Repository: cxf-fediz Updated Branches: refs/heads/master 51ed2a3b4 -> af2feff06
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2feff0/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java ---------------------------------------------------------------------- diff --git a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java new file mode 100644 index 0000000..55775da --- /dev/null +++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java @@ -0,0 +1,222 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.fediz.systests.idp; + +import java.io.File; +import java.io.IOException; +import java.net.URLEncoder; +import java.util.UUID; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import com.gargoylesoftware.htmlunit.WebClient; +import com.gargoylesoftware.htmlunit.html.DomElement; +import com.gargoylesoftware.htmlunit.html.DomNodeList; +import com.gargoylesoftware.htmlunit.html.HtmlPage; + +import org.apache.catalina.LifecycleState; +import org.apache.catalina.connector.Connector; +import org.apache.catalina.startup.Tomcat; +import org.apache.cxf.common.util.Base64Utility; +import org.apache.cxf.fediz.core.util.DOMUtils; +import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder; +import org.apache.cxf.rs.security.saml.sso.DefaultAuthnRequestBuilder; +import org.apache.cxf.rs.security.saml.sso.SSOConstants; +import org.apache.http.auth.AuthScope; +import org.apache.http.auth.UsernamePasswordCredentials; +import org.apache.wss4j.common.saml.OpenSAMLUtil; +import org.apache.wss4j.common.util.DOM2Writer; +import org.apache.wss4j.dom.engine.WSSConfig; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.opensaml.saml.saml2.core.AuthnRequest; + +/** + * Some tests invoking directly on the IdP for SAML SSO + */ +public class IdpTest { + + static String idpHttpsPort; + static String rpHttpsPort; + + private static Tomcat idpServer; + + @BeforeClass + public static void init() { + System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog"); + System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true"); + System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info"); + System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info"); + System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info"); + System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info"); + System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info"); + System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info"); + + idpHttpsPort = System.getProperty("idp.https.port"); + Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort); + rpHttpsPort = System.getProperty("rp.https.port"); + Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort); + + initIdp(); + + WSSConfig.init(); + } + + private static void initIdp() { + try { + idpServer = new Tomcat(); + idpServer.setPort(0); + String currentDir = new File(".").getCanonicalPath(); + idpServer.setBaseDir(currentDir + File.separator + "target"); + + idpServer.getHost().setAppBase("tomcat/idp/webapps"); + idpServer.getHost().setAutoDeploy(true); + idpServer.getHost().setDeployOnStartup(true); + + Connector httpsConnector = new Connector(); + httpsConnector.setPort(Integer.parseInt(idpHttpsPort)); + httpsConnector.setSecure(true); + httpsConnector.setScheme("https"); + //httpsConnector.setAttribute("keyAlias", keyAlias); + httpsConnector.setAttribute("keystorePass", "tompass"); + httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks"); + httpsConnector.setAttribute("truststorePass", "tompass"); + httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks"); + httpsConnector.setAttribute("clientAuth", "want"); + // httpsConnector.setAttribute("clientAuth", "false"); + httpsConnector.setAttribute("sslProtocol", "TLS"); + httpsConnector.setAttribute("SSLEnabled", true); + + idpServer.getService().addConnector(httpsConnector); + + idpServer.addWebapp("/fediz-idp-sts", "fediz-idp-sts"); + idpServer.addWebapp("/fediz-idp", "fediz-idp"); + + idpServer.start(); + } catch (Exception e) { + e.printStackTrace(); + } + } + + @AfterClass + public static void cleanup() { + try { + if (idpServer.getServer() != null + && idpServer.getServer().getState() != LifecycleState.DESTROYED) { + if (idpServer.getServer().getState() != LifecycleState.STOPPED) { + idpServer.stop(); + } + idpServer.destroy(); + } + } catch (Exception e) { + e.printStackTrace(); + } + } + + public String getIdpHttpsPort() { + return idpHttpsPort; + } + + public String getRpHttpsPort() { + return rpHttpsPort; + } + + public String getServletContextName() { + return "fedizhelloworld"; + } + + @org.junit.Test + @org.junit.Ignore + public void testSuccessfulInvokeOnIdP() throws Exception { + OpenSAMLUtil.initSamlEngine(); + + // Create SAML AuthnRequest + Document doc = DOMUtils.createDocument(); + doc.appendChild(doc.createElement("root")); + // Create the AuthnRequest + AuthnRequest authnRequest = + new DefaultAuthnRequestBuilder().createAuthnRequest( + null, "local-issuer", "https://localhost/acsa"; + ); + + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); + String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); + + String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8"); + + String relayState = UUID.randomUUID().toString(); + String url = "https://localhost:"; + getIdpHttpsPort() + "/fediz-idp/saml?"; + url += SSOConstants.RELAY_STATE + "=" + relayState; + url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest; + + String user = "alice"; + String password = "ecila"; + + final WebClient webClient = new WebClient(); + webClient.getOptions().setUseInsecureSSL(true); + webClient.getCredentialsProvider().setCredentials( + new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())), + new UsernamePasswordCredentials(user, password)); + + webClient.getOptions().setJavaScriptEnabled(false); + final HtmlPage idpPage = webClient.getPage(url); + webClient.getOptions().setJavaScriptEnabled(true); + Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); + + // Parse the form to get the token (SAMLResponse) + DomNodeList<DomElement> results = idpPage.getElementsByTagName("input"); + + String samlResponse = null; + boolean foundRelayState = false; + for (DomElement result : results) { + if ("SAMLResponse".equals(result.getAttributeNS(null, "name"))) { + samlResponse = result.getAttributeNS(null, "value"); + } else if ("RelayState".equals(result.getAttributeNS(null, "name"))) { + foundRelayState = true; + Assert.assertEquals(result.getAttributeNS(null, "value"), relayState); + } + } + + Assert.assertNotNull(samlResponse); + Assert.assertTrue(foundRelayState); + /* + // Decode response + byte[] deflatedToken = Base64Utility.decode(samlResponse); + InputStream inputStream = new ByteArrayInputStream(deflatedToken); + + Document responseDoc = StaxUtils.read(new InputStreamReader(inputStream, "UTF-8")); + + XMLObject responseObject = OpenSAMLUtil.fromDom(responseDoc.getDocumentElement()); + Assert.assertTrue((responseObject instanceof org.opensaml.saml.saml2.core.Response)); +*/ + webClient.close(); + } + + private String encodeAuthnRequest(Element authnRequest) throws IOException { + String requestMessage = DOM2Writer.nodeToString(authnRequest); + + DeflateEncoderDecoder encoder = new DeflateEncoderDecoder(); + byte[] deflatedBytes = encoder.deflateToken(requestMessage.getBytes("UTF-8")); + + return Base64Utility.encode(deflatedBytes); + } +} http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2feff0/systests/samlsso/src/test/resources/alice_client.jks ---------------------------------------------------------------------- diff --git a/systests/samlsso/src/test/resources/alice_client.jks b/systests/samlsso/src/test/resources/alice_client.jks new file mode 100644 index 0000000..879df98 Binary files /dev/null and b/systests/samlsso/src/test/resources/alice_client.jks differ http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2feff0/systests/samlsso/src/test/resources/client.jks ---------------------------------------------------------------------- diff --git a/systests/samlsso/src/test/resources/client.jks b/systests/samlsso/src/test/resources/client.jks new file mode 100644 index 0000000..62d221e Binary files /dev/null and b/systests/samlsso/src/test/resources/client.jks differ http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2feff0/systests/samlsso/src/test/resources/clienttrust.jks ---------------------------------------------------------------------- diff --git a/systests/samlsso/src/test/resources/clienttrust.jks b/systests/samlsso/src/test/resources/clienttrust.jks new file mode 100644 index 0000000..c3ad459 Binary files /dev/null and b/systests/samlsso/src/test/resources/clienttrust.jks differ http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2feff0/systests/samlsso/src/test/resources/entity_wreq.xml ---------------------------------------------------------------------- diff --git a/systests/samlsso/src/test/resources/entity_wreq.xml b/systests/samlsso/src/test/resources/entity_wreq.xml new file mode 100644 index 0000000..c0ff502 --- /dev/null +++ b/systests/samlsso/src/test/resources/entity_wreq.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE RequestSecurityTokenResponseCollection [<!ENTITY a "1234567890" > + +<!ENTITY b "&a;&a;&a;&a;&a;&a;&a;&a;" > + +<!ENTITY c "&b;&b;&b;&b;&b;&b;&b;&b;" > + +<!ENTITY d "&c;&c;&c;&c;&c;&c;&c;&c;" > + +<!ENTITY e "&d;&d;&d;&d;&d;&d;&d;&d;" > + +<!ENTITY f "&e;&e;&e;&e;&e;&e;&e;&e;" > + +<!ENTITY g "&f;&f;&f;&f;&f;&f;&f;&f;" > + +<!ENTITY h "&g;&g;&g;&g;&g;&g;&g;&g;" > + +<!ENTITY i "&h;&h;&h;&h;&h;&h;&h;&h;" > + +<!ENTITY j "&i;&i;&i;&i;&i;&i;&i;&i;" > + +<!ENTITY k "&j;&j;&j;&j;&j;&j;&j;&j;" > + +<!ENTITY l "&k;&k;&k;&k;&k;&k;&k;&k;" > + +<!ENTITY m "&l;&l;&l;&l;&l;&l;&l;&l;" > ]> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2feff0/systests/samlsso/src/test/resources/logging.properties ---------------------------------------------------------------------- diff --git a/systests/samlsso/src/test/resources/logging.properties b/systests/samlsso/src/test/resources/logging.properties new file mode 100644 index 0000000..040b210 --- /dev/null +++ b/systests/samlsso/src/test/resources/logging.properties @@ -0,0 +1,54 @@ +############################################################ +# Default Logging Configuration File +# +# You can use a different file by specifying a filename +# with the java.util.logging.config.file system property. +# For example java -Djava.util.logging.config.file=myfile +############################################################ + +############################################################ +# Global properties +############################################################ + +# "handlers" specifies a comma separated list of log Handler +# classes. These handlers will be installed during VM startup. +# Note that these classes must be on the system classpath. +# By default we only configure a ConsoleHandler, which will only +# show messages at the WARNING and above levels. +handlers= java.util.logging.ConsoleHandler +#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler + +# Default global logging level. +# This specifies which kinds of events are logged across +# all loggers. For any given facility this global level +# can be overridden by a facility specific level +# Note that the ConsoleHandler also has a separate level +# setting to limit messages printed to the console. +.level= INFO + +############################################################ +# Handler specific properties. +# Describes specific configuration info for Handlers. +############################################################ + +# default file output is in user's home directory. +java.util.logging.FileHandler.pattern = %h/java%u.log +java.util.logging.FileHandler.limit = 50000 +java.util.logging.FileHandler.count = 1 +java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter + +# Limit the message that are printed on the console to WARNING and above. +java.util.logging.ConsoleHandler.level = WARNING +java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter + + +############################################################ +# Facility specific properties. +# Provides extra control for each logger. +############################################################ + +# For example, set the com.xyz.foo logger to only log SEVERE +# messages: +#com.xyz.foo.level = SEVERE +org.apache.ws.security.level = FINEST +org.apache.cxf.fediz.level = FINEST http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2feff0/systests/samlsso/src/test/resources/realma/entities-realma.xml ---------------------------------------------------------------------- diff --git a/systests/samlsso/src/test/resources/realma/entities-realma.xml b/systests/samlsso/src/test/resources/realma/entities-realma.xml new file mode 100644 index 0000000..1109c22 --- /dev/null +++ b/systests/samlsso/src/test/resources/realma/entities-realma.xml @@ -0,0 +1,524 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns:util="http://www.springframework.org/schema/util"; + xsi:schemaLocation=" + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans-3.1.xsd + http://www.springframework.org/schema/util + http://www.springframework.org/schema/util/spring-util-2.0.xsd";> + + <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.service.jpa.IdpEntity"> + <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" /> + <property name="uri" value="realma" /> + <property name="provideIdpList" value="true" /> + <property name="useCurrentIdp" value="true" /> + <property name="certificate" value="stsKeystoreA.properties" /> + <property name="certificatePassword" value="realma" /> + <property name="stsUrl" value="https://localhost:${idp.https.port}/fediz-idp-sts/REALMA"; /> + <property name="idpUrl" value="https://localhost:${idp.https.port}/fediz-idp/federation"; /> + <property name="rpSingleSignOutConfirmation" value="true"/> + <property name="supportedProtocols"> + <util:list> + <value>http://docs.oasis-open.org/wsfed/federation/200706 + </value> + <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512 + </value> + </util:list> + </property> + <property name="tokenTypesOffered"> + <util:list> + <value>urn:oasis:names:tc:SAML:1.0:assertion</value> + <value>urn:oasis:names:tc:SAML:2.0:assertion</value> + </util:list> + </property> + <property name="authenticationURIs"> + <util:map> + <entry key="default" value="federation/up" /> + <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey"; + value="federation/krb" /> + <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default"; + value="federation/up" /> + <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl"; + value="federation/clientcert" /> + </util:map> + </property> + <property name="serviceDisplayName" value="REALM A" /> + <property name="serviceDescription" value="IDP of Realm A" /> + <property name="applications"> + <util:list> + <ref bean="srv-fedizhelloworld" /> + </util:list> + </property> + <property name="trustedIdps"> + <util:list> + <ref bean="trusted-idp-realmB" /> + </util:list> + </property> + <property name="claimTypesOffered"> + <util:list> + <ref bean="claim_role" /> + <ref bean="claim_surname" /> + <ref bean="claim_givenname" /> + <ref bean="claim_email" /> + </util:list> + </property> + </bean> + + <bean id="idp-saml-realmA" class="org.apache.cxf.fediz.service.idp.service.jpa.IdpEntity"> + <property name="realm" value="urn:org:apache:cxf:fediz:idp:saml:realm-A" /> + <property name="uri" value="realma" /> + <property name="provideIdpList" value="true" /> + <property name="useCurrentIdp" value="true" /> + <property name="certificate" value="stsKeystoreA.properties" /> + <property name="certificatePassword" value="realma" /> + <property name="stsUrl" value="https://localhost:${idp.https.port}/fediz-idp-sts/REALMA"; /> + <property name="idpUrl" value="https://localhost:${idp.https.port}/fediz-idp/saml"; /> + <property name="rpSingleSignOutConfirmation" value="true"/> + <property name="supportedProtocols"> + <util:list> + <value>urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser + </value> + <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512 + </value> + </util:list> + </property> + <property name="tokenTypesOffered"> + <util:list> + <value>urn:oasis:names:tc:SAML:1.0:assertion</value> + <value>urn:oasis:names:tc:SAML:2.0:assertion</value> + </util:list> + </property> + <property name="authenticationURIs"> + <util:map> + <entry key="default" value="saml/up" /> + </util:map> + </property> + <property name="serviceDisplayName" value="REALM A" /> + <property name="serviceDescription" value="IDP of Realm A" /> + <property name="applications"> + <util:list> + <ref bean="srv-fedizhelloworld" /> + </util:list> + </property> + <property name="trustedIdps"> + <util:list> + <ref bean="trusted-idp-realmB" /> + </util:list> + </property> + <property name="claimTypesOffered"> + <util:list> + <ref bean="claim_role" /> + <ref bean="claim_surname" /> + <ref bean="claim_givenname" /> + <ref bean="claim_email" /> + </util:list> + </property> + </bean> + + <bean id="trusted-idp-realmB" + class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity"> + <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" /> + <property name="cacheTokens" value="true" /> + <property name="url" value="https://localhost:12443/fediz-idp-remote/federation"; /> + <property name="certificate" value="realmb.cert" /> + <property name="trustType" value="PEER_TRUST" /> + <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"; /> + <property name="federationType" value="FEDERATE_IDENTITY" /> + <property name="name" value="Realm B" /> + <property name="description" value="Realm B description" /> + </bean> + + <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity"> + <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" /> + <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"; /> + <property name="serviceDisplayName" value="Fedizhelloworld" /> + <property name="serviceDescription" value="Web Application to illustrate WS-Federation" /> + <property name="role" value="ApplicationServiceType" /> + <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; /> + <property name="lifeTime" value="3600" /> + <property name="passiveRequestorEndpointConstraint" + value="https://localhost:(\d)*/(\w)*helloworld(\w)*/secure/.*" /> + </bean> + + <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> + <property name="application" ref="srv-fedizhelloworld" /> + <property name="claim" ref="claim_role" /> + <property name="optional" value="false" /> + </bean> + <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> + <property name="application" ref="srv-fedizhelloworld" /> + <property name="claim" ref="claim_givenname" /> + <property name="optional" value="false" /> + </bean> + <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> + <property name="application" ref="srv-fedizhelloworld" /> + <property name="claim" ref="claim_surname" /> + <property name="optional" value="false" /> + </bean> + <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> + <property name="application" ref="srv-fedizhelloworld" /> + <property name="claim" ref="claim_email" /> + <property name="optional" value="false" /> + </bean> + + <bean id="claim_role" + class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> + <property name="claimType" + value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; /> + <property name="displayName" + value="role" /> + <property name="description" + value="Description for role" /> + </bean> + <bean id="claim_givenname" + class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> + <property name="claimType" + value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; /> + <property name="displayName" + value="firstname" /> + <property name="description" + value="Description for firstname" /> + </bean> + <bean id="claim_surname" + class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> + <property name="claimType" + value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; /> + <property name="displayName" + value="lastname" /> + <property name="description" + value="Description for lastname" /> + </bean> + <bean id="claim_email" + class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> + <property name="claimType" + value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; /> + <property name="displayName" + value="email" /> + <property name="description" + value="Description for email" /> + </bean> + + + <bean id="entitlement_claim_list" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="CLAIM_LIST" /> + <property name="description" + value="Description for CLAIM_LIST" /> + </bean> + <bean id="entitlement_claim_create" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="CLAIM_CREATE" /> + <property name="description" + value="Description for CLAIM_CREATE" /> + </bean> + <bean id="entitlement_claim_read" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="CLAIM_READ" /> + <property name="description" + value="Description for CLAIM_READ" /> + </bean> + <bean id="entitlement_claim_update" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="CLAIM_UPDATE" /> + <property name="description" + value="Description for CLAIM_UPDATE" /> + </bean> + <bean id="entitlement_claim_delete" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="CLAIM_DELETE" /> + <property name="description" + value="Description for CLAIM_DELETE" /> + </bean> + + <bean id="entitlement_application_list" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="APPLICATION_LIST" /> + <property name="description" + value="Description for APPLICATION_LIST" /> + </bean> + <bean id="entitlement_application_create" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="APPLICATION_CREATE" /> + <property name="description" + value="Description for APPLICATION_CREATE" /> + </bean> + <bean id="entitlement_application_read" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="APPLICATION_READ" /> + <property name="description" + value="Description for APPLICATION_READ" /> + </bean> + <bean id="entitlement_application_update" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="APPLICATION_UPDATE" /> + <property name="description" + value="Description for APPLICATION_UPDATE" /> + </bean> + <bean id="entitlement_application_delete" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="APPLICATION_DELETE" /> + <property name="description" + value="Description for APPLICATION_DELETE" /> + </bean> + + <bean id="entitlement_trustedidp_list" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="TRUSTEDIDP_LIST" /> + <property name="description" + value="Description for TRUSTEDIDP_LIST" /> + </bean> + <bean id="entitlement_trustedidp_create" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="TRUSTEDIDP_CREATE" /> + <property name="description" + value="Description for TRUSTEDIDP_CREATE" /> + </bean> + <bean id="entitlement_trustedidp_read" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="TRUSTEDIDP_READ" /> + <property name="description" + value="Description for TRUSTEDIDP_READ" /> + </bean> + <bean id="entitlement_trustedidp_update" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="TRUSTEDIDP_UPDATE" /> + <property name="description" + value="Description for TRUSTEDIDP_UPDATE" /> + </bean> + <bean id="entitlement_trustedidp_delete" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="TRUSTEDIDP_DELETE" /> + <property name="description" + value="Description for TRUSTEDIDP_DELETE" /> + </bean> + + <bean id="entitlement_idp_list" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="IDP_LIST" /> + <property name="description" + value="Description for IDP_LIST" /> + </bean> + <bean id="entitlement_idp_create" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="IDP_CREATE" /> + <property name="description" + value="Description for IDP_CREATE" /> + </bean> + <bean id="entitlement_idp_read" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="IDP_READ" /> + <property name="description" + value="Description for IDP_READ" /> + </bean> + <bean id="entitlement_idp_update" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="IDP_UPDATE" /> + <property name="description" + value="Description for IDP_UPDATE" /> + </bean> + <bean id="entitlement_idp_delete" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="IDP_DELETE" /> + <property name="description" + value="Description for IDP_DELETE" /> + </bean> + + <bean id="entitlement_role_list" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ROLE_LIST" /> + <property name="description" + value="Description for ROLE_LIST" /> + </bean> + <bean id="entitlement_role_create" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ROLE_CREATE" /> + <property name="description" + value="Description for ROLE_CREATE" /> + </bean> + <bean id="entitlement_role_read" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ROLE_READ" /> + <property name="description" + value="Description for ROLE_READ" /> + </bean> + <bean id="entitlement_role_update" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ROLE_UPDATE" /> + <property name="description" + value="Description for ROLE_UPDATE" /> + </bean> + <bean id="entitlement_role_delete" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ROLE_DELETE" /> + <property name="description" + value="Description for ROLE_DELETE" /> + </bean> + + <bean id="entitlement_entitlement_list" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ENTITLEMENT_LIST" /> + <property name="description" + value="Description for ENTITLEMENT_LIST" /> + </bean> + <bean id="entitlement_entitlement_create" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ENTITLEMENT_CREATE" /> + <property name="description" + value="Description for ENTITLEMENT_CREATE" /> + </bean> + <bean id="entitlement_entitlement_read" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ENTITLEMENT_READ" /> + <property name="description" + value="Description for ENTITLEMENT_READ" /> + </bean> + <bean id="entitlement_entitlement_update" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ENTITLEMENT_UPDATE" /> + <property name="description" + value="Description for ENTITLEMENT_UPDATE" /> + </bean> + <bean id="entitlement_entitlement_delete" + class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> + <property name="name" + value="ENTITLEMENT_DELETE" /> + <property name="description" + value="Description for ENTITLEMENT_DELETE" /> + </bean> + + <bean id="role_admin" + class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity"> + <property name="name" + value="ADMIN" /> + <property name="description" + value="This is the administrator role with full access" /> + <property name="entitlements"> + <util:list> + <ref bean="entitlement_claim_list" /> + <ref bean="entitlement_claim_create" /> + <ref bean="entitlement_claim_read" /> + <ref bean="entitlement_claim_update" /> + <ref bean="entitlement_claim_delete" /> + <ref bean="entitlement_idp_list" /> + <ref bean="entitlement_idp_create" /> + <ref bean="entitlement_idp_read" /> + <ref bean="entitlement_idp_update" /> + <ref bean="entitlement_idp_delete" /> + <ref bean="entitlement_trustedidp_list" /> + <ref bean="entitlement_trustedidp_create" /> + <ref bean="entitlement_trustedidp_read" /> + <ref bean="entitlement_trustedidp_update" /> + <ref bean="entitlement_trustedidp_delete" /> + <ref bean="entitlement_application_list" /> + <ref bean="entitlement_application_create" /> + <ref bean="entitlement_application_read" /> + <ref bean="entitlement_application_update" /> + <ref bean="entitlement_application_delete" /> + <ref bean="entitlement_role_list" /> + <ref bean="entitlement_role_create" /> + <ref bean="entitlement_role_read" /> + <ref bean="entitlement_role_update" /> + <ref bean="entitlement_role_delete" /> + <ref bean="entitlement_entitlement_list" /> + <ref bean="entitlement_entitlement_create" /> + <ref bean="entitlement_entitlement_read" /> + <ref bean="entitlement_entitlement_update" /> + <ref bean="entitlement_entitlement_delete" /> + </util:list> + </property> + </bean> + <bean id="role_user" + class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity"> + <property name="name" + value="USER" /> + <property name="description" + value="This is the user role with read access" /> + <property name="entitlements"> + <util:list> + <ref bean="entitlement_claim_list" /> + <ref bean="entitlement_claim_read" /> + <ref bean="entitlement_idp_list" /> + <ref bean="entitlement_idp_read" /> + <ref bean="entitlement_trustedidp_list" /> + <ref bean="entitlement_trustedidp_read" /> + <ref bean="entitlement_application_list" /> + <ref bean="entitlement_application_read" /> + <ref bean="entitlement_role_list" /> + <ref bean="entitlement_role_read" /> + <ref bean="entitlement_entitlement_list" /> + <ref bean="entitlement_entitlement_read" /> + </util:list> + </property> + </bean> + <bean id="role_idp_login" + class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity"> + <property name="name" + value="IDP_LOGIN" /> + <property name="description" + value="This is the IDP login role which is applied to Users during the IDP SSO" /> + <property name="entitlements"> + <util:list> + <ref bean="entitlement_claim_list" /> + <ref bean="entitlement_claim_read" /> + <ref bean="entitlement_idp_list" /> + <ref bean="entitlement_idp_read" /> + <ref bean="entitlement_trustedidp_list" /> + <ref bean="entitlement_trustedidp_read" /> + <ref bean="entitlement_application_list" /> + <ref bean="entitlement_application_read" /> + </util:list> + </property> + </bean> + + + +</beans> + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2feff0/systests/samlsso/src/test/resources/realma/realm.properties ---------------------------------------------------------------------- diff --git a/systests/samlsso/src/test/resources/realma/realm.properties b/systests/samlsso/src/test/resources/realma/realm.properties new file mode 100644 index 0000000..1df51d7 --- /dev/null +++ b/systests/samlsso/src/test/resources/realma/realm.properties @@ -0,0 +1,5 @@ +realm.STS_URI=REALMA +realm-uri=urn:org:apache:cxf:fediz:idp:saml:realm-A +realmA.port=9443 +realmB.port=12443 +db-load-config=entities-realma.xml http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2feff0/systests/samlsso/src/test/resources/server.jks ---------------------------------------------------------------------- diff --git a/systests/samlsso/src/test/resources/server.jks b/systests/samlsso/src/test/resources/server.jks new file mode 100644 index 0000000..c9c2ce2 Binary files /dev/null and b/systests/samlsso/src/test/resources/server.jks differ
