Repository: cxf-fediz Updated Branches: refs/heads/master 113a2f8ba -> 6732b3197
Adding an initial @Ignored test-case for SAML SSO Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/6732b319 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/6732b319 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/6732b319 Branch: refs/heads/master Commit: 6732b3197df26a158355f5f188331148d848783f Parents: 113a2f8 Author: Colm O hEigeartaigh <[email protected]> Authored: Fri Feb 27 17:25:41 2015 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Fri Feb 27 17:25:41 2015 +0000 ---------------------------------------------------------------------- systests/federation/pom.xml | 37 ++ systests/federation/samlsso/pom.xml | 268 +++++++++++ .../cxf/fediz/integrationtests/SAMLSSOTest.java | 215 +++++++++ .../samlsso/src/test/resources/client.jks | Bin 0 -> 2060 bytes .../src/test/resources/entities-realma.xml | 465 +++++++++++++++++++ .../test/resources/fediz_config_saml_sso.xml | 38 ++ .../samlsso/src/test/resources/server.jks | Bin 0 -> 1863 bytes .../samlsso/src/test/resources/ststrust.jks | Bin 0 -> 2561 bytes systests/pom.xml | 1 + 9 files changed, 1024 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6732b319/systests/federation/pom.xml ---------------------------------------------------------------------- diff --git a/systests/federation/pom.xml b/systests/federation/pom.xml new file mode 100644 index 0000000..b69e6e5 --- /dev/null +++ b/systests/federation/pom.xml @@ -0,0 +1,37 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.cxf.fediz</groupId> + <artifactId>fediz-systests</artifactId> + <version>1.2.0-SNAPSHOT</version> + <relativePath>../pom.xml</relativePath> + </parent> + <groupId>org.apache.cxf.fediz.systests</groupId> + <artifactId>fediz-systests-federation</artifactId> + <name>Apache Fediz Federation Systests</name> + <packaging>pom</packaging> + + <modules> + <module>samlsso</module> + </modules> + +</project> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6732b319/systests/federation/samlsso/pom.xml ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/pom.xml b/systests/federation/samlsso/pom.xml new file mode 100644 index 0000000..3fd7390 --- /dev/null +++ b/systests/federation/samlsso/pom.xml @@ -0,0 +1,268 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.cxf.fediz.systests</groupId> + <artifactId>fediz-systests-federation</artifactId> + <version>1.2.0-SNAPSHOT</version> + <relativePath>../pom.xml</relativePath> + </parent> + <groupId>org.apache.cxf.fediz.systests.federation</groupId> + <artifactId>fediz-systests-federation-samlsso</artifactId> + <name>Apache Fediz Federation Systests Tomcat 7 SAML SSO</name> + <packaging>jar</packaging> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> + </properties> + <dependencies> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-core</artifactId> + <version>${tomcat.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-logging-juli</artifactId> + <version>${tomcat.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.eclipse.jdt.core.compiler</groupId> + <artifactId>ecj</artifactId> + <version>3.7.1</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-jasper</artifactId> + <version>${tomcat.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <version>${junit.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.cxf.fediz</groupId> + <artifactId>fediz-tomcat</artifactId> + <version>${project.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.cxf.fediz.systests</groupId> + <artifactId>fediz-systests-tests</artifactId> + <version>${project.version}</version> + <type>test-jar</type> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + <version>${slf4j.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-jdk14</artifactId> + <version>${slf4j.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>hsqldb</groupId> + <artifactId>hsqldb</artifactId> + <version>${hsqldb.version}</version> + <scope>test</scope> + </dependency> + </dependencies> + <build> + <testResources> + <testResource> + <directory>src/test/resources</directory> + <filtering>true</filtering> + <includes> + <include>**/fediz_config*.xml</include> + </includes> + </testResource> + <testResource> + <directory>src/test/resources</directory> + <filtering>false</filtering> + <excludes> + <exclude>**/fediz_config*.xml</exclude> + </excludes> + </testResource> + </testResources> + <plugins> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>build-helper-maven-plugin</artifactId> + <executions> + <execution> + <id>reserve-network-port</id> + <goals> + <goal>reserve-network-port</goal> + </goals> + <phase>initialize</phase> + <configuration> + <portNames> + <portName>idp.https.port</portName> + <portName>rp.https.port</portName> + </portNames> + </configuration> + </execution> + </executions> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-dependency-plugin</artifactId> + <executions> + <execution> + <id>copy-idp-sts</id> + <phase>generate-resources</phase> + <goals> + <goal>unpack</goal> + </goals> + <configuration> + <artifactItems> + <artifactItem> + <groupId>org.apache.cxf.fediz</groupId> + <artifactId>fediz-idp</artifactId> + <version>${project.version}</version> + <type>war</type> + <overWrite>true</overWrite> + <outputDirectory>target/tomcat/idp/webapps/fediz-idp</outputDirectory> + </artifactItem> + <artifactItem> + <groupId>org.apache.cxf.fediz</groupId> + <artifactId>fediz-idp-sts</artifactId> + <version>${project.version}</version> + <type>war</type> + <overWrite>true</overWrite> + <outputDirectory>target/tomcat/idp/webapps/fediz-idp-sts</outputDirectory> + </artifactItem> + <artifactItem> + <groupId>org.apache.cxf.fediz.systests</groupId> + <artifactId>fediz-systests-simpleWebapp</artifactId> + <version>${project.version}</version> + <type>war</type> + <overWrite>true</overWrite> + <outputDirectory>target/tomcat/rp/webapps/simpleWebapp</outputDirectory> + </artifactItem> + </artifactItems> + <outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename> + <overWriteSnapshots>true</overWriteSnapshots> + <overWriteIfNewer>true</overWriteIfNewer> + <stripVersion>true</stripVersion> + </configuration> + </execution> + <execution> + <id>copy-xalan-to-idp</id> + <phase>generate-resources</phase> + <goals> + <goal>copy</goal> + </goals> + <configuration> + <artifactItems> + <artifactItem> + <groupId>xalan</groupId> + <artifactId>xalan</artifactId> + <version>${xalan.version}</version> + <outputDirectory>target/tomcat/idp/webapps/fediz-idp/WEB-INF/lib</outputDirectory> + </artifactItem> + </artifactItems> + </configuration> + </execution> + </executions> + </plugin> + <plugin> + <artifactId>maven-resources-plugin</artifactId> + <version>2.7</version> + <executions> + <execution> + <id>copy-entities-to-idp</id> + <phase>generate-test-sources</phase> + <goals> + <goal>copy-resources</goal> + </goals> + <configuration> + <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp/WEB-INF/classes</outputDirectory> + <resources> + <resource> + <directory>${basedir}/src/test/resources</directory> + <includes> + <include>entities-realma.xml</include> + </includes> + <filtering>true</filtering> + </resource> + </resources> + </configuration> + </execution> + </executions> + </plugin> + <plugin> + <artifactId>maven-failsafe-plugin</artifactId> + <inherited>true</inherited> + <executions> + <execution> + <id>integration-test</id> + <phase>integration-test</phase> + <goals> + <goal>integration-test</goal> + </goals> + <configuration> + <skip>false</skip> + <systemPropertyVariables> + <wt.headless>true</wt.headless> + <idp.https.port>${idp.https.port}</idp.https.port> + <rp.https.port>${rp.https.port}</rp.https.port> + </systemPropertyVariables> + <includes> + <include>**/integrationtests/**</include> + </includes> + <argLine>-Xms512m -Xmx1024m + -XX:MaxPermSize=256m</argLine> + </configuration> + </execution> + <execution> + <id>verify</id> + <phase>verify</phase> + <goals> + <goal>verify</goal> + </goals> + </execution> + </executions> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <inherited>true</inherited> + <configuration> + <excludes> + <exclude>**/integrationtests/**</exclude> + </excludes> + </configuration> + </plugin> + </plugins> + </build> +</project> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6732b319/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java new file mode 100644 index 0000000..17913e1 --- /dev/null +++ b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java @@ -0,0 +1,215 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.fediz.integrationtests; + + +import java.io.File; + +import org.apache.catalina.Context; +import org.apache.catalina.LifecycleState; +import org.apache.catalina.connector.Connector; +import org.apache.catalina.startup.Tomcat; +import org.apache.cxf.fediz.tomcat.FederationAuthenticator; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; + +/** + */ +public class SAMLSSOTest { + + static String idpHttpsPort; + static String rpHttpsPort; + + private static Tomcat idpServer; + private static Tomcat rpServer; + + @BeforeClass + public static void init() { + System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog"); + System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true"); + System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info"); + System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info"); + System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info"); + System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info"); + System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info"); + System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info"); + + idpHttpsPort = System.getProperty("idp.https.port"); + Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort); + rpHttpsPort = System.getProperty("rp.https.port"); + Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort); + + initIdp(); + initRp(); + } + + private static void initIdp() { + try { + idpServer = new Tomcat(); + idpServer.setPort(0); + String currentDir = new File(".").getCanonicalPath(); + idpServer.setBaseDir(currentDir + File.separator + "target"); + + idpServer.getHost().setAppBase("tomcat/idp/webapps"); + idpServer.getHost().setAutoDeploy(true); + idpServer.getHost().setDeployOnStartup(true); + + Connector httpsConnector = new Connector(); + httpsConnector.setPort(Integer.parseInt(idpHttpsPort)); + httpsConnector.setSecure(true); + httpsConnector.setScheme("https"); + //httpsConnector.setAttribute("keyAlias", keyAlias); + httpsConnector.setAttribute("keystorePass", "tompass"); + httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks"); + httpsConnector.setAttribute("truststorePass", "tompass"); + httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks"); + httpsConnector.setAttribute("clientAuth", "want"); + // httpsConnector.setAttribute("clientAuth", "false"); + httpsConnector.setAttribute("sslProtocol", "TLS"); + httpsConnector.setAttribute("SSLEnabled", true); + + idpServer.getService().addConnector(httpsConnector); + + idpServer.addWebapp("/fediz-idp-sts", "fediz-idp-sts"); + idpServer.addWebapp("/fediz-idp", "fediz-idp"); + + idpServer.start(); + } catch (Exception e) { + e.printStackTrace(); + } + } + + private static void initRp() { + try { + rpServer = new Tomcat(); + rpServer.setPort(0); + String currentDir = new File(".").getCanonicalPath(); + rpServer.setBaseDir(currentDir + File.separator + "target"); + + rpServer.getHost().setAppBase("tomcat/rp/webapps"); + rpServer.getHost().setAutoDeploy(true); + rpServer.getHost().setDeployOnStartup(true); + + Connector httpsConnector = new Connector(); + httpsConnector.setPort(Integer.parseInt(rpHttpsPort)); + httpsConnector.setSecure(true); + httpsConnector.setScheme("https"); + //httpsConnector.setAttribute("keyAlias", keyAlias); + httpsConnector.setAttribute("keystorePass", "tompass"); + httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks"); + httpsConnector.setAttribute("truststorePass", "tompass"); + httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks"); + // httpsConnector.setAttribute("clientAuth", "false"); + httpsConnector.setAttribute("clientAuth", "want"); + httpsConnector.setAttribute("sslProtocol", "TLS"); + httpsConnector.setAttribute("SSLEnabled", true); + + rpServer.getService().addConnector(httpsConnector); + + //Context ctx = + Context cxt = rpServer.addWebapp("/fedizhelloworld", "simpleWebapp"); + FederationAuthenticator fa = new FederationAuthenticator(); + fa.setConfigFile(currentDir + File.separator + "target" + File.separator + + "test-classes" + File.separator + "fediz_config_saml_sso.xml"); + cxt.getPipeline().addValve(fa); + + + rpServer.start(); + } catch (Exception e) { + e.printStackTrace(); + } + } + + @AfterClass + public static void cleanup() { + try { + if (idpServer.getServer() != null + && idpServer.getServer().getState() != LifecycleState.DESTROYED) { + if (idpServer.getServer().getState() != LifecycleState.STOPPED) { + idpServer.stop(); + } + idpServer.destroy(); + } + } catch (Exception e) { + e.printStackTrace(); + } + + try { + if (rpServer.getServer() != null + && rpServer.getServer().getState() != LifecycleState.DESTROYED) { + if (rpServer.getServer().getState() != LifecycleState.STOPPED) { + rpServer.stop(); + } + rpServer.destroy(); + } + } catch (Exception e) { + e.printStackTrace(); + } + } + + public String getIdpHttpsPort() { + return idpHttpsPort; + } + + public String getRpHttpsPort() { + return rpHttpsPort; + } + + public String getServletContextName() { + return "fedizhelloworld"; + } + + @org.junit.Test + @org.junit.Ignore + public void testSAMLSSO() throws Exception { + String url = "https://localhost:"; + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet"; + // String user = "alice"; + // String password = "ecila"; + + System.out.println("URL: " + url); + + Thread.sleep(60 * 2 * 1000); + /* + final String bodyTextContent = + HTTPTestUtils.login(url, user, password, getIdpHttpsPort()); + + Assert.assertTrue("Principal not " + user, + bodyTextContent.contains("userPrincipal=" + user)); + Assert.assertTrue("User " + user + " does not have role Admin", + bodyTextContent.contains("role:Admin=false")); + Assert.assertTrue("User " + user + " does not have role Manager", + bodyTextContent.contains("role:Manager=false")); + Assert.assertTrue("User " + user + " must have role User", + bodyTextContent.contains("role:User=true")); + + String claim = ClaimTypes.FIRSTNAME.toString(); + Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'", + bodyTextContent.contains(claim + "=Alice")); + claim = ClaimTypes.LASTNAME.toString(); + Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'", + bodyTextContent.contains(claim + "=Smith")); + claim = ClaimTypes.EMAILADDRESS.toString(); + Assert.assertTrue("User " + user + " claim " + claim + " is not '[email protected]'", + bodyTextContent.contains(claim + "[email protected]")); + */ + } + +} http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6732b319/systests/federation/samlsso/src/test/resources/client.jks ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/src/test/resources/client.jks b/systests/federation/samlsso/src/test/resources/client.jks new file mode 100644 index 0000000..720dbda Binary files /dev/null and b/systests/federation/samlsso/src/test/resources/client.jks differ http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6732b319/systests/federation/samlsso/src/test/resources/entities-realma.xml ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/src/test/resources/entities-realma.xml b/systests/federation/samlsso/src/test/resources/entities-realma.xml new file mode 100644 index 0000000..2f66591 --- /dev/null +++ b/systests/federation/samlsso/src/test/resources/entities-realma.xml @@ -0,0 +1,465 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns:util="http://www.springframework.org/schema/util"; + xsi:schemaLocation=" + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans-3.1.xsd + http://www.springframework.org/schema/util + http://www.springframework.org/schema/util/spring-util-2.0.xsd";> + + <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.service.jpa.IdpEntity"> + <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" /> + <property name="uri" value="realma" /> + <property name="provideIdpList" value="true" /> + <property name="useCurrentIdp" value="true" /> + <property name="certificate" value="stsKeystoreA.properties" /> + <property name="certificatePassword" value="realma" /> + <property name="stsUrl" value="https://localhost:${idp.https.port}/fediz-idp-sts/REALMA"; /> + <property name="idpUrl" value="https://localhost:${idp.https.port}/fediz-idp/federation"; /> + <property name="rpSingleSignOutConfirmation" value="true"/> + <property name="supportedProtocols"> + <util:list> + <value>http://docs.oasis-open.org/wsfed/federation/200706 + </value> + <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512 + </value> + </util:list> + </property> + <property name="tokenTypesOffered"> + <util:list> + <value>urn:oasis:names:tc:SAML:1.0:assertion</value> + <value>urn:oasis:names:tc:SAML:2.0:assertion</value> + </util:list> + </property> + <property name="authenticationURIs"> + <util:map> + <entry key="default" value="/login/default" /> + </util:map> + </property> + <property name="serviceDisplayName" value="REALM A" /> + <property name="serviceDescription" value="IDP of Realm A" /> + <property name="applications"> + <util:list> + <ref bean="srv-fedizhelloworld" /> + </util:list> + </property> + <property name="trustedIdps"> + <util:list> + <ref bean="trusted-idp-realmB" /> + </util:list> + </property> + <property name="claimTypesOffered"> + <util:list> + <ref bean="claim_role" /> + <ref bean="claim_surname" /> + <ref bean="claim_givenname" /> + <ref bean="claim_email" /> + </util:list> + </property> + </bean> + + <bean id="trusted-idp-realmB" + class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity"> + <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" /> + <property name="cacheTokens" value="true" /> + <property name="url" value="http://localhost:12345/idp/samlsso"; /> + <property name="certificate" value="realmb.cert" /> + <property name="trustType" value="PEER_TRUST" /> + <property name="protocol" value="urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser" /> + <property name="federationType" value="FEDERATE_IDENTITY" /> + <property name="name" value="Realm B" /> + <property name="description" value="Realm B description" /> + </bean> + + <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity"> + <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" /> + <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"; /> + <property name="serviceDisplayName" value="Fedizhelloworld" /> + <property name="serviceDescription" value="Web Application to illustrate WS-Federation" /> + <property name="role" value="ApplicationServiceType" /> + <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; /> + <property name="lifeTime" value="3600" /> + </bean> + + <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> + <property name="application" ref="srv-fedizhelloworld" /> + <property name="claim" ref="claim_role" /> + <property name="optional" value="false" /> + </bean> + <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> + <property name="application" ref="srv-fedizhelloworld" /> + <property name="claim" ref="claim_givenname" /> + <property name="optional" value="false" /> + </bean> + <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> + <property name="application" ref="srv-fedizhelloworld" /> + <property name="claim" ref="claim_surname" /> + <property name="optional" value="false" /> + </bean> + <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> + <property name="application" ref="srv-fedizhelloworld" /> + <property name="claim" ref="claim_email" /> + <property name="optional" value="false" /> + </bean> + + <bean id="claim_role" + class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> + <property name="claimType" + value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; /> + <property name="displayName" + value="role" /> + <property name="description" + value="Description for role" /> + </bean> + <bean id="claim_givenname" + class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> + <property name="claimType" + value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; /> + <property name="displayName" + value="firstname" /> + <property name="description" + value="Description for firstname" /> + </bean> + <bean id="claim_surname" + class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> + <property name="claimType" + value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; /> + <property name="displayName" + value="lastname" /> + <property name="description" + value="Description for lastname" /> + </bean> + <bean id="claim_email" + class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> + <property name="claimType" + value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; /> + <property name="displayName" + value="email" /> + <property name="description" + value="Description for email" /> + </bean> + + + <bean id="entitlement_claim_list" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="CLAIM_LIST" /> + <property name="description" + value="Description for CLAIM_LIST" /> + </bean> + <bean id="entitlement_claim_create" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="CLAIM_CREATE" /> + <property name="description" + value="Description for CLAIM_CREATE" /> + </bean> + <bean id="entitlement_claim_read" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="CLAIM_READ" /> + <property name="description" + value="Description for CLAIM_READ" /> + </bean> + <bean id="entitlement_claim_update" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="CLAIM_UPDATE" /> + <property name="description" + value="Description for CLAIM_UPDATE" /> + </bean> + <bean id="entitlement_claim_delete" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="CLAIM_DELETE" /> + <property name="description" + value="Description for CLAIM_DELETE" /> + </bean> + + <bean id="entitlement_application_list" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="APPLICATION_LIST" /> + <property name="description" + value="Description for APPLICATION_LIST" /> + </bean> + <bean id="entitlement_application_create" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="APPLICATION_CREATE" /> + <property name="description" + value="Description for APPLICATION_CREATE" /> + </bean> + <bean id="entitlement_application_read" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="APPLICATION_READ" /> + <property name="description" + value="Description for APPLICATION_READ" /> + </bean> + <bean id="entitlement_application_update" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="APPLICATION_UPDATE" /> + <property name="description" + value="Description for APPLICATION_UPDATE" /> + </bean> + <bean id="entitlement_application_delete" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="APPLICATION_DELETE" /> + <property name="description" + value="Description for APPLICATION_DELETE" /> + </bean> + + <bean id="entitlement_trustedidp_list" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="TRUSTEDIDP_LIST" /> + <property name="description" + value="Description for TRUSTEDIDP_LIST" /> + </bean> + <bean id="entitlement_trustedidp_create" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="TRUSTEDIDP_CREATE" /> + <property name="description" + value="Description for TRUSTEDIDP_CREATE" /> + </bean> + <bean id="entitlement_trustedidp_read" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="TRUSTEDIDP_READ" /> + <property name="description" + value="Description for TRUSTEDIDP_READ" /> + </bean> + <bean id="entitlement_trustedidp_update" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="TRUSTEDIDP_UPDATE" /> + <property name="description" + value="Description for TRUSTEDIDP_UPDATE" /> + </bean> + <bean id="entitlement_trustedidp_delete" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="TRUSTEDIDP_DELETE" /> + <property name="description" + value="Description for TRUSTEDIDP_DELETE" /> + </bean> + + <bean id="entitlement_idp_list" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="IDP_LIST" /> + <property name="description" + value="Description for IDP_LIST" /> + </bean> + <bean id="entitlement_idp_create" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="IDP_CREATE" /> + <property name="description" + value="Description for IDP_CREATE" /> + </bean> + <bean id="entitlement_idp_read" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="IDP_READ" /> + <property name="description" + value="Description for IDP_READ" /> + </bean> + <bean id="entitlement_idp_update" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="IDP_UPDATE" /> + <property name="description" + value="Description for IDP_UPDATE" /> + </bean> + <bean id="entitlement_idp_delete" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="IDP_DELETE" /> + <property name="description" + value="Description for IDP_DELETE" /> + </bean> + + <bean id="entitlement_role_list" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ROLE_LIST" /> + <property name="description" + value="Description for ROLE_LIST" /> + </bean> + <bean id="entitlement_role_create" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ROLE_CREATE" /> + <property name="description" + value="Description for ROLE_CREATE" /> + </bean> + <bean id="entitlement_role_read" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ROLE_READ" /> + <property name="description" + value="Description for ROLE_READ" /> + </bean> + <bean id="entitlement_role_update" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ROLE_UPDATE" /> + <property name="description" + value="Description for ROLE_UPDATE" /> + </bean> + <bean id="entitlement_role_delete" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ROLE_DELETE" /> + <property name="description" + value="Description for ROLE_DELETE" /> + </bean> + + <bean id="entitlement_entitlement_list" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ENTITLEMENT_LIST" /> + <property name="description" + value="Description for ENTITLEMENT_LIST" /> + </bean> + <bean id="entitlement_entitlement_create" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ENTITLEMENT_CREATE" /> + <property name="description" + value="Description for ENTITLEMENT_CREATE" /> + </bean> + <bean id="entitlement_entitlement_read" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ENTITLEMENT_READ" /> + <property name="description" + value="Description for ENTITLEMENT_READ" /> + </bean> + <bean id="entitlement_entitlement_update" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ENTITLEMENT_UPDATE" /> + <property name="description" + value="Description for ENTITLEMENT_UPDATE" /> + </bean> + <bean id="entitlement_entitlement_delete" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ENTITLEMENT_DELETE" /> + <property name="description" + value="Description for ENTITLEMENT_DELETE" /> + </bean> + + <bean id="role_admin" + class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity"> + <property name="name" + value="ADMIN" /> + <property name="description" + value="This is the administrator role with full access" /> + <property name="entitlements"> + <util:list> + <ref bean="entitlement_claim_list" /> + <ref bean="entitlement_claim_create" /> + <ref bean="entitlement_claim_read" /> + <ref bean="entitlement_claim_update" /> + <ref bean="entitlement_claim_delete" /> + <ref bean="entitlement_idp_list" /> + <ref bean="entitlement_idp_create" /> + <ref bean="entitlement_idp_read" /> + <ref bean="entitlement_idp_update" /> + <ref bean="entitlement_idp_delete" /> + <ref bean="entitlement_trustedidp_list" /> + <ref bean="entitlement_trustedidp_create" /> + <ref bean="entitlement_trustedidp_read" /> + <ref bean="entitlement_trustedidp_update" /> + <ref bean="entitlement_trustedidp_delete" /> + <ref bean="entitlement_application_list" /> + <ref bean="entitlement_application_create" /> + <ref bean="entitlement_application_read" /> + <ref bean="entitlement_application_update" /> + <ref bean="entitlement_application_delete" /> + <ref bean="entitlement_role_list" /> + <ref bean="entitlement_role_create" /> + <ref bean="entitlement_role_read" /> + <ref bean="entitlement_role_update" /> + <ref bean="entitlement_role_delete" /> + <ref bean="entitlement_entitlement_list" /> + <ref bean="entitlement_entitlement_create" /> + <ref bean="entitlement_entitlement_read" /> + <ref bean="entitlement_entitlement_update" /> + <ref bean="entitlement_entitlement_delete" /> + </util:list> + </property> + </bean> + <bean id="role_user" + class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity"> + <property name="name" + value="USER" /> + <property name="description" + value="This is the user role with read access" /> + <property name="entitlements"> + <util:list> + <ref bean="entitlement_claim_list" /> + <ref bean="entitlement_claim_read" /> + <ref bean="entitlement_idp_list" /> + <ref bean="entitlement_idp_read" /> + <ref bean="entitlement_trustedidp_list" /> + <ref bean="entitlement_trustedidp_read" /> + <ref bean="entitlement_application_list" /> + <ref bean="entitlement_application_read" /> + <ref bean="entitlement_role_list" /> + <ref bean="entitlement_role_read" /> + <ref bean="entitlement_entitlement_list" /> + <ref bean="entitlement_entitlement_read" /> + </util:list> + </property> + </bean> + <bean id="role_idp_login" + class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity"> + <property name="name" + value="IDP_LOGIN" /> + <property name="description" + value="This is the IDP login role which is applied to Users during the IDP SSO" /> + <property name="entitlements"> + <util:list> + <ref bean="entitlement_claim_list" /> + <ref bean="entitlement_claim_read" /> + <ref bean="entitlement_idp_list" /> + <ref bean="entitlement_idp_read" /> + <ref bean="entitlement_trustedidp_list" /> + <ref bean="entitlement_trustedidp_read" /> + <ref bean="entitlement_application_list" /> + <ref bean="entitlement_application_read" /> + </util:list> + </property> + </bean> + + + +</beans> + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6732b319/systests/federation/samlsso/src/test/resources/fediz_config_saml_sso.xml ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/src/test/resources/fediz_config_saml_sso.xml b/systests/federation/samlsso/src/test/resources/fediz_config_saml_sso.xml new file mode 100644 index 0000000..8137315 --- /dev/null +++ b/systests/federation/samlsso/src/test/resources/fediz_config_saml_sso.xml @@ -0,0 +1,38 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file. + Keystore referenced below must have IDP STS' public cert included in it. This example re-uses the Tomcat SSL + keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead. +--> +<FedizConfig> + <contextConfig name="/fedizhelloworld"> + <audienceUris> + <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem> + </audienceUris> + <certificateStores> + <trustManager> + <keyStore file="test-classes/ststrust.jks" + password="storepass" type="JKS" /> + </trustManager> + </certificateStores> + <trustedIssuers> + <issuer certificateValidation="PeerTrust" /> + </trustedIssuers> + <maximumClockSkew>1000</maximumClockSkew> + <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:type="federationProtocolType" version="1.0.0"> + <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm> + <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer> + <roleDelimiter>,</roleDelimiter> + <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> + <freshness>10</freshness> + <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-B</homeRealm> + <claimTypesRequested> + <claimType type="a particular claim type" + optional="true" /> + </claimTypesRequested> + </protocol> + <logoutURL>/secure/logout</logoutURL> + <logoutRedirectTo>/index.html</logoutRedirectTo> + </contextConfig> +</FedizConfig> + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6732b319/systests/federation/samlsso/src/test/resources/server.jks ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/src/test/resources/server.jks b/systests/federation/samlsso/src/test/resources/server.jks new file mode 100644 index 0000000..2f0fdf3 Binary files /dev/null and b/systests/federation/samlsso/src/test/resources/server.jks differ http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6732b319/systests/federation/samlsso/src/test/resources/ststrust.jks ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/src/test/resources/ststrust.jks b/systests/federation/samlsso/src/test/resources/ststrust.jks new file mode 100644 index 0000000..911945c Binary files /dev/null and b/systests/federation/samlsso/src/test/resources/ststrust.jks differ http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6732b319/systests/pom.xml ---------------------------------------------------------------------- diff --git a/systests/pom.xml b/systests/pom.xml index 5259158..6019c60 100644 --- a/systests/pom.xml +++ b/systests/pom.xml @@ -40,6 +40,7 @@ <module>tomcat7</module> <module>spring</module> <module>cxf</module> + <module>federation</module> </modules> </project>
