You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/02/15 17:25:00 UTC
[3/4] cxf-fediz git commit: Removing WEB-INF stuff from idp-core
Removing WEB-INF stuff from idp-core
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/137858bf
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/137858bf
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/137858bf
Branch: refs/heads/master
Commit: 137858bf2769f3e8854be1b3a1b39f4c83359f99
Parents: 1d9ad00
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Feb 15 16:30:29 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Feb 15 16:30:29 2017 +0000
----------------------------------------------------------------------
.../main/webapp/WEB-INF/applicationContext.xml | 61 ----
.../webapp/WEB-INF/config/idp-core-servlet.xml | 105 -------
.../config/security-clientcert-config.xml | 75 -----
.../WEB-INF/config/security-krb-config.xml | 84 ------
.../WEB-INF/config/security-rs-config.xml | 64 -----
.../WEB-INF/config/security-up-config.xml | 94 ------
.../flows/federation-validate-request.xml | 283 -------------------
.../WEB-INF/flows/saml-validate-request.xml | 259 -----------------
.../webapp/WEB-INF/flows/signin-request.xml | 171 -----------
.../webapp/WEB-INF/flows/signin-response.xml | 85 ------
.../main/webapp/WEB-INF/idp-config-realma.xml | 158 -----------
.../main/webapp/WEB-INF/idp-config-realmb.xml | 133 ---------
.../src/main/webapp/WEB-INF/idp-servlet.xml | 39 ---
.../src/main/webapp/WEB-INF/security-config.xml | 76 -----
.../main/webapp/WEB-INF/views/genericerror.jsp | 11 -
.../src/main/webapp/WEB-INF/views/idplist.jsp | 33 ---
.../src/main/webapp/WEB-INF/views/index.jsp | 25 --
.../WEB-INF/views/samlsigninresponseform.jsp | 20 --
.../main/webapp/WEB-INF/views/signinform.jsp | 72 -----
.../webapp/WEB-INF/views/signinresponseform.jsp | 25 --
.../views/signoutconfirmationresponse.jsp | 65 -----
.../webapp/WEB-INF/views/signoutresponse.jsp | 56 ----
.../idp-core/src/main/webapp/WEB-INF/web.xml | 131 ---------
.../webapp/resources/images/apache-logo.png | Bin 20928 -> 0 bytes
.../main/webapp/resources/swagger/index.html | 156 ----------
25 files changed, 2281 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/applicationContext.xml b/services/idp-core/src/main/webapp/WEB-INF/applicationContext.xml
deleted file mode 100644
index 68bcb0b..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/applicationContext.xml
+++ /dev/null
@@ -1,61 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:cxf="http://cxf.apache.org/core"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="http://cxf.apache.org/core
- http://cxf.apache.org/schemas/core.xsd
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd">
-
- <context:component-scan base-package="org.apache.cxf.fediz.service.idp.protocols" />
-
-
- <!-- Use http://www.baeldung.com/2012/02/06/properties-with-spring/ instead -->
- <bean
- class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
- <property name="locations">
- <list>
- <value>classpath:persistence.properties</value>
- </list>
- </property>
- <property name="ignoreResourceNotFound" value="true" />
- <property name="ignoreUnresolvablePlaceholders" value="true" />
- </bean>
-
- <import resource="classpath:META-INF/cxf/cxf.xml" />
-
- <import resource="security-config.xml" />
- <import resource="${idp-config}" />
- <import resource="classpath:cxf-tls.xml" />
- <import resource="classpath:persistenceContext.xml" />
- <import resource="classpath:restContext.xml" />
-
- <!--cxf:bus>
- <cxf:features>
- <cxf:logging />
- </cxf:features>
- </cxf:bus-->
-
-</beans>
-
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/config/idp-core-servlet.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/config/idp-core-servlet.xml b/services/idp-core/src/main/webapp/WEB-INF/config/idp-core-servlet.xml
deleted file mode 100644
index 3d62ad9..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/config/idp-core-servlet.xml
+++ /dev/null
@@ -1,105 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:webflow="http://www.springframework.org/schema/webflow-config"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:mvc="http://www.springframework.org/schema/mvc"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd
- http://www.springframework.org/schema/mvc
- http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
- http://www.springframework.org/schema/webflow-config
- http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.0.xsd">
-
- <context:component-scan base-package="org.apache.cxf.fediz.service.idp.beans" />
-
- <mvc:resources mapping="/images/**" location="/resources/images/" />
-
- <mvc:resources mapping="/swagger/**" location="/resources/swagger/" />
-
- <mvc:view-controller path="/" view-name="index" />
- <mvc:view-controller path="/federation/up/login" view-name="signinform" />
-
- <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
- <property name="prefix" value="/WEB-INF/views/" />
- <property name="suffix" value=".jsp" />
- </bean>
-
- <bean id="viewFactoryCreator" class="org.springframework.webflow.mvc.builder.MvcViewFactoryCreator">
- <property name="viewResolvers">
- <list>
- <ref bean="viewResolver" />
- </list>
- </property>
- </bean>
-
- <webflow:flow-builder-services id="builder" view-factory-creator="viewFactoryCreator" />
-
- <webflow:flow-registry id="flowRegistry" flow-builder-services="builder">
- <webflow:flow-location path="/WEB-INF/flows/federation-validate-request.xml" id="federation" />
- <webflow:flow-location path="/WEB-INF/flows/federation-validate-request.xml" id="federation/up" />
- <webflow:flow-location path="/WEB-INF/flows/federation-validate-request.xml" id="federation/krb" />
- <webflow:flow-location path="/WEB-INF/flows/federation-validate-request.xml" id="federation/clientcert" />
-
- <webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml" />
- <webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml/up" />
- <webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml/krb" />
- <webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml/clientcert" />
-
- <webflow:flow-location path="/WEB-INF/flows/signin-request.xml" id="signinRequest" />
- <webflow:flow-location path="/WEB-INF/flows/signin-response.xml" id="signinResponse" />
- </webflow:flow-registry>
-
- <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping" p:flowRegistry-ref="flowRegistry"
- p:order="2">
- </bean>
-
- <webflow:flow-executor id="flowExecutor" flow-registry="flowRegistry">
- <webflow:flow-execution-attributes>
- <webflow:always-redirect-on-pause value="false" />
- </webflow:flow-execution-attributes>
-
- <webflow:flow-execution-listeners>
- <webflow:listener ref="securityFlowExecutionListener" />
- </webflow:flow-execution-listeners>
- </webflow:flow-executor>
-
- <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerAdapter" p:flowExecutor-ref="flowExecutor" />
-
- <bean id="securityFlowExecutionListener" class="org.springframework.webflow.security.SecurityFlowExecutionListener">
- <property name="accessDecisionManager" ref="accessDecisionManager" />
- </bean>
-
- <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
- <property name="decisionVoters">
- <list>
- <bean class="org.springframework.security.access.vote.RoleVoter">
- <property name="rolePrefix" value="ROLE_" />
- </bean>
- <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
- </list>
- </property>
- </bean>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/config/security-clientcert-config.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/config/security-clientcert-config.xml b/services/idp-core/src/main/webapp/WEB-INF/config/security-clientcert-config.xml
deleted file mode 100644
index d40d0c9..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/config/security-clientcert-config.xml
+++ /dev/null
@@ -1,75 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:security="http://www.springframework.org/schema/security"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.2.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-4.3.xsd
- ">
-
- <!-- DISABLE in production as it might log confidential information about the user -->
- <!-- <security:debug /> -->
-
- <!-- SSL Client Cert entry point for WS-Federation -->
- <security:http pattern="/federation/clientcert" use-expressions="true">
- <security:custom-filter after="CHANNEL_FILTER" ref="stsClientCertPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
- <security:x509 />
- <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
- </security:http>
-
- <!-- SSL Client Cert entry point for SAML SSO -->
- <security:http pattern="/saml/clientcert" use-expressions="true">
- <security:custom-filter after="CHANNEL_FILTER" ref="stsClientCertPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
- <security:x509 />
- <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
- </security:http>
-
- <bean id="stsClientCertPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter">
- <property name="authenticationProvider" ref="stsClientCertAuthProvider" />
- </bean>
-
- <util:map id="securityProperties">
- <entry key="ws-security.username" value="idp-user" />
- <entry key="ws-security.password" value="idp-pass" />
- </util:map>
-
- <bean id="stsClientCertAuthProvider" class="org.apache.cxf.fediz.service.idp.STSPreAuthAuthenticationProvider">
- <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportUT?wsdl" />
- <property name="wsdlEndpoint" value="TransportUT_Port" />
- <property name="wsdlService" value="SecurityTokenService" />
- <property name="appliesTo" value="urn:fediz:idp" />
- <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
- <property name="properties" ref="securityProperties" />
- </bean>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/config/security-krb-config.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/config/security-krb-config.xml b/services/idp-core/src/main/webapp/WEB-INF/config/security-krb-config.xml
deleted file mode 100644
index b66044b..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/config/security-krb-config.xml
+++ /dev/null
@@ -1,84 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:security="http://www.springframework.org/schema/security"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.2.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-4.3.xsd
- ">
-
- <!-- DISABLE in production as it might log confidential information about the user -->
- <!-- <security:debug /> -->
-
- <!-- Kerberos entry point -->
- <bean id="kerberosEntryPoint"
- class="org.apache.cxf.fediz.service.idp.kerberos.KerberosEntryPoint" />
-
- <bean id="kerberosAuthenticationProcessingFilter"
- class="org.apache.cxf.fediz.service.idp.kerberos.KerberosAuthenticationProcessingFilter">
- <property name="authenticationManager" ref="authenticationManagers" />
- </bean>
-
- <security:http pattern="/federation/krb" use-expressions="true" entry-point-ref="kerberosEntryPoint">
- <security:custom-filter after="CHANNEL_FILTER" ref="stsKrbPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
- <security:custom-filter ref="kerberosAuthenticationProcessingFilter" position="BASIC_AUTH_FILTER" />
- <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
- </security:http>
-
- <security:http pattern="/saml/krb" use-expressions="true" entry-point-ref="kerberosEntryPoint">
- <security:custom-filter after="CHANNEL_FILTER" ref="stsKrbPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
- <security:custom-filter ref="kerberosAuthenticationProcessingFilter" position="BASIC_AUTH_FILTER" />
- <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
- </security:http>
-
- <bean id="stsKrbPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter">
- <property name="authenticationProvider" ref="stsKrbAuthProvider" />
- </bean>
-
- <!--<bean id="kerberosTokenValidator" class="org.apache.cxf.fediz.service.idp.kerberos.KerberosTokenValidator">
- <property name="contextName" value="bob" />
- <property name="serviceName" value="bob@service.ws.apache.org" />
- </bean>-->
-
- <!-- Kerberos authentication provider -->
- <bean id="stsKrbAuthProvider" class="org.apache.cxf.fediz.service.idp.STSKrbAuthenticationProvider">
- <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportKerberos?wsdl" />
- <property name="wsdlEndpoint" value="TransportKerberos_Port" />
- <property name="wsdlService" value="SecurityTokenService" />
- <property name="appliesTo" value="urn:fediz:idp" />
- <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
- <!-- <property name="kerberosTokenValidator" ref="kerberosTokenValidator" />
- <property name="requireDelegation" value="true" />-->
- </bean>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/config/security-rs-config.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/config/security-rs-config.xml b/services/idp-core/src/main/webapp/WEB-INF/config/security-rs-config.xml
deleted file mode 100644
index aa859b5..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/config/security-rs-config.xml
+++ /dev/null
@@ -1,64 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:security="http://www.springframework.org/schema/security"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.2.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-4.3.xsd
- ">
-
- <!-- DISABLE in production as it might log confidential information about the user -->
- <!-- <security:debug /> -->
-
- <security:http pattern="/services/rs/**" use-expressions="true" authentication-manager-ref="restAuthenticationManager">
- <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
- <security:intercept-url pattern="/services/rs/**" access="isAuthenticated()" />
- <security:http-basic />
- </security:http>
-
- <bean id="bCryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
-
- <bean id="defaultPasswordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder" />
-
- <security:authentication-manager id="restAuthenticationManager">
- <security:authentication-provider>
- <!-- <security:password-encoder ref="defaultPasswordEncoder" />-->
- <!-- <security:password-encoder hash="sha-256" base64="true" />-->
- <!--
- <security:password-encoder hash="sha-256" base64="true">
- <security:salt-source user-property="username" />
- </security:password-encoder>
- -->
- <security:user-service properties="classpath:/users.properties" />
- </security:authentication-provider>
- <security:authentication-provider ref="stsUPAuthProvider" />
- </security:authentication-manager>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/config/security-up-config.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/config/security-up-config.xml b/services/idp-core/src/main/webapp/WEB-INF/config/security-up-config.xml
deleted file mode 100644
index 2ba5f86..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/config/security-up-config.xml
+++ /dev/null
@@ -1,94 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:security="http://www.springframework.org/schema/security"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.2.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-4.3.xsd
- ">
-
- <!-- DISABLE in production as it might log confidential information about the user -->
- <!-- <security:debug /> -->
-
- <!-- HTTP/BA entry point for WS-Federation -->
- <security:http pattern="/federation/up/**" use-expressions="true">
- <security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAnonymous() or isAuthenticated()" />
- <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
- <security:http-basic />
- <!--security:form-login login-page='/federation/up/login'
- login-processing-url="/federation/up/login.do"
- authentication-failure-url="/federation/up/login?error"
- default-target-url="/"
- username-parameter="username"
- password-parameter="password"
- /-->
- <security:logout logout-url="/federation/up/logout"
- logout-success-url="/federation/up/login?out"
- delete-cookies="FEDIZ_HOME_REALM,JSESSIONID"
- invalidate-session="true"
- />
- </security:http>
-
- <!-- HTTP/BA entry point for SAML SSO -->
- <security:http pattern="/saml/up/**" use-expressions="true">
- <security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAnonymous() or isAuthenticated()" />
- <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
- <security:http-basic />
- <!--security:form-login login-page='/federation/up/login'
- login-processing-url="/federation/up/login.do"
- authentication-failure-url="/federation/up/login?error"
- default-target-url="/"
- username-parameter="username"
- password-parameter="password"
- /-->
- <security:logout logout-url="/saml/up/logout"
- logout-success-url="/saml/up/login?out"
- delete-cookies="FEDIZ_HOME_REALM,JSESSIONID"
- invalidate-session="true"
- />
- </security:http>
-
- <bean id="stsUPPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter">
- <property name="authenticationProvider" ref="stsUPAuthProvider" />
- </bean>
-
- <!-- U/P Authentication Provider -->
- <bean id="stsUPAuthProvider" class="org.apache.cxf.fediz.service.idp.STSUPAuthenticationProvider">
- <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportUT?wsdl" />
- <property name="wsdlEndpoint" value="TransportUT_Port" />
- <property name="wsdlService" value="SecurityTokenService" />
- <property name="appliesTo" value="urn:fediz:idp" />
- <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
- </bean>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp-core/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
deleted file mode 100644
index ea9ce68..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ /dev/null
@@ -1,283 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<flow xmlns="http://www.springframework.org/schema/webflow"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/webflow
- http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
-
- <decision-state id="evaluateProtocol">
- <on-entry>
- <set name="flowScope.idpConfig" value="config.getIDP(fedizEntryPoint.getRealm())" />
- </on-entry>
- <if test="requestParameters.wa == 'wsignin1.0'" then="selectWsFedProcess" />
- <if test="requestParameters.wa == 'wsignout1.0' or requestParameters.wa == 'wsignoutcleanup1.0'"
- then="selectWsFedProcess" />
- <if test="requestParameters.SAMLResponse != null" then="selectSAMLProcess"
- else="selectOIDCAuthorizationCodeFlowProcess"
- />
- </decision-state>
-
- <decision-state id="selectWsFedProcess">
- <on-entry>
- <set name="flowScope.wtrealm" value="requestParameters.wtrealm" />
- <set name="flowScope.wreply" value="requestParameters.wreply" />
- <set name="flowScope.wctx" value="requestParameters.wctx" />
- <set name="flowScope.request_context" value="requestParameters.wctx" />
- <set name="flowScope.wfresh" value="requestParameters.wfresh" />
- <set name="flowScope.whr" value="requestParameters.whr" />
- <set name="flowScope.wresult" value="requestParameters.wresult" />
- <set name="flowScope.wreq" value="requestParameters.wreq" />
- <evaluate expression="requestScope.getString('wauth','default')"
- result="flowScope.wauth" />
- </on-entry>
- <if test="requestParameters.wa == 'wsignout1.0' or requestParameters.wa == 'wsignoutcleanup1.0'"
- then="validateWReplyForSignout" />
- <if test="requestParameters.wresult != null and !requestParameters.wresult.isEmpty()"
- then="signinResponse" />
- <if test="requestParameters.wtrealm != null and !requestParameters.wtrealm.isEmpty()"
- then="signinRequest" else="viewBadRequest" />
- </decision-state>
-
- <decision-state id="selectSAMLProcess">
- <on-entry>
- <set name="flowScope.RelayState" value="requestParameters.RelayState" />
- <set name="flowScope.request_context" value="requestParameters.RelayState" />
- <set name="flowScope.SAMLResponse" value="requestParameters.SAMLResponse" />
- </on-entry>
- <if test="requestParameters.RelayState == null or requestParameters.RelayState.isEmpty()"
- then="viewBadRequest" />
- <if test="requestParameters.SAMLResponse == null or requestParameters.SAMLResponse.isEmpty()"
- then="viewBadRequest" else="signinResponse" />
- </decision-state>
-
- <decision-state id="selectOIDCAuthorizationCodeFlowProcess">
- <on-entry>
- <set name="flowScope.state" value="requestParameters.state" />
- <set name="flowScope.request_context" value="requestParameters.state" />
- <set name="flowScope.code" value="requestParameters.code" />
- </on-entry>
- <if test="requestParameters.code == null or requestParameters.code.isEmpty()"
- then="viewBadRequest" />
- <if test="requestParameters.state == null or requestParameters.state.isEmpty()"
- then="viewBadRequest" else="signinResponse" />
- </decision-state>
-
- <action-state id="validateWReplyForSignout">
- <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.wreply)"/>
- <transition on="yes" to="selectSignOutProcess" />
- <transition on="no" to="viewBadRequestAndLogout" />
- </action-state>
-
- <decision-state id="selectSignOutProcess">
- <if test="requestParameters.wa == 'wsignout1.0' and flowScope.idpConfig.rpSingleSignOutConfirmation == true
- or requestParameters.wa == 'wsignoutcleanup1.0' and flowScope.idpConfig.rpSingleSignOutCleanupConfirmation == true"
- then="viewSignoutConfirmation" else="invalidateSessionAction" />
- </decision-state>
-
- <subflow-state id="signinRequest" subflow="signinRequest">
- <input name="idpConfig" value="flowScope.idpConfig" />
- <input name="realm" value="flowScope.wtrealm" />
- <input name="wctx" value="flowScope.wctx" />
- <input name="wfresh" value="flowScope.wfresh" />
- <input name="wauth" value="flowScope.wauth" />
- <input name="home_realm" value="flowScope.whr" />
- <input name="protocol" value="'wsfed'" />
- <input name="return_address" value="flowScope.wreply" />
- <input name="request_context" value="flowScope.request_context" />
-
- <output name="home_realm" />
- <output name="idpToken" />
- <output name="trusted_idp_context" />
-
- <transition on="requestRpToken" to="requestRpToken">
- <set name="flowScope.whr" value="currentEvent.attributes.home_realm" />
- <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
- </transition>
- <transition on="viewBadRequest" to="viewBadRequest" />
- <transition on="scInternalServerError" to="scInternalServerError" />
- <transition on="redirectToTrustedIDP" to="processTrustedIdpProtocol">
- <set name="flowScope.whr" value="currentEvent.attributes.home_realm" />
- <set name="flowScope.trusted_idp_context" value="currentEvent.attributes.trusted_idp_context"/>
- </transition>
- <transition on="redirectToLocalIDP" to="redirectToLocalIDP">
- <set name="flowScope.wctx" value="currentEvent.attributes.wctx" />
- </transition>
- </subflow-state>
-
- <subflow-state id="signinResponse" subflow="signinResponse">
- <input name="idpConfig" value="flowScope.idpConfig" />
- <input name="wfresh" value="flowScope.wfresh" />
- <input name="request_context" value="flowScope.request_context" />
- <input name="wresult" value="flowScope.wresult" />
- <input name="RelayState" value="flowScope.RelayState" />
- <input name="SAMLResponse" value="flowScope.SAMLResponse" />
- <input name="state" value="flowScope.state" />
- <input name="code" value="flowScope.code" />
- <input name="home_realm" value="flowScope.whr" />
- <input name="protocol" value="'wsfed'" />
-
- <output name="realm" />
- <output name="return_address" />
- <output name="request_context" />
- <output name="home_realm" />
- <output name="idpToken" />
-
- <transition on="requestRpToken" to="requestRpToken">
- <set name="flowScope.whr" value="currentEvent.attributes.home_realm" />
- <set name="flowScope.wctx" value="currentEvent.attributes.request_context" />
- <set name="flowScope.wtrealm" value="currentEvent.attributes.realm" />
- <set name="flowScope.wreply" value="currentEvent.attributes.return_address" />
- <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
- </transition>
- <transition on="viewBadRequest" to="viewBadRequest" />
- <transition on="scInternalServerError" to="scInternalServerError" />
- </subflow-state>
-
- <!-- produce RP security token (as String type) -->
- <action-state id="requestRpToken">
- <on-entry>
- <evaluate expression="stsClientForRpAction.submit(flowRequestContext, flowScope.wtrealm, flowScope.whr)"
- result="flowScope.rpTokenElement"/>
- <evaluate expression="tokenSerializer.serialize(flowRequestContext, flowScope.rpTokenElement)"
- result="flowScope.rpToken"/>
- </on-entry>
- <evaluate expression="signinParametersCacheAction.storeRPConfigInSession(flowRequestContext)" />
- <transition to="isWReplyProvided" />
- <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
- <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
- </action-state>
-
- <action-state id="processTrustedIdpProtocol">
- <evaluate expression="trustedIdpProtocolAction.mapSignInRequest(flowRequestContext, flowScope.whr)"
- result="flowScope.remoteIdpUrl"/>
- <transition to="redirectToTrustedIDP" />
- <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
- </action-state>
-
- <action-state id="isWReplyProvided">
- <evaluate expression="flowScope.wreply != null" />
- <transition on="yes" to="formResponseView" >
- <set name="flowScope.signinResponseUrl" value="flowScope.wreply" />
- </transition>
- <transition on="no" to="formResponseView" >
- <set name="flowScope.signinResponseUrl" value="flowScope.wtrealm" />
- </transition>
- </action-state>
-
- <!-- normal exit point for login -->
- <!-- browser redirection (self-submitted form 'signinresponseform.jsp') -->
- <end-state id="formResponseView" view="signinresponseform">
- <on-entry>
- <evaluate expression="flowScope.signinResponseUrl" result="requestScope.fedAction" />
- <evaluate expression="flowScope.wtrealm" result="requestScope.fedWTrealm" />
- <evaluate expression="flowScope.wctx" result="requestScope.fedWCtx" />
- <evaluate expression="flowScope.rpToken" result="requestScope.fedWResult" />
- </on-entry>
- </end-state>
-
- <!-- abnormal exit point : Http 400 Bad Request -->
- <end-state id="viewBadRequest" view="genericerror">
- <on-entry>
- <evaluate
- expression="externalContext.nativeResponse.setStatus(400,flowRequestContext.currentTransition.toString())" />
- <!--<set name="requestScope.reason" value="flowRequestContext.currentTransition" />-->
- </on-entry>
- </end-state>
-
- <end-state id="viewBadRequestAndLogout" view="genericerror">
- <on-entry>
- <evaluate expression="homeRealmReminder.removeCookie(flowRequestContext)" />
- <evaluate expression="logoutAction.submit(flowRequestContext)" />
- <evaluate
- expression="externalContext.nativeResponse.setStatus(400,flowRequestContext.currentTransition.toString())" />
- <!--<set name="requestScope.reason" value="flowRequestContext.currentTransition" />-->
- </on-entry>
- </end-state>
-
- <!-- abnormal exit point : Http 500 Internal Server Error -->
- <end-state id="scInternalServerError" view="genericerror">
- <on-entry>
- <evaluate
- expression="externalContext.nativeResponse.setStatus(500,'IDP is unavailable, please contact the administrator')" />
- <set name="requestScope.reason"
- value="'IDP is unavailable, please contact the administrator'" />
- <set name="requestScope.stateException"
- value="flowScope.stateException" />
- <set name="requestScope.rootCauseException"
- value="flowScope.rootCauseException" />
- </on-entry>
- </end-state>
-
- <!-- normal exit point for logout -->
- <view-state id="viewSignoutConfirmation" view="signoutconfirmationresponse">
- <transition on="submit" to="invalidateSessionAction"/>
- <transition on="cancel" to="redirect" />
- </view-state>
-
- <view-state id="redirect" view="externalRedirect:#{flowScope.wreply}" />
-
- <!-- normal exit point for logout -->
- <end-state id="invalidateSessionAction" view="signoutresponse">
- <on-entry>
- <!-- store the realmConfigMap in the request map before we invalidate the session below.
- Its needed in the signoutresponse.jsp page -->
- <set name="externalContext.requestMap.realmConfigMap"
- value="externalContext.sessionMap.realmConfigMap"/>
- <set name="externalContext.requestMap.wreply" value="flowScope.wreply"/>
- <!-- there is no Saml token canceller in cxf STS...
- <evaluate expression="stsClientForRpAction.cancelTokens(flowRequestContext)" />
- -->
- <evaluate expression="homeRealmReminder.removeCookie(flowRequestContext)" />
- <evaluate expression="logoutAction.submit(flowRequestContext)" />
- </on-entry>
- </end-state>
-
- <!-- redirect to remote idp -->
- <end-state id="redirectToTrustedIDP" view="externalRedirect:#{flowScope.remoteIdpUrl}">
- <!--
- <on-entry>
- <set name="flowScope.remoteIdpUrl"
- value="flowScope.idpConfig.findTrustedIdp(flowScope.whr).url
- +'?wa=wsignin1.0'
- +'&wtrealm='+flowScope.idpConfig.realm
- +'&wreply='+flowScope.idpConfig.idpUrl
- +(flowScope.wfresh != null ? '&wfresh='+flowScope.wfresh : '')
- +(flowScope.wctx != null ? '&wctx='+flowScope.wctx : '')">
- </set>
- </on-entry>
- -->
- </end-state>
-
- <end-state id="redirectToLocalIDP" view="externalRedirect:#{flowScope.localIdpUrl}">
- <on-entry>
- <set name="flowScope.localIdpUrl"
- value="flowScope.idpConfig.idpUrl
- +'?wa=wsignin1.0'
- +'&wreply='+flowScope.wreply
- +'&wtrealm='+flowScope.wtrealm
- +(flowScope.wctx != null ? '&wctx='+flowScope.wctx : '')
- +(flowScope.wfresh != null ? '&wfresh='+flowScope.wfresh : '')
- +(flowScope.whr != null ? '&whr='+flowScope.whr : '')
- +(flowScope.wreq != null ? '&wreq='+flowScope.wreq : '')">
- </set>
- </on-entry>
- </end-state>
-
-</flow>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp-core/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
deleted file mode 100644
index 1f12890..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
+++ /dev/null
@@ -1,259 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<flow xmlns="http://www.springframework.org/schema/webflow"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/webflow
- http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
-
- <decision-state id="evaluateProtocol">
- <on-entry>
- <set name="flowScope.idpConfig" value="config.getIDP(fedizEntryPoint.getRealm())" />
- </on-entry>
- <if test="requestParameters.wa == 'wsignin1.0'" then="selectWsFedProcess" />
- <if test="requestParameters.SAMLRequest != null or requestParameters.SAMLResponse != null"
- then="selectSAMLProcess" else="selectOIDCAuthorizationCodeFlowProcess"
- />
- </decision-state>
-
- <decision-state id="selectWsFedProcess">
- <on-entry>
- <set name="flowScope.wresult" value="requestParameters.wresult" />
- <set name="flowScope.wctx" value="requestParameters.wctx" />
- <set name="flowScope.request_context" value="requestParameters.wctx" />
- </on-entry>
- <if test="requestParameters.wctx == null or requestParameters.wctx.isEmpty()"
- then="viewBadRequest" />
- <if test="requestParameters.wresult == null or requestParameters.wresult.isEmpty()"
- then="viewBadRequest" />
- <if test="requestParameters.wtrealm != null and !requestParameters.wtrealm.isEmpty()"
- then="signinResponse" else="viewBadRequest" />
- </decision-state>
-
- <decision-state id="selectSAMLProcess">
- <on-entry>
- <set name="flowScope.RelayState" value="requestParameters.RelayState" />
- <set name="flowScope.request_context" value="requestParameters.RelayState" />
- <set name="flowScope.SAMLResponse" value="requestParameters.SAMLResponse" />
- <set name="flowScope.SAMLRequest" value="requestParameters.SAMLRequest" />
- <set name="flowScope.Signature" value="requestParameters.Signature" />
- </on-entry>
- <if test="requestParameters.RelayState == null or requestParameters.RelayState.isEmpty()"
- then="viewBadRequest" />
- <if test="requestParameters.SAMLRequest != null and !requestParameters.SAMLRequest.isEmpty()"
- then="parseSAMLAuthnRequest" />
- <if test="requestParameters.SAMLResponse == null or requestParameters.SAMLResponse.isEmpty()"
- then="viewBadRequest" else="signinResponse" />
- </decision-state>
-
- <decision-state id="selectOIDCAuthorizationCodeFlowProcess">
- <on-entry>
- <set name="flowScope.state" value="requestParameters.state" />
- <set name="flowScope.request_context" value="requestParameters.state" />
- <set name="flowScope.code" value="requestParameters.code" />
- </on-entry>
- <if test="requestParameters.code == null or requestParameters.code.isEmpty()"
- then="viewBadRequest" />
- <if test="requestParameters.state == null or requestParameters.state.isEmpty()"
- then="viewBadRequest" else="signinResponse" />
- </decision-state>
-
- <action-state id="parseSAMLAuthnRequest">
- <evaluate expression="authnRequestParser.parseSAMLRequest(flowRequestContext, flowScope.idpConfig,
- flowScope.SAMLRequest, flowScope.Signature,
- flowScope.RelayState)" />
- <transition to="retrieveConsumerURL"/>
- <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
- </action-state>
-
- <action-state id="retrieveConsumerURL">
- <evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)"
- result="flowScope.consumerURL"/>
- <transition to="retrieveRealm"/>
- <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
- </action-state>
-
- <action-state id="retrieveRealm">
- <evaluate expression="authnRequestParser.retrieveRealm(flowRequestContext)"
- result="flowScope.realm"/>
- <transition to="signinRequest"/>
- <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
- </action-state>
-
- <subflow-state id="signinRequest" subflow="signinRequest">
- <input name="idpConfig" value="flowScope.idpConfig" />
- <input name="SAMLRequest" value="flowScope.SAMLRequest" />
- <input name="RelayState" value="flowScope.RelayState" />
- <input name="Signature" value="flowScope.Signature" />
- <input name="protocol" value="'samlsso'" />
- <input name="saml_authn_request" value="flowScope.saml_authn_request" />
- <input name="realm" value="flowScope.realm" />
- <input name="home_realm" value="null" />
- <input name="wfresh" value="null" />
- <input name="return_address" value="flowScope.consumerURL" />
- <input name="request_context" value="flowScope.request_context" />
-
- <output name="home_realm" />
- <output name="idpToken" />
- <output name="trusted_idp_context" />
-
- <transition on="requestRpToken" to="requestRpToken">
- <set name="flowScope.home_realm" value="currentEvent.attributes.home_realm" />
- <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
- </transition>
- <transition on="viewBadRequest" to="viewBadRequest" />
- <transition on="scInternalServerError" to="scInternalServerError" />
- <transition on="redirectToLocalIDP" to="redirectToLocalIDP" />
- <transition on="redirectToTrustedIDP" to="processTrustedIdpProtocol">
- <set name="flowScope.home_realm" value="currentEvent.attributes.home_realm" />
- <set name="flowScope.trusted_idp_context" value="currentEvent.attributes.trusted_idp_context"/>
- </transition>
- </subflow-state>
-
- <subflow-state id="signinResponse" subflow="signinResponse">
- <input name="idpConfig" value="flowScope.idpConfig" />
- <input name="wfresh" value="flowScope.wfresh" />
- <input name="request_context" value="flowScope.request_context" />
- <input name="wresult" value="flowScope.wresult" />
- <input name="RelayState" value="flowScope.RelayState" />
- <input name="SAMLResponse" value="flowScope.SAMLResponse" />
- <input name="state" value="flowScope.state" />
- <input name="code" value="flowScope.code" />
- <input name="home_realm" value="flowScope.whr" />
- <input name="protocol" value="'samlsso'" />
-
- <output name="home_realm" />
- <output name="idpToken" />
- <output name="saml_authn_request" />
- <output name="request_context" />
-
- <transition on="requestRpToken" to="requestRpToken">
- <set name="flowScope.home_realm" value="currentEvent.attributes.home_realm" />
- <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
- <set name="flowScope.saml_authn_request" value="currentEvent.attributes.saml_authn_request" />
- <set name="flowScope.RelayState" value="currentEvent.attributes.request_context" />
- </transition>
- <transition on="viewBadRequest" to="viewBadRequest" />
- <transition on="scInternalServerError" to="scInternalServerError" />
- </subflow-state>
-
- <!-- produce RP security token (as String type) -->
- <action-state id="requestRpToken">
- <on-entry>
- <evaluate expression="authnRequestParser.retrieveRealm(flowRequestContext)"
- result="flowScope.realm"/>
- <evaluate expression="stsClientForRpAction.submit(flowRequestContext, flowScope.realm, flowScope.home_realm)"
- result="flowScope.rpTokenElement"/>
- </on-entry>
- <evaluate expression="signinParametersCacheAction.storeRPConfigInSession(flowRequestContext)"/>
- <transition to="produceSAMLResponse" />
- <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
- <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
- </action-state>
-
- <action-state id="produceSAMLResponse">
- <on-entry>
- <evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)"
- result="flowScope.consumerURL"/>
- <evaluate expression="authnRequestParser.retrieveRequestId(flowRequestContext)"
- result="flowScope.requestId"/>
- <evaluate expression="authnRequestParser.retrieveRequestIssuer(flowRequestContext)"
- result="flowScope.requestIssuer"/>
- </on-entry>
- <evaluate expression="samlResponseCreator.createSAMLResponse(flowRequestContext, flowScope.idpConfig, flowScope.rpTokenElement,
- flowScope.consumerURL, flowScope.requestId, flowScope.requestIssuer)"
- result="flowScope.rpResponse"/>
- <transition to="formResponseView" />
- </action-state>
-
- <!-- normal exit point for login -->
- <!-- browser redirection (self-submitted form 'samlsigninresponseform.jsp') -->
- <end-state id="formResponseView" view="samlsigninresponseform">
- <on-entry>
- <evaluate expression="flowScope.consumerURL" result="requestScope.samlAction" />
- <evaluate expression="flowScope.RelayState" result="requestScope.relayState" />
- <evaluate expression="flowScope.rpResponse" result="requestScope.samlResponse" />
- </on-entry>
- </end-state>
-
- <action-state id="processTrustedIdpProtocol">
- <evaluate expression="trustedIdpProtocolAction.mapSignInRequest(flowRequestContext, flowScope.home_realm)"
- result="flowScope.remoteIdpUrl"/>
- <transition to="redirectToTrustedIDP" />
- <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
- </action-state>
-
- <!-- abnormal exit point -->
- <decision-state id="viewBadRequest">
- <on-entry>
- <evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)"
- result="requestScope.samlAction"/>
- </on-entry>
- <!-- See if we managed to at least parse the request to get the response URL -->
- <if test="requestScope.samlAction == null or requestScope.samlAction.isEmpty()"
- then="viewBadRequestParsingError" else="viewBadRequestResponse"/>
- </decision-state>
-
- <end-state id="viewBadRequestResponse" view="samlsigninresponseform">
- <on-entry>
- <evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)"
- result="requestScope.samlAction"/>
- <evaluate expression="authnRequestParser.retrieveRequestId(flowRequestContext)"
- result="flowScope.requestId"/>
- <evaluate expression="flowScope.RelayState" result="requestScope.relayState" />
- <evaluate expression="samlResponseErrorCreator.createSAMLResponse(flowRequestContext, true, flowScope.idpConfig,
- flowScope.requestId)"
- result="requestScope.samlResponse"/>
- </on-entry>
- </end-state>
-
- <!-- abnormal exit point : Http 400 Bad Request -->
- <end-state id="viewBadRequestParsingError" view="genericerror">
- <on-entry>
- <evaluate
- expression="externalContext.nativeResponse.setStatus(400,'Error parsing SAML Request')" />
- <set name="requestScope.reason" value="'Error parsing SAML Request'" />
- </on-entry>
- </end-state>
-
- <!-- abnormal exit point : Http 500 Internal Server Error -->
- <end-state id="scInternalServerError" view="genericerror">
- <on-entry>
- <evaluate
- expression="externalContext.nativeResponse.setStatus(500,'IDP is unavailable, please contact the administrator')" />
- <set name="requestScope.reason"
- value="'IDP is unavailable, please contact the administrator'" />
- <set name="requestScope.stateException"
- value="flowScope.stateException" />
- <set name="requestScope.rootCauseException"
- value="flowScope.rootCauseException" />
- </on-entry>
- </end-state>
-
- <end-state id="redirectToLocalIDP" view="externalRedirect:#{flowScope.localIdpUrl}">
- <on-entry>
- <evaluate expression="localRedirectCreator.createRedirectURL(flowRequestContext, flowScope.idpConfig)"
- result="flowScope.localIdpUrl"/>
- </on-entry>
- </end-state>
-
- <!-- redirect to remote idp -->
- <end-state id="redirectToTrustedIDP" view="externalRedirect:#{flowScope.remoteIdpUrl}" />
-
-</flow>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/flows/signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/flows/signin-request.xml b/services/idp-core/src/main/webapp/WEB-INF/flows/signin-request.xml
deleted file mode 100644
index 2a7b125..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/flows/signin-request.xml
+++ /dev/null
@@ -1,171 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<flow xmlns="http://www.springframework.org/schema/webflow"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="
- http://www.springframework.org/schema/webflow
- http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
-
- <input name="idpConfig" />
- <input name="wfresh" />
- <input name="saml_authn_request" />
- <input name="realm" />
- <input name="home_realm" />
- <input name="protocol" />
- <input name="return_address" />
- <input name="request_context" />
-
- <!-- ===== Home Realm Discovery ===== -->
-
- <decision-state id="processHRDSExpression">
- <on-entry>
- <evaluate expression="processHRDSExpressionAction.submit(flowRequestContext, flowScope.home_realm)"
- result="flowScope.home_realm" />
- </on-entry>
- <if test="flowScope.home_realm == null or flowScope.home_realm.trim().isEmpty()"
- then="provideIDPListForUser" else="checkIsThisIDP" />
- </decision-state>
-
- <decision-state id="provideIDPListForUser">
- <if test="flowScope.idpConfig.trustedIdps == null or idpConfig.trustedIdps.isEmpty()"
- then="checkDefaultToThisIDP" />
- <if test="flowScope.idpConfig.isProvideIdpList() == false"
- then="checkDefaultToThisIDP" else="showIDPList" />
- </decision-state>
-
- <decision-state id="checkDefaultToThisIDP">
- <if test="flowScope.idpConfig.isUseCurrentIdp()" then="homeRealmSignInEntryPoint"
- else="viewBadRequest" />
- </decision-state>
-
- <view-state id="showIDPList" view="idplist" model="trustedIDPSelection">
- <var name="trustedIDPSelection"
- class="org.apache.cxf.fediz.service.idp.model.TrustedIDPSelection" />
- <binder>
- <binding property="homeRealm" required="true" />
- </binder>
- <on-entry>
- <set name="requestScope.idPConfig" value="flowScope.idpConfig" />
- </on-entry>
- <transition on="submit" to="checkIsThisIDP" bind="true"
- validate="true">
- <set name="flowScope.home_realm" value="trustedIDPSelection.homeRealm" />
- <evaluate
- expression="homeRealmReminder.addCookie(flowRequestContext, flowScope.home_realm)" />
- </transition>
- <transition on="cancel" to="checkDefaultToThisIDP"
- bind="false" validate="false" />
- </view-state>
-
- <!-- Home Realm is known then we can store it in cookie -->
- <decision-state id="checkIsThisIDP">
- <if test="flowScope.idpConfig.realm.equals(flowScope.home_realm)"
- then="homeRealmSignInEntryPoint" else="checkRemoteIdpToken" />
- </decision-state>
-
- <!-- ===== Realm independent ===== -->
-
- <action-state id="validateReturnAddress">
- <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.return_address)
- and passiveRequestorValidator.isValid(flowRequestContext, flowScope.return_address, flowScope.realm)"/>
- <transition on="yes" to="requestRpToken" />
- <transition on="no" to="viewBadRequest" />
- </action-state>
-
- <!-- ===== Home Realm != this realm ===== -->
-
- <decision-state id="checkRemoteIdpToken">
- <if test="externalContext.sessionMap[flowScope.home_realm] != null"
- then="checkRemoteIdpTokenExpiry" else="redirectToTrustedIDP" />
- </decision-state>
-
- <action-state id="checkRemoteIdpTokenExpiry">
- <evaluate
- expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext) or
- protocol.equals('wsfed') and wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.home_realm, flowRequestContext)
- or protocol.equals('samlsso') and authnRequestParser.isForceAuthentication(flowRequestContext)" />
- <transition on="yes" to="redirectToTrustedIDP" />
- <transition on="no" to="validateReturnAddress" >
- <set name="flowScope.idpToken" value="externalContext.sessionMap[flowScope.home_realm]" />
- </transition>
- <transition on-exception="java.lang.Throwable" to="viewBadRequest" />
- </action-state>
-
- <!-- ===== Home Realm == this realm ===== -->
-
- <decision-state id="homeRealmSignInEntryPoint">
- <on-entry>
- <!-- Here, home realm is guaranteed to be THIS realm -->
- <set name="flowScope.home_realm" value="flowScope.idpConfig.realm" />
- </on-entry>
-
- <!-- check presence of cached IDP token for THIS realm -->
- <if test="externalContext.sessionMap[flowScope.home_realm] == null"
- then="cacheSecurityToken" else="checkLocalIdPTokenExpiry" />
- </decision-state>
-
- <action-state id="checkLocalIdPTokenExpiry">
- <evaluate
- expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext) or
- protocol.equals('wsfed') and wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.home_realm, flowRequestContext)
- or protocol.equals('samlsso') and authnRequestParser.isForceAuthentication(flowRequestContext)" />
- <transition on="yes" to="redirectToLocalIDP" />
- <transition on="no" to="validateReturnAddress">
- <set name="flowScope.idpToken" value="externalContext.sessionMap[flowScope.home_realm]" />
- </transition>
- <transition on-exception="java.lang.Throwable" to="viewBadRequest" />
- </action-state>
-
- <end-state id="redirectToLocalIDP">
- <on-entry>
- <evaluate expression="logoutAction.submit(flowRequestContext)" />
- </on-entry>
- <output name="home_realm" value="flowScope.home_realm" />
- </end-state>
-
- <action-state id="cacheSecurityToken">
- <secured attributes="IS_AUTHENTICATED_FULLY" />
- <evaluate expression="cacheSecurityToken.submit(flowRequestContext)" />
- <transition to="validateReturnAddress">
- <set name="flowScope.idpToken" value="externalContext.sessionMap[flowScope.home_realm]" />
- </transition>
- </action-state>
-
- <!-- ============================================================================================================= -->
-
- <!-- normal exit point -->
- <end-state id="requestRpToken">
- <output name="home_realm" value="flowScope.home_realm" />
- <output name="idpToken" value="flowScope.idpToken" />
- </end-state>
-
- <!-- abnormal exit point -->
- <end-state id="viewBadRequest" />
-
- <!-- redirects to requestor idp -->
- <end-state id="redirectToTrustedIDP">
- <on-entry>
- <evaluate expression="signinParametersCacheAction.store(flowRequestContext, protocol)" />
- </on-entry>
- <output name="home_realm" value="flowScope.home_realm" />
- <output name="trusted_idp_context" value="flowScope.trusted_idp_context" />
- </end-state>
-
-</flow>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/flows/signin-response.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/flows/signin-response.xml b/services/idp-core/src/main/webapp/WEB-INF/flows/signin-response.xml
deleted file mode 100644
index ebfbf1f..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/flows/signin-response.xml
+++ /dev/null
@@ -1,85 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<!--
-Process a response from a trusted third party IdP. It starts by restoring the original request parameters for the current context.
-It then converts the response from the third party IdP into a SecurityToken via the TrustedIdPProtocolAction. It then exits this
-subflow to get a RP token from the STS.
- -->
-<flow xmlns="http://www.springframework.org/schema/webflow"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="
- http://www.springframework.org/schema/webflow
- http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
-
- <input name="idpConfig" />
- <input name="request_context" />
- <input name="wresult" />
- <input name="RelayState" />
- <input name="SAMLResponse" />
- <input name="state" />
- <input name="code" />
- <input name="home_realm" />
- <input name="protocol" />
-
- <on-start>
- <!-- restore the original request parameters for the current context -->
- <evaluate expression="signinParametersCacheAction.restore(flowRequestContext, request_context, protocol)" />
- </on-start>
-
- <!-- validate token issued by requestor IDP given its home realm -->
- <action-state id="validateToken">
- <evaluate expression="trustedIdpProtocolAction.mapSignInResponse(flowRequestContext, home_realm)"
- result="flowScope.idpToken" result-type="org.apache.cxf.ws.security.tokenstore.SecurityToken" />
- <transition to="checkCacheTrustedIdpToken" />
- <transition
- on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" />
- <transition
- on-exception="javax.ws.rs.BadRequestException" to="viewBadRequest" />
- <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
- </action-state>
-
- <action-state id="checkCacheTrustedIdpToken">
- <evaluate expression="idpConfig.findTrustedIdp(flowScope.home_realm).cacheTokens" />
- <transition on="yes" to="requestRpToken">
- <set name="externalContext.sessionMap[flowScope.home_realm]"
- value="flowScope.idpToken" />
- </transition>
- <transition on="no" to="requestRpToken" />
- </action-state>
-
- <end-state id="requestRpToken">
- <output name="home_realm" value="flowScope.home_realm" />
- <output name="request_context" value="flowScope.request_context" />
- <output name="return_address" value="flowScope.return_address" />
- <output name="realm" value="flowScope.realm" />
- <output name="idpToken" value="flowScope.idpToken" />
- <output name="saml_authn_request" value="flowScope.saml_authn_request" />
- </end-state>
-
- <!-- abnormal exit point : Http 400 Bad Request -->
- <end-state id="viewBadRequest">
- <output name="saml_authn_request" value="flowScope.saml_authn_request" />
- <output name="RelayState" value="flowScope.RelayState" />
- </end-state>
-
- <!-- abnormal exit point : Http 500 Internal Server Error -->
- <end-state id="scInternalServerError" />
-
-</flow>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/idp-config-realma.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/idp-config-realma.xml b/services/idp-core/src/main/webapp/WEB-INF/idp-config-realma.xml
deleted file mode 100644
index 8e66b57..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/idp-config-realma.xml
+++ /dev/null
@@ -1,158 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans profile="spring" xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-4.3.xsd
- ">
-
- <context:property-placeholder location="classpath:realm.properties" />
-
- <bean id="config"
- class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
- <property name="idpConfigs">
- <util:list>
- <ref bean="idp-realmA" />
- </util:list>
- </property>
- <property name="serviceConfigs">
- <util:list>
- <ref bean="srv-fedizhelloworld" />
- </util:list>
- </property>
- </bean>
-
- <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.model.IDPConfig">
- <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
- <property name="uri" value="realma" />
- <!--<property name="hrds" value="" /> --> <!-- TBD, not defined, provide list if enabled -->
- <property name="provideIdpList" value="true" />
- <property name="useCurrentIdp" value="true" />
- <property name="certificate" value="stsKeystoreA.properties" />
- <property name="certificatePassword" value="realma" />
- <property name="stsUrl"
- value="https://localhost:0/fediz-idp-sts/REALMA" />
- <property name="idpUrl"
- value="https://localhost:${realmA.port}/fediz-idp/federation" />
- <property name="supportedProtocols">
- <util:list>
- <value>http://docs.oasis-open.org/wsfed/federation/200706
- </value>
- <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
- </value>
- </util:list>
- </property>
- <property name="services">
- <util:map>
- <entry key="urn:org:apache:cxf:fediz:fedizhelloworld"
- value-ref="srv-fedizhelloworld" />
- </util:map>
- </property>
- <property name="authenticationURIs">
- <util:map>
- <entry key="default" value="federation/up" />
- <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey"
- value="federation/krb" />
- <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default"
- value="federation/up" />
- <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl"
- value="federation/clientcert" />
- </util:map>
- </property>
- <property name="trustedIdps">
- <util:map>
- <entry key="urn:org:apache:cxf:fediz:idp:realm-B"
- value-ref="trusted-idp-realmB" />
- </util:map>
- </property>
- <property name="serviceDisplayName" value="REALM A" />
- <property name="serviceDescription" value="IDP of Realm A" />
- <property name="rpSingleSignOutConfirmation" value="true"/>
- <property name="rpSingleSignOutCleanupConfirmation" value="false"/>
- </bean>
-
- <bean id="trusted-idp-realmB"
- class="org.apache.cxf.fediz.service.idp.model.TrustedIDPConfig">
- <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
- <property name="cacheTokens" value="true" />
- <property name="url"
- value="https://localhost:${realmB.port}/fediz-idp-remote/federation" />
- <property name="certificate" value="realmb.cert" />
- <property name="trustType" value="PEER_TRUST" /> <!-- Required for Fediz Core, Process SignInResponse -->
- <property name="protocol"
- value="http://docs.oasis-open.org/wsfed/federation/200706" />
- <property name="federationType" value="FEDERATE_IDENTITY" /> <!-- Required for STS Relationship -->
- <property name="name" value="REALM B" />
- <property name="description" value="IDP of Realm B" />
- <!-- todo true / false prop for propagate sign-out of other realms !?-->
- </bean>
-
- <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.model.ServiceConfig">
- <property name="realm"
- value="urn:org:apache:cxf:fediz:fedizhelloworld" />
- <property name="protocol"
- value="http://docs.oasis-open.org/wsfed/federation/200706" />
- <property name="serviceDisplayName" value="Fedizhelloworld" />
- <property name="serviceDescription"
- value="Web Application to illustrate WS-Federation" />
- <property name="role" value="ApplicationServiceType" />
- <property name="tokenType"
- value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
- <property name="lifeTime" value="3600" />
- <!-- <property name="encryptionCertificate" value="" /> -->
- <property name="requestedClaims">
- <util:list>
- <bean
- class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
- <property name="optional" value="false" />
- </bean>
- <bean
- class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
- <property name="optional" value="false" />
- </bean>
- <bean
- class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
- <property name="optional" value="false" />
- </bean>
- <bean
- class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
- <property name="optional" value="true" />
- </bean>
- </util:list>
- </property>
- </bean>
-
-</beans>
-
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/137858bf/services/idp-core/src/main/webapp/WEB-INF/idp-config-realmb.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/webapp/WEB-INF/idp-config-realmb.xml b/services/idp-core/src/main/webapp/WEB-INF/idp-config-realmb.xml
deleted file mode 100644
index 9494587..0000000
--- a/services/idp-core/src/main/webapp/WEB-INF/idp-config-realmb.xml
+++ /dev/null
@@ -1,133 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans profile="spring" xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-4.3.xsd">
-
- <context:property-placeholder location="classpath:realm.properties" />
-
- <bean id="config"
- class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
- <property name="idpConfigs">
- <util:list>
- <ref bean="idp-realmB" />
- </util:list>
- </property>
- <property name="serviceConfigs">
- <util:list>
- <ref bean="idp-realmA" />
- </util:list>
- </property>
- </bean>
-
- <bean id="idp-realmB" class="org.apache.cxf.fediz.service.idp.model.IDPConfig">
- <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
- <property name="uri" value="realmb" />
- <!--<property name="hrds" value="" /> --> <!-- TBD, not defined, provide list if enabled -->
- <property name="provideIdpList" value="false" />
- <property name="useCurrentIdp" value="true" />
- <property name="certificate" value="stsKeystoreB.properties" />
- <property name="certificatePassword" value="realmb" />
- <property name="stsUrl"
- value="https://localhost:0/fediz-idp-sts/REALMB" />
- <property name="idpUrl"
- value="https://localhost:${realmB.port}/fediz-idp-remote/federation" />
- <property name="supportedProtocols">
- <util:list>
- <value>http://docs.oasis-open.org/wsfed/federation/200706
- </value>
- <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
- </value>
- </util:list>
- </property>
- <property name="services">
- <util:map>
- <entry key="urn:org:apache:cxf:fediz:idp:realm-A"
- value-ref="idp-realmA" />
- </util:map>
- </property>
- <property name="authenticationURIs">
- <util:map>
- <entry key="default" value="federation/up" />
- <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey"
- value="federation/krb" />
- <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default"
- value="federation/up" />
- <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl"
- value="federation/clientcert" />
- </util:map>
- </property>
- <property name="serviceDisplayName" value="REALM B" />
- <property name="serviceDescription" value="IDP of Realm B" />
- <property name="rpSingleSignOutConfirmation" value="true"/>
- <property name="rpSingleSignOutCleanupConfirmation" value="false"/>
- </bean>
-
- <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.model.ServiceConfig">
- <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
- <property name="protocol"
- value="http://docs.oasis-open.org/wsfed/federation/200706" />
- <property name="serviceDisplayName" value="Resource IDP Realm A" />
- <property name="serviceDescription" value="Resource IDP Realm A" />
- <property name="role" value="SecurityTokenServiceType" />
- <property name="tokenType"
- value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
- <property name="lifeTime" value="3600" />
- <!-- <property name="encryptionCertificate" value="" /> -->
- <property name="requestedClaims">
- <util:list>
- <bean
- class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
- <property name="optional" value="false" />
- </bean>
- <bean
- class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
- <property name="optional" value="false" />
- </bean>
- <bean
- class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
- <property name="optional" value="false" />
- </bean>
- <bean
- class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType"
- value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
- <property name="optional" value="false" />
- </bean>
- </util:list>
- </property>
- </bean>
-
-</beans>
-