| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <beans xmlns="http://www.springframework.org/schema/beans" |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xmlns:util="http://www.springframework.org/schema/util" |
| xsi:schemaLocation=" |
| http://www.springframework.org/schema/beans |
| http://www.springframework.org/schema/beans/spring-beans-3.1.xsd |
| http://www.springframework.org/schema/util |
| http://www.springframework.org/schema/util/spring-util-2.0.xsd"> |
| |
| <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.service.jpa.IdpEntity"> |
| <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" /> |
| <property name="uri" value="realma" /> |
| <property name="provideIdpList" value="true" /> |
| <property name="useCurrentIdp" value="true" /> |
| <property name="certificate" value="stsKeystoreA.properties" /> |
| <property name="certificatePassword" value="realma" /> |
| <property name="stsUrl" value="https://localhost:${idp.https.port}/fediz-idp-sts/REALMA" /> |
| <property name="idpUrl" value="https://localhost:${idp.https.port}/fediz-idp/federation" /> |
| <property name="rpSingleSignOutConfirmation" value="true"/> |
| <property name="supportedProtocols"> |
| <util:list> |
| <value>http://docs.oasis-open.org/wsfed/federation/200706 |
| </value> |
| <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512 |
| </value> |
| </util:list> |
| </property> |
| <property name="tokenTypesOffered"> |
| <util:list> |
| <value>urn:oasis:names:tc:SAML:1.0:assertion</value> |
| <value>urn:oasis:names:tc:SAML:2.0:assertion</value> |
| </util:list> |
| </property> |
| <property name="authenticationURIs"> |
| <util:map> |
| <entry key="default" value="federation/up" /> |
| <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey" |
| value="federation/krb" /> |
| <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default" |
| value="federation/up" /> |
| <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl" |
| value="federation/clientcert" /> |
| </util:map> |
| </property> |
| <property name="serviceDisplayName" value="REALM A" /> |
| <property name="serviceDescription" value="IDP of Realm A" /> |
| <property name="applications"> |
| <util:list> |
| <ref bean="srv-fedizhelloworld" /> |
| <ref bean="srv-oidc" /> |
| </util:list> |
| </property> |
| <property name="trustedIdps"> |
| <util:list> |
| <ref bean="trusted-idp-realmB" /> |
| </util:list> |
| </property> |
| <property name="claimTypesOffered"> |
| <util:list> |
| <ref bean="claim_role" /> |
| <ref bean="claim_surname" /> |
| <ref bean="claim_givenname" /> |
| <ref bean="claim_email" /> |
| </util:list> |
| </property> |
| </bean> |
| |
| <bean id="trusted-idp-realmB" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity"> |
| <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" /> |
| <property name="cacheTokens" value="true" /> |
| <property name="url" value="https://localhost:12443/fediz-idp-remote/federation" /> |
| <property name="certificate" value="realmb.cert" /> |
| <property name="trustType" value="PEER_TRUST" /> |
| <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" /> |
| <property name="federationType" value="FEDERATE_IDENTITY" /> |
| <property name="name" value="Realm B" /> |
| <property name="description" value="Realm B description" /> |
| </bean> |
| |
| <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity"> |
| <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" /> |
| <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" /> |
| <property name="serviceDisplayName" value="Fedizhelloworld" /> |
| <property name="serviceDescription" value="Web Application to illustrate WS-Federation" /> |
| <property name="role" value="ApplicationServiceType" /> |
| <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" /> |
| <property name="lifeTime" value="3600" /> |
| <property name="passiveRequestorEndpointConstraint" |
| value="https://localhost:(\d)*/(\w)*helloworld(\w)*/secure/.*" /> |
| </bean> |
| |
| <bean id="srv-oidc" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity"> |
| <property name="realm" value="urn:org:apache:cxf:fediz:oidc" /> |
| <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" /> |
| <property name="serviceDisplayName" value="OIDC Provider" /> |
| <property name="serviceDescription" value="OpenID Connect Provider" /> |
| <property name="role" value="ApplicationServiceType" /> |
| <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" /> |
| <property name="lifeTime" value="3600" /> |
| <property name="passiveRequestorEndpointConstraint" value="https://localhost:?(\d)*/fediz-oidc/.*" /> |
| </bean> |
| |
| <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> |
| <property name="application" ref="srv-fedizhelloworld" /> |
| <property name="claim" ref="claim_role" /> |
| <property name="optional" value="false" /> |
| </bean> |
| <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> |
| <property name="application" ref="srv-oidc" /> |
| <property name="claim" ref="claim_role" /> |
| <property name="optional" value="false" /> |
| </bean> |
| <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> |
| <property name="application" ref="srv-fedizhelloworld" /> |
| <property name="claim" ref="claim_givenname" /> |
| <property name="optional" value="false" /> |
| </bean> |
| <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> |
| <property name="application" ref="srv-fedizhelloworld" /> |
| <property name="claim" ref="claim_surname" /> |
| <property name="optional" value="false" /> |
| </bean> |
| <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> |
| <property name="application" ref="srv-fedizhelloworld" /> |
| <property name="claim" ref="claim_email" /> |
| <property name="optional" value="false" /> |
| </bean> |
| |
| <bean id="claim_role" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> |
| <property name="claimType" |
| value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" /> |
| <property name="displayName" |
| value="role" /> |
| <property name="description" |
| value="Description for role" /> |
| </bean> |
| <bean id="claim_givenname" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> |
| <property name="claimType" |
| value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" /> |
| <property name="displayName" |
| value="firstname" /> |
| <property name="description" |
| value="Description for firstname" /> |
| </bean> |
| <bean id="claim_surname" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> |
| <property name="claimType" |
| value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" /> |
| <property name="displayName" |
| value="lastname" /> |
| <property name="description" |
| value="Description for lastname" /> |
| </bean> |
| <bean id="claim_email" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> |
| <property name="claimType" |
| value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" /> |
| <property name="displayName" |
| value="email" /> |
| <property name="description" |
| value="Description for email" /> |
| </bean> |
| |
| |
| <bean id="entitlement_claim_list" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="CLAIM_LIST" /> |
| <property name="description" |
| value="Description for CLAIM_LIST" /> |
| </bean> |
| <bean id="entitlement_claim_create" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="CLAIM_CREATE" /> |
| <property name="description" |
| value="Description for CLAIM_CREATE" /> |
| </bean> |
| <bean id="entitlement_claim_read" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="CLAIM_READ" /> |
| <property name="description" |
| value="Description for CLAIM_READ" /> |
| </bean> |
| <bean id="entitlement_claim_update" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="CLAIM_UPDATE" /> |
| <property name="description" |
| value="Description for CLAIM_UPDATE" /> |
| </bean> |
| <bean id="entitlement_claim_delete" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="CLAIM_DELETE" /> |
| <property name="description" |
| value="Description for CLAIM_DELETE" /> |
| </bean> |
| |
| <bean id="entitlement_application_list" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="APPLICATION_LIST" /> |
| <property name="description" |
| value="Description for APPLICATION_LIST" /> |
| </bean> |
| <bean id="entitlement_application_create" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="APPLICATION_CREATE" /> |
| <property name="description" |
| value="Description for APPLICATION_CREATE" /> |
| </bean> |
| <bean id="entitlement_application_read" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="APPLICATION_READ" /> |
| <property name="description" |
| value="Description for APPLICATION_READ" /> |
| </bean> |
| <bean id="entitlement_application_update" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="APPLICATION_UPDATE" /> |
| <property name="description" |
| value="Description for APPLICATION_UPDATE" /> |
| </bean> |
| <bean id="entitlement_application_delete" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="APPLICATION_DELETE" /> |
| <property name="description" |
| value="Description for APPLICATION_DELETE" /> |
| </bean> |
| |
| <bean id="entitlement_trustedidp_list" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="TRUSTEDIDP_LIST" /> |
| <property name="description" |
| value="Description for TRUSTEDIDP_LIST" /> |
| </bean> |
| <bean id="entitlement_trustedidp_create" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="TRUSTEDIDP_CREATE" /> |
| <property name="description" |
| value="Description for TRUSTEDIDP_CREATE" /> |
| </bean> |
| <bean id="entitlement_trustedidp_read" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="TRUSTEDIDP_READ" /> |
| <property name="description" |
| value="Description for TRUSTEDIDP_READ" /> |
| </bean> |
| <bean id="entitlement_trustedidp_update" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="TRUSTEDIDP_UPDATE" /> |
| <property name="description" |
| value="Description for TRUSTEDIDP_UPDATE" /> |
| </bean> |
| <bean id="entitlement_trustedidp_delete" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="TRUSTEDIDP_DELETE" /> |
| <property name="description" |
| value="Description for TRUSTEDIDP_DELETE" /> |
| </bean> |
| |
| <bean id="entitlement_idp_list" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="IDP_LIST" /> |
| <property name="description" |
| value="Description for IDP_LIST" /> |
| </bean> |
| <bean id="entitlement_idp_create" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="IDP_CREATE" /> |
| <property name="description" |
| value="Description for IDP_CREATE" /> |
| </bean> |
| <bean id="entitlement_idp_read" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="IDP_READ" /> |
| <property name="description" |
| value="Description for IDP_READ" /> |
| </bean> |
| <bean id="entitlement_idp_update" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="IDP_UPDATE" /> |
| <property name="description" |
| value="Description for IDP_UPDATE" /> |
| </bean> |
| <bean id="entitlement_idp_delete" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="IDP_DELETE" /> |
| <property name="description" |
| value="Description for IDP_DELETE" /> |
| </bean> |
| |
| <bean id="entitlement_role_list" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="ROLE_LIST" /> |
| <property name="description" |
| value="Description for ROLE_LIST" /> |
| </bean> |
| <bean id="entitlement_role_create" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="ROLE_CREATE" /> |
| <property name="description" |
| value="Description for ROLE_CREATE" /> |
| </bean> |
| <bean id="entitlement_role_read" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="ROLE_READ" /> |
| <property name="description" |
| value="Description for ROLE_READ" /> |
| </bean> |
| <bean id="entitlement_role_update" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="ROLE_UPDATE" /> |
| <property name="description" |
| value="Description for ROLE_UPDATE" /> |
| </bean> |
| <bean id="entitlement_role_delete" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="ROLE_DELETE" /> |
| <property name="description" |
| value="Description for ROLE_DELETE" /> |
| </bean> |
| |
| <bean id="entitlement_entitlement_list" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="ENTITLEMENT_LIST" /> |
| <property name="description" |
| value="Description for ENTITLEMENT_LIST" /> |
| </bean> |
| <bean id="entitlement_entitlement_create" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="ENTITLEMENT_CREATE" /> |
| <property name="description" |
| value="Description for ENTITLEMENT_CREATE" /> |
| </bean> |
| <bean id="entitlement_entitlement_read" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="ENTITLEMENT_READ" /> |
| <property name="description" |
| value="Description for ENTITLEMENT_READ" /> |
| </bean> |
| <bean id="entitlement_entitlement_update" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="ENTITLEMENT_UPDATE" /> |
| <property name="description" |
| value="Description for ENTITLEMENT_UPDATE" /> |
| </bean> |
| <bean id="entitlement_entitlement_delete" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> |
| <property name="name" |
| value="ENTITLEMENT_DELETE" /> |
| <property name="description" |
| value="Description for ENTITLEMENT_DELETE" /> |
| </bean> |
| |
| <bean id="role_admin" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity"> |
| <property name="name" |
| value="ADMIN" /> |
| <property name="description" |
| value="This is the administrator role with full access" /> |
| <property name="entitlements"> |
| <util:list> |
| <ref bean="entitlement_claim_list" /> |
| <ref bean="entitlement_claim_create" /> |
| <ref bean="entitlement_claim_read" /> |
| <ref bean="entitlement_claim_update" /> |
| <ref bean="entitlement_claim_delete" /> |
| <ref bean="entitlement_idp_list" /> |
| <ref bean="entitlement_idp_create" /> |
| <ref bean="entitlement_idp_read" /> |
| <ref bean="entitlement_idp_update" /> |
| <ref bean="entitlement_idp_delete" /> |
| <ref bean="entitlement_trustedidp_list" /> |
| <ref bean="entitlement_trustedidp_create" /> |
| <ref bean="entitlement_trustedidp_read" /> |
| <ref bean="entitlement_trustedidp_update" /> |
| <ref bean="entitlement_trustedidp_delete" /> |
| <ref bean="entitlement_application_list" /> |
| <ref bean="entitlement_application_create" /> |
| <ref bean="entitlement_application_read" /> |
| <ref bean="entitlement_application_update" /> |
| <ref bean="entitlement_application_delete" /> |
| <ref bean="entitlement_role_list" /> |
| <ref bean="entitlement_role_create" /> |
| <ref bean="entitlement_role_read" /> |
| <ref bean="entitlement_role_update" /> |
| <ref bean="entitlement_role_delete" /> |
| <ref bean="entitlement_entitlement_list" /> |
| <ref bean="entitlement_entitlement_create" /> |
| <ref bean="entitlement_entitlement_read" /> |
| <ref bean="entitlement_entitlement_update" /> |
| <ref bean="entitlement_entitlement_delete" /> |
| </util:list> |
| </property> |
| </bean> |
| <bean id="role_user" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity"> |
| <property name="name" |
| value="USER" /> |
| <property name="description" |
| value="This is the user role with read access" /> |
| <property name="entitlements"> |
| <util:list> |
| <ref bean="entitlement_claim_list" /> |
| <ref bean="entitlement_claim_read" /> |
| <ref bean="entitlement_idp_list" /> |
| <ref bean="entitlement_idp_read" /> |
| <ref bean="entitlement_trustedidp_list" /> |
| <ref bean="entitlement_trustedidp_read" /> |
| <ref bean="entitlement_application_list" /> |
| <ref bean="entitlement_application_read" /> |
| <ref bean="entitlement_role_list" /> |
| <ref bean="entitlement_role_read" /> |
| <ref bean="entitlement_entitlement_list" /> |
| <ref bean="entitlement_entitlement_read" /> |
| </util:list> |
| </property> |
| </bean> |
| <bean id="role_idp_login" |
| class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity"> |
| <property name="name" |
| value="IDP_LOGIN" /> |
| <property name="description" |
| value="This is the IDP login role which is applied to Users during the IDP SSO" /> |
| <property name="entitlements"> |
| <util:list> |
| <ref bean="entitlement_claim_list" /> |
| <ref bean="entitlement_claim_read" /> |
| <ref bean="entitlement_idp_list" /> |
| <ref bean="entitlement_idp_read" /> |
| <ref bean="entitlement_trustedidp_list" /> |
| <ref bean="entitlement_trustedidp_read" /> |
| <ref bean="entitlement_application_list" /> |
| <ref bean="entitlement_application_read" /> |
| </util:list> |
| </property> |
| </bean> |
| |
| |
| |
| </beans> |
| |