Initial checkin of an IDP for Overlord.

.gitignore

@@ -0,0 +1,5 @@
+/.settings
+/.project
+/target
+/.metadata
+/RemoteSystemsTempFiles

README.md

@@ -1,4 +1,61 @@
-overlord-commons
-================
+# Overlord Common Components
 
-Common/shared Overlord components.
+## Summary
+
+This is the official Git repository for common components used/shared by the various Overlord sub-projects.
+
+## Get the code
+
+The easiest way to get started with the code is to [create your own fork](http://help.github.com/forking/) of this repository, and then clone your fork:
+
+    $ git clone git@github.com:<you>/overlord-commons.git
+    $ cd overlord-commons
+    $ git remote add upstream git://github.com/Governance/overlord-commons.git
+
+At any time, you can pull changes from the upstream and merge them onto your master:
+
+    $ git checkout master               # switches to the 'master' branch
+    $ git pull upstream master          # fetches all 'upstream' changes and merges 'upstream/master' onto your 'master' branch
+    $ git push origin                   # pushes all the updates to your fork, which should be in-sync with 'upstream'
+
+The general idea is to keep your 'master' branch in-sync with the 'upstream/master'.
+
+## Building Overlord Commons
+
+We use Maven 3.x to build our software. The following command compiles all the code, installs the JARs into your local Maven repository, and runs all of the unit tests:
+
+    $ mvn clean install
+
+## Contribute fixes and features
+
+Overlord Commons is open source, and we welcome anybody who wants to participate and contribute!
+
+If you want to fix a bug or make any changes, please log an issue in the [Overlord Commons JIRA](http://issues.jboss.org/browse/SOAG) describing the bug
+or new feature. Then we highly recommend making the changes on a topic branch named with the JIRA issue number. For example, this command creates
+a branch for the SOAG-1234 issue:
+
+    $ git checkout -b soag-1234
+
+After you're happy with your changes and a full build (with unit tests) runs successfully, commit your changes on your topic branch
+(using [really good comments](http://community.jboss.org/wiki/OverlordDevelopmentGuidelines#Commits)). Then it's time to check for
+and pull any recent changes that were made in the official repository:
+
+    $ git checkout master               # switches to the 'master' branch
+    $ git pull upstream master          # fetches all 'upstream' changes and merges 'upstream/master' onto your 'master' branch
+    $ git checkout soag-1234            # switches to your topic branch
+    $ git rebase master                 # reapplies your changes on top of the latest in master
+                                          (i.e., the latest from master will be the new base for your changes)
+
+If the pull grabbed a lot of changes, you should rerun your build to make sure your changes are still good.
+You can then either [create patches](http://progit.org/book/ch5-2.html) (one file per commit, saved in `~/soag-1234`) with 
+
+    $ git format-patch -M -o ~/soag-1234 orgin/master
+
+and upload them to the JIRA issue, or you can push your topic branch and its changes into your public fork repository
+
+    $ git push origin soag-1234         # pushes your topic branch into your public fork of Overlord Commons
+
+and [generate a pull-request](http://help.github.com/pull-requests/) for your changes. 
+
+We prefer pull-requests, because we can review the proposed changes, comment on them,
+discuss them with you, and likely merge the changes right into the official repository.

overlord-commons-idp/.gitignore

@@ -0,0 +1,6 @@
+/.settings
+/target
+/.classpath
+/.project
+/bin
+/repos

overlord-commons-idp/pom.xml

@@ -0,0 +1,12 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.overlord</groupId>
+    <artifactId>overlord-commons</artifactId>
+    <version>1.0.0-SNAPSHOT</version>
+  </parent>
+  <artifactId>overlord-commons-idp</artifactId>
+  <packaging>war</packaging>
+  <name>Overlord Identity Provider</name>
+  <description>An identity provider using PicketLink SAML.</description>
+</project>

overlord-commons-idp/src/main/config/jboss-as7-config-cli.txt

@@ -0,0 +1,5 @@
+connect
+/subsystem=security/security-domain=overlord-idp:add(cache-type=default)
+/subsystem=security/security-domain=overlord-idp/authentication=classic:add(login-modules=[{"code"=>"UsersRoles","flag"=>"required","module-options"=>[("usersProperties"=>"${jboss.server.config.dir}/overlord-idp-users.properties"),("rolesProperties"=>"${jboss.server.config.dir}/overlord-idp-roles.properties")]}])
+:reload
+:reload

overlord-commons-idp/src/main/resources/overlord-idp-roles.properties

@@ -0,0 +1,5 @@
+eric=overlorduser
+gary=overlorduser
+jeff=overlorduser
+kevin=overlorduser
+kurt=overlorduser

overlord-commons-idp/src/main/resources/overlord-idp-users.properties

@@ -0,0 +1,5 @@
+eric=overlord
+gary=overlord
+jeff=overlord
+kevin=overlord
+kurt=overlord

overlord-commons-idp/src/main/webapp/META-INF/jboss-deployment-structure.xml

@@ -0,0 +1,10 @@
+<jboss-deployment-structure>
+
+  <deployment>
+    <!-- Add picketlink module dependency -->
+    <dependencies>
+      <module name="org.picketlink" />
+    </dependencies>
+  </deployment>
+</jboss-deployment-structure>
+

overlord-commons-idp/src/main/webapp/WEB-INF/jboss-web.xml

@@ -0,0 +1,7 @@
+<jboss-web>
+  <security-domain>overlord-idp</security-domain>
+  <context-root>overlord-idp</context-root>
+  <valve>
+     <class-name>org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve</class-name>
+   </valve>
+</jboss-web>

overlord-commons-idp/src/main/webapp/WEB-INF/picketlink.xml

@@ -0,0 +1,35 @@
+<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
+	<PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:2.1">
+		<IdentityURL>${overlord-idp.url::/overlord-idp/}</IdentityURL>
+		<Trust>
+            <Domains>localhost,jboss.com,jboss.org,amazonaws.com</Domains>
+		</Trust>
+	</PicketLinkIDP>
+	<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" />
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
+	</Handlers>
+	<!-- 
+		The configuration bellow defines a token timeout and a clock skew. Both configurations will be used during the SAML Assertion creation.
+		This configuration is optional. It is defined only to show you how to set the token timeout and clock skew configuration. 
+	 -->
+	<PicketLinkSTS xmlns="urn:picketlink:identity-federation:config:1.0" TokenTimeout="5000" ClockSkew="0">
+		<TokenProviders>
+			<TokenProvider
+				ProviderClass="org.picketlink.identity.federation.core.saml.v1.providers.SAML11AssertionTokenProvider"
+				TokenType="urn:oasis:names:tc:SAML:1.0:assertion"
+				TokenElement="Assertion" TokenElementNS="urn:oasis:names:tc:SAML:1.0:assertion" />
+			<TokenProvider
+				ProviderClass="org.picketlink.identity.federation.core.saml.v2.providers.SAML20AssertionTokenProvider"
+				TokenType="urn:oasis:names:tc:SAML:2.0:assertion"
+				TokenElement="Assertion" TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion" />
+		</TokenProviders>
+	</PicketLinkSTS>
+
+</PicketLink>

overlord-commons-idp/src/main/webapp/WEB-INF/web.xml

@@ -0,0 +1,45 @@
+<?xml version="1.0"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+  version="2.5">
+
+  <display-name>OverlordIDP</display-name>
+
+  <listener>
+    <listener-class>org.picketlink.identity.federation.web.listeners.IDPHttpSessionListener</listener-class>
+  </listener>
+
+  <!-- Define a security constraint that gives unlimted access to images -->
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>Resources</web-resource-name>
+      <url-pattern>/resources/*</url-pattern>
+    </web-resource-collection>
+  </security-constraint>
+
+  <!-- Define a Security Constraint on this Application -->
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>Manager command</web-resource-name>
+      <url-pattern>/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>overlorduser</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <!-- Define the Login Configuration for this Application -->
+  <login-config>
+    <auth-method>FORM</auth-method>
+    <realm-name>Overlord IDP Application</realm-name>
+    <form-login-config>
+      <form-login-page>/login.html</form-login-page>
+      <form-error-page>/login-error.html</form-error-page>
+    </form-login-config>
+  </login-config>
+
+  <!-- Security roles referenced by this web application -->
+  <security-role>
+    <role-name>overlorduser</role-name>
+  </security-role>
+</web-app>

overlord-commons-idp/src/main/webapp/hosted/index.jsp

@@ -0,0 +1,12 @@
+Welcome to the Overlord Project IDP.  You really shouldn't be 
+logging in to this web application directly.  If you are seeing
+this page then perhaps something went wrong?
+
+If you <b>did</b> log in to the IDP directly, you should now be
+signed in to all Overlord projects.  Perhaps one of these will
+work:
+<br/>
+<br/>
+<ul>
+  <li><a href="/s-ramp-ui">S-RAMP Browser</a></li>
+</ul>

overlord-commons-idp/src/main/webapp/login-error.html

@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <title>Security Eval IDP - Login</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="">
+    <meta name="author" content="">
+
+    <link href="resources/bootstrap-2.2.2/css/bootstrap.css" rel="stylesheet"></link>
+    <link href="resources/bootstrap-2.2.2/css/bootstrap-responsive.css" rel="stylesheet"></link>
+    <link href="resources/idp.css" rel="stylesheet"></link>
+
+    <!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
+    <!--[if lt IE 9]>
+      <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
+    <![endif]-->
+
+    <script src="resources/jquery-1.9.1/jquery.min.js"></script>
+    <script src="resources/bootstrap-2.2.2/js/bootstrap.min.js"></script>
+  </head>
+
+  <body>
+    <div class="container">
+      <div class="alert alert-error">
+        Login failed.  Please try again.
+      </div>
+      <form class="form-signin" id="login_form" name="login_form" method="post"
+            action="j_security_check" enctype="application/x-www-form-urlencoded">
+        <h2 class="form-signin-heading">Overlord - Sign In</h2>
+        <br />
+        <input id="username" name="j_username" type="text" class="input-block-level" placeholder="Username"></input>
+        <input id="password" name="j_password" type="password" class="input-block-level" placeholder="Password"></input>
+        <button id="submit" name="submit" class="btn btn-large btn-focus" type="submit">Sign in</button>
+      </form>
+    </div>
+  </body>
+
+  <script>
+    $('#username').focus();
+  </script>
+</html>

overlord-commons-idp/src/main/webapp/login.html

@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <title>Overlord IDP - Login</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="">
+    <meta name="author" content="">
+
+    <link href="resources/bootstrap-2.2.2/css/bootstrap.css" rel="stylesheet"></link>
+    <link href="resources/bootstrap-2.2.2/css/bootstrap-responsive.css" rel="stylesheet"></link>
+    <link href="resources/idp.css" rel="stylesheet"></link>
+
+    <!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
+    <!--[if lt IE 9]>
+      <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
+    <![endif]-->
+
+    <script src="resources/jquery-1.9.1/jquery.min.js"></script>
+    <script src="resources/bootstrap-2.2.2/js/bootstrap.min.js"></script>
+  </head>
+
+  <body>
+    <div class="container">
+      <form class="form-signin" id="login_form" name="login_form" method="post"
+            action="j_security_check" enctype="application/x-www-form-urlencoded">
+        <h2 class="form-signin-heading">Overlord - Sign In</h2>
+        <br />
+        <input id="username" name="j_username" type="text" class="input-block-level" placeholder="Username"></input>
+        <input id="password" name="j_password" type="password" class="input-block-level" placeholder="Password"></input>
+        <button id="submit" name="submit" class="btn btn-large btn-focus" type="submit">Sign in</button>
+      </form>
+    </div>
+  </body>
+
+  <script>
+    $('#username').focus();
+  </script>
+</html>