You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/04/23 18:01:52 UTC
[1/2] cxf-fediz git commit: Adding alice's cert to the STS truststore
Repository: cxf-fediz
Updated Branches:
refs/heads/master 6415da23f -> 67547bea8
Adding alice's cert to the STS truststore
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/67547bea
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/67547bea
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/67547bea
Branch: refs/heads/master
Commit: 67547bea834ffeb7971c07695e68666db3156974
Parents: 9ca2002
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Apr 23 16:55:22 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Apr 23 17:01:46 2015 +0100
----------------------------------------------------------------------
services/sts/src/main/resources/ststrust.jks | Bin 3241 -> 4079 bytes
systests/tomcat7/pom.xml | 26 -------------------
.../tomcat7/src/test/resources/sts/ststrust.jks | Bin 4079 -> 0 bytes
3 files changed, 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/67547bea/services/sts/src/main/resources/ststrust.jks
----------------------------------------------------------------------
diff --git a/services/sts/src/main/resources/ststrust.jks b/services/sts/src/main/resources/ststrust.jks
index 3a408ae..c4d1c1e 100644
Binary files a/services/sts/src/main/resources/ststrust.jks and b/services/sts/src/main/resources/ststrust.jks differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/67547bea/systests/tomcat7/pom.xml
----------------------------------------------------------------------
diff --git a/systests/tomcat7/pom.xml b/systests/tomcat7/pom.xml
index c2d8dea..d214223 100644
--- a/systests/tomcat7/pom.xml
+++ b/systests/tomcat7/pom.xml
@@ -195,32 +195,6 @@
</execution>
</executions>
</plugin>
- <!-- Needed for ClientCertificateTests -->
- <plugin>
- <artifactId>maven-resources-plugin</artifactId>
- <version>2.7</version>
- <executions>
- <execution>
- <id>copy-entities-to-sts2</id>
- <phase>generate-test-sources</phase>
- <goals>
- <goal>copy-resources</goal>
- </goals>
- <configuration>
- <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp-sts/WEB-INF/classes</outputDirectory>
- <overwrite>true</overwrite>
- <resources>
- <resource>
- <directory>${basedir}/src/test/resources/sts</directory>
- <includes>
- <include>ststrust.jks</include>
- </includes>
- </resource>
- </resources>
- </configuration>
- </execution>
- </executions>
- </plugin>
<plugin>
<artifactId>maven-failsafe-plugin</artifactId>
<inherited>true</inherited>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/67547bea/systests/tomcat7/src/test/resources/sts/ststrust.jks
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/resources/sts/ststrust.jks b/systests/tomcat7/src/test/resources/sts/ststrust.jks
deleted file mode 100644
index c4d1c1e..0000000
Binary files a/systests/tomcat7/src/test/resources/sts/ststrust.jks and /dev/null differ
[2/2] cxf-fediz git commit: Adding Jetty ClientCertificate tests
Posted by co...@apache.org.
Adding Jetty ClientCertificate tests
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/9ca20024
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/9ca20024
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/9ca20024
Branch: refs/heads/master
Commit: 9ca20024cf317396c3a44a50dfa83d3bc05dca41
Parents: 6415da2
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Apr 23 16:55:07 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Apr 23 17:01:46 2015 +0100
----------------------------------------------------------------------
systests/jetty8/pom.xml | 8 +-
.../ClientCertificatePreAuthSpringTest.java | 79 ++++++++++++++++++
.../integrationtests/ClientCertificateTest.java | 79 ++++++++++++++++++
.../integrationtests/HOKCallbackHandler.java | 48 +++++++++++
.../cxf/fediz/integrationtests/JettyUtils.java | 6 +-
.../jetty8/src/test/resources/alice_client.jks | Bin 0 -> 1277 bytes
.../test/resources/fediz_config_client_cert.xml | 44 ++++++++++
.../test/resources/rp-client-cert-server.xml | 81 +++++++++++++++++++
systests/jetty8/src/test/resources/server.jks | Bin 1863 -> 2701 bytes
9 files changed, 340 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/pom.xml
----------------------------------------------------------------------
diff --git a/systests/jetty8/pom.xml b/systests/jetty8/pom.xml
index 55fa4c8..305fa70 100644
--- a/systests/jetty8/pom.xml
+++ b/systests/jetty8/pom.xml
@@ -101,8 +101,8 @@
<filtering>true</filtering>
<includes>
<include>**/idp-server.xml</include>
- <include>**/rp-server.xml</include>
- <include>**/fediz_config.xml</include>
+ <include>**/rp-*server.xml</include>
+ <include>**/fediz_config*.xml</include>
</includes>
</testResource>
<testResource>
@@ -110,8 +110,8 @@
<filtering>false</filtering>
<excludes>
<exclude>**/idp-server.xml</exclude>
- <exclude>**/rp-server.xml</exclude>
- <exclude>**/fediz_config.xml</exclude>
+ <exclude>**/rp-*server.xml</exclude>
+ <exclude>**/fediz_config*.xml</exclude>
</excludes>
</testResource>
</testResources>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java
new file mode 100644
index 0000000..0542bd1
--- /dev/null
+++ b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+
+/**
+ * In this test-case, the IdP is set up to require client authentication, rather than authenticating using a
+ * username + password, or via Kerberos.
+ */
+public class ClientCertificatePreAuthSpringTest extends AbstractClientCertTests {
+
+ static String idpHttpsPort;
+ static String rpHttpsPort;
+
+ @BeforeClass
+ public static void init() {
+ System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+ System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+ System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
+ idpHttpsPort = System.getProperty("idp.https.port");
+ Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+ rpHttpsPort = System.getProperty("rp.https.port");
+ Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+ JettyUtils.initIdpServer();
+ JettyUtils.startIdpServer();
+ JettyUtils.initRpServer("rp-client-cert-server.xml");
+ JettyUtils.startRpServer();
+ }
+
+ @AfterClass
+ public static void cleanup() {
+ JettyUtils.stopIdpServer();
+ JettyUtils.stopRpServer();
+ }
+
+ @Override
+ public String getIdpHttpsPort() {
+ return idpHttpsPort;
+ }
+
+ @Override
+ public String getRpHttpsPort() {
+ return rpHttpsPort;
+ }
+
+ @Override
+ public String getServletContextName() {
+ return "fedizspringhelloworld";
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
new file mode 100644
index 0000000..8e7d734
--- /dev/null
+++ b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+
+/**
+ * In this test-case, the IdP is set up to require client authentication, rather than authenticating using a
+ * username + password, or via Kerberos.
+ */
+public class ClientCertificateTest extends AbstractClientCertTests {
+
+ static String idpHttpsPort;
+ static String rpHttpsPort;
+
+ @BeforeClass
+ public static void init() {
+ System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+ System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+ System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
+ idpHttpsPort = System.getProperty("idp.https.port");
+ Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+ rpHttpsPort = System.getProperty("rp.https.port");
+ Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+ JettyUtils.initIdpServer();
+ JettyUtils.startIdpServer();
+ JettyUtils.initRpServer("rp-client-cert-server.xml");
+ JettyUtils.startRpServer();
+ }
+
+ @AfterClass
+ public static void cleanup() {
+ JettyUtils.stopIdpServer();
+ JettyUtils.stopRpServer();
+ }
+
+ @Override
+ public String getIdpHttpsPort() {
+ return idpHttpsPort;
+ }
+
+ @Override
+ public String getRpHttpsPort() {
+ return rpHttpsPort;
+ }
+
+ @Override
+ public String getServletContextName() {
+ return "fedizhelloworld";
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
new file mode 100644
index 0000000..e2f402c
--- /dev/null
+++ b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.cxf.fediz.core.spi.WReqCallback;
+
+public class HOKCallbackHandler implements CallbackHandler {
+
+ static final String HOK_WREQ =
+ "<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
+ + "<KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</KeyType>"
+ + "</RequestSecurityToken>";
+
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof WReqCallback) {
+ WReqCallback callback = (WReqCallback) callbacks[i];
+ callback.setWreq(HOK_WREQ);
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+ }
+ }
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
index 603fedc..fb6859d 100644
--- a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
+++ b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
@@ -67,9 +67,13 @@ public final class JettyUtils {
}
public static void initRpServer() {
+ initRpServer("rp-server.xml");
+ }
+
+ public static void initRpServer(String configurationFile) {
if (rpServer == null) {
try {
- Resource testServerConfig = Resource.newSystemResource("rp-server.xml");
+ Resource testServerConfig = Resource.newSystemResource(configurationFile);
XmlConfiguration configuration = new XmlConfiguration(testServerConfig.getInputStream());
rpServer = (Server)configuration.configure();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/src/test/resources/alice_client.jks
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/resources/alice_client.jks b/systests/jetty8/src/test/resources/alice_client.jks
new file mode 100644
index 0000000..5e1bdd2
Binary files /dev/null and b/systests/jetty8/src/test/resources/alice_client.jks differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/src/test/resources/fediz_config_client_cert.xml
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/resources/fediz_config_client_cert.xml b/systests/jetty8/src/test/resources/fediz_config_client_cert.xml
new file mode 100644
index 0000000..d0605b8
--- /dev/null
+++ b/systests/jetty8/src/test/resources/fediz_config_client_cert.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file.
+ Keystore referenced below must have IDP STS' public cert included in it. This example re-uses the Tomcat SSL
+ keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead.
+-->
+<FedizConfig>
+ <contextConfig name="/fedizhelloworld">
+ <audienceUris>
+ <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="ststrust.jks" password="storepass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <signingKey keyAlias="mytomidpkey" keyPassword="tompass">
+ <keyStore file="test-classes/server.jks" password="tompass" type="JKS" />
+ </signingKey>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:type="federationProtocolType" version="1.0.0">
+ <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+ <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+ <roleDelimiter>,</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <freshness>10</freshness>
+ <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
+ <claimTypesRequested>
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" optional="false" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />
+ </claimTypesRequested>
+ <authenticationType>http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl</authenticationType>
+ <request type="Class">org.apache.cxf.fediz.integrationtests.HOKCallbackHandler</request>
+ </protocol>
+ <logoutURL>/secure/logout</logoutURL>
+ <logoutRedirectTo>/index.html</logoutRedirectTo>
+ </contextConfig>
+</FedizConfig>
+
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/src/test/resources/rp-client-cert-server.xml
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/resources/rp-client-cert-server.xml b/systests/jetty8/src/test/resources/rp-client-cert-server.xml
new file mode 100644
index 0000000..187d4cb
--- /dev/null
+++ b/systests/jetty8/src/test/resources/rp-client-cert-server.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
+
+<Configure id="RPServer" class="org.eclipse.jetty.server.Server">
+
+ <Call class="org.eclipse.jetty.util.log.Log" name="getRootLogger">
+ <Call name="setDebugEnabled">
+ <Arg type="boolean">true</Arg>
+ </Call>
+ </Call>
+
+ <Call name="addConnector">
+ <Arg>
+ <New
+ class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
+ <Arg>
+ <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
+ <Set name="keyStore">./target/test-classes/server.jks
+ </Set>
+ <Set name="keyStorePassword">tompass</Set>
+ <Set name="keyManagerPassword">tompass</Set>
+ <Set name="trustStore">./target/test-classes/server.jks</Set>
+ <Set name="trustStorePassword">tompass</Set>
+ <Set name="wantClientAuth">true</Set>
+ </New>
+ </Arg>
+ <Set name="port">${rp.https.port}</Set>
+ <Set name="maxIdleTime">30000</Set>
+ </New>
+ </Arg>
+ </Call>
+
+ <Set name="handler">
+ <New class="org.eclipse.jetty.server.handler.HandlerList">
+ <Set name="handlers">
+ <Array type="org.eclipse.jetty.server.Handler">
+ <Item>
+ <New class="org.eclipse.jetty.webapp.WebAppContext">
+ <Set name="contextPath">/fedizhelloworld</Set>
+ <Set name="war">./target/rp/fediz-systests-webapps-simple.war</Set>
+ <!--Set name="war">./target/jetty/rp/webapps/simpleWebapp</Set>-->
+ <Set name="throwUnavailableOnStartupException">true</Set>
+
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.apache.cxf.fediz.jetty.FederationAuthenticator">
+ <Set name="configFile">./target/test-classes/fediz_config_client_cert.xml</Set>
+ </New>
+ </Set>
+ </Get>
+ </New>
+ </Item>
+ <Item>
+ <New class="org.eclipse.jetty.webapp.WebAppContext">
+ <Set name="contextPath">/fedizspringhelloworld</Set>
+ <Set name="war">./target/rp/fediz-systests-webapps-springPreauth.war</Set>
+ <Set name="throwUnavailableOnStartupException">true</Set>
+
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.apache.cxf.fediz.jetty.FederationAuthenticator">
+ <Set name="configFile">./target/test-classes/fediz_config_client_cert.xml</Set>
+ </New>
+ </Set>
+ </Get>
+ </New>
+ </Item>
+ </Array>
+ </Set>
+ </New>
+ </Set>
+
+ <Call name="addBean">
+ <Arg>
+ <New class="org.apache.cxf.fediz.jetty.FederationLoginService">
+ <Set name="name">WSFED</Set>
+ </New>
+ </Arg>
+ </Call>
+
+</Configure>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/src/test/resources/server.jks
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/resources/server.jks b/systests/jetty8/src/test/resources/server.jks
index 2f0fdf3..a292ec9 100644
Binary files a/systests/jetty8/src/test/resources/server.jks and b/systests/jetty8/src/test/resources/server.jks differ