You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/09/21 16:47:05 UTC
[cxf-fediz] 02/05: Refactoring and fix custom claims processing
support, adding test cases, refactor role parsing
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit bfa49407f2f7608b989858b8d594901d36470306
Author: Jan Bernhardt <jb...@talend.com>
AuthorDate: Mon Aug 27 11:19:37 2018 +0200
Refactoring and fix custom claims processing support, adding test cases, refactor role parsing
---
.gitignore | 1 +
.../main/java/org/apache/cxf/fediz/core/Claim.java | 5 +
.../cxf/fediz/core/TokenValidatorResponse.java | 19 +-
.../apache/cxf/fediz/core/config/FedizContext.java | 56 ++--
.../core/processor/AbstractFedizProcessor.java | 36 +++
.../cxf/fediz/core/processor/ClaimsProcessor.java | 39 +++
.../core/processor/FederationProcessorImpl.java | 30 +-
.../fediz/core/processor/SAMLProcessorImpl.java | 21 +-
.../cxf/fediz/core/saml/SAMLTokenValidator.java | 41 ++-
.../src/main/resources/schemas/FedizConfig.xsd | 13 +-
.../cxf/fediz/common/ClaimCopyProcessor.java | 19 ++
.../cxf/fediz/common/ClaimMutateProcessor.java | 38 +++
.../fediz/core/config/FedizConfigurationTest.java | 46 ++-
.../fediz/core/federation/ClaimsProcessorTest.java | 339 +++++++++++++++++++++
.../cxf/fediz/core/federation/CustomValidator.java | 1 -
.../core/federation/FederationResponseTest.java | 4 +-
.../cxf/fediz/core/samlsso/CustomValidator.java | 1 -
systests/cxf/src/test/resources/fediz_config.xml | 1 -
.../cxfWebapp/src/main/resources/fediz_config.xml | 1 -
19 files changed, 625 insertions(+), 86 deletions(-)
diff --git a/.gitignore b/.gitignore
index 1e8a4b2..1d7af8b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,3 +14,4 @@ velocity.log
.externalToolBuilders/
.idea
+bin
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/Claim.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/Claim.java
index c8e47f5..5155377 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/Claim.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/Claim.java
@@ -90,5 +90,10 @@ public class Claim implements Serializable {
public Object getValue() {
return value;
}
+
+ @Override
+ public String toString() {
+ return claimType + " : " + value;
+ }
}
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java
index 2d9788e..92ff2f6 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java
@@ -26,6 +26,7 @@ public class TokenValidatorResponse {
private String username;
private String uniqueTokenId;
+ @Deprecated
private List<String> roles;
private String issuer;
private String audience;
@@ -33,8 +34,16 @@ public class TokenValidatorResponse {
private Date expires;
private Date created;
+ public TokenValidatorResponse(String uniqueTokenId, String username, String issuer,
+ List<Claim> claims, String audience) {
+ this.username = username;
+ this.issuer = issuer;
+ this.claims = claims;
+ this.audience = audience;
+ this.uniqueTokenId = uniqueTokenId;
+ }
-
+ @Deprecated
public TokenValidatorResponse(String uniqueTokenId, String username, String issuer,
List<String> roles, List<Claim> claims, String audience) {
this.username = username;
@@ -49,18 +58,24 @@ public class TokenValidatorResponse {
public String getUsername() {
return username;
}
+
public String getUniqueTokenId() {
return uniqueTokenId;
}
+
+ @Deprecated
public List<String> getRoles() {
return roles;
}
+
public String getIssuer() {
return issuer;
}
+
public String getAudience() {
return audience;
}
+
public List<Claim> getClaims() {
return claims;
}
@@ -96,6 +111,4 @@ public class TokenValidatorResponse {
this.created = null;
}
}
-
-
}
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
index 4c92994..84cd035 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
@@ -32,10 +32,8 @@ import java.util.List;
import java.util.Properties;
import java.util.regex.Pattern;
-import org.apache.cxf.fediz.core.config.jaxb.ArgumentType;
import org.apache.cxf.fediz.core.config.jaxb.CallbackType;
import org.apache.cxf.fediz.core.config.jaxb.CertificateStores;
-import org.apache.cxf.fediz.core.config.jaxb.ClaimsTransformerType;
import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
import org.apache.cxf.fediz.core.config.jaxb.KeyManagersType;
@@ -76,6 +74,8 @@ public class FedizContext implements Closeable {
private ClassLoader classloader;
private Object logoutRedirectToConstraint;
+ private List<ClaimsProcessor> claimsProcessor;
+
public FedizContext(ContextConfig config) {
if (config == null) {
@@ -263,39 +263,27 @@ public class FedizContext implements Closeable {
return replayCache;
}
- public ClaimsProcessor getClaimsTransformer() {
- ClaimsTransformerType claimsTransformerType = config.getClaimsTransformer();
- if (claimsTransformerType != null) {
- ArgumentType type = claimsTransformerType.getType();
- if (type.equals(ArgumentType.CLASS)) {
- String clazzName = type.value();
- Class<?> clazz;
- try {
- clazz = getClassloader().loadClass(clazzName);
- Object obj = clazz.newInstance();
- if (obj instanceof ClaimsProcessor) {
- return (ClaimsProcessor) obj;
- } else {
- LOG.error("The configured ClaimsTransformer is not an instance of ClaimsProcessor !");
- return null;
- }
-
- } catch (ClassNotFoundException e) {
- LOG.error("The specified ClaimsTransformer can not be found. Check your classpath");
- return null;
-
- } catch (InstantiationException e) {
- LOG.error("The specified ClaimsTransformer can not be instantiated.");
- return null;
-
- } catch (IllegalAccessException e) {
- LOG.error("The specified ClaimsTransformer can not be accessed.");
- return null;
- }
-
- }
+ @SuppressWarnings("unchecked")
+ public List<ClaimsProcessor> getClaimsProcessor() {
+ if (this.claimsProcessor != null) {
+ return this.claimsProcessor;
+ }
+ CallbackType cbt = config.getClaimsProcessor();
+ Object claimsProc = ConfigUtils.loadCallbackType(cbt, "ClaimsProcessor", getClassloader());
+
+ if (claimsProc == null) {
+ return null;
+ } else if (claimsProc instanceof ClaimsProcessor) {
+ this.claimsProcessor = new ArrayList<>();
+ this.claimsProcessor.add((ClaimsProcessor) claimsProc);
+ } else if (claimsProc instanceof List && !((List<?>) claimsProc).isEmpty()
+ && ((List<?>) claimsProc).get(0) instanceof ClaimsProcessor) {
+ this.claimsProcessor = (List<ClaimsProcessor>) claimsProc;
+ } else {
+ LOG.error("The configured ClaimsProcessor is not an instance of ClaimsProcessor!");
+ return null;
}
- return null;
+ return this.claimsProcessor;
}
public String getName() {
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
index 3ca5b49..de74f34 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
@@ -22,12 +22,16 @@ package org.apache.cxf.fediz.core.processor;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.Date;
+import java.net.URI;
+import java.util.Collections;
+import java.util.List;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.servlet.http.HttpServletRequest;
+import org.apache.cxf.fediz.core.Claim;
import org.apache.cxf.fediz.core.config.FedizContext;
import org.apache.cxf.fediz.core.exception.ProcessingException;
import org.apache.cxf.fediz.core.exception.ProcessingException.TYPE;
@@ -102,7 +106,39 @@ public abstract class AbstractFedizProcessor implements FedizProcessor {
protected String extractFullContextPath(HttpServletRequest request) throws MalformedURLException {
return StringUtils.extractFullContextPath(request);
}
+
+
+ protected List<String> getRoles(List<Claim> claims, String roleURI) {
+ if (roleURI == null || roleURI.isEmpty()) {
+ return null;
+ }
+ return getRoles(claims, URI.create(roleURI));
+ }
+ protected List<String> getRoles(List<Claim> claims, URI roleURI) {
+ if (claims == null || roleURI == null) {
+ return null;
+ }
+ List<String> roles = null;
+ for (Claim c : claims) {
+ if (roleURI.equals(c.getClaimType())) {
+ Object oValue = c.getValue();
+ if ((oValue instanceof String) && !"".equals((String) oValue)) {
+ roles = Collections.singletonList((String) oValue);
+ } else if ((oValue instanceof List<?>) && !((List<?>) oValue).isEmpty()) {
+ @SuppressWarnings("unchecked")
+ List<String> values = (List<String>) oValue;
+ roles = Collections.unmodifiableList(values);
+ } else if (!((oValue instanceof String) || (oValue instanceof List<?>))) {
+ LOG.error("Unsupported value type of Claim value");
+ throw new IllegalStateException("Unsupported value type of Claim value");
+ }
+ break;
+ }
+ }
+ return roles;
+ }
+
protected String resolveReply(HttpServletRequest request, FedizContext config) throws IOException,
UnsupportedCallbackException {
Object replyObj = config.getProtocol().getReply();
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/ClaimsProcessor.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/ClaimsProcessor.java
new file mode 100644
index 0000000..b45eaf2
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/ClaimsProcessor.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core.processor;
+
+import java.util.List;
+
+import org.apache.cxf.fediz.core.Claim;
+
+public interface ClaimsProcessor {
+
+ /**
+ * This operation can be used to transform, filter or trigger other actions
+ * based on the input claims. The response can be the same list of claims as
+ * from the input parameter, a subset of it or a renamed or extended list of
+ * claims.
+ *
+ * @param claims Claims to be processed
+ * @return List of processed claims
+ */
+ List<Claim> processClaims(List<Claim> claims);
+
+}
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
index 31e4799..fcd6d6f 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
@@ -210,10 +210,6 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
expires = validatorResponse.getExpires();
}
testForReplayAttack(validatorResponse.getUniqueTokenId(), config, expires);
- testForMandatoryClaims(((FederationProtocol)config.getProtocol()).getRoleURI(),
- ((FederationProtocol)config.getProtocol()).getClaimTypesRequested(),
- validatorResponse.getClaims(),
- validatorResponse.getRoles() != null && !validatorResponse.getRoles().isEmpty());
Date created = validatorResponse.getCreated();
if (lifeTime != null && lifeTime.getCreated() != null) {
@@ -221,13 +217,23 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
}
List<Claim> claims = validatorResponse.getClaims();
- if (config.getClaimsTransformer() != null) {
- LOG.debug("invoking ClaimsTransformer");
- claims = config.getClaimsTransformer().processClaims(validatorResponse.getClaims());
+
+ testForMandatoryClaims(config.getProtocol().getRoleURI(),
+ ((FederationProtocol)config.getProtocol()).getClaimTypesRequested(),
+ claims);
+
+ List<ClaimsProcessor> processors = config.getClaimsProcessor();
+ if (processors != null) {
+ for (ClaimsProcessor cp : processors) {
+ LOG.debug("invoking ClaimsProcessor {}", cp);
+ claims = cp.processClaims(claims);
+ }
}
+ List<String> roles = getRoles(claims, config.getProtocol().getRoleURI());
+
FedizResponse fedResponse = new FedizResponse(validatorResponse.getUsername(), validatorResponse.getIssuer(),
- validatorResponse.getRoles(), claims,
+ roles, claims,
validatorResponse.getAudience(), created, expires, rst,
validatorResponse.getUniqueTokenId());
@@ -748,8 +754,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
private void testForMandatoryClaims(String roleURI,
List<org.apache.cxf.fediz.core.config.Claim> requestedClaims,
- List<org.apache.cxf.fediz.core.Claim> receivedClaims,
- boolean foundRoles
+ List<org.apache.cxf.fediz.core.Claim> receivedClaims
) throws ProcessingException {
if (requestedClaims != null) {
for (org.apache.cxf.fediz.core.config.Claim requestedClaim : requestedClaims) {
@@ -761,11 +766,6 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
break;
}
}
- if (!found && foundRoles && roleURI != null && roleURI.equals(requestedClaim.getType())) {
- // Maybe the requested claim is a role, which has already been removed
- // from the claims collection
- found = true;
- }
if (!found) {
LOG.warn("Mandatory claim {} not found in token", requestedClaim.getType());
throw new ProcessingException("Mandatory claim not found in token", TYPE.INVALID_REQUEST);
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index c51222a..de59878 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -129,9 +129,8 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
return requestState;
}
- protected FedizResponse processSignInRequest(
- FedizRequest request, FedizContext config)
- throws ProcessingException {
+ protected FedizResponse processSignInRequest(FedizRequest request, FedizContext config) throws ProcessingException {
+
SAMLProtocol protocol = (SAMLProtocol)config.getProtocol();
RequestState requestState =
processRelayState(request.getState(), request.getRequestState());
@@ -226,9 +225,23 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
}
testForReplayAttack(validatorResponse.getUniqueTokenId(), config, expires);
+ List<Claim> claims = validatorResponse.getClaims();
+
+ if (config.getClaimsProcessor() != null) {
+ List<ClaimsProcessor> processors = config.getClaimsProcessor();
+ if (processors != null) {
+ for (ClaimsProcessor cp : processors) {
+ LOG.debug("invoking ClaimsProcessor {}", cp);
+ claims = cp.processClaims(claims);
+ }
+ }
+ }
+
+ List<String> roles = getRoles(claims, config.getProtocol().getRoleURI());
+
FedizResponse fedResponse = new FedizResponse(
validatorResponse.getUsername(), validatorResponse.getIssuer(),
- validatorResponse.getRoles(), validatorResponse.getClaims(),
+ roles, claims,
validatorResponse.getAudience(),
validatorResponse.getCreated(),
expires,
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
index 7d2bc88..a93d019 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
@@ -199,12 +199,12 @@ public class SAMLTokenValidator implements TokenValidator {
claims = Collections.emptyList();
}
- List<String> roles = parseRoles(config, claims);
-
+ claims = parseRoleClaim(config, claims);
+
SAMLTokenPrincipal p = new SAMLTokenPrincipalImpl(assertion);
TokenValidatorResponse response = new TokenValidatorResponse(
- assertion.getId(), p.getName(), assertionIssuer, roles,
+ assertion.getId(), p.getName(), assertionIssuer,
new ClaimCollection(claims), audience);
response.setExpires(getExpires(assertion));
response.setCreated(getCreated(assertion));
@@ -217,6 +217,7 @@ public class SAMLTokenValidator implements TokenValidator {
}
}
+ @Deprecated
protected List<String> parseRoles(FedizContext config, List<Claim> claims) {
List<String> roles = null;
Protocol protocol = config.getProtocol();
@@ -248,6 +249,38 @@ public class SAMLTokenValidator implements TokenValidator {
return roles;
}
+
+ protected List<Claim> parseRoleClaim(FedizContext config, List<Claim> claims) {
+ List<String> roles = null;
+ Protocol protocol = config.getProtocol();
+ if (protocol.getRoleURI() != null) {
+ URI roleURI = URI.create(protocol.getRoleURI());
+ String delim = protocol.getRoleDelimiter();
+ for (Claim c : claims) {
+ if (roleURI.equals(c.getClaimType())) {
+ Object oValue = c.getValue();
+ if ((oValue instanceof String) && !"".equals((String)oValue)) {
+ if (delim == null) {
+ roles = Collections.singletonList((String)oValue);
+ } else {
+ roles = parseRoles((String)oValue, delim);
+ }
+ } else if ((oValue instanceof List<?>) && !((List<?>)oValue).isEmpty()) {
+ @SuppressWarnings("unchecked")
+ List<String> values = (List<String>)oValue;
+ roles = Collections.unmodifiableList(values);
+ } else if (!((oValue instanceof String) || (oValue instanceof List<?>))) {
+ LOG.error("Unsupported value type of Claim value");
+ throw new IllegalStateException("Unsupported value type of Claim value");
+ }
+ // Replace single role String with role List<String> after parsing
+ c.setValue(roles);
+ break;
+ }
+ }
+ }
+ return claims;
+ }
protected List<Claim> parseClaimsInAssertion(
org.opensaml.saml.saml1.core.Assertion assertion) {
@@ -309,8 +342,6 @@ public class SAMLTokenValidator implements TokenValidator {
return collection;
}
-
-
protected List<Claim> parseClaimsInAssertion(
org.opensaml.saml.saml2.core.Assertion assertion) {
List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion
diff --git a/plugins/core/src/main/resources/schemas/FedizConfig.xsd b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
index 97cea11..ee0ea9f 100644
--- a/plugins/core/src/main/resources/schemas/FedizConfig.xsd
+++ b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
@@ -25,10 +25,10 @@
<xs:element ref="tokenDecryptionKey" />
<xs:element ref="trustedIssuers" />
<xs:element ref="protocol" />
+ <xs:element ref="claimsProcessor" minOccurs="0" />
<xs:element ref="logoutURL" minOccurs="0" />
<xs:element ref="logoutRedirectTo" minOccurs="0" />
<xs:element ref="logoutRedirectToConstraint" minOccurs="0" />
- <xs:element ref="claimsTransformer" minOccurs="0" />
</xs:sequence>
<xs:attribute name="name" use="required" type="xs:string" />
@@ -223,16 +223,6 @@
</xs:annotation>
</xs:element>
- <xs:complexType name="ClaimsTransformerType">
- <xs:simpleContent>
- <xs:extension base="xs:string">
- <xs:attribute name="type" type="argumentType" />
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
-
- <xs:element name="claimsTransformer" type="ClaimsTransformerType" />
-
<xs:element name="issuer" type="CallbackType" />
<xs:element name="homeRealm" type="CallbackType" />
<xs:element name="authenticationType" type="CallbackType" />
@@ -241,6 +231,7 @@
<xs:element name="signInQuery" type="CallbackType" />
<xs:element name="signOutQuery" type="CallbackType" />
<xs:element name="reply" type="CallbackType" />
+ <xs:element name="claimsProcessor" type="CallbackType" />
<xs:simpleType name="argumentType">
<xs:restriction base="xs:string">
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/common/ClaimCopyProcessor.java b/plugins/core/src/test/java/org/apache/cxf/fediz/common/ClaimCopyProcessor.java
new file mode 100644
index 0000000..6b9ba2a
--- /dev/null
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/common/ClaimCopyProcessor.java
@@ -0,0 +1,19 @@
+package org.apache.cxf.fediz.common;
+
+import java.util.List;
+
+import org.apache.cxf.fediz.core.Claim;
+import org.apache.cxf.fediz.core.processor.ClaimsProcessor;
+
+/**
+ * Returns same list of claims as provided (no changes)
+ *
+ */
+public class ClaimCopyProcessor implements ClaimsProcessor {
+
+ @Override
+ public List<Claim> processClaims(List<Claim> claims) {
+ return claims;
+ }
+
+}
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/common/ClaimMutateProcessor.java b/plugins/core/src/test/java/org/apache/cxf/fediz/common/ClaimMutateProcessor.java
new file mode 100644
index 0000000..c11fe79
--- /dev/null
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/common/ClaimMutateProcessor.java
@@ -0,0 +1,38 @@
+package org.apache.cxf.fediz.common;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.cxf.fediz.core.Claim;
+import org.apache.cxf.fediz.core.ClaimTypes;
+import org.apache.cxf.fediz.core.processor.ClaimsProcessor;
+
+/**
+ * Returns same list of claims as provided (no changes)
+ *
+ */
+public class ClaimMutateProcessor implements ClaimsProcessor {
+
+ @Override
+ public List<Claim> processClaims(List<Claim> claims) {
+ List<Claim> newClaimList = new ArrayList<>();
+
+ for (Claim c : claims) {
+ if (ClaimTypes.PRIVATE_PERSONAL_IDENTIFIER.equals(c.getClaimType())) {
+ Claim lowerClaim = new Claim();
+ lowerClaim.setClaimType(ClaimTypes.FIRSTNAME);
+ lowerClaim.setValue(c.getValue().toString().toLowerCase());
+
+ Claim upperClaim = new Claim();
+ upperClaim.setClaimType(ClaimTypes.LASTNAME);
+ upperClaim.setValue(c.getValue().toString().toUpperCase());
+
+ newClaimList.add(lowerClaim);
+ newClaimList.add(upperClaim);
+ }
+ }
+
+ return newClaimList;
+ }
+
+}
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
index 347cede..2bf7a51 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
@@ -24,18 +24,21 @@ import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.math.BigInteger;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.List;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import org.apache.cxf.fediz.common.SecurityTestUtil;
+import org.apache.cxf.fediz.core.ClaimTypes;
import org.apache.cxf.fediz.core.config.jaxb.ArgumentType;
import org.apache.cxf.fediz.core.config.jaxb.AudienceUris;
import org.apache.cxf.fediz.core.config.jaxb.CallbackType;
import org.apache.cxf.fediz.core.config.jaxb.CertificateStores;
import org.apache.cxf.fediz.core.config.jaxb.ClaimType;
import org.apache.cxf.fediz.core.config.jaxb.ClaimTypesRequested;
-import org.apache.cxf.fediz.core.config.jaxb.ClaimsTransformerType;
import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
import org.apache.cxf.fediz.core.config.jaxb.FedizConfig;
@@ -46,6 +49,7 @@ import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
import org.apache.cxf.fediz.core.config.jaxb.ValidationType;
+import org.apache.cxf.fediz.core.processor.ClaimsProcessor;
import org.apache.wss4j.common.cache.EHCacheReplayCache;
import org.apache.wss4j.common.cache.MemoryReplayCache;
import org.apache.wss4j.common.cache.ReplayCache;
@@ -59,7 +63,7 @@ public class FedizConfigurationTest {
//private static final String REQUEST = "request value";
private static final String REPLY = "reply value";
private static final String TARGET_REALM = "target realm";
- private static final String HOME_REALM_CLASS = "org.apache.fediz.realm.MyHomeRealm.class";
+ private static final String HOME_REALM_CLASS = "org.apache.fediz.realm.MyHomeRealm";
private static final String FRESHNESS_VALUE = "10000";
private static final String CONFIG_NAME = "ROOT";
@@ -79,13 +83,13 @@ public class FedizConfigurationTest {
private static final String ROLE_DELIMITER = ";";
private static final String ROLE_URI = "http://someserver:8080/path/roles.uri";
- private static final String CLAIM_TYPE_1 = "a particular claim type";
- private static final String CLAIM_TYPE_2 = "a second particular claim type";
+ private static final String CLAIM_TYPE_1 = ClaimTypes.FIRSTNAME.toString();
+ private static final String CLAIM_TYPE_2 = ClaimTypes.LASTNAME.toString();
private static final String SUBJECT_VALUE_1 = ".*CN=www.sts1.com.*";
private static final String SUBJECT_VALUE_2 = ".*CN=www.sts2.com.*";
private static final String SUBJECT_VALUE_3 = ".*CN=www.sts3.com.*";
- private static final String CLAIMSTRANFORMER_CLASS = "org.apache.fediz.MyClaimsTransformer.class";
+ private static final String CLAIMS_PROCESSOR_CLASS = "org.apache.cxf.fediz.common.ClaimCopyProcessor";
private static final String CONFIG_FILE = "./target/fedizconfig.xml";
@@ -215,10 +219,10 @@ public class FedizConfigurationTest {
issuer.setValue(ISSUER);
protocol.setIssuer(issuer);
- ClaimsTransformerType claimsTransformer = new ClaimsTransformerType();
- claimsTransformer.setType(ArgumentType.CLASS);
- claimsTransformer.setValue(CLAIMSTRANFORMER_CLASS);
- config.setClaimsTransformer(claimsTransformer);
+ CallbackType claimsProcessor = new CallbackType();
+ claimsProcessor.setType(ArgumentType.CLASS);
+ claimsProcessor.setValue(CLAIMS_PROCESSOR_CLASS);
+ config.setClaimsProcessor(claimsProcessor);
return rootConfig;
@@ -418,5 +422,29 @@ public class FedizConfigurationTest {
Assert.assertTrue(config.getMaximumClockSkew().intValue() == 5);
Assert.assertFalse(config.isTokenExpirationValidation());
}
+
+ @org.junit.Test
+ public void testClaimProcessor() throws JAXBException, IOException {
+ final JAXBContext jaxbContext = JAXBContext.newInstance(FedizConfig.class);
+ FedizConfigurator configurator = new FedizConfigurator();
+ FedizConfig configOut = createConfiguration(true);
+ StringWriter writer = new StringWriter();
+ jaxbContext.createMarshaller().marshal(configOut, writer);
+ StringReader reader = new StringReader(writer.toString());
+ configurator.loadConfig(reader);
+
+ FedizContext fedContext = configurator.getFedizContext(CONFIG_NAME);
+ List<ClaimsProcessor> claimsProcessor = fedContext.getClaimsProcessor();
+ Assert.assertNotNull(claimsProcessor);
+ Assert.assertEquals(1, claimsProcessor.size());
+
+ List<org.apache.cxf.fediz.core.Claim> inputClaims = new ArrayList<>();
+ org.apache.cxf.fediz.core.Claim claim = new org.apache.cxf.fediz.core.Claim();
+ claim.setClaimType(URI.create(CLAIM_TYPE_1));
+ claim.setValue("Alice");
+ inputClaims.add(claim);
+ List<org.apache.cxf.fediz.core.Claim> processedClaims = claimsProcessor.get(0).processClaims(inputClaims);
+ Assert.assertEquals(inputClaims, processedClaims);
+ }
}
\ No newline at end of file
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/ClaimsProcessorTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/ClaimsProcessorTest.java
new file mode 100644
index 0000000..533d3e0
--- /dev/null
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/ClaimsProcessorTest.java
@@ -0,0 +1,339 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core.federation;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.io.StringWriter;
+import java.math.BigInteger;
+import java.util.Collections;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+
+import org.apache.cxf.fediz.common.STSUtil;
+import org.apache.cxf.fediz.common.SecurityTestUtil;
+import org.apache.cxf.fediz.core.Claim;
+import org.apache.cxf.fediz.core.ClaimTypes;
+import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.KeystoreCallbackHandler;
+import org.apache.cxf.fediz.core.SAML2CallbackHandler;
+import org.apache.cxf.fediz.core.config.FedizConfigurator;
+import org.apache.cxf.fediz.core.config.FedizContext;
+import org.apache.cxf.fediz.core.config.jaxb.ArgumentType;
+import org.apache.cxf.fediz.core.config.jaxb.AudienceUris;
+import org.apache.cxf.fediz.core.config.jaxb.CallbackType;
+import org.apache.cxf.fediz.core.config.jaxb.CertificateStores;
+import org.apache.cxf.fediz.core.config.jaxb.ClaimType;
+import org.apache.cxf.fediz.core.config.jaxb.ClaimTypesRequested;
+import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
+import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
+import org.apache.cxf.fediz.core.config.jaxb.FedizConfig;
+import org.apache.cxf.fediz.core.config.jaxb.KeyStoreType;
+import org.apache.cxf.fediz.core.config.jaxb.ProtocolType;
+import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
+import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
+import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
+import org.apache.cxf.fediz.core.config.jaxb.ValidationType;
+import org.apache.cxf.fediz.core.exception.ProcessingException;
+import org.apache.cxf.fediz.core.processor.FederationProcessorImpl;
+import org.apache.cxf.fediz.core.processor.FedizProcessor;
+import org.apache.cxf.fediz.core.processor.FedizRequest;
+import org.apache.cxf.fediz.core.processor.FedizResponse;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean;
+import org.apache.wss4j.common.saml.bean.ConditionsBean;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.common.util.DOM2Writer;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Test for claim transformations with ClaimsProcessor
+ */
+public class ClaimsProcessorTest {
+
+ private static final String ISSUER = "FedizSTSIssuer";
+ private static final String PROTOCOL_VERSION = "1.0.0";
+ //private static final String REQUEST = "request value";
+ private static final String REPLY = "reply value";
+ private static final String TARGET_REALM = "target realm";
+ private static final String FRESHNESS_VALUE = "10000";
+
+ private static final String CONFIG_NAME = "ROOT";
+ private static final String CLOCK_SKEW = "1000";
+
+ private static final String AUTH_TYPE_VALUE = "some auth type";
+
+ private static final String AUDIENCE_URI_1 = "http://host_one:port/url";
+
+ private static final String ROLE_DELIMITER = ";";
+ private static final String ROLE_URI = "http://someserver:8080/path/roles.uri";
+
+ private static final String COPY_CLAIMS_PROCESSOR_CLASS = "org.apache.cxf.fediz.common.ClaimCopyProcessor";
+ private static final String MUTATE_CLAIMS_PROCESSOR_CLASS = "org.apache.cxf.fediz.common.ClaimMutateProcessor";
+
+ private static Crypto crypto;
+ private static CallbackHandler cbPasswordHandler = new KeystoreCallbackHandler();
+
+ @BeforeClass
+ public static void init() {
+ try {
+ crypto = CryptoFactory.getInstance("signature.properties");
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ }
+
+ @AfterClass
+ public static void cleanup() {
+ SecurityTestUtil.cleanup();
+ }
+
+ //CHECKSTYLE:OFF
+ private FedizConfig createConfiguration(String claimsProcessorClass) throws JAXBException {
+
+ FedizConfig rootConfig = new FedizConfig();
+ ContextConfig config = new ContextConfig();
+ rootConfig.getContextConfig().add(config);
+
+ config.setName(CONFIG_NAME);
+ config.setMaximumClockSkew(new BigInteger(CLOCK_SKEW));
+
+ CertificateStores certStores = new CertificateStores();
+
+ TrustManagersType tm0 = new TrustManagersType();
+ KeyStoreType ks0 = new KeyStoreType();
+ ks0.setType("JKS");
+ ks0.setPassword("storepass");
+ ks0.setResource("ststrust.jks");
+ tm0.setKeyStore(ks0);
+
+ certStores.getTrustManager().add(tm0);
+
+ config.setCertificateStores(certStores);
+
+ TrustedIssuers trustedIssuers = new TrustedIssuers();
+
+ TrustedIssuerType ti0 = new TrustedIssuerType();
+ ti0.setCertificateValidation(ValidationType.PEER_TRUST);
+ trustedIssuers.getIssuer().add(ti0);
+
+ config.setTrustedIssuers(trustedIssuers);
+
+ ProtocolType protocol = new FederationProtocolType();
+
+ CallbackType authType = new CallbackType();
+ authType.setType(ArgumentType.STRING);
+ authType.setValue(AUTH_TYPE_VALUE);
+ ((FederationProtocolType)protocol).setAuthenticationType(authType);
+
+ CallbackType freshness = new CallbackType();
+ freshness.setValue(FRESHNESS_VALUE);
+ ((FederationProtocolType)protocol).setFreshness(freshness);
+
+ CallbackType reply = new CallbackType();
+ reply.setValue(REPLY);
+ ((FederationProtocolType)protocol).setReply(reply);
+ ((FederationProtocolType)protocol).setVersion(PROTOCOL_VERSION);
+
+ config.setProtocol(protocol);
+
+ AudienceUris audienceUris = new AudienceUris();
+ audienceUris.getAudienceItem().add(AUDIENCE_URI_1);
+ config.setAudienceUris(audienceUris);
+
+ protocol.setRoleDelimiter(ROLE_DELIMITER);
+ protocol.setRoleURI(ROLE_URI);
+
+ ClaimTypesRequested claimTypeReq = new ClaimTypesRequested();
+ ClaimType claimType = new ClaimType();
+ claimType.setOptional(true);
+ claimType.setType(ClaimTypes.FIRSTNAME.toString());
+ claimTypeReq.getClaimType().add(claimType);
+
+ ClaimType claimType2 = new ClaimType();
+ claimType2.setOptional(true);
+ claimType2.setType(ClaimTypes.LASTNAME.toString());
+ claimTypeReq.getClaimType().add(claimType2);
+
+ protocol.setClaimTypesRequested(claimTypeReq);
+
+ CallbackType realm = new CallbackType();
+ realm.setValue(TARGET_REALM);
+ protocol.setRealm(realm);
+
+ CallbackType issuer = new CallbackType();
+ issuer.setValue(ISSUER);
+ protocol.setIssuer(issuer);
+
+ if (claimsProcessorClass != null) {
+ CallbackType cpc = new CallbackType();
+ cpc.setType(ArgumentType.CLASS);
+ cpc.setValue(claimsProcessorClass);
+ config.setClaimsProcessor(cpc);
+ }
+
+ return rootConfig;
+
+ }
+
+ @org.junit.Test
+ public void testWithoutCustomClaimProcessor() throws Exception {
+ String originalClaimValue = "Alice";
+ String claimsProcessorClass = null;
+
+ FedizResponse wfRes = performLogin(ClaimTypes.FIRSTNAME.toString(), originalClaimValue, claimsProcessorClass);
+
+ Object claimValue = null;
+ for (Claim c : wfRes.getClaims()) {
+ if (ClaimTypes.FIRSTNAME.equals(c.getClaimType())) {
+ claimValue = c.getValue();
+ }
+ }
+
+ Assert.assertEquals(originalClaimValue, claimValue);
+ }
+
+ @org.junit.Test
+ public void testCustomClaimProcessor() throws Exception {
+ String originalClaimValue = "Alice";
+ String claimsProcessorClass = COPY_CLAIMS_PROCESSOR_CLASS;
+
+ FedizResponse wfRes = performLogin(ClaimTypes.FIRSTNAME.toString(), originalClaimValue, claimsProcessorClass);
+
+ Object claimValue = null;
+ for (Claim c : wfRes.getClaims()) {
+ if (ClaimTypes.FIRSTNAME.equals(c.getClaimType())) {
+ claimValue = c.getValue();
+ }
+ }
+
+ Assert.assertEquals(originalClaimValue, claimValue);
+ }
+
+ @org.junit.Test
+ public void testClaimModificationProcessor() throws Exception {
+ String originalClaimValue = "Alice";
+ String claimsProcessorClass = MUTATE_CLAIMS_PROCESSOR_CLASS;
+
+ FedizResponse wfRes = performLogin(ClaimTypes.PRIVATE_PERSONAL_IDENTIFIER.toString(), originalClaimValue, claimsProcessorClass);
+
+ Object firstname = null;
+ Object lastname = null;
+
+ Assert.assertEquals(2, wfRes.getClaims().size());
+
+ for (Claim c : wfRes.getClaims()) {
+ if (ClaimTypes.FIRSTNAME.equals(c.getClaimType())) {
+ firstname = c.getValue();
+ } else if (ClaimTypes.LASTNAME.equals(c.getClaimType())) {
+ lastname = c.getValue();
+ }
+ }
+
+ Assert.assertEquals("alice", firstname);
+ Assert.assertEquals("ALICE", lastname);
+ }
+
+
+
+ private FedizResponse performLogin(String claimType, String claimValue, String claimsProcessorClass)
+ throws Exception, WSSecurityException, IOException, UnsupportedCallbackException, JAXBException, ProcessingException {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+ callbackHandler.setIssuer(ISSUER);
+ callbackHandler.setSubjectName("alice");
+ callbackHandler.setAttributeNameFormat(ClaimTypes.URI_BASE.toString());
+ callbackHandler.setCustomClaimName(claimType);
+ callbackHandler.setCustomAttributeValues(Collections.singletonList(claimValue));
+
+ ConditionsBean cp = new ConditionsBean();
+ AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
+ audienceRestriction.getAudienceURIs().add(AUDIENCE_URI_1);
+ cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
+ callbackHandler.setConditions(cp);
+
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+ SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
+
+ String rstr = createSamlToken(assertion, "mystskey", true);
+
+ FedizRequest wfReq = new FedizRequest();
+ wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+ wfReq.setResponseToken(rstr);
+
+ FedizConfig config = createConfiguration(claimsProcessorClass);
+ StringWriter writer = new StringWriter();
+ final JAXBContext jaxbContext = JAXBContext.newInstance(FedizConfig.class);
+ jaxbContext.createMarshaller().marshal(config, writer);
+ StringReader reader = new StringReader(writer.toString());
+
+ FedizConfigurator configurator = new FedizConfigurator();
+ configurator.loadConfig(reader);
+ FedizContext context = configurator.getFedizContext(CONFIG_NAME);
+
+ FedizProcessor wfProc = new FederationProcessorImpl();
+ return wfProc.processRequest(wfReq, context);
+ }
+
+ private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign)
+ throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
+ return createSamlToken(assertion, alias, sign, STSUtil.SAMPLE_RSTR_COLL_MSG);
+ }
+
+ private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign, String rstr)
+ throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
+ WSPasswordCallback[] cb = {
+ new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)
+ };
+ cbPasswordHandler.handle(cb);
+ String password = cb[0].getPassword();
+
+ if (sign) {
+ assertion.signAssertion(alias, password, crypto, false);
+ }
+ Document doc = STSUtil.toSOAPPart(rstr);
+ Element token = assertion.toDOM(doc);
+
+ Element e = SAMLTokenValidatorOldTest.findElement(doc, "RequestedSecurityToken",
+ FederationConstants.WS_TRUST_13_NS);
+ if (e == null) {
+ e = SAMLTokenValidatorOldTest.findElement(doc, "RequestedSecurityToken",
+ FederationConstants.WS_TRUST_2005_02_NS);
+ }
+ e.appendChild(token);
+ return DOM2Writer.nodeToString(doc);
+ }
+}
\ No newline at end of file
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/CustomValidator.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/CustomValidator.java
index 835f94e..3f62983 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/CustomValidator.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/CustomValidator.java
@@ -47,7 +47,6 @@ public class CustomValidator implements TokenValidator {
FederationResponseTest.TEST_USER,
FederationResponseTest.TEST_RSTR_ISSUER,
null,
- null,
FederationResponseTest.TEST_AUDIENCE);
}
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
index e51415a..9cbb0dd 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
@@ -22,6 +22,7 @@ package org.apache.cxf.fediz.core.federation;
import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
+import java.net.URI;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.Collections;
@@ -1716,9 +1717,10 @@ public class FederationResponseTest {
}
private void assertClaims(List<Claim> claims, String roleClaimType) {
+ URI roleClaimTypeURI = URI.create(roleClaimType);
for (Claim c : claims) {
Assert.assertTrue("Invalid ClaimType URI: " + c.getClaimType(),
- c.getClaimType().equals(roleClaimType)
+ c.getClaimType().equals(roleClaimTypeURI)
|| c.getClaimType().equals(ClaimTypes.COUNTRY)
|| c.getClaimType().equals(AbstractSAMLCallbackHandler.CLAIM_TYPE_LANGUAGE)
);
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/CustomValidator.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/CustomValidator.java
index 7f083dc..baa4c58 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/CustomValidator.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/CustomValidator.java
@@ -47,7 +47,6 @@ public class CustomValidator implements TokenValidator {
SAMLResponseTest.TEST_USER,
SAMLResponseTest.TEST_IDP_ISSUER,
null,
- null,
SAMLResponseTest.TEST_REQUEST_URL);
}
diff --git a/systests/cxf/src/test/resources/fediz_config.xml b/systests/cxf/src/test/resources/fediz_config.xml
index 5f87c36..ef5df85 100644
--- a/systests/cxf/src/test/resources/fediz_config.xml
+++ b/systests/cxf/src/test/resources/fediz_config.xml
@@ -56,7 +56,6 @@
</protocol>
<logoutURL>/secure/logout</logoutURL>
<logoutRedirectTo>/index.html</logoutRedirectTo>
- <claimsTransformer type="Class">org.apache.cxf.fediz.systests.cxf.ClaimTransformerTest</claimsTransformer>
</contextConfig>
</FedizConfig>
diff --git a/systests/webapps/cxfWebapp/src/main/resources/fediz_config.xml b/systests/webapps/cxfWebapp/src/main/resources/fediz_config.xml
index a30b0d5..ad5417b 100644
--- a/systests/webapps/cxfWebapp/src/main/resources/fediz_config.xml
+++ b/systests/webapps/cxfWebapp/src/main/resources/fediz_config.xml
@@ -53,7 +53,6 @@
</protocol>
<logoutURL>/secure/logout</logoutURL>
<logoutRedirectTo>/index.html</logoutRedirectTo>
- <claimsTransformer type="Class">org.apache.cxf.fediz.systests.cxf.ClaimTransformerTest</claimsTransformer>
</contextConfig>
</FedizConfig>