVariables>
- <includes>
- <include>**/integrationtests/**</include>
- </includes>
- <argLine>-Xms512m -Xmx1024m
- -XX:MaxPermSize=256m</argLine>
- </configuration>
- </execution>
- <execution>
- <id>verify</id>
- <phase>verify</phase>
- <goals>
- <goal>verify</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId>
- <inherited>true</inherited>
- <configuration>
- <excludes>
- <exclude>**/integrationtests/**</exclude>
- </excludes>
- </configuration>
- </plugin>
- </plugins>
- </build>
-</project>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fff27918/systests/federation/oidc/src/test/java/org/apache/cxf/fediz/integrationtests/OIDCTest.java
----------------------------------------------------------------------
diff --git a/systests/federation/oidc/src/test/java/org/apache/cxf/fediz/integrationtests/OIDCTest.java b/systests/federation/oidc/src/test/java/org/apache/cxf/fediz/integrationtests/OIDCTest.java
deleted file mode 100644
index ec8b7e8..0000000
--- a/systests/federation/oidc/src/test/java/org/apache/cxf/fediz/integrationtests/OIDCTest.java
+++ /dev/null
@@ -1,271 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.integrationtests;
-
-
-import java.io.File;
-import java.io.IOException;
-import java.net.URL;
-import java.util.ArrayList;
-
-import javax.servlet.ServletException;
-
-import com.gargoylesoftware.htmlunit.CookieManager;
-import com.gargoylesoftware.htmlunit.HttpMethod;
-import com.gargoylesoftware.htmlunit.WebClient;
-import com.gargoylesoftware.htmlunit.WebRequest;
-import com.gargoylesoftware.htmlunit.html.HtmlForm;
-import com.gargoylesoftware.htmlunit.html.HtmlPage;
-import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
-import com.gargoylesoftware.htmlunit.util.NameValuePair;
-
-import org.apache.catalina.Context;
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.LifecycleState;
-import org.apache.catalina.connector.Connector;
-import org.apache.catalina.startup.Tomcat;
-import org.apache.cxf.fediz.core.ClaimTypes;
-import org.apache.cxf.fediz.tomcat7.FederationAuthenticator;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-
-/**
- * This is a test for federation in the IdP. The RP application is configured to use a home realm of "realm b". The
- * client gets redirected to the IdP for "realm a", which in turn redirects to the IdP for "realm b", which is a
- * OIDC IdP. The IdP for "realm a" will convert the signin request to a OIDC authorization code flow request. The
- * IdP for realm b authenticates the user, who is then redirected back to the IdP for "realm a" to get a SAML token
- * from the STS + then back to the application.
- */
-public class OIDCTest {
-
- static String idpHttpsPort;
- static String idpOIDCHttpsPort;
- static String rpHttpsPort;
-
- private static Tomcat idpServer;
- private static Tomcat idpOIDCServer;
- private static Tomcat rpServer;
-
- @BeforeClass
- public static void init() throws Exception {
- System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
- System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
- System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
- idpHttpsPort = System.getProperty("idp.https.port");
- Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
- idpOIDCHttpsPort = System.getProperty("idp.oidc.https.port");
- Assert.assertNotNull("Property 'idp.oidc.https.port' null", idpOIDCHttpsPort);
- rpHttpsPort = System.getProperty("rp.https.port");
- Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
-
- idpServer = startServer(true, false, idpHttpsPort);
- idpOIDCServer = startServer(false, true, idpOIDCHttpsPort);
- rpServer = startServer(false, false, rpHttpsPort);
- }
-
- private static Tomcat startServer(boolean idp, boolean realmb, String port)
- throws ServletException, LifecycleException, IOException {
- Tomcat server = new Tomcat();
- server.setPort(0);
- String currentDir = new File(".").getCanonicalPath();
- String baseDir = currentDir + File.separator + "target";
- server.setBaseDir(baseDir);
-
- if (idp) {
- server.getHost().setAppBase("tomcat/idp/webapps");
- } else if (realmb) {
- server.getHost().setAppBase("tomcat/idpoidc/webapps");
- } else {
- server.getHost().setAppBase("tomcat/rp/webapps");
- }
- server.getHost().setAutoDeploy(true);
- server.getHost().setDeployOnStartup(true);
-
- Connector httpsConnector = new Connector();
- httpsConnector.setPort(Integer.parseInt(port));
- httpsConnector.setSecure(true);
- httpsConnector.setScheme("https");
- //httpsConnector.setAttribute("keyAlias", keyAlias);
- httpsConnector.setAttribute("keystorePass", "tompass");
- httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
- httpsConnector.setAttribute("truststorePass", "tompass");
- httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
- httpsConnector.setAttribute("clientAuth", "want");
- // httpsConnector.setAttribute("clientAuth", "false");
- httpsConnector.setAttribute("sslProtocol", "TLS");
- httpsConnector.setAttribute("SSLEnabled", true);
-
- server.getService().addConnector(httpsConnector);
-
- if (idp) {
- File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
- server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
- File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
- server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
- } else if (realmb) {
- File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "idpoidc");
- server.addWebapp("/idp", idpWebapp.getAbsolutePath());
- } else {
- File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
- Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
-
- FederationAuthenticator fa = new FederationAuthenticator();
- fa.setConfigFile(currentDir + File.separator + "target" + File.separator
- + "test-classes" + File.separator + "fediz_config_oidc.xml");
- cxt.getPipeline().addValve(fa);
- }
-
- server.start();
-
- return server;
- }
-
- @AfterClass
- public static void cleanup() {
- shutdownServer(idpServer);
- shutdownServer(idpOIDCServer);
- shutdownServer(rpServer);
- }
-
- private static void shutdownServer(Tomcat server) {
- try {
- if (server != null && server.getServer() != null
- && server.getServer().getState() != LifecycleState.DESTROYED) {
- if (server.getServer().getState() != LifecycleState.STOPPED) {
- server.stop();
- }
- server.destroy();
- }
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
-
- public String getIdpHttpsPort() {
- return idpHttpsPort;
- }
-
- public String getRpHttpsPort() {
- return rpHttpsPort;
- }
-
- public String getServletContextName() {
- return "fedizhelloworld";
- }
-
- @org.junit.Test
- @org.junit.Ignore
- public void testBrowser() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
- System.out.println("URL: " + url);
- Thread.sleep(60 * 1000);
- }
-
- @org.junit.Test
- public void testOIDC() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
- String user = "ALICE"; // realm b credentials
- String password = "ECILA";
-
- final String bodyTextContent =
- login(url, user, password, idpOIDCHttpsPort, idpHttpsPort);
-
- Assert.assertTrue("Principal not alice",
- bodyTextContent.contains("userPrincipal=alice"));
- Assert.assertTrue("User " + user + " does not have role Admin",
- bodyTextContent.contains("role:Admin=false"));
- Assert.assertTrue("User " + user + " does not have role Manager",
- bodyTextContent.contains("role:Manager=false"));
- Assert.assertTrue("User " + user + " must have role User",
- bodyTextContent.contains("role:User=true"));
-
- String claim = ClaimTypes.FIRSTNAME.toString();
- Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
- bodyTextContent.contains(claim + "=Alice"));
- claim = ClaimTypes.LASTNAME.toString();
- Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
- bodyTextContent.contains(claim + "=Smith"));
- claim = ClaimTypes.EMAILADDRESS.toString();
- Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
- bodyTextContent.contains(claim + "=alice@realma.org"));
- }
-
- private static String login(String url, String user, String password,
- String idpPort, String rpIdpPort) throws IOException {
- //
- // Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for
- // "realm b".
- //
- final WebClient webClient = new WebClient();
- CookieManager cookieManager = new CookieManager();
- webClient.setCookieManager(cookieManager);
- webClient.getOptions().setUseInsecureSSL(true);
- webClient.getCredentialsProvider().setCredentials(
- new AuthScope("localhost", Integer.parseInt(idpPort)),
- new UsernamePasswordCredentials(user, password));
-
- webClient.getOptions().setJavaScriptEnabled(false);
-
- // The decision page is returned as XML for some reason. So parse it and send a form response back.
- HtmlPage oidcIdpConfirmationPage = webClient.getPage(url);
- final HtmlForm oidcForm = oidcIdpConfirmationPage.getForms().get(0);
-
- WebRequest request = new WebRequest(new URL(oidcForm.getActionAttribute()), HttpMethod.POST);
-
- request.setRequestParameters(new ArrayList<NameValuePair>());
- String clientId = oidcForm.getInputByName("client_id").getValueAttribute();
- request.getRequestParameters().add(new NameValuePair("client_id", clientId));
- String redirectUri = oidcForm.getInputByName("redirect_uri").getValueAttribute();
- request.getRequestParameters().add(new NameValuePair("redirect_uri", redirectUri));
- String scope = oidcForm.getInputByName("scope").getValueAttribute();
- request.getRequestParameters().add(new NameValuePair("scope", scope));
- String state = oidcForm.getInputByName("state").getValueAttribute();
- request.getRequestParameters().add(new NameValuePair("state", state));
- String authToken = oidcForm.getInputByName("session_authenticity_token").getValueAttribute();
- request.getRequestParameters().add(new NameValuePair("session_authenticity_token", authToken));
- request.getRequestParameters().add(new NameValuePair("oauthDecision", "allow"));
-
- HtmlPage idpPage = webClient.getPage(request);
-
- Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- // Now redirect back to the RP
- final HtmlForm form = idpPage.getFormByName("signinresponseform");
-
- final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
-
- final HtmlPage rpPage = button.click();
- Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
-
- webClient.close();
- return rpPage.getBody().getTextContent();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fff27918/systests/federation/oidc/src/test/resources/cxf-service.xml
----------------------------------------------------------------------
diff --git a/systests/federation/oidc/src/test/resources/cxf-service.xml b/systests/federation/oidc/src/test/resources/cxf-service.xml
deleted file mode 100644
index 7b09656..0000000
--- a/systests/federation/oidc/src/test/resources/cxf-service.xml
+++ /dev/null
@@ -1,130 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:cxf="http://cxf.apache.org/core"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:sec="http://cxf.apache.org/configuration/security"
- xmlns:http="http://cxf.apache.org/transports/http/configuration"
- xmlns:jaxws="http://cxf.apache.org/jaxws"
- xmlns:jaxrs="http://cxf.apache.org/jaxrs"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="
- http://cxf.apache.org/core
- http://cxf.apache.org/schemas/core.xsd
- http://cxf.apache.org/configuration/security
- http://cxf.apache.org/schemas/configuration/security.xsd
- http://cxf.apache.org/jaxws
- http://cxf.apache.org/schemas/jaxws.xsd
- http://cxf.apache.org/jaxrs
- http://cxf.apache.org/schemas/jaxrs.xsd
- http://cxf.apache.org/transports/http/configuration
- http://cxf.apache.org/schemas/configuration/http-conf.xsd
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-2.0.xsd">
-
- <import resource="classpath:META-INF/cxf/cxf.xml" />
-
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
-
- <!--cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus-->
-
- <bean id="callbackHandler" class="org.apache.cxf.fediz.oidc.idp.example.CommonCallbackHandler"/>
- <bean id="basicAuthFilter" class="org.apache.cxf.fediz.oidc.idp.example.BasicAuthFilter">
- <property name="callbackHandler" ref="callbackHandler"/>
- </bean>
-
- <bean id="client" class="org.apache.cxf.rs.security.oauth2.common.Client">
- <constructor-arg><value>consumer-id</value></constructor-arg>
- <constructor-arg><value>this-is-a-secret</value></constructor-arg>
- <constructor-arg><value>true</value></constructor-arg>
- <constructor-arg><value>Fediz IdP</value></constructor-arg>
- <property name="redirectUris">
- <util:list value-type="java.lang.String">
- <value>https://localhost:${idp.https.port}/fediz-idp/federation</value>
- </util:list>
- </property>
- <property name="allowedGrantTypes">
- <util:list value-type="java.lang.String">
- <value>authorization_code</value>
- </util:list>
- </property>
- <property name="registeredScopes">
- <util:list value-type="java.lang.String">
- <value>openid</value>
- </util:list>
- </property>
- </bean>
-
- <bean id="oauthProvider" class="org.apache.cxf.fediz.oidc.idp.example.EHCacheOIDCTokenProvider">
- <property name="client" ref="client"/>
- </bean>
-
- <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
- <property name="dataProvider" ref="oauthProvider"/>
- </bean>
-
- <bean id="idTokenProviderImpl" class="org.apache.cxf.fediz.oidc.idp.example.IdTokenProviderImpl"/>
-
- <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter">
- <property name="idTokenProvider" ref="idTokenProviderImpl"/>
- </bean>
-
- <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
- <property name="dataProvider" ref="oauthProvider"/>
- <property name="responseFilter" ref="idTokenFilter"/>
- </bean>
-
- <bean id="oauthJSONProvider" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
-
- <bean id="viewProvider" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider">
- <property name="useClassNames" value="true"/>
- <property name="locationPrefix" value="/WEB-INF/views/"/>
- <property name="beanName" value="data"/>
- <property name="dispatcherName" value="jsp"/>
- </bean>
-
- <jaxrs:server address="/services">
- <jaxrs:serviceBeans>
- <ref bean="authorizationService"/>
- <ref bean="tokenService"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="oauthJSONProvider"/>
- <ref bean="basicAuthFilter"/>
- <ref bean="viewProvider"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.keystore.type" value="jks" />
- <entry key="rs.security.keystore.alias" value="realmb"/>
- <entry key="rs.security.key.password" value="realmb"/>
- <entry key="rs.security.keystore.password" value="storepass"/>
- <entry key="rs.security.keystore.file" value="stsrealm_b.jks" />
- <entry key="rs.security.signature.algorithm" value="RS256" />
- </jaxrs:properties>
- </jaxrs:server>
-
-</beans>
-
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fff27918/systests/federation/oidc/src/test/resources/entities-realma.xml
----------------------------------------------------------------------
diff --git a/systests/federation/oidc/src/test/resources/entities-realma.xml b/systests/federation/oidc/src/test/resources/entities-realma.xml
deleted file mode 100644
index 851ef50..0000000
--- a/systests/federation/oidc/src/test/resources/entities-realma.xml
+++ /dev/null
@@ -1,480 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-2.0.xsd">
-
- <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.service.jpa.IdpEntity">
- <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
- <property name="uri" value="realma" />
- <property name="provideIdpList" value="true" />
- <property name="useCurrentIdp" value="true" />
- <property name="certificate" value="stsKeystoreA.properties" />
- <property name="certificatePassword" value="realma" />
- <property name="stsUrl" value="https://localhost:${idp.https.port}/fediz-idp-sts/REALMA" />
- <property name="idpUrl" value="https://localhost:${idp.https.port}/fediz-idp/federation" />
- <property name="rpSingleSignOutConfirmation" value="true"/>
- <property name="supportedProtocols">
- <util:list>
- <value>http://docs.oasis-open.org/wsfed/federation/200706
- </value>
- <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
- </value>
- </util:list>
- </property>
- <property name="tokenTypesOffered">
- <util:list>
- <value>urn:oasis:names:tc:SAML:1.0:assertion</value>
- <value>urn:oasis:names:tc:SAML:2.0:assertion</value>
- </util:list>
- </property>
- <property name="authenticationURIs">
- <util:map>
- <entry key="default" value="federation/up" />
- <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey"
- value="federation/krb" />
- <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default"
- value="federation/up" />
- <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl"
- value="federation/clientcert" />
- </util:map>
- </property>
- <property name="serviceDisplayName" value="REALM A" />
- <property name="serviceDescription" value="IDP of Realm A" />
- <property name="applications">
- <util:list>
- <ref bean="srv-fedizhelloworld" />
- </util:list>
- </property>
- <property name="trustedIdps">
- <util:list>
- <ref bean="trusted-idp-realmB" />
- </util:list>
- </property>
- <property name="claimTypesOffered">
- <util:list>
- <ref bean="claim_role" />
- <ref bean="claim_surname" />
- <ref bean="claim_givenname" />
- <ref bean="claim_email" />
- </util:list>
- </property>
- </bean>
-
- <bean id="trusted-idp-realmB"
- class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity">
- <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
- <property name="cacheTokens" value="true" />
- <property name="url" value="https://localhost:${idp.oidc.https.port}/idp/services/authorize" />
- <property name="certificate" value="realmb.cert" />
- <property name="trustType" value="PEER_TRUST" />
- <property name="protocol" value="openid-connect-1.0" />
- <property name="federationType" value="FEDERATE_IDENTITY" />
- <property name="name" value="Realm B" />
- <property name="description" value="Realm B description" />
- <property name="parameters">
- <util:map>
- <entry key="client.id" value="consumer-id"/>
- <entry key="client.secret" value="this-is-a-secret"/>
- <entry key="token.endpoint" value="https://localhost:${idp.oidc.https.port}/idp/services/token"/>
- </util:map>
- </property>
- </bean>
-
- <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
- <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" />
- <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
- <property name="serviceDisplayName" value="Fedizhelloworld" />
- <property name="serviceDescription" value="Web Application to illustrate WS-Federation" />
- <property name="role" value="ApplicationServiceType" />
- <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
- <property name="lifeTime" value="3600" />
- <property name="passiveRequestorEndpointConstraint"
- value="https://localhost:(\d)*/(\w)*helloworld.*/secure/.*" />
- </bean>
-
- <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
- <property name="application" ref="srv-fedizhelloworld" />
- <property name="claim" ref="claim_role" />
- <property name="optional" value="false" />
- </bean>
- <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
- <property name="application" ref="srv-fedizhelloworld" />
- <property name="claim" ref="claim_givenname" />
- <property name="optional" value="false" />
- </bean>
- <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
- <property name="application" ref="srv-fedizhelloworld" />
- <property name="claim" ref="claim_surname" />
- <property name="optional" value="false" />
- </bean>
- <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
- <property name="application" ref="srv-fedizhelloworld" />
- <property name="claim" ref="claim_email" />
- <property name="optional" value="false" />
- </bean>
-
- <bean id="claim_role"
- class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
- <property name="displayName"
- value="role" />
- <property name="description"
- value="Description for role" />
- </bean>
- <bean id="claim_givenname"
- class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
- <property name="displayName"
- value="firstname" />
- <property name="description"
- value="Description for firstname" />
- </bean>
- <bean id="claim_surname"
- class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
- <property name="displayName"
- value="lastname" />
- <property name="description"
- value="Description for lastname" />
- </bean>
- <bean id="claim_email"
- class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
- <property name="displayName"
- value="email" />
- <property name="description"
- value="Description for email" />
- </bean>
-
-
- <bean id="entitlement_claim_list"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="CLAIM_LIST" />
- <property name="description"
- value="Description for CLAIM_LIST" />
- </bean>
- <bean id="entitlement_claim_create"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="CLAIM_CREATE" />
- <property name="description"
- value="Description for CLAIM_CREATE" />
- </bean>
- <bean id="entitlement_claim_read"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="CLAIM_READ" />
- <property name="description"
- value="Description for CLAIM_READ" />
- </bean>
- <bean id="entitlement_claim_update"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="CLAIM_UPDATE" />
- <property name="description"
- value="Description for CLAIM_UPDATE" />
- </bean>
- <bean id="entitlement_claim_delete"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="CLAIM_DELETE" />
- <property name="description"
- value="Description for CLAIM_DELETE" />
- </bean>
-
- <bean id="entitlement_application_list"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="APPLICATION_LIST" />
- <property name="description"
- value="Description for APPLICATION_LIST" />
- </bean>
- <bean id="entitlement_application_create"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="APPLICATION_CREATE" />
- <property name="description"
- value="Description for APPLICATION_CREATE" />
- </bean>
- <bean id="entitlement_application_read"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="APPLICATION_READ" />
- <property name="description"
- value="Description for APPLICATION_READ" />
- </bean>
- <bean id="entitlement_application_update"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="APPLICATION_UPDATE" />
- <property name="description"
- value="Description for APPLICATION_UPDATE" />
- </bean>
- <bean id="entitlement_application_delete"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="APPLICATION_DELETE" />
- <property name="description"
- value="Description for APPLICATION_DELETE" />
- </bean>
-
- <bean id="entitlement_trustedidp_list"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="TRUSTEDIDP_LIST" />
- <property name="description"
- value="Description for TRUSTEDIDP_LIST" />
- </bean>
- <bean id="entitlement_trustedidp_create"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="TRUSTEDIDP_CREATE" />
- <property name="description"
- value="Description for TRUSTEDIDP_CREATE" />
- </bean>
- <bean id="entitlement_trustedidp_read"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="TRUSTEDIDP_READ" />
- <property name="description"
- value="Description for TRUSTEDIDP_READ" />
- </bean>
- <bean id="entitlement_trustedidp_update"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="TRUSTEDIDP_UPDATE" />
- <property name="description"
- value="Description for TRUSTEDIDP_UPDATE" />
- </bean>
- <bean id="entitlement_trustedidp_delete"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="TRUSTEDIDP_DELETE" />
- <property name="description"
- value="Description for TRUSTEDIDP_DELETE" />
- </bean>
-
- <bean id="entitlement_idp_list"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="IDP_LIST" />
- <property name="description"
- value="Description for IDP_LIST" />
- </bean>
- <bean id="entitlement_idp_create"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="IDP_CREATE" />
- <property name="description"
- value="Description for IDP_CREATE" />
- </bean>
- <bean id="entitlement_idp_read"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="IDP_READ" />
- <property name="description"
- value="Description for IDP_READ" />
- </bean>
- <bean id="entitlement_idp_update"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="IDP_UPDATE" />
- <property name="description"
- value="Description for IDP_UPDATE" />
- </bean>
- <bean id="entitlement_idp_delete"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="IDP_DELETE" />
- <property name="description"
- value="Description for IDP_DELETE" />
- </bean>
-
- <bean id="entitlement_role_list"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="ROLE_LIST" />
- <property name="description"
- value="Description for ROLE_LIST" />
- </bean>
- <bean id="entitlement_role_create"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="ROLE_CREATE" />
- <property name="description"
- value="Description for ROLE_CREATE" />
- </bean>
- <bean id="entitlement_role_read"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="ROLE_READ" />
- <property name="description"
- value="Description for ROLE_READ" />
- </bean>
- <bean id="entitlement_role_update"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="ROLE_UPDATE" />
- <property name="description"
- value="Description for ROLE_UPDATE" />
- </bean>
- <bean id="entitlement_role_delete"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="ROLE_DELETE" />
- <property name="description"
- value="Description for ROLE_DELETE" />
- </bean>
-
- <bean id="entitlement_entitlement_list"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="ENTITLEMENT_LIST" />
- <property name="description"
- value="Description for ENTITLEMENT_LIST" />
- </bean>
- <bean id="entitlement_entitlement_create"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="ENTITLEMENT_CREATE" />
- <property name="description"
- value="Description for ENTITLEMENT_CREATE" />
- </bean>
- <bean id="entitlement_entitlement_read"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="ENTITLEMENT_READ" />
- <property name="description"
- value="Description for ENTITLEMENT_READ" />
- </bean>
- <bean id="entitlement_entitlement_update"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="ENTITLEMENT_UPDATE" />
- <property name="description"
- value="Description for ENTITLEMENT_UPDATE" />
- </bean>
- <bean id="entitlement_entitlement_delete"
- class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
- <property name="name"
- value="ENTITLEMENT_DELETE" />
- <property name="description"
- value="Description for ENTITLEMENT_DELETE" />
- </bean>
-
- <bean id="role_admin"
- class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
- <property name="name"
- value="ADMIN" />
- <property name="description"
- value="This is the administrator role with full access" />
- <property name="entitlements">
- <util:list>
- <ref bean="entitlement_claim_list" />
- <ref bean="entitlement_claim_create" />
- <ref bean="entitlement_claim_read" />
- <ref bean="entitlement_claim_update" />
- <ref bean="entitlement_claim_delete" />
- <ref bean="entitlement_idp_list" />
- <ref bean="entitlement_idp_create" />
- <ref bean="entitlement_idp_read" />
- <ref bean="entitlement_idp_update" />
- <ref bean="entitlement_idp_delete" />
- <ref bean="entitlement_trustedidp_list" />
- <ref bean="entitlement_trustedidp_create" />
- <ref bean="entitlement_trustedidp_read" />
- <ref bean="entitlement_trustedidp_update" />
- <ref bean="entitlement_trustedidp_delete" />
- <ref bean="entitlement_application_list" />
- <ref bean="entitlement_application_create" />
- <ref bean="entitlement_application_read" />
- <ref bean="entitlement_application_update" />
- <ref bean="entitlement_application_delete" />
- <ref bean="entitlement_role_list" />
- <ref bean="entitlement_role_create" />
- <ref bean="entitlement_role_read" />
- <ref bean="entitlement_role_update" />
- <ref bean="entitlement_role_delete" />
- <ref bean="entitlement_entitlement_list" />
- <ref bean="entitlement_entitlement_create" />
- <ref bean="entitlement_entitlement_read" />
- <ref bean="entitlement_entitlement_update" />
- <ref bean="entitlement_entitlement_delete" />
- </util:list>
- </property>
- </bean>
- <bean id="role_user"
- class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
- <property name="name"
- value="USER" />
- <property name="description"
- value="This is the user role with read access" />
- <property name="entitlements">
- <util:list>
- <ref bean="entitlement_claim_list" />
- <ref bean="entitlement_claim_read" />
- <ref bean="entitlement_idp_list" />
- <ref bean="entitlement_idp_read" />
- <ref bean="entitlement_trustedidp_list" />
- <ref bean="entitlement_trustedidp_read" />
- <ref bean="entitlement_application_list" />
- <ref bean="entitlement_application_read" />
- <ref bean="entitlement_role_list" />
- <ref bean="entitlement_role_read" />
- <ref bean="entitlement_entitlement_list" />
- <ref bean="entitlement_entitlement_read" />
- </util:list>
- </property>
- </bean>
- <bean id="role_idp_login"
- class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
- <property name="name"
- value="IDP_LOGIN" />
- <property name="description"
- value="This is the IDP login role which is applied to Users during the IDP SSO" />
- <property name="entitlements">
- <util:list>
- <ref bean="entitlement_claim_list" />
- <ref bean="entitlement_claim_read" />
- <ref bean="entitlement_idp_list" />
- <ref bean="entitlement_idp_read" />
- <ref bean="entitlement_trustedidp_list" />
- <ref bean="entitlement_trustedidp_read" />
- <ref bean="entitlement_application_list" />
- <ref bean="entitlement_application_read" />
- </util:list>
- </property>
- </bean>
-
-
-
-</beans>
-
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fff27918/systests/federation/oidc/src/test/resources/fediz_config_oidc.xml
----------------------------------------------------------------------
diff --git a/systests/federation/oidc/src/test/resources/fediz_config_oidc.xml b/systests/federation/oidc/src/test/resources/fediz_config_oidc.xml
deleted file mode 100644
index 7bd3cb7..0000000
--- a/systests/federation/oidc/src/test/resources/fediz_config_oidc.xml
+++ /dev/null
@@ -1,56 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file.
- Keystore referenced below must have IDP STS' public cert included in it. This example re-uses the Tomcat SSL
- keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead.
--->
-<FedizConfig>
- <contextConfig name="/fedizhelloworld">
- <audienceUris>
- <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
- </audienceUris>
- <certificateStores>
- <trustManager>
- <keyStore file="test-classes/clienttrust.jks"
- password="storepass" type="JKS" />
- </trustManager>
- </certificateStores>
- <trustedIssuers>
- <issuer certificateValidation="PeerTrust" />
- </trustedIssuers>
- <maximumClockSkew>1000</maximumClockSkew>
- <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:type="federationProtocolType" version="1.0.0">
- <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
- <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
- <roleDelimiter>,</roleDelimiter>
- <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
- <freshness>10</freshness>
- <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-B</homeRealm>
- <claimTypesRequested>
- <claimType type="a particular claim type"
- optional="true" />
- </claimTypesRequested>
- </protocol>
- <logoutURL>/secure/logout</logoutURL>
- <logoutRedirectTo>/index.html</logoutRedirectTo>
- </contextConfig>
-</FedizConfig>
-
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fff27918/systests/federation/pom.xml
----------------------------------------------------------------------
diff --git a/systests/federation/pom.xml b/systests/federation/pom.xml
index b158064..ca73553 100644
--- a/systests/federation/pom.xml
+++ b/systests/federation/pom.xml
@@ -33,7 +33,6 @@
<modules>
<module>samlIdpWebapp</module>
<module>oidcIdpWebapp</module>
- <module>oidc</module>
<module>wsfed</module>
</modules>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fff27918/systests/federation/wsfed/pom.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/pom.xml b/systests/federation/wsfed/pom.xml
index 41cdcb0..ceafb65 100644
--- a/systests/federation/wsfed/pom.xml
+++ b/systests/federation/wsfed/pom.xml
@@ -129,6 +129,7 @@
<portName>idp.https.port</portName>
<portName>idp.realmb.https.port</portName>
<portName>idp.samlsso.https.port</portName>
+ <portName>idp.oidc.https.port</portName>
<portName>rp.https.port</portName>
</portNames>
</configuration>
@@ -196,6 +197,14 @@
<outputDirectory>target/tomcat/idpsamlsso/webapps/idpsaml</outputDirectory>
</artifactItem>
<artifactItem>
+ <groupId>org.apache.cxf.fediz.systests.federation</groupId>
+ <artifactId>fediz-systests-federation-oidcIdpWebapp</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/tomcat/idpoidc/webapps/idpoidc</outputDirectory>
+ </artifactItem>
+ <artifactItem>
<groupId>org.apache.cxf.fediz.systests</groupId>
<artifactId>fediz-systests-tests</artifactId>
<version>${project.version}</version>
@@ -278,6 +287,25 @@
</resources>
</configuration>
</execution>
+ <execution>
+ <id>copy-entities-to-oidc-idp</id>
+ <phase>generate-test-sources</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${basedir}/target/tomcat/idpoidc/webapps/idpoidc/WEB-INF</outputDirectory>
+ <resources>
+ <resource>
+ <directory>${basedir}/src/test/resources</directory>
+ <includes>
+ <include>cxf-service.xml</include>
+ </includes>
+ <filtering>true</filtering>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
</executions>
</plugin>
<plugin>
@@ -297,6 +325,7 @@
<idp.https.port>${idp.https.port}</idp.https.port>
<idp.realmb.https.port>${idp.realmb.https.port}</idp.realmb.https.port>
<idp.samlsso.https.port>${idp.samlsso.https.port}</idp.samlsso.https.port>
+ <idp.oidc.https.port>${idp.oidc.https.port}</idp.oidc.https.port>
<rp.https.port>${rp.https.port}</rp.https.port>
</systemPropertyVariables>
<includes>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fff27918/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java b/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java
index b7ac194..1bc296e 100644
--- a/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java
+++ b/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java
@@ -22,7 +22,9 @@ package org.apache.cxf.fediz.integrationtests;
import java.io.File;
import java.io.IOException;
+import java.net.URL;
import java.net.URLEncoder;
+import java.util.ArrayList;
import javax.servlet.ServletException;
@@ -31,12 +33,15 @@ import org.w3c.dom.Element;
import org.w3c.dom.Node;
import com.gargoylesoftware.htmlunit.CookieManager;
+import com.gargoylesoftware.htmlunit.HttpMethod;
import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.WebRequest;
import com.gargoylesoftware.htmlunit.html.DomElement;
import com.gargoylesoftware.htmlunit.html.DomNodeList;
import com.gargoylesoftware.htmlunit.html.HtmlForm;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
+import com.gargoylesoftware.htmlunit.util.NameValuePair;
import com.gargoylesoftware.htmlunit.xml.XmlPage;
import org.apache.catalina.Context;
@@ -66,15 +71,21 @@ import org.junit.Test;
* - OIDC (custom webapp)
*/
public class WSFedTest {
+
+ private enum ServerType {
+ IDP, REALMB, SAMLSSO, OIDC, RP
+ }
static String idpHttpsPort;
static String idpRealmbHttpsPort;
static String idpSamlSSOHttpsPort;
+ static String idpOIDCHttpsPort;
static String rpHttpsPort;
private static Tomcat idpServer;
private static Tomcat idpRealmbServer;
private static Tomcat idpSamlSSOServer;
+ private static Tomcat idpOIDCServer;
private static Tomcat rpServer;
@BeforeClass
@@ -94,16 +105,19 @@ public class WSFedTest {
Assert.assertNotNull("Property 'idp.realmb.https.port' null", idpRealmbHttpsPort);
idpSamlSSOHttpsPort = System.getProperty("idp.samlsso.https.port");
Assert.assertNotNull("Property 'idp.samlsso.https.port' null", idpSamlSSOHttpsPort);
+ idpOIDCHttpsPort = System.getProperty("idp.oidc.https.port");
+ Assert.assertNotNull("Property 'idp.oidc.https.port' null", idpOIDCHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
- idpServer = startServer(true, false, false, idpHttpsPort);
- idpRealmbServer = startServer(false, true, false, idpRealmbHttpsPort);
- idpSamlSSOServer = startServer(false, false, true, idpSamlSSOHttpsPort);
- rpServer = startServer(false, false, false, rpHttpsPort);
+ idpServer = startServer(ServerType.IDP, idpHttpsPort);
+ idpRealmbServer = startServer(ServerType.REALMB, idpRealmbHttpsPort);
+ idpSamlSSOServer = startServer(ServerType.SAMLSSO, idpSamlSSOHttpsPort);
+ idpOIDCServer = startServer(ServerType.OIDC, idpOIDCHttpsPort);
+ rpServer = startServer(ServerType.RP, rpHttpsPort);
}
- private static Tomcat startServer(boolean idp, boolean realmb, boolean samlSSOIdP, String port)
+ private static Tomcat startServer(ServerType serverType, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -111,12 +125,14 @@ public class WSFedTest {
String baseDir = currentDir + File.separator + "target";
server.setBaseDir(baseDir);
- if (idp) {
+ if (serverType == ServerType.IDP) {
server.getHost().setAppBase("tomcat/idp/webapps");
- } else if (realmb) {
+ } else if (serverType == ServerType.REALMB) {
server.getHost().setAppBase("tomcat/idprealmb/webapps");
- } else if (samlSSOIdP) {
+ } else if (serverType == ServerType.SAMLSSO) {
server.getHost().setAppBase("tomcat/idpsamlsso/webapps");
+ } else if (serverType == ServerType.OIDC) {
+ server.getHost().setAppBase("tomcat/idpoidc/webapps");
} else {
server.getHost().setAppBase("tomcat/rp/webapps");
}
@@ -139,21 +155,24 @@ public class WSFedTest {
server.getService().addConnector(httpsConnector);
- if (idp) {
+ if (serverType == ServerType.IDP) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
- } else if (realmb) {
+ } else if (serverType == ServerType.REALMB) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts-realmb");
server.addWebapp("/fediz-idp-sts-realmb", stsWebapp.getAbsolutePath());
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-realmb");
server.addWebapp("/fediz-idp-realmb", idpWebapp.getAbsolutePath());
- } else if (samlSSOIdP) {
+ } else if (serverType == ServerType.SAMLSSO) {
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "idpsaml");
server.addWebapp("/idp", idpWebapp.getAbsolutePath());
+ } else if (serverType == ServerType.OIDC) {
+ File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "idpoidc");
+ server.addWebapp("/idpoidc", idpWebapp.getAbsolutePath());
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
Context cxt = server.addWebapp("/wsfed", rpWebapp.getAbsolutePath());
@@ -174,6 +193,10 @@ public class WSFedTest {
rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
cxt = server.addWebapp("/samlssocustompost", rpWebapp.getAbsolutePath());
cxt.getPipeline().addValve(fa);
+
+ rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
+ cxt = server.addWebapp("/oidc", rpWebapp.getAbsolutePath());
+ cxt.getPipeline().addValve(fa);
}
server.start();
@@ -186,6 +209,7 @@ public class WSFedTest {
shutdownServer(idpServer);
shutdownServer(idpRealmbServer);
shutdownServer(idpSamlSSOServer);
+ shutdownServer(idpOIDCServer);
shutdownServer(rpServer);
}
@@ -376,6 +400,35 @@ public class WSFedTest {
webClient.close();
}
+ @org.junit.Test
+ public void testOIDC() throws Exception {
+ String url = "https://localhost:" + getRpHttpsPort() + "/oidc/secure/fedservlet";
+ String user = "ALICE"; // realm b credentials
+ String password = "ECILA";
+
+ final String bodyTextContent =
+ loginOIDC(url, user, password, idpOIDCHttpsPort, idpHttpsPort);
+
+ Assert.assertTrue("Principal not alice",
+ bodyTextContent.contains("userPrincipal=alice"));
+ Assert.assertTrue("User " + user + " does not have role Admin",
+ bodyTextContent.contains("role:Admin=false"));
+ Assert.assertTrue("User " + user + " does not have role Manager",
+ bodyTextContent.contains("role:Manager=false"));
+ Assert.assertTrue("User " + user + " must have role User",
+ bodyTextContent.contains("role:User=true"));
+
+ String claim = ClaimTypes.FIRSTNAME.toString();
+ Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
+ bodyTextContent.contains(claim + "=Alice"));
+ claim = ClaimTypes.LASTNAME.toString();
+ Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
+ bodyTextContent.contains(claim + "=Smith"));
+ claim = ClaimTypes.EMAILADDRESS.toString();
+ Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
+ bodyTextContent.contains(claim + "=alice@realma.org"));
+ }
+
private static String login(String url, String user, String password,
String idpPort, String rpIdpPort) throws IOException {
//
@@ -486,4 +539,54 @@ public class WSFedTest {
return rpPage.getBody().getTextContent();
}
+ private static String loginOIDC(String url, String user, String password,
+ String idpPort, String rpIdpPort) throws IOException {
+ //
+ // Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for
+ // "realm b".
+ //
+ final WebClient webClient = new WebClient();
+ CookieManager cookieManager = new CookieManager();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(idpPort)),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+
+ // The decision page is returned as XML for some reason. So parse it and send a form response back.
+ HtmlPage oidcIdpConfirmationPage = webClient.getPage(url);
+ final HtmlForm oidcForm = oidcIdpConfirmationPage.getForms().get(0);
+
+ WebRequest request = new WebRequest(new URL(oidcForm.getActionAttribute()), HttpMethod.POST);
+
+ request.setRequestParameters(new ArrayList<NameValuePair>());
+ String clientId = oidcForm.getInputByName("client_id").getValueAttribute();
+ request.getRequestParameters().add(new NameValuePair("client_id", clientId));
+ String redirectUri = oidcForm.getInputByName("redirect_uri").getValueAttribute();
+ request.getRequestParameters().add(new NameValuePair("redirect_uri", redirectUri));
+ String scope = oidcForm.getInputByName("scope").getValueAttribute();
+ request.getRequestParameters().add(new NameValuePair("scope", scope));
+ String state = oidcForm.getInputByName("state").getValueAttribute();
+ request.getRequestParameters().add(new NameValuePair("state", state));
+ String authToken = oidcForm.getInputByName("session_authenticity_token").getValueAttribute();
+ request.getRequestParameters().add(new NameValuePair("session_authenticity_token", authToken));
+ request.getRequestParameters().add(new NameValuePair("oauthDecision", "allow"));
+
+ HtmlPage idpPage = webClient.getPage(request);
+
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+
+ // Now redirect back to the RP
+ final HtmlForm form = idpPage.getFormByName("signinresponseform");
+
+ final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+
+ final HtmlPage rpPage = button.click();
+ Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
+
+ webClient.close();
+ return rpPage.getBody().getTextContent();
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fff27918/systests/federation/wsfed/src/test/resources/cxf-service.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/cxf-service.xml b/systests/federation/wsfed/src/test/resources/cxf-service.xml
new file mode 100644
index 0000000..7b09656
--- /dev/null
+++ b/systests/federation/wsfed/src/test/resources/cxf-service.xml
@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="
+ http://cxf.apache.org/core
+ http://cxf.apache.org/schemas/core.xsd
+ http://cxf.apache.org/configuration/security
+ http://cxf.apache.org/schemas/configuration/security.xsd
+ http://cxf.apache.org/jaxws
+ http://cxf.apache.org/schemas/jaxws.xsd
+ http://cxf.apache.org/jaxrs
+ http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/transports/http/configuration
+ http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+
+ <import resource="classpath:META-INF/cxf/cxf.xml" />
+
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+ <!--cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus-->
+
+ <bean id="callbackHandler" class="org.apache.cxf.fediz.oidc.idp.example.CommonCallbackHandler"/>
+ <bean id="basicAuthFilter" class="org.apache.cxf.fediz.oidc.idp.example.BasicAuthFilter">
+ <property name="callbackHandler" ref="callbackHandler"/>
+ </bean>
+
+ <bean id="client" class="org.apache.cxf.rs.security.oauth2.common.Client">
+ <constructor-arg><value>consumer-id</value></constructor-arg>
+ <constructor-arg><value>this-is-a-secret</value></constructor-arg>
+ <constructor-arg><value>true</value></constructor-arg>
+ <constructor-arg><value>Fediz IdP</value></constructor-arg>
+ <property name="redirectUris">
+ <util:list value-type="java.lang.String">
+ <value>https://localhost:${idp.https.port}/fediz-idp/federation</value>
+ </util:list>
+ </property>
+ <property name="allowedGrantTypes">
+ <util:list value-type="java.lang.String">
+ <value>authorization_code</value>
+ </util:list>
+ </property>
+ <property name="registeredScopes">
+ <util:list value-type="java.lang.String">
+ <value>openid</value>
+ </util:list>
+ </property>
+ </bean>
+
+ <bean id="oauthProvider" class="org.apache.cxf.fediz.oidc.idp.example.EHCacheOIDCTokenProvider">
+ <property name="client" ref="client"/>
+ </bean>
+
+ <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ </bean>
+
+ <bean id="idTokenProviderImpl" class="org.apache.cxf.fediz.oidc.idp.example.IdTokenProviderImpl"/>
+
+ <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter">
+ <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+ </bean>
+
+ <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="responseFilter" ref="idTokenFilter"/>
+ </bean>
+
+ <bean id="oauthJSONProvider" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+ <bean id="viewProvider" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider">
+ <property name="useClassNames" value="true"/>
+ <property name="locationPrefix" value="/WEB-INF/views/"/>
+ <property name="beanName" value="data"/>
+ <property name="dispatcherName" value="jsp"/>
+ </bean>
+
+ <jaxrs:server address="/services">
+ <jaxrs:serviceBeans>
+ <ref bean="authorizationService"/>
+ <ref bean="tokenService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="oauthJSONProvider"/>
+ <ref bean="basicAuthFilter"/>
+ <ref bean="viewProvider"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks" />
+ <entry key="rs.security.keystore.alias" value="realmb"/>
+ <entry key="rs.security.key.password" value="realmb"/>
+ <entry key="rs.security.keystore.password" value="storepass"/>
+ <entry key="rs.security.keystore.file" value="stsrealm_b.jks" />
+ <entry key="rs.security.signature.algorithm" value="RS256" />
+ </jaxrs:properties>
+ </jaxrs:server>
+
+</beans>
+
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fff27918/systests/federation/wsfed/src/test/resources/fediz_config_wsfed.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/fediz_config_wsfed.xml b/systests/federation/wsfed/src/test/resources/fediz_config_wsfed.xml
index b9f47e4..c63530b 100644
--- a/systests/federation/wsfed/src/test/resources/fediz_config_wsfed.xml
+++ b/systests/federation/wsfed/src/test/resources/fediz_config_wsfed.xml
@@ -142,5 +142,35 @@
<logoutURL>/secure/logout</logoutURL>
<logoutRedirectTo>/index.html</logoutRedirectTo>
</contextConfig>
+ <contextConfig name="/oidc">
+ <audienceUris>
+ <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="test-classes/clienttrust.jks"
+ password="storepass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:type="federationProtocolType" version="1.0.0">
+ <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+ <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+ <roleDelimiter>,</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <freshness>10</freshness>
+ <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-F</homeRealm>
+ <claimTypesRequested>
+ <claimType type="a particular claim type"
+ optional="true" />
+ </claimTypesRequested>
+ </protocol>
+ <logoutURL>/secure/logout</logoutURL>
+ <logoutRedirectTo>/index.html</logoutRedirectTo>
+ </contextConfig>
</FedizConfig>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fff27918/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml b/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml
index 2cdc6f2..59a752d 100644
--- a/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml
+++ b/systests/federation/wsfed/src/test/resources/realma/entities-realma.xml
@@ -68,6 +68,7 @@
<ref bean="trusted-idp-realmC" />
<ref bean="trusted-idp-realmD" />
<ref bean="trusted-idp-realmE" />
+ <ref bean="trusted-idp-realmF" />
</util:list>
</property>
<property name="claimTypesOffered">
@@ -148,6 +149,26 @@
</util:map>
</property>
</bean>
+
+ <bean id="trusted-idp-realmF"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity">
+ <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-F" />
+ <property name="cacheTokens" value="true" />
+ <property name="url" value="https://localhost:${idp.oidc.https.port}/idpoidc/services/authorize" />
+ <property name="certificate" value="realmb.cert" />
+ <property name="trustType" value="PEER_TRUST" />
+ <property name="protocol" value="openid-connect-1.0" />
+ <property name="federationType" value="FEDERATE_IDENTITY" />
+ <property name="name" value="Realm B" />
+ <property name="description" value="Realm B description" />
+ <property name="parameters">
+ <util:map>
+ <entry key="client.id" value="consumer-id"/>
+ <entry key="client.secret" value="this-is-a-secret"/>
+ <entry key="token.endpoint" value="https://localhost:${idp.oidc.https.port}/idpoidc/services/token"/>
+ </util:map>
+ </property>
+ </bean>
<bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
<property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" />