Author: owulff
Date: Mon Jun 11 08:42:51 2012
New Revision: 1348749
URL: http://svn.apache.org/viewvc?rev=1348749&view=rev
Log:
[FEDIZ-1] WS-Federation Metadata document published at runtime in RP. Thanks
for patch Juerg
Added:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
cxf/fediz/trunk/plugins/core/src/test/resources/fediz_meta_test_config.xml
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java?rev=1348749&r1=1348748&r2=1348749&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
Mon Jun 11 08:42:51 2012
@@ -211,6 +211,13 @@ public final class FederationConstants {
public static final String WS_TRUST_2005_02_NS =
"http://schemas.xmlsoap.org/ws/2005/02/trust";;
+ public static final String SAML2_METADATA_NS =
"urn:oasis:names:tc:SAML:2.0:metadata";
+
+ public static final String WS_FEDERATION_NS =
"http://docs.oasis-open.org/wsfed/federation/200706";;
+
+ public static final String WS_ADDRESSING_NS =
"http://www.w3.org/2005/08/addressing";;
+
+ public static final String SCHEMA_INSTANCE_NS =
"http://www.w3.org/2001/XMLSchema-instance";;
private FederationConstants() {
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java?rev=1348749&r1=1348748&r2=1348749&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java
Mon Jun 11 08:42:51 2012
@@ -20,14 +20,17 @@
package org.apache.cxf.fediz.core;
import javax.servlet.http.HttpServletRequest;
-
+import org.w3c.dom.Document;
import org.apache.cxf.fediz.core.config.FederationContext;
import org.apache.cxf.fediz.core.exception.ProcessingException;
+
public interface FederationProcessor {
FederationResponse processRequest(FederationRequest request,
FederationContext config) throws ProcessingException;
String createSignInRequest(HttpServletRequest request, FederationContext
config) throws ProcessingException;
+ Document getMetaData(FederationContext config) throws ProcessingException;
+
}
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java?rev=1348749&r1=1348748&r2=1348749&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
Mon Jun 11 08:42:51 2012
@@ -38,6 +38,7 @@ import org.apache.cxf.fediz.core.config.
import org.apache.cxf.fediz.core.config.FederationProtocol;
import org.apache.cxf.fediz.core.exception.ProcessingException;
import org.apache.cxf.fediz.core.exception.ProcessingException.TYPE;
+import org.apache.cxf.fediz.core.metadata.MetadataWriter;
import org.apache.cxf.fediz.core.spi.HomeRealmCallback;
import org.apache.cxf.fediz.core.spi.IDPCallback;
import org.apache.cxf.fediz.core.spi.WAuthCallback;
@@ -72,7 +73,12 @@ public class FederationProcessorImpl imp
}
return response;
}
+
+ public Document getMetaData(FederationContext config) throws
ProcessingException {
+ return new MetadataWriter().getMetaData(config);
+ }
+
protected FederationResponse processSignInRequest(
FederationRequest request, FederationContext config)
throws ProcessingException {
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java?rev=1348749&r1=1348748&r2=1348749&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
Mon Jun 11 08:42:51 2012
@@ -32,6 +32,7 @@ import org.apache.cxf.fediz.core.TokenRe
import org.apache.cxf.fediz.core.config.jaxb.CertificateStores;
import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
+import org.apache.cxf.fediz.core.config.jaxb.KeyManagersType;
import org.apache.cxf.fediz.core.config.jaxb.KeyStoreType;
import org.apache.cxf.fediz.core.config.jaxb.ProtocolType;
import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
@@ -58,6 +59,7 @@ public class FederationContext implement
private TokenReplayCache<String> replayCache;
private FederationProtocol protocol;
private List<TrustManager> certificateStores;
+ private KeyManager keyManager;
public FederationContext(ContextConfig config) {
@@ -100,7 +102,7 @@ public class FederationContext implement
tm.setCrypto(crypto);
certificateStores.add(tm);
} catch (WSSecurityException e) {
- LOG.error("Failed to load keystore '" + tm.getName() + "'");
+ LOG.error("Failed to load keystore '" + tm.getName() + "'", e);
throw new IllegalConfigurationException("Failed to load
keystore '" + tm.getName() + "'");
}
}
@@ -130,6 +132,30 @@ public class FederationContext implement
return protocol;
}
+
+
+ public KeyManager getSigningKey() {
+ //return new KeyManager(config.getSigningKey());
+
+ if (keyManager != null) {
+ return keyManager;
+ }
+ keyManager = new KeyManager(config.getSigningKey());
+ Properties sigProperties =
createCryptoProperties(config.getSigningKey());
+ Crypto crypto;
+ try {
+ crypto = CryptoFactory.getInstance(sigProperties);
+ keyManager.setCrypto(crypto);
+ } catch (WSSecurityException e) {
+ keyManager = null;
+ LOG.error("Failed to load keystore '" + keyManager.getName() +
"'", e);
+ throw new IllegalConfigurationException("Failed to load keystore
'" + keyManager.getName() + "'");
+ }
+
+ return keyManager;
+
+ }
+
@SuppressWarnings("unchecked")
public TokenReplayCache<String> getTokenReplayCache() {
if (replayCache != null) {
@@ -222,5 +248,44 @@ public class FederationContext implement
trustStoreFile);
return p;
}
+
+ private Properties createCryptoProperties(KeyManagersType km) {
+ String keyStoreFile = null;
+ String keyStorePw = null;
+ String keyType = "jks";
+ KeyStoreType ks = km.getKeyStore();
+ if (ks.getFile() != null && !ks.getFile().isEmpty()) {
+ keyStoreFile = ks.getFile();
+ keyStorePw = ks.getPassword();
+ } else {
+ throw new IllegalStateException("No certificate store configured");
+ }
+ File f = new File(keyStoreFile);
+ if (!f.exists() && getRelativePath() != null &&
!getRelativePath().isEmpty()) {
+ keyStoreFile = getRelativePath().concat(File.separator +
keyStoreFile);
+ }
+
+ if (keyStoreFile == null || keyStoreFile.isEmpty()) {
+ throw new NullPointerException("truststoreFile not configured");
+ }
+ if (keyStorePw == null || keyStorePw.isEmpty()) {
+ throw new NullPointerException("trustStorePw not configured");
+ }
+ if (ks.getType() != null) {
+ keyType = ks.getType();
+ }
+
+ Properties p = new Properties();
+ p.put("org.apache.ws.security.crypto.provider",
+ "org.apache.ws.security.components.crypto.Merlin");
+ p.put("org.apache.ws.security.crypto.merlin.keystore.type", keyType);
+ p.put("org.apache.ws.security.crypto.merlin.keystore.password",
+ keyStorePw);
+ p.put("org.apache.ws.security.crypto.merlin.keystore.file",
+ keyStoreFile);
+ return p;
+ }
+
+
}
Added:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java?rev=1348749&view=auto
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
(added)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
Mon Jun 11 08:42:51 2012
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core.config;
+
+import org.apache.cxf.fediz.core.config.jaxb.KeyManagersType;
+import org.apache.ws.security.components.crypto.Crypto;
+
+public class KeyManager {
+
+ private KeyManagersType keyManagerType;
+ private Crypto crypto;
+ private String name;
+
+ public KeyManager(KeyManagersType keyManager) {
+ super();
+ this.keyManagerType = keyManager;
+ }
+
+ public String getName() {
+ if (name != null) {
+ return name;
+ }
+ if (keyManagerType.getKeyStore().getFile() != null) {
+ name = keyManagerType.getKeyStore().getFile();
+ } else if (keyManagerType.getKeyStore().getUrl() != null) {
+ name = keyManagerType.getKeyStore().getUrl();
+ } else if (keyManagerType.getKeyStore().getResource() != null) {
+ name = keyManagerType.getKeyStore().getResource();
+ }
+ return name;
+ }
+
+ public Crypto getCrypto() {
+ return crypto;
+ }
+
+ public void setCrypto(Crypto crypto) {
+ this.crypto = crypto;
+ }
+
+ public String getKeyAlias() {
+ return keyManagerType.getKeyAlias();
+ }
+
+ public String getKeyPassword() {
+ return keyManagerType.getKeyPassword();
+ }
+
+
+}
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java?rev=1348749&r1=1348748&r2=1348749&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
Mon Jun 11 08:42:51 2012
@@ -23,6 +23,7 @@ import org.apache.cxf.fediz.core.config.
import org.apache.ws.security.components.crypto.Crypto;
public class TrustManager {
+
private TrustManagersType trustManagerType;
private Crypto crypto;
private String name;
Modified:
cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd?rev=1348749&r1=1348748&r2=1348749&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd Mon
Jun 11 08:42:51 2012
@@ -18,6 +18,7 @@
<xs:element ref="maximumClockSkew" />
<xs:element ref="tokenReplayCache" />
<xs:element ref="serviceCertificate" />
+ <xs:element ref="signingKey" />
<xs:element ref="trustedIssuers" />
<xs:element ref="protocol" />
</xs:sequence>
@@ -82,6 +83,7 @@
<!-- keystore type -->
<xs:element name="serviceCertificate" type="KeyManagersType" />
+ <xs:element name="signingKey" type="KeyManagersType" />
<xs:element name="protocol" type="protocolType" />
@@ -371,6 +373,15 @@
</xs:documentation>
</xs:annotation>
</xs:attribute>
+ <xs:attribute name="keyAlias" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the alias of
the selected
+ key within the keystore.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+
<xs:attribute name="provider" type="xs:string">
<xs:annotation>
<xs:documentation>
Added:
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java?rev=1348749&view=auto
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
(added)
+++
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationMetaDataTest.java
Mon Jun 11 08:42:51 2012
@@ -0,0 +1,118 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core;
+
+import java.io.File;
+import java.net.URL;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Document;
+
+import junit.framework.Assert;
+
+import org.apache.cxf.fediz.common.SecurityTestUtil;
+import org.apache.cxf.fediz.core.config.FederationConfigurator;
+import org.apache.cxf.fediz.core.config.FederationContext;
+import org.apache.cxf.fediz.core.exception.ProcessingException;
+import org.apache.cxf.fediz.core.util.DOMUtils;
+
+import org.junit.AfterClass;
+
+import static org.junit.Assert.fail;
+
+public class FederationMetaDataTest {
+ private static final String CONFIG_FILE = "fediz_meta_test_config.xml";
+
+ @AfterClass
+ public static void cleanup() {
+ SecurityTestUtil.cleanup();
+ }
+
+
+ private FederationContext loadConfig(String context) {
+ try {
+ FederationConfigurator configurator = new FederationConfigurator();
+ final URL resource = Thread.currentThread().getContextClassLoader()
+ .getResource(CONFIG_FILE);
+ File f = new File(resource.toURI());
+ configurator.loadConfig(f);
+ return configurator.getFederationContext(context);
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+
+ @org.junit.Test
+ public void validateMetaDataWithAlias() throws ProcessingException {
+
+ FederationContext config = loadConfig("ROOT");
+
+ FederationProcessor wfProc = new FederationProcessorImpl();
+ Document doc = wfProc.getMetaData(config);
+ Assert.assertNotNull(doc);
+
+ try {
+ DOMUtils.writeXml(doc, System.out);
+ } catch (TransformerException e) {
+ fail("Exception not expected: " + e.getMessage());
+ }
+
+ }
+
+ @org.junit.Test
+ public void validateMetaDataNoAlias() throws ProcessingException {
+
+ try {
+ FederationContext config = loadConfig("ROOT_NO_KEY");
+
+ FederationProcessor wfProc = new FederationProcessorImpl();
+ Document doc;
+
+ doc = wfProc.getMetaData(config);
+ Assert.assertNull(doc);
+ } catch (ProcessingException ex) {
+ //Expected as signing store contains more than one certificate
+ }
+
+
+ }
+
+ @org.junit.Test
+ public void validateMetaDataNoSigningKey() throws ProcessingException {
+
+ FederationContext config = loadConfig("ROOT_NO_SIGNINGKEY");
+
+ FederationProcessor wfProc = new FederationProcessorImpl();
+ Document doc = wfProc.getMetaData(config);
+ Assert.assertNotNull(doc);
+
+ try {
+ DOMUtils.writeXml(doc, System.out);
+ } catch (TransformerException e) {
+ fail("Exception not expected: " + e.getMessage());
+ }
+
+ }
+
+
+}
Modified:
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java?rev=1348749&r1=1348748&r2=1348749&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
Mon Jun 11 08:42:51 2012
@@ -39,6 +39,7 @@ import org.apache.cxf.fediz.core.config.
import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
import org.apache.cxf.fediz.core.config.jaxb.FedizConfig;
+import org.apache.cxf.fediz.core.config.jaxb.KeyManagersType;
import org.apache.cxf.fediz.core.config.jaxb.KeyStoreType;
import org.apache.cxf.fediz.core.config.jaxb.TokenValidators;
import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
@@ -69,6 +70,9 @@ public class FedizConfigurationWriterTes
private static final String JKS_TYPE = "JKS";
private static final String KEYSTORE_PASSWORD = "stsspass";
+ private static final String KEY_PASSWORD = "stskpass";
+ private static final String KEY_ALIAS = "mystskey";
+
private static final String AUDIENCE_URI_1 = "http://host_one:port/url";;
private static final String AUTH_TYPE_VALUE = "some auth type";
@@ -78,6 +82,8 @@ public class FedizConfigurationWriterTes
private static final String CONFIG_FILE = "./target/fediz_test_config.xml";
+
+
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
@@ -96,6 +102,18 @@ public class FedizConfigurationWriterTes
FederationProtocolType protocol = new FederationProtocolType();
config.setProtocol(protocol);
+ KeyManagersType sigManager = new KeyManagersType();
+ sigManager.setKeyPassword(KEY_PASSWORD);
+ sigManager.setKeyAlias(KEY_ALIAS);
+
+ KeyStoreType sigStore = new KeyStoreType();
+ sigStore.setType(JKS_TYPE);
+ sigStore.setPassword(KEYSTORE_PASSWORD);//integrity password
+ sigStore.setFile(KEYSTORE_FILE);
+ sigManager.setKeyStore(sigStore);
+
+ config.setSigningKey(sigManager);
+
TrustedIssuers trustedIssuers = new TrustedIssuers();
TrustedIssuerType trustedIssuer = new TrustedIssuerType();
Added:
cxf/fediz/trunk/plugins/core/src/test/resources/fediz_meta_test_config.xml
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/fediz_meta_test_config.xml?rev=1348749&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/resources/fediz_meta_test_config.xml
(added)
+++ cxf/fediz/trunk/plugins/core/src/test/resources/fediz_meta_test_config.xml
Mon Jun 11 08:42:51 2012
@@ -0,0 +1,108 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<FedizConfig>
+ <contextConfig name="ROOT">
+ <audienceUris>
+ <audienceItem>http://Server:Port/value from first
audienceUri config property</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="stsstore.jks"
password="stsspass"
+ type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer subject=".*CN=www.sts.com.*"
certificateValidation="ChainTrust"
+ name="DoubleItSTSIssuer" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <signingKey keyAlias="mystskey" keyPassword="stskpass">
+ <keyStore file="stsstore.jks" password="stsspass"
type="JKS" />
+ </signingKey>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:type="federationProtocolType" version="1.2">
+ <realm>http://Server:Port/value from protocol.realm
config property </realm>
+ <issuer>http://Server:Port/value from protocol.issuer
config property</issuer>
+ <roleDelimiter>;</roleDelimiter>
+
<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <authenticationType value="some auth type"
type="String" />
+ <homeRealm
type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+ <freshness>10000</freshness>
+ <reply>reply value</reply>
+ <request>REQUEST</request>
+ <claimTypesRequested>
+ <claimType type="a particular claim type"
optional="true" />
+ <claimType type="another optional claim type"
optional="true" />
+ <claimType type="and an mandatory claim type"
optional="false" />
+ </claimTypesRequested>
+ </protocol>
+ </contextConfig>
+ <contextConfig name="ROOT_NO_KEY">
+ <audienceUris>
+ <audienceItem>http://Server:Port/value from first
audienceUri config property</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="stsstore.jks"
password="stsspass"
+ type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer subject=".*CN=www.sts.com.*"
certificateValidation="ChainTrust"
+ name="DoubleItSTSIssuer" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <signingKey keyPassword="stskpass">
+ <keyStore file="stsstore.jks" password="stsspass"
type="JKS" />
+ </signingKey>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:type="federationProtocolType" version="1.2">
+ <realm>http://Server:Port/value from protocol.realm
config property </realm>
+ <issuer>http://Server:Port/value from protocol.issuer
config property</issuer>
+ <roleDelimiter>;</roleDelimiter>
+
<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <authenticationType value="some auth type"
type="String" />
+ <homeRealm
type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+ <freshness>10000</freshness>
+ <reply>reply value</reply>
+ <request>REQUEST</request>
+ <claimTypesRequested>
+ <claimType type="a particular claim type"
optional="true" />
+ <claimType type="another optional claim type"
optional="true" />
+ <claimType type="and an mandatory claim type"
optional="false" />
+ </claimTypesRequested>
+ </protocol>
+ </contextConfig>
+ <contextConfig name="ROOT_NO_SIGNINGKEY">
+ <audienceUris>
+ <audienceItem>http://Server:Port/value from first
audienceUri config property</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="stsstore.jks"
password="stsspass"
+ type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer subject=".*CN=www.sts.com.*"
certificateValidation="ChainTrust"
+ name="DoubleItSTSIssuer" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:type="federationProtocolType" version="1.2">
+ <realm>http://Server:Port/value from protocol.realm
config property </realm>
+ <issuer>http://Server:Port/value from protocol.issuer
config property</issuer>
+ <roleDelimiter>;</roleDelimiter>
+
<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <authenticationType value="some auth type"
type="String" />
+ <homeRealm
type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+ <freshness>10000</freshness>
+ <reply>reply value</reply>
+ <request>REQUEST</request>
+ <claimTypesRequested>
+ <claimType type="a particular claim type"
optional="true" />
+ <claimType type="another optional claim type"
optional="true" />
+ <claimType type="and an mandatory claim type"
optional="false" />
+ </claimTypesRequested>
+ </protocol>
+ </contextConfig>
+</FedizConfig>
\ No newline at end of file
