| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <FedizConfig> |
| <contextConfig name="ROOT"> |
| <audienceUris> |
| <audienceItem>http://host_one:port/url</audienceItem> |
| </audienceUris> |
| <certificateStores> |
| <trustManager> |
| <keyStore file="ststrust.jks" password="storepass" |
| type="JKS" /> |
| </trustManager> |
| </certificateStores> |
| <trustedIssuers> |
| <issuer certificateValidation="PeerTrust" /> |
| </trustedIssuers> |
| |
| <maximumClockSkew>1000</maximumClockSkew> |
| <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:type="samlProtocolType" version="1.2"> |
| <issuer>http://url_to_the_issuer</issuer> |
| <roleDelimiter>;</roleDelimiter> |
| <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> |
| <claimTypesRequested> |
| <claimType type="a particular claim type" optional="true" /> |
| </claimTypesRequested> |
| </protocol> |
| |
| <logoutURL>secure/logout</logoutURL> |
| <logoutRedirectTo>/redir.html</logoutRedirectTo> |
| </contextConfig> |
| |
| <contextConfig name="ROOT2"> |
| <audienceUris> |
| <audienceItem>http://host_one:port/url</audienceItem> |
| </audienceUris> |
| <certificateStores> |
| <trustManager> |
| <keyStore file="stsrealm_a.jks" password="storepass" |
| type="JKS" /> |
| </trustManager> |
| <trustManager> |
| <keyStore file="ststrust.jks" password="storepass" |
| type="JKS" /> |
| </trustManager> |
| </certificateStores> |
| <trustedIssuers> |
| <issuer certificateValidation="PeerTrust" /> |
| </trustedIssuers> |
| |
| <maximumClockSkew>1000</maximumClockSkew> |
| <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:type="samlProtocolType" version="1.2"> |
| <issuer>http://url_to_the_issuer</issuer> |
| <roleDelimiter>;</roleDelimiter> |
| <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> |
| <claimTypesRequested> |
| <claimType type="a particular claim type" optional="true" /> |
| </claimTypesRequested> |
| </protocol> |
| </contextConfig> |
| |
| <contextConfig name="ROOT3"> |
| <audienceUris> |
| <audienceItem>http://host_one:port/url</audienceItem> |
| </audienceUris> |
| <certificateStores> |
| <trustManager> |
| <keyStore file="stsrealm_a.jks" password="storepass" |
| type="JKS" /> |
| </trustManager> |
| <trustManager> |
| <keyStore file="ststrust.jks" password="storepass" |
| type="JKS" /> |
| </trustManager> |
| </certificateStores> |
| <trustedIssuers> |
| <issuer certificateValidation="PeerTrust" /> |
| </trustedIssuers> |
| |
| <maximumClockSkew>1000</maximumClockSkew> |
| <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:type="samlProtocolType" version="1.2"> |
| <issuer>http://url_to_the_issuer</issuer> |
| <roleDelimiter>;</roleDelimiter> |
| <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> |
| <claimTypesRequested> |
| <claimType type="a particular claim type" optional="true" /> |
| </claimTypesRequested> |
| </protocol> |
| </contextConfig> |
| <contextConfig name="CUSTTOK"> |
| <audienceUris> |
| <audienceItem>http://host_one:port/url</audienceItem> |
| </audienceUris> |
| <certificateStores> |
| <trustManager> |
| <keyStore file="ststrust.jks" password="storepass" |
| type="JKS" /> |
| </trustManager> |
| </certificateStores> |
| <trustedIssuers> |
| <issuer certificateValidation="PeerTrust" /> |
| </trustedIssuers> |
| |
| <maximumClockSkew>1000</maximumClockSkew> |
| <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:type="samlProtocolType" version="1.2"> |
| <issuer>http://url_to_the_issuer</issuer> |
| <roleDelimiter>;</roleDelimiter> |
| <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> |
| <claimTypesRequested> |
| <claimType type="a particular claim type" optional="true" /> |
| </claimTypesRequested> |
| <tokenValidators> |
| <validator>org.apache.cxf.fediz.core.samlsso.CustomValidator</validator> |
| <validator>org.apache.cxf.fediz.core.NonexistentCustomValidator</validator> |
| </tokenValidators> |
| </protocol> |
| </contextConfig> |
| <contextConfig name="NOCLOCKSKEW"> |
| <audienceUris> |
| <audienceItem>http://host_one:port/url</audienceItem> |
| </audienceUris> |
| <certificateStores> |
| <trustManager> |
| <keyStore file="ststrust.jks" password="storepass" |
| type="JKS" /> |
| </trustManager> |
| </certificateStores> |
| <trustedIssuers> |
| <issuer certificateValidation="PeerTrust" /> |
| </trustedIssuers> |
| |
| <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:type="samlProtocolType" version="1.2"> |
| <issuer>http://url_to_the_issuer</issuer> |
| <roleDelimiter>;</roleDelimiter> |
| <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> |
| <claimTypesRequested> |
| <claimType type="a particular claim type" optional="true" /> |
| </claimTypesRequested> |
| </protocol> |
| </contextConfig> |
| <contextConfig name="CUSTOMROLEURI"> |
| <audienceUris> |
| <audienceItem>http://host_one:port/url</audienceItem> |
| </audienceUris> |
| <certificateStores> |
| <trustManager> |
| <keyStore file="ststrust.jks" password="storepass" |
| type="JKS" /> |
| </trustManager> |
| </certificateStores> |
| <trustedIssuers> |
| <issuer certificateValidation="PeerTrust" /> |
| </trustedIssuers> |
| |
| <maximumClockSkew>1000</maximumClockSkew> |
| <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:type="samlProtocolType" version="1.2"> |
| <issuer>http://url_to_the_issuer</issuer> |
| <roleDelimiter>;</roleDelimiter> |
| <roleURI>http://schemas.mycompany.com/claims/role</roleURI> |
| <claimTypesRequested> |
| <claimType type="a particular claim type" optional="true" /> |
| </claimTypesRequested> |
| </protocol> |
| </contextConfig> |
| |
| <contextConfig name="SIGNED_ROOT"> |
| <audienceUris> |
| <audienceItem>http://host_one:port/url</audienceItem> |
| </audienceUris> |
| <certificateStores> |
| <trustManager> |
| <keyStore file="ststrust.jks" password="storepass" |
| type="JKS" /> |
| </trustManager> |
| </certificateStores> |
| <signingKey keyPassword="stskpass" keyAlias="mystskey"> |
| <keyStore file="stsstore.jks" password="stsspass" type="JKS" /> |
| </signingKey> |
| <trustedIssuers> |
| <issuer certificateValidation="PeerTrust" /> |
| </trustedIssuers> |
| |
| <maximumClockSkew>1000</maximumClockSkew> |
| <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:type="samlProtocolType" version="1.2"> |
| <signRequest>true</signRequest> |
| <issuer>http://url_to_the_issuer</issuer> |
| <roleDelimiter>;</roleDelimiter> |
| <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> |
| <claimTypesRequested> |
| <claimType type="a particular claim type" optional="true" /> |
| </claimTypesRequested> |
| </protocol> |
| </contextConfig> |
| |
| <contextConfig name="SIGNED_ROOT_SHA256"> |
| <audienceUris> |
| <audienceItem>http://host_one:port/url</audienceItem> |
| </audienceUris> |
| <certificateStores> |
| <trustManager> |
| <keyStore file="ststrust.jks" password="storepass" |
| type="JKS" /> |
| </trustManager> |
| </certificateStores> |
| <signingKey keyPassword="stskpass" keyAlias="mystskey"> |
| <keyStore file="stsstore.jks" password="stsspass" type="JKS" /> |
| </signingKey> |
| <trustedIssuers> |
| <issuer certificateValidation="PeerTrust" /> |
| </trustedIssuers> |
| |
| <maximumClockSkew>1000</maximumClockSkew> |
| <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:type="samlProtocolType" version="1.2"> |
| <signRequest algorithm="RSA_SHA256">true</signRequest> |
| <issuer>http://url_to_the_issuer</issuer> |
| <roleDelimiter>;</roleDelimiter> |
| <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> |
| <claimTypesRequested> |
| <claimType type="a particular claim type" optional="true" /> |
| </claimTypesRequested> |
| </protocol> |
| </contextConfig> |
| |
| <contextConfig name="CLIENT_TRUST"> |
| <audienceUris> |
| <audienceItem>http://host_one:port/url</audienceItem> |
| </audienceUris> |
| <certificateStores> |
| <trustManager> |
| <keyStore file="clientonly.jks" password="cspass" |
| type="JKS" /> |
| </trustManager> |
| </certificateStores> |
| <trustedIssuers> |
| <issuer certificateValidation="PeerTrust" /> |
| </trustedIssuers> |
| |
| <maximumClockSkew>1000</maximumClockSkew> |
| <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:type="samlProtocolType" version="1.2"> |
| <issuer>http://url_to_the_issuer</issuer> |
| <roleDelimiter>;</roleDelimiter> |
| <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> |
| <claimTypesRequested> |
| <claimType type="a particular claim type" optional="true" /> |
| </claimTypesRequested> |
| </protocol> |
| |
| <logoutURL>secure/logout</logoutURL> |
| <logoutRedirectTo>/redir.html</logoutRedirectTo> |
| </contextConfig> |
| |
| <contextConfig name="CUSTOM_REQUEST"> |
| <audienceUris> |
| <audienceItem>http://host_one:port/url</audienceItem> |
| </audienceUris> |
| <certificateStores> |
| <trustManager> |
| <keyStore file="ststrust.jks" password="storepass" |
| type="JKS" /> |
| </trustManager> |
| </certificateStores> |
| <trustedIssuers> |
| <issuer certificateValidation="PeerTrust" /> |
| </trustedIssuers> |
| |
| <maximumClockSkew>1000</maximumClockSkew> |
| <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:type="samlProtocolType" version="1.2"> |
| <issuer>http://url_to_the_issuer</issuer> |
| <roleDelimiter>;</roleDelimiter> |
| <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> |
| <claimTypesRequested> |
| <claimType type="a particular claim type" optional="true" /> |
| </claimTypesRequested> |
| <authnRequestBuilder>org.apache.cxf.fediz.core.samlsso.CustomSAMLPRequestBuilder</authnRequestBuilder> |
| </protocol> |
| |
| <logoutURL>secure/logout</logoutURL> |
| <logoutRedirectTo>/redir.html</logoutRedirectTo> |
| </contextConfig> |
| |
| <contextConfig name="REQUIRED_CLAIMS"> |
| <audienceUris> |
| <audienceItem>http://host_one:port/url</audienceItem> |
| </audienceUris> |
| <certificateStores> |
| <trustManager> |
| <keyStore file="ststrust.jks" password="storepass" |
| type="JKS" /> |
| </trustManager> |
| </certificateStores> |
| <trustedIssuers> |
| <issuer certificateValidation="PeerTrust" /> |
| </trustedIssuers> |
| |
| <maximumClockSkew>1000</maximumClockSkew> |
| <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:type="samlProtocolType" version="1.2"> |
| <issuer>http://url_to_the_issuer</issuer> |
| <roleDelimiter>;</roleDelimiter> |
| <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> |
| <claimTypesRequested> |
| <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="false" /> |
| </claimTypesRequested> |
| </protocol> |
| |
| <logoutURL>secure/logout</logoutURL> |
| <logoutRedirectTo>/redir.html</logoutRedirectTo> |
| </contextConfig> |
| |
| <contextConfig name="ROOT_NO_REQ_STATE_VALIDATION"> |
| <audienceUris> |
| <audienceItem>http://host_one:port/url</audienceItem> |
| </audienceUris> |
| <certificateStores> |
| <trustManager> |
| <keyStore file="ststrust.jks" password="storepass" |
| type="JKS" /> |
| </trustManager> |
| </certificateStores> |
| <trustedIssuers> |
| <issuer certificateValidation="PeerTrust" /> |
| </trustedIssuers> |
| |
| <maximumClockSkew>1000</maximumClockSkew> |
| <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:type="samlProtocolType" version="1.2"> |
| <issuer>http://url_to_the_issuer</issuer> |
| <roleDelimiter>;</roleDelimiter> |
| <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> |
| <claimTypesRequested> |
| <claimType type="a particular claim type" optional="true" /> |
| </claimTypesRequested> |
| </protocol> |
| |
| <requestStateValidation>false</requestStateValidation> |
| <logoutURL>secure/logout</logoutURL> |
| <logoutRedirectTo>/redir.html</logoutRedirectTo> |
| </contextConfig> |
| |
| <contextConfig name="ROOT_DECRYPTION"> |
| <audienceUris> |
| <audienceItem>http://host_one:port/url</audienceItem> |
| </audienceUris> |
| <certificateStores> |
| <trustManager> |
| <keyStore file="ststrust.jks" password="storepass" |
| type="JKS" /> |
| </trustManager> |
| </certificateStores> |
| <trustedIssuers> |
| <issuer certificateValidation="PeerTrust" /> |
| </trustedIssuers> |
| <tokenDecryptionKey keyPassword="stskpass" keyAlias="mystskey"> |
| <keyStore file="stsstore.jks" password="stsspass" type="JKS" /> |
| </tokenDecryptionKey> |
| |
| <maximumClockSkew>1000</maximumClockSkew> |
| <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:type="samlProtocolType" version="1.2"> |
| <issuer>http://url_to_the_issuer</issuer> |
| <roleDelimiter>;</roleDelimiter> |
| <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> |
| <claimTypesRequested> |
| <claimType type="a particular claim type" optional="true" /> |
| </claimTypesRequested> |
| </protocol> |
| |
| <logoutURL>secure/logout</logoutURL> |
| <logoutRedirectTo>/redir.html</logoutRedirectTo> |
| </contextConfig> |
| |
| <contextConfig name="ROOT_DECRYPTION_ALLOW_UNSIGNED"> |
| <audienceUris> |
| <audienceItem>http://host_one:port/url</audienceItem> |
| </audienceUris> |
| <certificateStores> |
| <trustManager> |
| <keyStore file="ststrust.jks" password="storepass" |
| type="JKS" /> |
| </trustManager> |
| </certificateStores> |
| <trustedIssuers> |
| <issuer certificateValidation="PeerTrust" /> |
| </trustedIssuers> |
| <tokenDecryptionKey keyPassword="stskpass" keyAlias="mystskey"> |
| <keyStore file="stsstore.jks" password="stsspass" type="JKS" /> |
| </tokenDecryptionKey> |
| |
| <maximumClockSkew>1000</maximumClockSkew> |
| <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:type="samlProtocolType" version="1.2"> |
| <issuer>http://url_to_the_issuer</issuer> |
| <roleDelimiter>;</roleDelimiter> |
| <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> |
| <claimTypesRequested> |
| <claimType type="a particular claim type" optional="true" /> |
| </claimTypesRequested> |
| <doNotEnforceEncryptedAssertionsSigned>true</doNotEnforceEncryptedAssertionsSigned> |
| </protocol> |
| |
| <logoutURL>secure/logout</logoutURL> |
| <logoutRedirectTo>/redir.html</logoutRedirectTo> |
| </contextConfig> |
| </FedizConfig> |