Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
449 lines (432 sloc) 19.5 KB
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-4.3.xsd">
<bean id="idp-realmB" class="org.apache.cxf.fediz.service.idp.service.jpa.IdpEntity">
<property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
<property name="uri" value="realmb" />
<property name="provideIdpList" value="true" />
<property name="useCurrentIdp" value="true" />
<property name="certificate" value="stsKeystoreB.properties" />
<property name="certificatePassword" value="realmb" />
<property name="stsUrl" value="https://localhost:12443/fediz-idp-sts/REALMB" />
<property name="idpUrl" value="https://localhost:12443/fediz-idp-remote/federation" />
<property name="supportedProtocols">
<util:list>
<value>http://docs.oasis-open.org/wsfed/federation/200706
</value>
<value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
</value>
</util:list>
</property>
<property name="tokenTypesOffered">
<util:list>
<value>urn:oasis:names:tc:SAML:1.0:assertion</value>
<value>urn:oasis:names:tc:SAML:2.0:assertion</value>
</util:list>
</property>
<property name="authenticationURIs">
<util:map>
<entry key="default" value="federation/up" />
<entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey"
value="federation/krb" />
<entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default"
value="federation/up" />
<entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl"
value="federation/clientcert" />
</util:map>
</property>
<property name="serviceDisplayName" value="REALM B" />
<property name="serviceDescription" value="IDP of Realm B" />
<property name="applications">
<util:list>
<ref bean="idp-realmA" />
<ref bean="srv-oidc" />
</util:list>
</property>
<property name="claimTypesOffered">
<util:list>
<ref bean="claim_role" />
<ref bean="claim_surname" />
<ref bean="claim_givenname" />
<ref bean="claim_email" />
</util:list>
</property>
</bean>
<bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
<property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
<property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
<property name="serviceDisplayName" value="Resource IDP Realm A" />
<property name="serviceDescription" value="Resource IDP Realm A" />
<property name="role" value="SecurityTokenServiceType" />
<property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
<property name="lifeTime" value="3600" />
<property name="passiveRequestorEndpointConstraint" value="https://localhost:?(\d)*/.*" />
</bean>
<bean id="srv-oidc" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
<property name="realm" value="urn:org:apache:cxf:fediz:oidc" />
<property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
<property name="serviceDisplayName" value="OIDC Provider" />
<property name="serviceDescription" value="OpenID Connect Provider" />
<property name="role" value="ApplicationServiceType" />
<property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
<property name="lifeTime" value="3600" />
<property name="passiveRequestorEndpointConstraint" value="https://www.fediz.org:?(\d)*/fediz-oidc/.*" />
<property name="logoutEndpointConstraint" value="https://www.fediz.org:?(\d)*/.*" />
</bean>
<bean id="claim_role"
class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
<property name="claimType"
value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
<property name="displayName"
value="role" />
<property name="description"
value="Description for role" />
</bean>
<bean id="claim_givenname"
class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
<property name="claimType"
value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
<property name="displayName"
value="firstname" />
<property name="description"
value="Description for firstname" />
</bean>
<bean id="claim_surname"
class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
<property name="claimType"
value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
<property name="displayName"
value="lastname" />
<property name="description"
value="Description for lastname" />
</bean>
<bean id="claim_email"
class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
<property name="claimType"
value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
<property name="displayName"
value="email" />
<property name="description"
value="Description for email" />
</bean>
<bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
<property name="application" ref="srv-oidc" />
<property name="claim" ref="claim_role" />
<property name="optional" value="false" />
</bean>
<bean id="entitlement_claim_list"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="CLAIM_LIST" />
<property name="description"
value="Description for CLAIM_LIST" />
</bean>
<bean id="entitlement_claim_create"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="CLAIM_CREATE" />
<property name="description"
value="Description for CLAIM_CREATE" />
</bean>
<bean id="entitlement_claim_read"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="CLAIM_READ" />
<property name="description"
value="Description for CLAIM_READ" />
</bean>
<bean id="entitlement_claim_update"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="CLAIM_UPDATE" />
<property name="description"
value="Description for CLAIM_UPDATE" />
</bean>
<bean id="entitlement_claim_delete"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="CLAIM_DELETE" />
<property name="description"
value="Description for CLAIM_DELETE" />
</bean>
<bean id="entitlement_application_list"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="APPLICATION_LIST" />
<property name="description"
value="Description for APPLICATION_LIST" />
</bean>
<bean id="entitlement_application_create"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="APPLICATION_CREATE" />
<property name="description"
value="Description for APPLICATION_CREATE" />
</bean>
<bean id="entitlement_application_read"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="APPLICATION_READ" />
<property name="description"
value="Description for APPLICATION_READ" />
</bean>
<bean id="entitlement_application_update"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="APPLICATION_UPDATE" />
<property name="description"
value="Description for APPLICATION_UPDATE" />
</bean>
<bean id="entitlement_application_delete"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="APPLICATION_DELETE" />
<property name="description"
value="Description for APPLICATION_DELETE" />
</bean>
<bean id="entitlement_trustedidp_list"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="TRUSTEDIDP_LIST" />
<property name="description"
value="Description for TRUSTEDIDP_LIST" />
</bean>
<bean id="entitlement_trustedidp_create"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="TRUSTEDIDP_CREATE" />
<property name="description"
value="Description for TRUSTEDIDP_CREATE" />
</bean>
<bean id="entitlement_trustedidp_read"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="TRUSTEDIDP_READ" />
<property name="description"
value="Description for TRUSTEDIDP_READ" />
</bean>
<bean id="entitlement_trustedidp_update"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="TRUSTEDIDP_UPDATE" />
<property name="description"
value="Description for TRUSTEDIDP_UPDATE" />
</bean>
<bean id="entitlement_trustedidp_delete"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="TRUSTEDIDP_DELETE" />
<property name="description"
value="Description for TRUSTEDIDP_DELETE" />
</bean>
<bean id="entitlement_idp_list"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="IDP_LIST" />
<property name="description"
value="Description for IDP_LIST" />
</bean>
<bean id="entitlement_idp_create"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="IDP_CREATE" />
<property name="description"
value="Description for IDP_CREATE" />
</bean>
<bean id="entitlement_idp_read"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="IDP_READ" />
<property name="description"
value="Description for IDP_READ" />
</bean>
<bean id="entitlement_idp_update"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="IDP_UPDATE" />
<property name="description"
value="Description for IDP_UPDATE" />
</bean>
<bean id="entitlement_idp_delete"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="IDP_DELETE" />
<property name="description"
value="Description for IDP_DELETE" />
</bean>
<bean id="entitlement_role_list"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="ROLE_LIST" />
<property name="description"
value="Description for ROLE_LIST" />
</bean>
<bean id="entitlement_role_create"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="ROLE_CREATE" />
<property name="description"
value="Description for ROLE_CREATE" />
</bean>
<bean id="entitlement_role_read"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="ROLE_READ" />
<property name="description"
value="Description for ROLE_READ" />
</bean>
<bean id="entitlement_role_update"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="ROLE_UPDATE" />
<property name="description"
value="Description for ROLE_UPDATE" />
</bean>
<bean id="entitlement_role_delete"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="ROLE_DELETE" />
<property name="description"
value="Description for ROLE_DELETE" />
</bean>
<bean id="entitlement_entitlement_list"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="ENTITLEMENT_LIST" />
<property name="description"
value="Description for ENTITLEMENT_LIST" />
</bean>
<bean id="entitlement_entitlement_create"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="ENTITLEMENT_CREATE" />
<property name="description"
value="Description for ENTITLEMENT_CREATE" />
</bean>
<bean id="entitlement_entitlement_read"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="ENTITLEMENT_READ" />
<property name="description"
value="Description for ENTITLEMENT_READ" />
</bean>
<bean id="entitlement_entitlement_update"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="ENTITLEMENT_UPDATE" />
<property name="description"
value="Description for ENTITLEMENT_UPDATE" />
</bean>
<bean id="entitlement_entitlement_delete"
class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
<property name="name"
value="ENTITLEMENT_DELETE" />
<property name="description"
value="Description for ENTITLEMENT_DELETE" />
</bean>
<bean id="role_admin"
class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
<property name="name"
value="ADMIN" />
<property name="description"
value="This is the administrator role with full access" />
<property name="entitlements">
<util:list>
<ref bean="entitlement_claim_list" />
<ref bean="entitlement_claim_create" />
<ref bean="entitlement_claim_read" />
<ref bean="entitlement_claim_update" />
<ref bean="entitlement_claim_delete" />
<ref bean="entitlement_idp_list" />
<ref bean="entitlement_idp_create" />
<ref bean="entitlement_idp_read" />
<ref bean="entitlement_idp_update" />
<ref bean="entitlement_idp_delete" />
<ref bean="entitlement_trustedidp_list" />
<ref bean="entitlement_trustedidp_create" />
<ref bean="entitlement_trustedidp_read" />
<ref bean="entitlement_trustedidp_update" />
<ref bean="entitlement_trustedidp_delete" />
<ref bean="entitlement_application_list" />
<ref bean="entitlement_application_create" />
<ref bean="entitlement_application_read" />
<ref bean="entitlement_application_update" />
<ref bean="entitlement_application_delete" />
<ref bean="entitlement_role_list" />
<ref bean="entitlement_role_create" />
<ref bean="entitlement_role_read" />
<ref bean="entitlement_role_update" />
<ref bean="entitlement_role_delete" />
<ref bean="entitlement_entitlement_list" />
<ref bean="entitlement_entitlement_create" />
<ref bean="entitlement_entitlement_read" />
<ref bean="entitlement_entitlement_update" />
<ref bean="entitlement_entitlement_delete" />
</util:list>
</property>
</bean>
<bean id="role_user"
class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
<property name="name"
value="USER" />
<property name="description"
value="This is the user role with read access" />
<property name="entitlements">
<util:list>
<ref bean="entitlement_claim_list" />
<ref bean="entitlement_claim_read" />
<ref bean="entitlement_idp_list" />
<ref bean="entitlement_idp_read" />
<ref bean="entitlement_trustedidp_list" />
<ref bean="entitlement_trustedidp_read" />
<ref bean="entitlement_application_list" />
<ref bean="entitlement_application_read" />
<ref bean="entitlement_role_list" />
<ref bean="entitlement_role_read" />
<ref bean="entitlement_entitlement_list" />
<ref bean="entitlement_entitlement_read" />
</util:list>
</property>
</bean>
<bean id="role_idp_login"
class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
<property name="name"
value="IDP_LOGIN" />
<property name="description"
value="This is the IDP login role which is applied to Users during the IDP SSO" />
<property name="entitlements">
<util:list>
<ref bean="entitlement_claim_list" />
<ref bean="entitlement_claim_read" />
<ref bean="entitlement_idp_list" />
<ref bean="entitlement_idp_read" />
<ref bean="entitlement_trustedidp_list" />
<ref bean="entitlement_trustedidp_read" />
<ref bean="entitlement_application_list" />
<ref bean="entitlement_application_read" />
</util:list>
</property>
</bean>
</beans>