From 77506ec2098f4dcc31318c6526d791e60453d00b Mon Sep 17 00:00:00 2001
From: nttuyen <tuyennt@exoplatform.com>
Date: Thu, 4 Jul 2013 16:59:51 +0700
Subject: [PATCH] add test for login module

---
 portal/web/pom.xml                            |   6 +
 .../org/gatein/portal/templates/login.gtmpl   |   2 +-
 .../gatein/portal/PortalLoginTestCase.java    | 183 +++++++
 .../src/test/resources/META-INF/context.xml   |  31 ++
 .../mappings/HibernateIdentityObject.hbm.xml  |  96 ++++
 .../HibernateIdentityObjectAttribute.hbm.xml  |  56 ++
 ...IdentityObjectAttributeBinaryValue.hbm.xml |  22 +
 .../HibernateIdentityObjectCredential.hbm.xml |  62 +++
 ...dentityObjectCredentialBinaryValue.hbm.xml |  22 +
 ...ernateIdentityObjectCredentialType.hbm.xml |  23 +
 ...ibernateIdentityObjectRelationship.hbm.xml |  63 +++
 ...nateIdentityObjectRelationshipName.hbm.xml |  47 ++
 ...nateIdentityObjectRelationshipType.hbm.xml |  23 +
 .../HibernateIdentityObjectType.hbm.xml       |  23 +
 .../mappings/HibernateRealm.hbm.xml           |  36 ++
 .../HibernateIdentityObject.hbm.xml           |  96 ++++
 .../HibernateIdentityObjectAttribute.hbm.xml  |  56 ++
 ...IdentityObjectAttributeBinaryValue.hbm.xml |  22 +
 .../HibernateIdentityObjectCredential.hbm.xml |  62 +++
 ...dentityObjectCredentialBinaryValue.hbm.xml |  22 +
 ...ernateIdentityObjectCredentialType.hbm.xml |  23 +
 ...ibernateIdentityObjectRelationship.hbm.xml |  63 +++
 ...nateIdentityObjectRelationshipName.hbm.xml |  47 ++
 ...nateIdentityObjectRelationshipType.hbm.xml |  23 +
 .../HibernateIdentityObjectType.hbm.xml       |  23 +
 .../sybase-mappings/HibernateRealm.hbm.xml    |  36 ++
 .../resources/WEB-INF/conf/configuration.xml  | 183 +++++++
 .../conf/organization/configuration.xml       | 326 ++++++++++++
 .../organization-configuration.xml            | 502 ++++++++++++++++++
 .../examples/acme-openldap.ldif               | 160 ++++++
 .../picketlink-idm/examples/acme.ldif         | 151 ++++++
 .../examples/initial-openldap.ldif            |  16 +
 .../picketlink-idm-ldap-acme-config.xml       | 419 +++++++++++++++
 .../examples/picketlink-idm-ldap-config.xml   | 380 +++++++++++++
 .../examples/picketlink-idm-msad-config.xml   | 424 +++++++++++++++
 .../picketlink-idm-msad-readonly-config.xml   | 378 +++++++++++++
 .../picketlink-idm-openldap-acme-config.xml   | 434 +++++++++++++++
 .../picketlink-idm-openldap-config.xml        | 394 ++++++++++++++
 .../picketlink-idm/infinispan-cluster.xml     |  65 +++
 .../picketlink-idm/infinispan.xml             |  50 ++
 .../picketlink-idm/picketlink-idm-config.xml  | 127 +++++
 .../conf/portal/portal/classic/navigation.xml |  20 +
 .../conf/portal/portal/classic/pages.xml      |  91 ++++
 .../conf/portal/portal/classic/portal.xml     |   8 +
 .../conf/portal/portal/sharedlayout.xml       |   6 +
 portal/web/src/test/resources/web.xml         |  25 +
 46 files changed, 5326 insertions(+), 1 deletion(-)
 create mode 100644 portal/web/src/test/java/org/gatein/portal/PortalLoginTestCase.java
 create mode 100644 portal/web/src/test/resources/META-INF/context.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObject.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectAttribute.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectAttributeBinaryValue.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectCredential.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectCredentialBinaryValue.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectCredentialType.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectRelationship.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectRelationshipName.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectRelationshipType.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectType.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateRealm.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObject.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectAttribute.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectAttributeBinaryValue.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectCredential.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectCredentialBinaryValue.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectCredentialType.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationship.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationshipName.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationshipType.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectType.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateRealm.hbm.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/configuration.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/organization/configuration.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/organization/organization-configuration.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/acme-openldap.ldif
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/acme.ldif
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/initial-openldap.ldif
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-acme-config.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-config.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-msad-config.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-msad-readonly-config.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-acme-config.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-config.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/infinispan-cluster.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/infinispan.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/picketlink-idm-config.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/portal/portal/classic/navigation.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/portal/portal/classic/pages.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/portal/portal/classic/portal.xml
 create mode 100644 portal/web/src/test/resources/WEB-INF/conf/portal/portal/sharedlayout.xml

diff --git a/portal/web/pom.xml b/portal/web/pom.xml
index f65d22df2..26cea86ea 100644
--- a/portal/web/pom.xml
+++ b/portal/web/pom.xml
@@ -281,6 +281,12 @@
         <version>2.14.1</version>
         <configuration>
           <reuseForks>false</reuseForks>
+          <systemProperties>
+            <property>
+              <name>java.security.auth.login.config</name>
+              <value>${basedir}/src/main/tomcatconf/jaas.conf</value>
+            </property>
+          </systemProperties>
         </configuration>
       </plugin>
 
diff --git a/portal/web/src/main/java/org/gatein/portal/templates/login.gtmpl b/portal/web/src/main/java/org/gatein/portal/templates/login.gtmpl
index ba07e9a93..9f4b29717 100644
--- a/portal/web/src/main/java/org/gatein/portal/templates/login.gtmpl
+++ b/portal/web/src/main/java/org/gatein/portal/templates/login.gtmpl
@@ -14,7 +14,7 @@
         <button type="button" class="close" data-dismiss="alert">&times;</button>
         ${message}
     </div>
-    <form method="post" action="@{Controller.actionLogin()}">
+    <form id="login-form" method="post" action="@{Controller.actionLogin()}">
         <table>
             <tbody>
                 <tr>
diff --git a/portal/web/src/test/java/org/gatein/portal/PortalLoginTestCase.java b/portal/web/src/test/java/org/gatein/portal/PortalLoginTestCase.java
new file mode 100644
index 000000000..a83eff4d4
--- /dev/null
+++ b/portal/web/src/test/java/org/gatein/portal/PortalLoginTestCase.java
@@ -0,0 +1,183 @@
+package org.gatein.portal;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.net.MalformedURLException;
+import java.net.URISyntaxException;
+import java.net.URL;
+
+import javax.portlet.GenericPortlet;
+import javax.portlet.PortletException;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+
+import junit.framework.AssertionFailedError;
+import juzu.impl.common.RunMode;
+import juzu.impl.common.Tools;
+import juzu.impl.inject.spi.InjectorProvider;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.container.test.api.RunAsClient;
+import org.jboss.arquillian.drone.api.annotation.Drone;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.arquillian.junit.InSequence;
+import org.jboss.arquillian.test.api.ArquillianResource;
+import org.jboss.shrinkwrap.api.Filters;
+import org.jboss.shrinkwrap.api.GenericArchive;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.asset.StringAsset;
+import org.jboss.shrinkwrap.api.importer.ExplodedImporter;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.openqa.selenium.By;
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+
+/**
+ * Created with IntelliJ IDEA.
+ * User: tuyennt
+ * Date: 7/4/13
+ * Time: 10:35 AM
+ * To change this template use File | Settings | File Templates.
+ */
+@RunWith(Arquillian.class)
+public class PortalLoginTestCase extends AbstractPortalTestCase {
+
+    @Deployment(testable = false)
+    public static WebArchive createPortal() {
+        //WebArchive portal = AbstractPortalTestCase.createPortal(InjectorProvider.INJECT_GUICE, RunMode.DEV);
+        WebArchive portal = ShrinkWrap.create(WebArchive.class, "portal.war");
+
+        String servlet;
+        try {
+            servlet = Tools.read(Thread.currentThread().getContextClassLoader().getResourceAsStream("web.xml"));
+        } catch (IOException e) {
+            AssertionFailedError afe = new AssertionFailedError("Could not read web xml deployment descriptor");
+            afe.initCause(e);
+            throw afe;
+        }
+
+        servlet = String.format(servlet, InjectorProvider.INJECT_GUICE.getValue(), RunMode.DEV.getValue());
+
+        portal.setWebXML(new StringAsset(servlet));
+
+        portal.merge(ShrinkWrap.
+                create(GenericArchive.class).
+                as(ExplodedImporter.class).
+                importDirectory("src/test/resources/WEB-INF").
+                as(GenericArchive.class), "/WEB-INF", Filters.exclude("web.xml"));
+        portal.merge(ShrinkWrap.
+                create(GenericArchive.class).
+                as(ExplodedImporter.class).
+                importDirectory("src/test/resources/META-INF").
+                as(GenericArchive.class), "/META-INF", Filters.exclude("web.xml"));
+
+        portal.addAsWebInfResource(new StringAsset(descriptor(Portlet1.class).exportAsString()), "portlet.xml");
+
+        return portal;
+    }
+
+    @ArquillianResource
+    URL deploymentURL;
+
+    @Drone
+    WebDriver driver;
+
+    @Test
+    @RunAsClient
+    public void testHasLoginForm() {
+        String url = deploymentURL.toString() + "/login";
+        driver.get(url);
+        WebElement form = driver.findElement(By.tagName("form"));
+        WebElement username = form.findElement(By.name("username"));
+        WebElement password = form.findElement(By.name("password"));
+
+        Assert.assertNotNull(form);
+        Assert.assertNotNull(username);
+        Assert.assertNotNull(password);
+    }
+
+    @Test
+    @RunAsClient
+    public void testNotLogin() throws InterruptedException, URISyntaxException, MalformedURLException {
+        String portletURL = deploymentURL + "page1";
+        driver.get(portletURL);
+        WebElement body = driver.findElement(By.tagName("body"));
+        WebElement linkElement = driver.findElement(By.id("login-user"));
+        Assert.assertNotNull(linkElement);
+        String username = linkElement.getText();
+        Assert.assertEquals("__GUEST__", username);
+    }
+
+    @Test
+    @RunAsClient
+    public void testDoLogin() throws InterruptedException {
+        String url = deploymentURL.toString() + "/dologin?initURL="+ deploymentURL + "page1";
+        driver.get(url);
+        WebElement form = driver.findElement(By.tagName("form"));
+        WebElement username = form.findElement(By.name("username"));
+        WebElement password = form.findElement(By.name("password"));
+
+        Assert.assertNotNull(form);
+        Assert.assertNotNull(username);
+        Assert.assertNotNull(password);
+
+        username.sendKeys("root");
+        password.sendKeys("gtn");
+        form.submit();
+
+        String portletURL = deploymentURL + "page1";
+        driver.get(portletURL);
+
+        WebElement linkElement = driver.findElement(By.id("login-user"));
+        Assert.assertNotNull(linkElement);
+        String name = linkElement.getText();
+        Assert.assertEquals("root", name);
+    }
+
+    @Test
+    @RunAsClient
+    public void testLoginFailure() {
+        String url = deploymentURL.toString() + "/dologin?initURL="+ deploymentURL + "page1";
+        driver.get(url);
+        WebElement form = driver.findElement(By.tagName("form"));
+        WebElement username = form.findElement(By.name("username"));
+        WebElement password = form.findElement(By.name("password"));
+
+        Assert.assertNotNull(form);
+        Assert.assertNotNull(username);
+        Assert.assertNotNull(password);
+
+        username.sendKeys("root");
+        password.sendKeys("gtn1111");
+        form.submit();
+
+        WebElement body = driver.findElement(By.tagName("body"));
+        Assert.assertTrue(body.getText().contains("Username or password incorrect!"));
+
+        String portletURL = deploymentURL + "page1";
+        driver.get(portletURL);
+
+        WebElement linkElement = driver.findElement(By.id("login-user"));
+        Assert.assertNotNull(linkElement);
+        String name = linkElement.getText();
+        Assert.assertEquals("__GUEST__", name);
+    }
+
+
+    public static class Portlet1 extends GenericPortlet {
+        @Override
+        protected void doView(RenderRequest request, RenderResponse response) throws PortletException, IOException {
+            response.setContentType("text/html");
+            PrintWriter writer = response.getWriter();
+            String username = request.getRemoteUser();
+            if(username == null || username.isEmpty()) {
+                username = "__GUEST__";
+            }
+            writer.append("<span id='login-user'>"+username+"</span>");
+            writer.close();
+        }
+    }
+}
diff --git a/portal/web/src/test/resources/META-INF/context.xml b/portal/web/src/test/resources/META-INF/context.xml
new file mode 100644
index 000000000..349a0d7c3
--- /dev/null
+++ b/portal/web/src/test/resources/META-INF/context.xml
@@ -0,0 +1,31 @@
+<!--
+
+    Copyright (C) 2009 eXo Platform SAS.
+    
+    This is free software; you can redistribute it and/or modify it
+    under the terms of the GNU Lesser General Public License as
+    published by the Free Software Foundation; either version 2.1 of
+    the License, or (at your option) any later version.
+    
+    This software is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+    Lesser General Public License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public
+    License along with this software; if not, write to the Free
+    Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+    02110-1301 USA, or see the FSF site: http://www.fsf.org.
+
+-->
+
+<Context privileged="true">
+  <Realm className='org.apache.catalina.realm.JAASRealm'
+         appName='gatein-domain'
+         userClassNames='org.exoplatform.services.security.jaas.UserPrincipal'
+         roleClassNames='org.exoplatform.services.security.jaas.RolePrincipal'/>
+  <Valve
+      className='org.apache.catalina.authenticator.FormAuthenticator'
+      characterEncoding='UTF-8'/>
+  <!--org.gatein.portal.jaas.BytesLoungeLoginModule required debug=true;-->
+</Context>
\ No newline at end of file
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObject.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObject.hbm.xml
new file mode 100644
index 000000000..8c5ac1415
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObject.hbm.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject"
+         table="jbid_io">
+    <cache usage="transactional"/>
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ID"/>
+      <generator class="native"/>
+    </id>
+    <set name="attributes"
+         batch-size="20"
+         inverse="true"
+         cascade="all, delete-orphan"
+         lazy="extra"
+         fetch="subselect">
+      <cache usage="transactional"/>
+      <key>
+        <column name="IDENTITY_OBJECT_ID"/>
+      </key>
+      <one-to-many class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectAttribute"/>
+    </set>
+    <set name="credentials"
+         inverse="true"
+         cascade="all, delete-orphan"
+         lazy="extra"
+         fetch="subselect">
+      <cache usage="transactional"/>
+      <key>
+        <column name="IDENTITY_OBJECT_ID"/>
+      </key>
+      <one-to-many class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectCredential"/>
+    </set>
+    <set name="fromRelationships"
+         inverse="true"
+         lazy="extra"
+         fetch="subselect">
+      <cache usage="transactional"/>
+      <key>
+        <column name="FROM_IDENTITY"/>
+      </key>
+      <one-to-many class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationship"/>
+    </set>
+    <many-to-one name="identityType"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectType"
+                 access="field"
+                 fetch="join"
+                 lazy="false">
+      <column name="IDENTITY_TYPE"
+              not-null="true"
+              unique-key="id"/>
+    </many-to-one>
+    <property name="name"
+              type="java.lang.String"
+              access="field"
+              lazy="false">
+      <column name="NAME"
+              not-null="true"
+              unique-key="id"/>
+    </property>
+    <map name="properties"
+         table="jbid_io_props"
+         cascade="all, delete-orphan"
+         lazy="extra"
+         fetch="subselect">
+      <cache usage="transactional"/>
+      <key column="PROP_ID"/>
+      <map-key type="string"
+               column="PROP_NAME"/>
+      <element type="string"
+               column="PROP_VALUE"
+               not-null="true"/>
+    </map>
+    <many-to-one name="realm"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateRealm"
+                 access="field"
+                 fetch="select">
+      <column name="REALM"
+              not-null="true"
+              unique-key="id"/>
+    </many-to-one>
+    <set name="toRelationships"
+         inverse="true"
+         lazy="extra"
+         fetch="subselect">
+      <cache usage="transactional"/>
+      <key>
+        <column name="TO_IDENTITY"/>
+      </key>
+      <one-to-many class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationship"/>
+    </set>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectAttribute.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectAttribute.hbm.xml
new file mode 100644
index 000000000..540eff4e3
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectAttribute.hbm.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectAttribute"
+         table="jbid_io_attr">
+    <cache usage="transactional"/>
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ATTRIBUTE_ID"/>
+      <generator class="native"/>
+    </id>
+    <many-to-one name="identityObject"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject"
+                 access="field"
+                 fetch="join">
+      <column name="IDENTITY_OBJECT_ID" not-null="true" unique-key="id"/>
+    </many-to-one>
+    <property name="name"
+              type="java.lang.String"
+              access="property"
+              lazy="false">
+      <column name="NAME"
+              unique-key="id"/>
+    </property>
+    <property name="type"
+              type="java.lang.String"
+              access="field"
+              lazy="false"
+              not-null="true">
+      <column name="ATTRIBUTE_TYPE"/>
+    </property>
+    <set name="textValues"
+         table="jbid_io_attr_text_values"
+         cascade="all, delete-orphan"
+         access="field"
+         lazy="false"
+         fetch="join"
+         batch-size="20">
+      <cache usage="transactional"/>
+      <key column="TEXT_ATTR_VALUE_ID"/>
+      <element type="string"
+               column="ATTR_VALUE"/>
+    </set>
+    <many-to-one name="binaryValue"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectAttributeBinaryValue"
+                 not-null="false"
+                 column="BIN_VALUE_ID"
+                 unique="false"
+                 lazy="proxy"
+                 access="field"
+                 fetch="select"
+                 cascade="all"/>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectAttributeBinaryValue.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectAttributeBinaryValue.hbm.xml
new file mode 100644
index 000000000..d10142c8d
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectAttributeBinaryValue.hbm.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectAttributeBinaryValue"
+         table="jbid_attr_bin_value">
+    <cache usage="transactional"/>
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="BIN_VALUE_ID"/>
+      <generator class="native"/>
+    </id>
+    <property name="value"
+              type="org.hibernate.type.PrimitiveByteArrayBlobType"
+              access="field"
+              lazy="false"
+              not-null="true">
+      <column name="VALUE" length="10240000"/>
+    </property>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectCredential.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectCredential.hbm.xml
new file mode 100644
index 000000000..96221fb48
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectCredential.hbm.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectCredential"
+         table="jbid_io_creden">
+    <cache usage="transactional"/>
+
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ID"/>
+      <generator class="native"/>
+    </id>
+    <many-to-one name="binaryValue"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectCredentialBinaryValue"
+                 not-null="false"
+                 column="BIN_VALUE_ID"
+                 unique="false"
+                 lazy="proxy"
+                 access="field"
+                 fetch="select"
+                 cascade="all"/>
+    <many-to-one name="identityObject"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject"
+                 access="field"
+                 fetch="select"
+                 lazy="proxy">
+      <column name="IDENTITY_OBJECT_ID"
+              not-null="true"
+              unique-key="id"/>
+    </many-to-one>
+    <map name="properties"
+         table="jbid_io_creden_props"
+         cascade="all, delete-orphan"
+         lazy="extra"
+         fetch="subselect">
+      <cache usage="transactional"/>
+      <key column="PROP_ID"/>
+      <map-key type="string"
+               column="PROP_NAME"/>
+      <element type="string"
+               column="PROP_VALUE"
+               not-null="true"/>
+    </map>
+    <property name="textValue"
+              type="java.lang.String"
+              access="field"
+              lazy="false">
+      <column name="TEXT"/>
+    </property>
+    <many-to-one name="type"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectCredentialType"
+                 access="field"
+                 fetch="join"
+                 lazy="false">
+      <column name="CREDENTIAL_TYPE"
+              not-null="true"
+              unique-key="id"/>
+    </many-to-one>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectCredentialBinaryValue.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectCredentialBinaryValue.hbm.xml
new file mode 100644
index 000000000..f32141ced
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectCredentialBinaryValue.hbm.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectCredentialBinaryValue"
+         table="jbid_creden_bin_value">
+    <cache usage="transactional"/>
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="BIN_VALUE_ID"/>
+      <generator class="native"/>
+    </id>
+    <property name="value"
+              type="org.hibernate.type.PrimitiveByteArrayBlobType"
+              access="field"
+              lazy="false"
+              not-null="true">
+      <column name="VALUE" length="10240000"/>
+    </property>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectCredentialType.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectCredentialType.hbm.xml
new file mode 100644
index 000000000..9a18541a3
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectCredentialType.hbm.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectCredentialType"
+         table="jbid_io_creden_type">
+    <cache usage="transactional"/>
+
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ID"/>
+      <generator class="native"/>
+    </id>
+    <property name="name"
+              type="java.lang.String"
+              access="field"
+              lazy="false">
+      <column name="NAME"
+              unique="true"/>
+    </property>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectRelationship.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectRelationship.hbm.xml
new file mode 100644
index 000000000..5fadbfec3
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectRelationship.hbm.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationship"
+         table="jbid_io_rel">
+    <cache usage="transactional"/>
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ID"/>
+      <generator class="native"/>
+    </id>
+    <many-to-one name="fromIdentityObject"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject"
+                 access="field"
+                 fetch="select"
+                 lazy="proxy">
+      <column name="FROM_IDENTITY"
+              not-null="true"
+              unique-key="id"/>
+    </many-to-one>
+    <many-to-one name="name"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationshipName"
+                 access="field"
+                 fetch="join"
+                 lazy="proxy">
+      <column name="NAME"
+              unique-key="id"/>
+    </many-to-one>
+    <many-to-one name="toIdentityObject"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject"
+                 access="field"
+                 fetch="select"
+                 lazy="proxy">
+      <column name="TO_IDENTITY"
+              not-null="true"
+              unique-key="id"/>
+    </many-to-one>
+    <many-to-one name="type"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationshipType"
+                 access="field"
+                 fetch="select"
+                 lazy="proxy">
+      <column name="REL_TYPE"
+              not-null="true"
+              unique-key="id"/>
+    </many-to-one>
+    <map name="properties"
+         table="jbid_io_rel_props"
+         cascade="all, delete-orphan"
+         fetch="subselect"
+         lazy="extra">
+      <cache usage="transactional"/>
+      <key column="PROP_ID"/>
+      <map-key type="string"
+               column="PROP_NAME"/>
+      <element type="string"
+               column="PROP_VALUE"
+               not-null="true"/>
+    </map>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectRelationshipName.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectRelationshipName.hbm.xml
new file mode 100644
index 000000000..4fb5b5c95
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectRelationshipName.hbm.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationshipName"
+         table="jbid_io_rel_name">
+    <cache usage="transactional"/>
+
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ID"/>
+      <generator class="native"/>
+    </id>
+    <property name="name"
+              type="java.lang.String"
+              access="field"
+              lazy="false">
+      <column name="NAME"
+              not-null="true"
+              unique-key="id"/>
+    </property>
+    <map name="properties"
+         table="jbid_io_rel_name_props"
+         cascade="all, delete-orphan"
+         lazy="extra"
+         fetch="subselect">
+      <cache usage="transactional"/>
+      <key column="PROP_ID"/>
+      <map-key type="string"
+               column="PROP_NAME"/>
+      <element type="string"
+               column="PROP_VALUE"
+               not-null="true"/>
+    </map>
+    <many-to-one name="realm"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateRealm"
+                 access="field"
+                 fetch="select"
+                 lazy="proxy">
+      <column name="REALM"
+              not-null="true"
+              unique-key="id"/>
+    </many-to-one>
+
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectRelationshipType.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectRelationshipType.hbm.xml
new file mode 100644
index 000000000..a279894f2
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectRelationshipType.hbm.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationshipType"
+         table="jbid_io_rel_type">
+    <cache usage="transactional"/>
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ID"/>
+      <generator class="native"/>
+    </id>
+    <property name="name"
+              type="java.lang.String"
+              access="field"
+              lazy="false">
+      <column name="NAME"
+              not-null="true"
+              unique="true"/>
+    </property>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectType.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectType.hbm.xml
new file mode 100644
index 000000000..752738739
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateIdentityObjectType.hbm.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectType"
+         table="jbid_io_type">
+    <cache usage="transactional"/>
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ID"/>
+      <generator class="native"/>
+    </id>
+    <property name="name"
+              type="java.lang.String"
+              access="field"
+              lazy="false">
+      <column name="NAME"
+              not-null="true"
+              unique="true"/>
+    </property>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateRealm.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateRealm.hbm.xml
new file mode 100644
index 000000000..a47f18400
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/mappings/HibernateRealm.hbm.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateRealm"
+         table="jbid_realm">
+    <cache usage="transactional"/>
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ID"/>
+      <generator class="native"/>
+    </id>
+    <property name="name"
+              type="java.lang.String"
+              access="field"
+              lazy="false">
+      <column name="NAME"
+              not-null="true"
+              unique-key="id"/>
+    </property>
+    <map name="properties"
+         table="jbid_real_props"
+         cascade="all, delete-orphan"
+         fetch="subselect"
+         lazy="extra">
+      <cache usage="transactional"/>
+      <key column="PROP_ID"/>
+      <map-key type="string"
+               column="PROP_NAME"/>
+      <element type="string"
+               column="PROP_VALUE"
+               not-null="true"/>
+    </map>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObject.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObject.hbm.xml
new file mode 100644
index 000000000..8c5ac1415
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObject.hbm.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject"
+         table="jbid_io">
+    <cache usage="transactional"/>
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ID"/>
+      <generator class="native"/>
+    </id>
+    <set name="attributes"
+         batch-size="20"
+         inverse="true"
+         cascade="all, delete-orphan"
+         lazy="extra"
+         fetch="subselect">
+      <cache usage="transactional"/>
+      <key>
+        <column name="IDENTITY_OBJECT_ID"/>
+      </key>
+      <one-to-many class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectAttribute"/>
+    </set>
+    <set name="credentials"
+         inverse="true"
+         cascade="all, delete-orphan"
+         lazy="extra"
+         fetch="subselect">
+      <cache usage="transactional"/>
+      <key>
+        <column name="IDENTITY_OBJECT_ID"/>
+      </key>
+      <one-to-many class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectCredential"/>
+    </set>
+    <set name="fromRelationships"
+         inverse="true"
+         lazy="extra"
+         fetch="subselect">
+      <cache usage="transactional"/>
+      <key>
+        <column name="FROM_IDENTITY"/>
+      </key>
+      <one-to-many class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationship"/>
+    </set>
+    <many-to-one name="identityType"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectType"
+                 access="field"
+                 fetch="join"
+                 lazy="false">
+      <column name="IDENTITY_TYPE"
+              not-null="true"
+              unique-key="id"/>
+    </many-to-one>
+    <property name="name"
+              type="java.lang.String"
+              access="field"
+              lazy="false">
+      <column name="NAME"
+              not-null="true"
+              unique-key="id"/>
+    </property>
+    <map name="properties"
+         table="jbid_io_props"
+         cascade="all, delete-orphan"
+         lazy="extra"
+         fetch="subselect">
+      <cache usage="transactional"/>
+      <key column="PROP_ID"/>
+      <map-key type="string"
+               column="PROP_NAME"/>
+      <element type="string"
+               column="PROP_VALUE"
+               not-null="true"/>
+    </map>
+    <many-to-one name="realm"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateRealm"
+                 access="field"
+                 fetch="select">
+      <column name="REALM"
+              not-null="true"
+              unique-key="id"/>
+    </many-to-one>
+    <set name="toRelationships"
+         inverse="true"
+         lazy="extra"
+         fetch="subselect">
+      <cache usage="transactional"/>
+      <key>
+        <column name="TO_IDENTITY"/>
+      </key>
+      <one-to-many class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationship"/>
+    </set>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectAttribute.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectAttribute.hbm.xml
new file mode 100644
index 000000000..540eff4e3
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectAttribute.hbm.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectAttribute"
+         table="jbid_io_attr">
+    <cache usage="transactional"/>
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ATTRIBUTE_ID"/>
+      <generator class="native"/>
+    </id>
+    <many-to-one name="identityObject"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject"
+                 access="field"
+                 fetch="join">
+      <column name="IDENTITY_OBJECT_ID" not-null="true" unique-key="id"/>
+    </many-to-one>
+    <property name="name"
+              type="java.lang.String"
+              access="property"
+              lazy="false">
+      <column name="NAME"
+              unique-key="id"/>
+    </property>
+    <property name="type"
+              type="java.lang.String"
+              access="field"
+              lazy="false"
+              not-null="true">
+      <column name="ATTRIBUTE_TYPE"/>
+    </property>
+    <set name="textValues"
+         table="jbid_io_attr_text_values"
+         cascade="all, delete-orphan"
+         access="field"
+         lazy="false"
+         fetch="join"
+         batch-size="20">
+      <cache usage="transactional"/>
+      <key column="TEXT_ATTR_VALUE_ID"/>
+      <element type="string"
+               column="ATTR_VALUE"/>
+    </set>
+    <many-to-one name="binaryValue"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectAttributeBinaryValue"
+                 not-null="false"
+                 column="BIN_VALUE_ID"
+                 unique="false"
+                 lazy="proxy"
+                 access="field"
+                 fetch="select"
+                 cascade="all"/>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectAttributeBinaryValue.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectAttributeBinaryValue.hbm.xml
new file mode 100644
index 000000000..a9f9fa122
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectAttributeBinaryValue.hbm.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectAttributeBinaryValue"
+         table="jbid_attr_bin_value">
+    <cache usage="transactional"/>
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="BIN_VALUE_ID"/>
+      <generator class="native"/>
+    </id>
+    <property name="value"
+              type="org.picketlink.idm.impl.model.hibernate.MaterializedBlobType"
+              access="field"
+              lazy="false"
+              not-null="true">
+      <column name="VALUE" length="10240000"/>
+    </property>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectCredential.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectCredential.hbm.xml
new file mode 100644
index 000000000..96221fb48
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectCredential.hbm.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectCredential"
+         table="jbid_io_creden">
+    <cache usage="transactional"/>
+
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ID"/>
+      <generator class="native"/>
+    </id>
+    <many-to-one name="binaryValue"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectCredentialBinaryValue"
+                 not-null="false"
+                 column="BIN_VALUE_ID"
+                 unique="false"
+                 lazy="proxy"
+                 access="field"
+                 fetch="select"
+                 cascade="all"/>
+    <many-to-one name="identityObject"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject"
+                 access="field"
+                 fetch="select"
+                 lazy="proxy">
+      <column name="IDENTITY_OBJECT_ID"
+              not-null="true"
+              unique-key="id"/>
+    </many-to-one>
+    <map name="properties"
+         table="jbid_io_creden_props"
+         cascade="all, delete-orphan"
+         lazy="extra"
+         fetch="subselect">
+      <cache usage="transactional"/>
+      <key column="PROP_ID"/>
+      <map-key type="string"
+               column="PROP_NAME"/>
+      <element type="string"
+               column="PROP_VALUE"
+               not-null="true"/>
+    </map>
+    <property name="textValue"
+              type="java.lang.String"
+              access="field"
+              lazy="false">
+      <column name="TEXT"/>
+    </property>
+    <many-to-one name="type"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectCredentialType"
+                 access="field"
+                 fetch="join"
+                 lazy="false">
+      <column name="CREDENTIAL_TYPE"
+              not-null="true"
+              unique-key="id"/>
+    </many-to-one>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectCredentialBinaryValue.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectCredentialBinaryValue.hbm.xml
new file mode 100644
index 000000000..18037e928
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectCredentialBinaryValue.hbm.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectCredentialBinaryValue"
+         table="jbid_creden_bin_value">
+    <cache usage="transactional"/>
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="BIN_VALUE_ID"/>
+      <generator class="native"/>
+    </id>
+    <property name="value"
+              type="org.picketlink.idm.impl.model.hibernate.MaterializedBlobType"
+              access="field"
+              lazy="false"
+              not-null="true">
+      <column name="VALUE" length="10240000"/>
+    </property>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectCredentialType.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectCredentialType.hbm.xml
new file mode 100644
index 000000000..9a18541a3
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectCredentialType.hbm.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectCredentialType"
+         table="jbid_io_creden_type">
+    <cache usage="transactional"/>
+
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ID"/>
+      <generator class="native"/>
+    </id>
+    <property name="name"
+              type="java.lang.String"
+              access="field"
+              lazy="false">
+      <column name="NAME"
+              unique="true"/>
+    </property>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationship.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationship.hbm.xml
new file mode 100644
index 000000000..5fadbfec3
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationship.hbm.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationship"
+         table="jbid_io_rel">
+    <cache usage="transactional"/>
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ID"/>
+      <generator class="native"/>
+    </id>
+    <many-to-one name="fromIdentityObject"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject"
+                 access="field"
+                 fetch="select"
+                 lazy="proxy">
+      <column name="FROM_IDENTITY"
+              not-null="true"
+              unique-key="id"/>
+    </many-to-one>
+    <many-to-one name="name"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationshipName"
+                 access="field"
+                 fetch="join"
+                 lazy="proxy">
+      <column name="NAME"
+              unique-key="id"/>
+    </many-to-one>
+    <many-to-one name="toIdentityObject"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject"
+                 access="field"
+                 fetch="select"
+                 lazy="proxy">
+      <column name="TO_IDENTITY"
+              not-null="true"
+              unique-key="id"/>
+    </many-to-one>
+    <many-to-one name="type"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationshipType"
+                 access="field"
+                 fetch="select"
+                 lazy="proxy">
+      <column name="REL_TYPE"
+              not-null="true"
+              unique-key="id"/>
+    </many-to-one>
+    <map name="properties"
+         table="jbid_io_rel_props"
+         cascade="all, delete-orphan"
+         fetch="subselect"
+         lazy="extra">
+      <cache usage="transactional"/>
+      <key column="PROP_ID"/>
+      <map-key type="string"
+               column="PROP_NAME"/>
+      <element type="string"
+               column="PROP_VALUE"
+               not-null="true"/>
+    </map>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationshipName.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationshipName.hbm.xml
new file mode 100644
index 000000000..4fb5b5c95
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationshipName.hbm.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationshipName"
+         table="jbid_io_rel_name">
+    <cache usage="transactional"/>
+
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ID"/>
+      <generator class="native"/>
+    </id>
+    <property name="name"
+              type="java.lang.String"
+              access="field"
+              lazy="false">
+      <column name="NAME"
+              not-null="true"
+              unique-key="id"/>
+    </property>
+    <map name="properties"
+         table="jbid_io_rel_name_props"
+         cascade="all, delete-orphan"
+         lazy="extra"
+         fetch="subselect">
+      <cache usage="transactional"/>
+      <key column="PROP_ID"/>
+      <map-key type="string"
+               column="PROP_NAME"/>
+      <element type="string"
+               column="PROP_VALUE"
+               not-null="true"/>
+    </map>
+    <many-to-one name="realm"
+                 class="org.picketlink.idm.impl.model.hibernate.HibernateRealm"
+                 access="field"
+                 fetch="select"
+                 lazy="proxy">
+      <column name="REALM"
+              not-null="true"
+              unique-key="id"/>
+    </many-to-one>
+
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationshipType.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationshipType.hbm.xml
new file mode 100644
index 000000000..a279894f2
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationshipType.hbm.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationshipType"
+         table="jbid_io_rel_type">
+    <cache usage="transactional"/>
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ID"/>
+      <generator class="native"/>
+    </id>
+    <property name="name"
+              type="java.lang.String"
+              access="field"
+              lazy="false">
+      <column name="NAME"
+              not-null="true"
+              unique="true"/>
+    </property>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectType.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectType.hbm.xml
new file mode 100644
index 000000000..752738739
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateIdentityObjectType.hbm.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectType"
+         table="jbid_io_type">
+    <cache usage="transactional"/>
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ID"/>
+      <generator class="native"/>
+    </id>
+    <property name="name"
+              type="java.lang.String"
+              access="field"
+              lazy="false">
+      <column name="NAME"
+              not-null="true"
+              unique="true"/>
+    </property>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateRealm.hbm.xml b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateRealm.hbm.xml
new file mode 100644
index 000000000..a47f18400
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/classes/picketlink-idm/sybase-mappings/HibernateRealm.hbm.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+    "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
+<hibernate-mapping>
+  <class name="org.picketlink.idm.impl.model.hibernate.HibernateRealm"
+         table="jbid_realm">
+    <cache usage="transactional"/>
+    <id name="id"
+        type="java.lang.Long"
+        access="field">
+      <column name="ID"/>
+      <generator class="native"/>
+    </id>
+    <property name="name"
+              type="java.lang.String"
+              access="field"
+              lazy="false">
+      <column name="NAME"
+              not-null="true"
+              unique-key="id"/>
+    </property>
+    <map name="properties"
+         table="jbid_real_props"
+         cascade="all, delete-orphan"
+         fetch="subselect"
+         lazy="extra">
+      <cache usage="transactional"/>
+      <key column="PROP_ID"/>
+      <map-key type="string"
+               column="PROP_NAME"/>
+      <element type="string"
+               column="PROP_VALUE"
+               not-null="true"/>
+    </map>
+  </class>
+</hibernate-mapping>
diff --git a/portal/web/src/test/resources/WEB-INF/conf/configuration.xml b/portal/web/src/test/resources/WEB-INF/conf/configuration.xml
new file mode 100644
index 000000000..327b3734f
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/configuration.xml
@@ -0,0 +1,183 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<configuration
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd http://www.exoplaform.org/xml/ns/kernel_1_2.xsd"
+    xmlns="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd">
+
+  <!-- -->
+  <component>
+    <type>org.gatein.portal.portlet.PortletAppManager</type>
+  </component>
+
+  <!-- -->
+  <component>
+    <type>org.gatein.portal.impl.mop.ram.RamStore</type>
+  </component>
+  <component>
+    <type>org.gatein.portal.impl.mop.ram.RamSiteStore</type>
+  </component>
+  <component>
+    <type>org.gatein.portal.mop.site.SiteServiceImpl</type>
+  </component>
+  <component>
+    <type>org.gatein.portal.impl.mop.ram.RamLayoutStore</type>
+  </component>
+  <component>
+    <type>org.gatein.portal.mop.layout.LayoutServiceImpl</type>
+  </component>
+  <component>
+    <type>org.gatein.portal.impl.mop.ram.RamDescriptionStore</type>
+  </component>
+  <component>
+    <type>org.gatein.portal.mop.description.DescriptionServiceImpl</type>
+  </component>
+  <component>
+    <type>org.gatein.portal.impl.mop.ram.RamNavigationStore</type>
+  </component>
+  <component>
+    <type>org.gatein.portal.mop.navigation.NavigationServiceImpl</type>
+  </component>
+  <component>
+    <type>org.gatein.portal.impl.mop.ram.RamPageStore</type>
+  </component>
+  <component>
+    <type>org.gatein.portal.mop.page.PageServiceImpl</type>
+  </component>
+  <component>
+    <type>org.gatein.portal.impl.mop.ram.RamCustomizationStore</type>
+  </component>
+  <component>
+    <type>org.gatein.portal.mop.customization.CustomizationServiceImpl</type>
+  </component>
+
+  <!-- -->
+  <component>
+    <type>org.gatein.portal.importer.ModelImporter</type>
+    <init-params>
+      <value-param>
+        <name>default.import.mode</name>
+        <value>merge</value>
+      </value-param>
+      <value-param>
+        <name>default.portal</name>
+        <description>The default portal for checking db is empty or not</description>
+        <value>classic</value>
+      </value-param>
+      <value-param>
+        <name>page.templates.location</name>
+        <description>the path to the location that contains Page templates</description>
+        <value>war:/conf/portal/template/pages</value>
+      </value-param>
+      <value-param>
+        <name>override</name>
+        <description>The flag parameter to decide if portal metadata is overriden on restarting server</description>
+        <value>false</value>
+      </value-param>
+      <object-param>
+        <name>site.templates.location</name>
+        <description>description</description>
+        <object type="org.exoplatform.portal.config.SiteConfigTemplates">
+          <field name="location">
+            <string>war:/conf/portal</string>
+          </field>
+          <field name="portalTemplates">
+            <collection type="java.util.HashSet">
+              <value>
+                <string>basic</string>
+              </value>
+              <value>
+                <string>classic</string>
+              </value>
+            </collection>
+          </field>
+          <field name="groupTemplates">
+            <collection type="java.util.HashSet">
+              <value>
+                <string>group</string>
+              </value>
+            </collection>
+          </field>
+          <field name="userTemplates">
+            <collection type="java.util.HashSet">
+              <value>
+                <string>user</string>
+              </value>
+            </collection>
+          </field>
+        </object>
+      </object-param>
+      <object-param>
+        <name>portal.configuration</name>
+        <description>description</description>
+        <object type="org.exoplatform.portal.config.NewPortalConfig">
+          <field name="predefinedOwner">
+            <collection type="java.util.HashSet">
+              <value>
+                <string>classic</string>
+              </value>
+              <value>
+                <string>mobile</string>
+              </value>
+            </collection>
+          </field>
+          <field name="ownerType">
+            <string>portal</string>
+          </field>
+          <field name="templateLocation">
+            <string>war:/conf/portal/</string>
+          </field>
+        </object>
+      </object-param>
+      <object-param>
+        <name>group.configuration</name>
+        <description>description</description>
+        <object type="org.exoplatform.portal.config.NewPortalConfig">
+          <field name="predefinedOwner">
+            <collection type="java.util.HashSet">
+              <value>
+                <string>/platform/administrators</string>
+              </value>
+              <value>
+                <string>/platform/users</string>
+              </value>
+              <value>
+                <string>/platform/guests</string>
+              </value>
+              <value>
+                <string>/organization/management/executive-board</string>
+              </value>
+            </collection>
+          </field>
+          <field name="ownerType">
+            <string>group</string>
+          </field>
+          <field name="templateLocation">
+            <string>war:/conf/portal</string>
+          </field>
+        </object>
+      </object-param>
+      <object-param>
+        <name>user.configuration</name>
+        <description>description</description>
+        <object type="org.exoplatform.portal.config.NewPortalConfig">
+          <field name="predefinedOwner">
+            <collection type="java.util.HashSet">
+              <value>
+                <string>root</string>
+              </value>
+            </collection>
+          </field>
+          <field name="ownerType">
+            <string>user</string>
+          </field>
+          <field name="templateLocation">
+            <string>war:/conf/portal</string>
+          </field>
+        </object>
+      </object-param>
+    </init-params>
+  </component>
+
+  <import>war:/conf/organization/configuration.xml</import>
+  <import>war:/conf/organization/organization-configuration.xml</import>
+</configuration>
diff --git a/portal/web/src/test/resources/WEB-INF/conf/organization/configuration.xml b/portal/web/src/test/resources/WEB-INF/conf/organization/configuration.xml
new file mode 100644
index 000000000..86fae7948
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/organization/configuration.xml
@@ -0,0 +1,326 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<configuration
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd http://www.exoplaform.org/xml/ns/kernel_1_2.xsd"
+    xmlns="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd">
+
+  <component>
+    <key>org.exoplatform.services.organization.idm.PicketLinkIDMCacheService</key>
+    <type>org.exoplatform.services.organization.idm.PicketLinkIDMCacheService</type>
+  </component>
+
+  <component>
+    <key>org.gatein.common.transaction.JTAUserTransactionLifecycleService</key>
+    <type>org.gatein.common.transaction.JTAUserTransactionLifecycleServiceImpl</type>
+  </component>
+
+  <component>
+    <key>org.exoplatform.services.database.HibernateService</key>
+    <jmx-name>database:type=HibernateService</jmx-name>
+    <type>org.exoplatform.services.organization.idm.CustomHibernateServiceImpl</type>
+    <init-params>
+      <properties-param>
+        <name>hibernate.properties</name>
+        <description>Default Hibernate Service</description>
+        <property name="hibernate.hbm2ddl.auto" value="update"/>
+        <property name="hibernate.show_sql" value="false"/>
+        <property name="hibernate.connection.datasource" value="jdbcidm"/>
+        <property name="hibernate.connection.autocommit" value="false"/>
+
+        <!-- Non-JTA setup -->
+        <property name="hibernate.current_session_context_class" value="thread"/>
+
+        <!-- JTA setup -->
+        <!--<property name="hibernate.current_session_context_class" value="jta"/>
+     <property name="hibernate.transaction.factory_class" value="org.hibernate.transaction.JTATransactionFactory" />
+     <property name="hibernate.transaction.jta.platform" value="org.exoplatform.services.organization.idm.UserTransactionJtaPlatform" />-->
+
+        <property name="hibernate.cache.use_second_level_cache" value="false"/>
+        <property name="hibernate.cache.use_query_cache" value="false"/>
+        <!-- Uncomment for enable 2nd level cache based on Infinispan -->
+        <!--<property name="hibernate.cache.region.factory_class" value="org.jboss.as.jpa.hibernate4.infinispan.InfinispanRegionFactory" />-->
+        <!-- Uncomment to enable cache statistics for infinispan />-->
+        <!--<property name="hibernate.cache.infinispan.statistics" value="true" />-->
+        <!-- Uncomment to use custom infinispan configuration file instead of the default bundled in hibernate-infinispan jar -->
+        <!--<property name="hibernate.cache.infinispan.cfg" value="/home/infinispan/cacheprovider-configs.xml"/>-->
+
+        <!--
+          Should be automatically detected. Force otherwise
+           <property name="hibernate.dialect" value="org.hibernate.dialect.XXXDialect"/>
+        -->
+        <property name="hibernate.listeners.envers.autoRegister" value="false"/>
+      </properties-param>
+    </init-params>
+  </component>
+
+  <component>
+    <key>org.exoplatform.services.organization.idm.PicketLinkIDMService</key>
+    <type>org.exoplatform.services.organization.idm.PicketLinkIDMServiceImpl</type>
+    <init-params>
+      <value-param>
+        <name>config</name>
+        <value>war:/conf/organization/picketlink-idm/picketlink-idm-config.xml</value>
+
+        <!--Sample LDAP config-->
+        <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-config.xml</value>-->
+
+        <!--Read Only "ACME" LDAP Example-->
+        <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-acme-config.xml</value>-->
+
+        <!--OpenLDAP LDAP config-->
+        <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-config.xml</value>-->
+
+        <!--OpenLDAP ReadOnly "ACME" LDAP Example-->
+        <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-acme-config.xml</value>-->
+
+        <!--MSAD LDAP Example-->
+        <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-msad-config.xml</value>-->
+
+        <!--MSAD Read Only "ACME" LDAP Example-->
+        <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-msad-readonly-config.xml</value>-->
+
+      </value-param>
+
+      <!-- In default PicketLink IDM configuration hibernate store will namespace identity objects using this realm name
+           if you want to share DB between portal and also share the same identity data remove the "${container.name.suffix}" part-->
+      <value-param>
+        <name>portalRealm</name>
+        <value>idm_realm</value>
+      </value-param>
+
+      <value-param>
+        <name>apiCacheConfig</name>
+        <value>war:/conf/organization/picketlink-idm/infinispan.xml</value>
+      </value-param>
+
+      <value-param profiles="cluster">
+        <name>apiCacheConfig</name>
+        <value>war:/conf/organization/picketlink-idm/infinispan-cluster.xml</value>
+      </value-param>
+
+      <value-param>
+        <name>storeCacheConfig</name>
+        <value>war:/conf/organization/picketlink-idm/infinispan.xml</value>
+      </value-param>
+
+      <value-param profiles="cluster">
+        <name>storeCacheConfig</name>
+        <value>war:/conf/organization/picketlink-idm/infinispan-cluster.xml</value>
+      </value-param>
+
+      <value-param>
+        <name>skipExpirationOfStructureCacheEntries</name>
+        <value>true</value>
+      </value-param>
+
+    </init-params>
+  </component>
+
+
+  <component>
+    <key>org.exoplatform.services.organization.OrganizationService</key>
+    <type>org.exoplatform.services.organization.idm.PicketLinkIDMOrganizationServiceImpl</type>
+    <init-params>
+      <object-param>
+        <name>configuration</name>
+        <object type="org.exoplatform.services.organization.idm.Config">
+          <!-- For all ids not mapped with type in 'groupTypeMappings' use parent id path
+               as a group type to store group in PicketLink IDM. The effect of setting
+               this option to false and not providing any mappings under 'groupTypeMappings' option
+               is that there can be only one group with a given name in all GateIn group tree-->
+          <field name="useParentIdAsGroupType">
+            <boolean>true</boolean>
+          </field>
+          <!-- Group stored in PicketLink IDM with a type mapped in 'groupTypeMappings' will
+               automatically be member under mapped parent. Normally groups are linked by
+               PicketLink IDM group association - such relationship won't be needed then. It can
+               be set to false if all groups are added via GateIn APIs
+               This option may be useful with LDAP config as it will make (if set to true) every entry
+               added to LDAP (not via GateIn management UI) appear in GateIn-->
+          <field name="forceMembershipOfMappedTypes">
+            <boolean>true</boolean>
+          </field>
+          <!-- When 'userParentIdAsGroupType is set to true this value will be used to
+               replace all "/" chars in id. This is because "/" is not allowed to be
+               used in group type name in PicketLink IDM-->
+          <field name="pathSeparator">
+            <string>.</string>
+          </field>
+          <!-- Name of a group stored in PicketLink IDM that acts as root group in GateIn - "/" -->
+          <field name="rootGroupName">
+            <string>GTN_ROOT_GROUP</string>
+          </field>
+          <!-- Map groups added with GateIn API as a childs of a given group ID to be stored with a given
+               group type name in PicketLink IDM. If parent ID ends with "/*" then all child groups will
+               have the mapped group type. Otherwise only direct (first level) children will use this type.
+
+               This can be leveraged by LDAP setup. Given LDAP DN configured in PicketLink IDM to
+               store specific group type will then store one given branch in GateIn group tree while
+               all other groups will remain in DB. -->
+          <field name="groupTypeMappings">
+            <map type="java.util.HashMap">
+              <entry>
+                <key>
+                  <string>/</string>
+                </key>
+                <value>
+                  <string>root_type</string>
+                </value>
+              </entry>
+
+              <!-- Uncomment for sample LDAP configuration -->
+              <!--
+              <entry>
+                <key><string>/platform/*</string></key>
+                <value><string>platform_type</string></value>
+              </entry>
+              <entry>
+                <key><string>/organization/*</string></key>
+                <value><string>organization_type</string></value>
+              </entry>
+              -->
+
+
+              <!-- Uncomment for ACME LDAP example -->
+              <!--
+              <entry>
+                <key><string>/acme/roles/*</string></key>
+                <value><string>acme_roles_type</string></value>
+              </entry>
+              <entry>
+                <key><string>/acme/organization_units/*</string></key>
+                <value><string>acme_ou_type</string></value>
+              </entry>
+              -->
+
+              <!-- Uncomment for MSAD ReadOnly LDAP example -->
+              <!--
+              <entry>
+                <key><string>/acme/roles/*</string></key>
+                <value><string>msad_roles_type</string></value>
+              </entry>
+              -->
+            </map>
+          </field>
+          <!-- If this option is used then each Membership created with MembrshipType that is
+               equal to value specified here will be stored in PicketLink IDM as simple
+               Group-User association-->
+          <field name="associationMembershipType">
+            <string>member</string>
+          </field>
+          <!-- if "associationMembershipType" option is used and this option is set to true
+                then Membership with MembershipType configured to be stored as PicketLink IDM association
+                will not be stored as PicketLink IDM Role -->
+          <field name="ignoreMappedMembershipType">
+            <boolean>false</boolean>
+          </field>
+          <!-- If 'true' will use JTA UserTransaction. If 'false' will use IDM transaction API -->
+          <field name="useJTA">
+            <boolean>false</boolean>
+          </field>
+
+          <!-- If PLIDM group will have name containing slash "/" char than it will be replace with following string.
+               Slashes are used in group paths and if present in names may cause unpredictable behaviour -->
+          <field name="slashReplacement">
+            <string>@_@_@</string>
+          </field>
+
+          <!-- If groups should be displayed in a sorted order in the management UI-->
+          <field name="sortGroups">
+            <boolean>true</boolean>
+          </field>
+
+          <!-- If memberships should be displayed in a sorted order in the management UI-->
+          <field name="sortMemberships">
+            <boolean>true</boolean>
+          </field>
+
+          <!-- For some LDAP configurations where part of users can duplicate in both DB and LDAP
+               it is not possible to count user efficiently for paginated query. Only way is to download
+               whole content of LDAP server and exclude duplicates manually to return accurate user count.
+               When this option is set to true GateIn will rely on user count information returned from PLIDM
+               which can return greater number of users then in real non duplicated count for perf reasons..
+               Those users will be filtered before returning search page however to not return nulls last entry
+               can be duplicated in returned user list.
+               If this value is set to false GateIn will perform whole non paginated query and filter it after.
+               It will result in more accurate results and paginated list size info however can affect performance -->
+          <field name="countPaginatedUsers">
+            <boolean>true</boolean>
+          </field>
+        </object>
+      </object-param>
+    </init-params>
+  </component>
+
+  <external-component-plugins>
+    <target-component>org.exoplatform.services.naming.InitialContextInitializer</target-component>
+    <component-plugin>
+      <name>bind.datasource</name>
+      <set-method>addPlugin</set-method>
+      <type>org.exoplatform.services.naming.BindReferencePlugin</type>
+      <init-params>
+        <value-param>
+          <name>bind-name</name>
+          <value>jdbcidm</value>
+        </value-param>
+        <value-param>
+          <name>class-name</name>
+          <value>javax.sql.DataSource</value>
+        </value-param>
+        <value-param>
+          <name>factory</name>
+          <value>org.apache.commons.dbcp.BasicDataSourceFactory</value>
+        </value-param>
+        <properties-param>
+          <name>ref-addresses</name>
+          <description>ref-addresses</description>
+          <property name="driverClassName" value="org.hsqldb.jdbcDriver"/>
+          <property name="url" value="jdbc:hsqldb:mem:portal"/>
+          <property name="username" value="sa"/>
+          <property name="password" value=""/>
+
+        </properties-param>
+      </init-params>
+    </component-plugin>
+  </external-component-plugins>
+
+  <external-component-plugins>
+    <target-component>org.exoplatform.services.database.HibernateService</target-component>
+    <component-plugin>
+      <name>add.hibernate.mapping</name>
+      <set-method>addPlugin</set-method>
+      <type>org.exoplatform.services.database.impl.AddHibernateMappingPlugin</type>
+      <init-params>
+        <values-param>
+          <name>hibernate.mapping</name>
+          <value>picketlink-idm/mappings/HibernateRealm.hbm.xml</value>
+          <value>picketlink-idm/mappings/HibernateIdentityObjectCredentialBinaryValue.hbm.xml</value>
+          <value>picketlink-idm/mappings/HibernateIdentityObjectAttributeBinaryValue.hbm.xml</value>
+          <value>picketlink-idm/mappings/HibernateIdentityObject.hbm.xml</value>
+          <value>picketlink-idm/mappings/HibernateIdentityObjectCredential.hbm.xml</value>
+          <value>picketlink-idm/mappings/HibernateIdentityObjectCredentialType.hbm.xml</value>
+          <value>picketlink-idm/mappings/HibernateIdentityObjectAttribute.hbm.xml</value>
+          <value>picketlink-idm/mappings/HibernateIdentityObjectType.hbm.xml</value>
+          <value>picketlink-idm/mappings/HibernateIdentityObjectRelationship.hbm.xml</value>
+          <value>picketlink-idm/mappings/HibernateIdentityObjectRelationshipType.hbm.xml</value>
+          <value>picketlink-idm/mappings/HibernateIdentityObjectRelationshipName.hbm.xml</value>
+        </values-param>
+        <values-param profiles="sybase">
+          <name>hibernate.mapping</name>
+          <value>picketlink-idm/sybase-mappings/HibernateRealm.hbm.xml</value>
+          <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectCredentialBinaryValue.hbm.xml</value>
+          <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectAttributeBinaryValue.hbm.xml</value>
+          <value>picketlink-idm/sybase-mappings/HibernateIdentityObject.hbm.xml</value>
+          <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectCredential.hbm.xml</value>
+          <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectCredentialType.hbm.xml</value>
+          <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectAttribute.hbm.xml</value>
+          <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectType.hbm.xml</value>
+          <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationship.hbm.xml</value>
+          <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationshipType.hbm.xml</value>
+          <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationshipName.hbm.xml</value>
+        </values-param>
+      </init-params>
+    </component-plugin>
+  </external-component-plugins>
+
+</configuration>
diff --git a/portal/web/src/test/resources/WEB-INF/conf/organization/organization-configuration.xml b/portal/web/src/test/resources/WEB-INF/conf/organization/organization-configuration.xml
new file mode 100644
index 000000000..2e47ded24
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/organization/organization-configuration.xml
@@ -0,0 +1,502 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+
+    Copyright (C) 2009 eXo Platform SAS.
+
+    This is free software; you can redistribute it and/or modify it
+    under the terms of the GNU Lesser General Public License as
+    published by the Free Software Foundation; either version 2.1 of
+    the License, or (at your option) any later version.
+
+    This software is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public
+    License along with this software; if not, write to the Free
+    Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+    02110-1301 USA, or see the FSF site: http://www.fsf.org.
+
+-->
+
+<configuration
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd http://www.exoplaform.org/xml/ns/kernel_1_2.xsd"
+    xmlns="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd">
+  <external-component-plugins>
+    <target-component>org.exoplatform.services.organization.OrganizationService</target-component>
+    <component-plugin>
+      <name>init.service.listener</name>
+      <set-method>addListenerPlugin</set-method>
+      <type>org.exoplatform.services.organization.OrganizationDatabaseInitializer</type>
+      <!-- <type>org.gatein.portal.installer.SetupOrganizationDatabaseInitializer</type>  -->
+      <description>this listener populate organization data for the first launch</description>
+      <init-params>
+        <value-param>
+          <name>checkDatabaseAlgorithm</name>
+          <description>check database</description>
+          <value>entry</value>
+        </value-param>
+        <value-param>
+          <name>printInformation</name>
+          <description>Print information init database</description>
+          <value>false</value>
+        </value-param>
+        <object-param>
+          <name>configuration</name>
+          <description>description</description>
+          <object type="org.exoplatform.services.organization.OrganizationConfig">
+            <field name="membershipType">
+              <collection type="java.util.ArrayList">
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$MembershipType">
+                    <field name="type">
+                      <string>manager</string>
+                    </field>
+                    <field name="description">
+                      <string>manager membership type</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$MembershipType">
+                    <field name="type">
+                      <string>member</string>
+                    </field>
+                    <field name="description">
+                      <string>member membership type</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$MembershipType">
+                    <field name="type">
+                      <string>validator</string>
+                    </field>
+                    <field name="description">
+                      <string>validator membership type</string>
+                    </field>
+                  </object>
+                </value>
+              </collection>
+            </field>
+
+            <field name="group">
+              <collection type="java.util.ArrayList">
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$Group">
+                    <field name="name">
+                      <string>platform</string>
+                    </field>
+                    <field name="parentId">
+                      <string></string>
+                    </field>
+                    <field name="description">
+                      <string>the /platform group</string>
+                    </field>
+                    <field name="label">
+                      <string>Platform</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$Group">
+                    <field name="name">
+                      <string>administrators</string>
+                    </field>
+                    <field name="parentId">
+                      <string>/platform</string>
+                    </field>
+                    <field name="description">
+                      <string>the /platform/administrators group</string>
+                    </field>
+                    <field name="label">
+                      <string>Administrators</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$Group">
+                    <field name="name">
+                      <string>users</string>
+                    </field>
+                    <field name="parentId">
+                      <string>/platform</string>
+                    </field>
+                    <field name="description">
+                      <string>the /platform/users group</string>
+                    </field>
+                    <field name="label">
+                      <string>Users</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$Group">
+                    <field name="name">
+                      <string>guests</string>
+                    </field>
+                    <field name="parentId">
+                      <string>/platform</string>
+                    </field>
+                    <field name="description">
+                      <string>the /platform/guests group</string>
+                    </field>
+                    <field name="label">
+                      <string>Guests</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$Group">
+                    <field name="name">
+                      <string>organization</string>
+                    </field>
+                    <field name="parentId">
+                      <string></string>
+                    </field>
+                    <field name="description">
+                      <string>the organization group</string>
+                    </field>
+                    <field name="label">
+                      <string>Organization</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$Group">
+                    <field name="name">
+                      <string>management</string>
+                    </field>
+                    <field name="parentId">
+                      <string>/organization</string>
+                    </field>
+                    <field name="description">
+                      <string>the /organization/management group</string>
+                    </field>
+                    <field name="label">
+                      <string>Management</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$Group">
+                    <field name="name">
+                      <string>executive-board</string>
+                    </field>
+                    <field name="parentId">
+                      <string>/organization/management</string>
+                    </field>
+                    <field name="description">
+                      <string>the /organization/management/executive-board group</string>
+                    </field>
+                    <field name="label">
+                      <string>Executive Board</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$Group">
+                    <field name="name">
+                      <string>human-resources</string>
+                    </field>
+                    <field name="parentId">
+                      <string>/organization/management</string>
+                    </field>
+                    <field name="description">
+                      <string>the /organization/management/human-resource group</string>
+                    </field>
+                    <field name="label">
+                      <string>Human Resources</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$Group">
+                    <field name="name">
+                      <string>communication</string>
+                    </field>
+                    <field name="parentId">
+                      <string>/organization</string>
+                    </field>
+                    <field name="description">
+                      <string>the /organization/communication group</string>
+                    </field>
+                    <field name="label">
+                      <string>Communication</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$Group">
+                    <field name="name">
+                      <string>marketing</string>
+                    </field>
+                    <field name="parentId">
+                      <string>/organization/communication</string>
+                    </field>
+                    <field name="description">
+                      <string>the /organization/communication/marketing group</string>
+                    </field>
+                    <field name="label">
+                      <string>Marketing</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$Group">
+                    <field name="name">
+                      <string>press-and-media</string>
+                    </field>
+                    <field name="parentId">
+                      <string>/organization/communication</string>
+                    </field>
+                    <field name="description">
+                      <string>the /organization/communication/press-and-media group</string>
+                    </field>
+                    <field name="label">
+                      <string>Press and Media</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$Group">
+                    <field name="name">
+                      <string>operations</string>
+                    </field>
+                    <field name="parentId">
+                      <string>/organization</string>
+                    </field>
+                    <field name="description">
+                      <string>the /organization/operations and media group</string>
+                    </field>
+                    <field name="label">
+                      <string>Operations</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$Group">
+                    <field name="name">
+                      <string>sales</string>
+                    </field>
+                    <field name="parentId">
+                      <string>/organization/operations</string>
+                    </field>
+                    <field name="description">
+                      <string>the /organization/operations/sales group</string>
+                    </field>
+                    <field name="label">
+                      <string>Sales</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$Group">
+                    <field name="name">
+                      <string>finances</string>
+                    </field>
+                    <field name="parentId">
+                      <string>/organization/operations</string>
+                    </field>
+                    <field name="description">
+                      <string>the /organization/operations/finances group</string>
+                    </field>
+                    <field name="label">
+                      <string>Finances</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$Group">
+                    <field name="name">
+                      <string>customers</string>
+                    </field>
+                    <field name="parentId">
+                      <string></string>
+                    </field>
+                    <field name="description">
+                      <string>the /customers group</string>
+                    </field>
+                    <field name="label">
+                      <string>Customers</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$Group">
+                    <field name="name">
+                      <string>partners</string>
+                    </field>
+                    <field name="parentId">
+                      <string></string>
+                    </field>
+                    <field name="description">
+                      <string>the /partners group</string>
+                    </field>
+                    <field name="label">
+                      <string>Partners</string>
+                    </field>
+                  </object>
+                </value>
+              </collection>
+            </field>
+
+
+            <field name="user">
+              <collection type="java.util.ArrayList">
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$User">
+                    <field name="userName">
+                      <string>root</string>
+                    </field>
+                    <!-- Use configuration.properties to set up root password file -->
+                    <field name="password">
+                      <string>gtn</string>
+                    </field>
+                    <field name="firstName">
+                      <string>Root</string>
+                    </field>
+                    <field name="lastName">
+                      <string>Root</string>
+                    </field>
+                    <field name="email">
+                      <string>root@localhost</string>
+                    </field>
+                    <field name="groups">
+                      <string>
+                        manager:/platform/administrators,member:/platform/users,
+                        member:/organization/management/executive-board
+                      </string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$User">
+                    <field name="userName">
+                      <string>john</string>
+                    </field>
+                    <field name="password">
+                      <string>gtn</string>
+                    </field>
+                    <field name="firstName">
+                      <string>John</string>
+                    </field>
+                    <field name="lastName">
+                      <string>Anthony</string>
+                    </field>
+                    <field name="email">
+                      <string>john@localhost</string>
+                    </field>
+                    <field name="groups">
+                      <string>
+                        member:/platform/administrators,member:/platform/users,
+                        manager:/organization/management/executive-board
+                      </string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$User">
+                    <field name="userName">
+                      <string>mary</string>
+                    </field>
+                    <field name="password">
+                      <string>gtn</string>
+                    </field>
+                    <field name="firstName">
+                      <string>Mary</string>
+                    </field>
+                    <field name="lastName">
+                      <string>Kelly</string>
+                    </field>
+                    <field name="email">
+                      <string>mary@localhost</string>
+                    </field>
+                    <field name="groups">
+                      <string>member:/platform/users</string>
+                    </field>
+                  </object>
+                </value>
+                <value>
+                  <object type="org.exoplatform.services.organization.OrganizationConfig$User">
+                    <field name="userName">
+                      <string>demo</string>
+                    </field>
+                    <field name="password">
+                      <string>gtn</string>
+                    </field>
+                    <field name="firstName">
+                      <string>Demo</string>
+                    </field>
+                    <field name="lastName">
+                      <string>gtn</string>
+                    </field>
+                    <field name="email">
+                      <string>demo@localhost</string>
+                    </field>
+                    <field name="groups">
+                      <string>member:/platform/guests,member:/platform/users</string>
+                    </field>
+                  </object>
+                </value>
+              </collection>
+            </field>
+          </object>
+        </object-param>
+      </init-params>
+    </component-plugin>
+
+    <component-plugin>
+      <name>new.user.event.listener</name>
+      <set-method>addListenerPlugin</set-method>
+      <type>org.exoplatform.services.organization.impl.NewUserEventListener</type>
+      <description>this listener assign group and membership to a new created user</description>
+      <init-params>
+        <object-param>
+          <name>configuration</name>
+          <description>description</description>
+          <object type="org.exoplatform.services.organization.impl.NewUserConfig">
+            <field name="group">
+              <collection type="java.util.ArrayList">
+                <value>
+                  <object type="org.exoplatform.services.organization.impl.NewUserConfig$JoinGroup">
+                    <field name="groupId">
+                      <string>/platform/users</string>
+                    </field>
+                    <field name="membership">
+                      <string>member</string>
+                    </field>
+                  </object>
+                </value>
+              </collection>
+            </field>
+            <field name="ignoredUser">
+              <collection type="java.util.HashSet">
+                <value>
+                  <string>root</string>
+                </value>
+                <value>
+                  <string>john</string>
+                </value>
+                <value>
+                  <string>mary</string>
+                </value>
+                <value>
+                  <string>demo</string>
+                </value>
+              </collection>
+            </field>
+          </object>
+        </object-param>
+      </init-params>
+    </component-plugin>
+
+    <component-plugin>
+      <name>MembershipUpdateListener</name>
+      <set-method>addListenerPlugin</set-method>
+      <type>org.exoplatform.services.organization.impl.MembershipUpdateListener</type>
+    </component-plugin>
+  </external-component-plugins>
+</configuration>
diff --git a/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/acme-openldap.ldif b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/acme-openldap.ldif
new file mode 100644
index 000000000..435e790a9
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/acme-openldap.ldif
@@ -0,0 +1,160 @@
+dn: o=acme,dc=my-domain,dc=com
+objectclass: top
+objectclass: dcObject
+objectclass: organization
+o: acme
+dc: acme
+
+dn: ou=placeholder,o=acme,dc=my-domain,dc=com
+objectclass: top
+objectclass: organizationalUnit
+ou: placeholder
+description: entry used to satisfy schmema restrictions for required member attribute in groupOfNames objectClass
+
+dn: ou=People,o=acme,dc=my-domain,dc=com
+objectclass: top
+objectclass: organizationalUnit
+ou: People
+
+dn: uid=admin,ou=People,o=acme,dc=my-domain,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: person
+uid: admin
+cn: Administrator
+sn: Duke
+userPassword: admin
+mail: admin@acme.example.com
+
+dn: uid=user,ou=People,o=acme,dc=my-domain,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: person
+uid: user
+cn: User
+sn: Sample
+userPassword: user
+mail: user@acme.example.com
+
+dn: uid=jduke,ou=People,o=acme,dc=my-domain,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: person
+uid: jduke
+cn: Java
+sn: Duke
+userPassword: theduke
+mail: jduke@acme.example.com
+
+dn: uid=jduke1,ou=People,o=acme,dc=my-domain,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: person
+uid: jduke1
+cn: Java 1
+sn: Duke1
+userPassword: theduke
+mail: jduke1@acme.example.com
+
+
+dn: uid=jduke2,ou=People,o=acme,dc=my-domain,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: person
+uid: jduke2
+cn: Java 2
+sn: Duke2
+userPassword: theduke
+mail: jduke2@acme.example.com
+
+dn: uid=jduke3,ou=People,o=acme,dc=my-domain,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: person
+uid: jduke3
+cn: Java 3
+sn: Duke3
+userPassword: theduke
+mail: jduke3@acme.example.com
+
+dn: uid=jduke4,ou=People,o=acme,dc=my-domain,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: person
+uid: jduke4
+cn: Java 4
+sn: Duke4
+userPassword: theduke
+mail: jduke4@acme.example.com
+
+dn: ou=Roles,o=acme,dc=my-domain,dc=com
+objectclass: top
+objectclass: organizationalUnit
+ou: Roles
+
+dn: cn=admins,ou=Roles,o=acme,dc=my-domain,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: admins
+description: Portal admin role
+member: uid=admin,ou=People,o=acme,dc=my-domain,dc=com
+
+dn: cn=employees,ou=Roles,o=acme,dc=my-domain,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: employees
+description: ACME Employees
+member: uid=admin,ou=People,o=acme,dc=my-domain,dc=com
+member: uid=user,ou=People,o=acme,dc=my-domain,dc=com
+member: uid=jduke,ou=People,o=acme,dc=my-domain,dc=com
+member: uid=jduke1,ou=People,o=acme,dc=my-domain,dc=com
+member: uid=jduke2,ou=People,o=acme,dc=my-domain,dc=com
+member: uid=jduke3,ou=People,o=acme,dc=my-domain,dc=com
+member: uid=jduke4,ou=People,o=acme,dc=my-domain,dc=com
+
+dn: cn=echo,ou=Roles,o=acme,dc=my-domain,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: echo
+description: Echo role
+member: uid=jduke1,ou=People,o=acme,dc=my-domain,dc=com
+member: uid=jduke3,ou=People,o=acme,dc=my-domain,dc=com
+member: uid=jduke4,ou=People,o=acme,dc=my-domain,dc=com
+
+dn: cn=echo1,ou=Roles,o=acme,dc=my-domain,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: echo1
+description: Echo1 role
+member: uid=jduke2,ou=People,o=acme,dc=my-domain,dc=com
+member: uid=jduke3,ou=People,o=acme,dc=my-domain,dc=com
+
+dn: cn=theduke,ou=Roles,o=acme,dc=my-domain,dc=com
+objectClass: groupOfNames
+objectClass: top
+cn: theduke
+description: TheDuke role
+member: uid=jduke,ou=People,o=acme,dc=my-domain,dc=com
+
+dn: ou=OrganizationUnits,o=acme,dc=my-domain,dc=com
+objectclass: top
+objectclass: organizationalUnit
+ou: OrganizationUnits
+
+dn: cn=foo,ou=OrganizationUnits,o=acme,dc=my-domain,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: foo
+description: Foo organization unit
+member: uid=admin,ou=People,o=acme,dc=my-domain,dc=com
+
+
+
+dn: cn=bar,ou=OrganizationUnits,o=acme,dc=my-domain,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: bar
+description: Bar organization
+member: uid=admin,ou=People,o=acme,dc=my-domain,dc=com
+
+
diff --git a/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/acme.ldif b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/acme.ldif
new file mode 100644
index 000000000..addd88638
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/acme.ldif
@@ -0,0 +1,151 @@
+dn: o=acme,dc=example,dc=com
+objectclass: top
+objectclass: dcObject
+objectclass: organization
+o: acme
+dc: acme
+
+dn: ou=People,o=acme,dc=example,dc=com
+objectclass: top
+objectclass: organizationalUnit
+ou: People
+
+
+dn: uid=admin,ou=People,o=acme,dc=example,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: person
+uid: admin
+cn: Administrator
+sn: Duke
+userPassword: admin
+mail: admin@acme.example.com
+
+dn: uid=user,ou=People,o=acme,dc=example,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: person
+uid: user
+cn: User
+sn: Sample
+userPassword: user
+mail: user@acme.example.com
+
+dn: uid=jduke,ou=People,o=acme,dc=example,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: person
+uid: jduke
+cn: Java
+sn: Duke
+userPassword: theduke
+mail: jduke@acme.example.com
+
+dn: uid=jduke1,ou=People,o=acme,dc=example,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: person
+uid: jduke1
+cn: Java 1
+sn: Duke1
+userPassword: theduke
+mail: jduke1@acme.example.com
+
+
+dn: uid=jduke2,ou=People,o=acme,dc=example,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: person
+uid: jduke2
+cn: Java 2
+sn: Duke2
+userPassword: theduke
+mail: jduke2@acme.example.com
+
+dn: uid=jduke3,ou=People,o=acme,dc=example,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: person
+uid: jduke3
+cn: Java 3
+sn: Duke3
+userPassword: theduke
+mail: jduke3@acme.example.com
+
+dn: uid=jduke4,ou=People,o=acme,dc=example,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: person
+uid: jduke4
+cn: Java 4
+sn: Duke4
+userPassword: theduke
+mail: jduke4@acme.example.com
+
+dn: ou=Roles,o=acme,dc=example,dc=com
+objectclass: top
+objectclass: organizationalUnit
+ou: Roles
+
+dn: cn=admins,ou=Roles,o=acme,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: admins
+description: Portal admin role
+member: uid=admin,ou=People,o=acme,dc=example,dc=com
+
+dn: cn=employees,ou=Roles,o=acme,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: employees
+description: ACME Employees
+member: uid=admin,ou=People,o=acme,dc=example,dc=com
+member: uid=user,ou=People,o=acme,dc=example,dc=com
+member: uid=jduke,ou=People,o=acme,dc=example,dc=com
+member: uid=jduke1,ou=People,o=acme,dc=example,dc=com
+member: uid=jduke2,ou=People,o=acme,dc=example,dc=com
+member: uid=jduke3,ou=People,o=acme,dc=example,dc=com
+member: uid=jduke4,ou=People,o=acme,dc=example,dc=com
+
+dn: cn=echo,ou=Roles,o=acme,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: echo
+description: Echo role
+member: uid=jduke1,ou=People,o=acme,dc=example,dc=com
+member: uid=jduke3,ou=People,o=acme,dc=example,dc=com
+member: uid=jduke4,ou=People,o=acme,dc=example,dc=com
+
+dn: cn=echo1,ou=Roles,o=acme,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: echo1
+description: Echo1 role
+member: uid=jduke2,ou=People,o=acme,dc=example,dc=com
+member: uid=jduke3,ou=People,o=acme,dc=example,dc=com
+
+dn: cn=theduke,ou=Roles,o=acme,dc=example,dc=com
+objectClass: groupOfNames
+objectClass: top
+cn: theduke
+description: TheDuke role
+member: uid=jduke,ou=People,o=acme,dc=example,dc=com
+
+dn: ou=OrganizationUnits,o=acme,dc=example,dc=com
+objectclass: top
+objectclass: organizationalUnit
+ou: OrganizationUnits
+
+dn: cn=foo,ou=OrganizationUnits,o=acme,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: foo
+description: Foo organization unit
+
+
+dn: cn=bar,ou=OrganizationUnits,o=acme,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: bar
+description: Bar organization
+
diff --git a/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/initial-openldap.ldif b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/initial-openldap.ldif
new file mode 100644
index 000000000..c0a2658eb
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/initial-openldap.ldif
@@ -0,0 +1,16 @@
+dn: o=gatein,dc=my-domain,dc=com
+objectclass: top
+objectclass: organization
+o: gatein
+
+dn: o=portal,o=gatein,dc=my-domain,dc=com
+objectclass: top
+objectclass: organization
+o: portal
+
+dn: ou=placeholder,o=portal,o=gatein,dc=my-domain,dc=com
+objectclass: top
+objectclass: organizationalUnit
+ou: placeholder
+description: entry used to satisfy schmema restrictions for required member attribute in groupOfNames objectClass
+
diff --git a/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-acme-config.xml b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-acme-config.xml
new file mode 100644
index 000000000..4350d2238
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-acme-config.xml
@@ -0,0 +1,419 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright (C) 2009 eXo Platform SAS.
+
+    This is free software; you can redistribute it and/or modify it
+    under the terms of the GNU Lesser General Public License as
+    published by the Free Software Foundation; either version 2.1 of
+    the License, or (at your option) any later version.
+
+    This software is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public
+    License along with this software; if not, write to the Free
+    Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+    02110-1301 USA, or see the FSF site: http://www.fsf.org.
+
+-->
+
+<jboss-identity xmlns="urn:picketlink:idm:config:v1_0_0_ga"
+                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                xsi:schemaLocation="urn:picketlink:idm:config:v1_0_0_ga identity-config.xsd">
+  <realms>
+    <realm>
+      <id>idm_realm_sample-portal</id>
+      <repository-id-ref>DefaultPortalRepository</repository-id-ref>
+      <identity-type-mappings>
+        <user-mapping>USER</user-mapping>
+      </identity-type-mappings>
+      <options>
+        <option>
+          <name>cache.providerRegistryName</name>
+          <value>apiCacheProvider</value>
+        </option>
+        <option>
+          <name>credentialEncoder.class</name>
+          <value>org.picketlink.idm.impl.credential.HashingEncoder</value>
+        </option>
+        <option>
+          <name>credentialEncoder.hashAlgorithm</name>
+          <value>MD5</value>
+        </option>
+      </options>
+    </realm>
+    <realm>
+      <id>idm_realm</id>
+      <repository-id-ref>PortalRepository</repository-id-ref>
+      <identity-type-mappings>
+        <user-mapping>USER</user-mapping>
+      </identity-type-mappings>
+      <options>
+        <option>
+          <name>template</name>
+          <value>true</value>
+        </option>
+        <option>
+          <name>cache.providerRegistryName</name>
+          <value>apiCacheProvider</value>
+        </option>
+        <option>
+          <name>credentialEncoder.class</name>
+          <value>org.picketlink.idm.impl.credential.HashingEncoder</value>
+        </option>
+        <option>
+          <name>credentialEncoder.hashAlgorithm</name>
+          <value>MD5</value>
+        </option>
+      </options>
+    </realm>
+  </realms>
+  <repositories>
+    <repository>
+      <id>PortalRepository</id>
+      <class>org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository</class>
+      <external-config/>
+      <default-identity-store-id>HibernateStore</default-identity-store-id>
+      <default-attribute-store-id>HibernateStore</default-attribute-store-id>
+      <identity-store-mappings>
+        <identity-store-mapping>
+          <identity-store-id>PortalLDAPStore</identity-store-id>
+          <identity-object-types>
+            <identity-object-type>USER</identity-object-type>
+            <identity-object-type>acme_roles_type</identity-object-type>
+            <identity-object-type>acme_ou_type</identity-object-type>
+          </identity-object-types>
+          <options>
+            <option>
+              <name>readOnly</name>
+              <value>true</value>
+            </option>
+          </options>
+        </identity-store-mapping>
+      </identity-store-mappings>
+      <options>
+        <option>
+          <name>allowNotDefinedAttributes</name>
+          <value>true</value>
+        </option>
+      </options>
+    </repository>
+    <repository>
+      <id>DefaultPortalRepository</id>
+      <class>org.picketlink.idm.impl.repository.WrapperIdentityStoreRepository</class>
+      <external-config/>
+      <default-identity-store-id>HibernateStore</default-identity-store-id>
+      <default-attribute-store-id>HibernateStore</default-attribute-store-id>
+    </repository>
+  </repositories>
+  <stores>
+    <attribute-stores/>
+    <identity-stores>
+      <identity-store>
+        <id>HibernateStore</id>
+        <class>org.picketlink.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class>
+        <external-config/>
+        <supported-relationship-types>
+          <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+          <relationship-type>JBOSS_IDENTITY_ROLE</relationship-type>
+        </supported-relationship-types>
+        <supported-identity-object-types>
+          <identity-object-type>
+            <name>USER</name>
+            <relationships/>
+            <credentials>
+              <credential-type>PASSWORD</credential-type>
+            </credentials>
+            <attributes/>
+            <options/>
+          </identity-object-type>
+        </supported-identity-object-types>
+        <options>
+          <option>
+            <name>hibernateSessionFactoryRegistryName</name>
+            <value>hibernateSessionFactory</value>
+          </option>
+          <option>
+            <name>populateRelationshipTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>populateIdentityObjectTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotDefinedIdentityObjectTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotDefinedAttributes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotCaseSensitiveSearch</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>isRealmAware</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>lazyStartOfHibernateTransaction</name>
+            <value>true</value>
+          </option>
+        </options>
+      </identity-store>
+      <identity-store>
+        <id>PortalLDAPStore</id>
+        <class>org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl</class>
+        <external-config/>
+        <supported-relationship-types>
+          <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+        </supported-relationship-types>
+        <supported-identity-object-types>
+          <identity-object-type>
+            <name>USER</name>
+            <relationships/>
+            <credentials>
+              <credential-type>PASSWORD</credential-type>
+            </credentials>
+            <attributes>
+              <attribute>
+                <name>firstName</name>
+                <mapping>cn</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+              <attribute>
+                <name>lastName</name>
+                <mapping>sn</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+              <attribute>
+                <name>email</name>
+                <mapping>mail</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+                <isUnique>true</isUnique>
+              </attribute>
+            </attributes>
+            <options>
+              <option>
+                <name>idAttributeName</name>
+                <value>uid</value>
+              </option>
+              <option>
+                <name>passwordAttributeName</name>
+                <value>userPassword</value>
+              </option>
+              <option>
+                <name>ctxDNs</name>
+                <value>ou=People,o=acme,dc=example,dc=com</value>
+              </option>
+              <option>
+                <name>allowCreateEntry</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>createEntryAttributeValues</name>
+                <value>objectClass=top</value>
+                <value>objectClass=inetOrgPerson</value>
+                <value>sn=</value>
+                <value>cn=</value>
+              </option>
+            </options>
+          </identity-object-type>
+          <identity-object-type>
+            <name>acme_roles_type</name>
+            <relationships>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>USER</identity-object-type-ref>
+              </relationship>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>acme_roles_type</identity-object-type-ref>
+              </relationship>
+            </relationships>
+            <credentials/>
+            <attributes>
+              <attribute>
+                <name>label</name>
+                <mapping>cn</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>true</isReadOnly>
+              </attribute>
+              <attribute>
+                <name>description</name>
+                <mapping>description</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+            </attributes>
+            <options>
+              <option>
+                <name>idAttributeName</name>
+                <value>cn</value>
+              </option>
+              <option>
+                <name>ctxDNs</name>
+                <value>ou=Roles,o=acme,dc=example,dc=com</value>
+              </option>
+              <!--<option>-->
+              <!--<name>entrySearchFilter</name>-->
+              <!--<value></value>-->
+              <!--</option>-->
+              <option>
+                <name>allowCreateEntry</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>parentMembershipAttributeName</name>
+                <value>member</value>
+              </option>
+              <option>
+                <name>isParentMembershipAttributeDN</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>allowEmptyMemberships</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>createEntryAttributeValues</name>
+                <value>objectClass=top</value>
+                <value>objectClass=groupOfNames</value>
+              </option>
+            </options>
+          </identity-object-type>
+          <identity-object-type>
+            <name>acme_ou_type</name>
+            <relationships>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>USER</identity-object-type-ref>
+              </relationship>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>acme_ou_type</identity-object-type-ref>
+              </relationship>
+            </relationships>
+            <credentials/>
+            <attributes>
+              <attribute>
+                <name>label</name>
+                <mapping>cn</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>true</isReadOnly>
+              </attribute>
+              <attribute>
+                <name>description</name>
+                <mapping>description</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+            </attributes>
+            <options>
+              <option>
+                <name>idAttributeName</name>
+                <value>cn</value>
+              </option>
+              <option>
+                <name>ctxDNs</name>
+                <value>ou=OrganizationUnits,o=acme,dc=example,dc=com</value>
+              </option>
+              <!--<option>-->
+              <!--<name>entrySearchFilter</name>-->
+              <!--<value></value>-->
+              <!--</option>-->
+              <option>
+                <name>allowCreateEntry</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>parentMembershipAttributeName</name>
+                <value>member</value>
+              </option>
+              <option>
+                <name>isParentMembershipAttributeDN</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>allowEmptyMemberships</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>createEntryAttributeValues</name>
+                <value>objectClass=top</value>
+                <value>objectClass=groupOfNames</value>
+              </option>
+            </options>
+          </identity-object-type>
+        </supported-identity-object-types>
+        <options>
+          <option>
+            <name>providerURL</name>
+            <value>ldap://localhost:1389</value>
+          </option>
+          <option>
+            <name>adminDN</name>
+            <value>cn=Directory Manager</value>
+          </option>
+          <option>
+            <name>adminPassword</name>
+            <value>password</value>
+          </option>
+          <option>
+            <name>searchTimeLimit</name>
+            <value>10000</value>
+          </option>
+          <option>
+            <name>createMissingContexts</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>customJNDIConnectionParameters</name>
+            <value>com.sun.jndi.ldap.connect.pool=true</value>
+          </option>
+          <option>
+            <name>customSystemProperties</name>
+            <value>com.sun.jndi.ldap.connect.pool.maxsize=300000</value>
+            <value>com.sun.jndi.ldap.connect.pool.protocol=plain ssl</value>
+          </option>
+          <option>
+            <name>cache.providerRegistryName</name>
+            <value>storeCacheProvider</value>
+          </option>
+          <option>
+            <name>allowNotCaseSensitiveSearch</name>
+            <value>true</value>
+          </option>
+        </options>
+      </identity-store>
+    </identity-stores>
+  </stores>
+  <options>
+    <option>
+      <name>defaultTemplate</name>
+      <value>idm_realm</value>
+    </option>
+  </options>
+</jboss-identity>
\ No newline at end of file
diff --git a/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-config.xml b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-config.xml
new file mode 100644
index 000000000..e6688fe55
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-config.xml
@@ -0,0 +1,380 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright (C) 2009 eXo Platform SAS.
+
+    This is free software; you can redistribute it and/or modify it
+    under the terms of the GNU Lesser General Public License as
+    published by the Free Software Foundation; either version 2.1 of
+    the License, or (at your option) any later version.
+
+    This software is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public
+    License along with this software; if not, write to the Free
+    Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+    02110-1301 USA, or see the FSF site: http://www.fsf.org.
+
+-->
+
+<jboss-identity xmlns="urn:picketlink:idm:config:v1_0_0_ga"
+                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                xsi:schemaLocation="urn:picketlink:idm:config:v1_0_0_ga identity-config.xsd">
+  <realms>
+    <realm>
+      <id>idm_realm_sample-portal</id>
+      <repository-id-ref>DefaultPortalRepository</repository-id-ref>
+      <identity-type-mappings>
+        <user-mapping>USER</user-mapping>
+      </identity-type-mappings>
+      <options>
+        <option>
+          <name>cache.providerRegistryName</name>
+          <value>apiCacheProvider</value>
+        </option>
+        <option>
+          <name>credentialEncoder.class</name>
+          <value>org.picketlink.idm.impl.credential.HashingEncoder</value>
+        </option>
+        <option>
+          <name>credentialEncoder.hashAlgorithm</name>
+          <value>MD5</value>
+        </option>
+      </options>
+    </realm>
+    <realm>
+      <id>idm_realm</id>
+      <repository-id-ref>PortalRepository</repository-id-ref>
+      <identity-type-mappings>
+        <user-mapping>USER</user-mapping>
+      </identity-type-mappings>
+      <options>
+        <option>
+          <name>template</name>
+          <value>true</value>
+        </option>
+        <option>
+          <name>cache.providerRegistryName</name>
+          <value>apiCacheProvider</value>
+        </option>
+        <option>
+          <name>credentialEncoder.class</name>
+          <value>org.picketlink.idm.impl.credential.HashingEncoder</value>
+        </option>
+        <option>
+          <name>credentialEncoder.hashAlgorithm</name>
+          <value>MD5</value>
+        </option>
+      </options>
+    </realm>
+  </realms>
+  <repositories>
+    <repository>
+      <id>PortalRepository</id>
+      <class>org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository</class>
+      <external-config/>
+      <default-identity-store-id>HibernateStore</default-identity-store-id>
+      <default-attribute-store-id>HibernateStore</default-attribute-store-id>
+      <identity-store-mappings>
+        <identity-store-mapping>
+          <identity-store-id>PortalLDAPStore</identity-store-id>
+          <identity-object-types>
+            <identity-object-type>USER</identity-object-type>
+            <identity-object-type>platform_type</identity-object-type>
+            <identity-object-type>organization_type</identity-object-type>
+          </identity-object-types>
+          <options/>
+        </identity-store-mapping>
+      </identity-store-mappings>
+      <options>
+        <option>
+          <name>allowNotDefinedAttributes</name>
+          <value>true</value>
+        </option>
+      </options>
+    </repository>
+    <repository>
+      <id>DefaultPortalRepository</id>
+      <class>org.picketlink.idm.impl.repository.WrapperIdentityStoreRepository</class>
+      <external-config/>
+      <default-identity-store-id>HibernateStore</default-identity-store-id>
+      <default-attribute-store-id>HibernateStore</default-attribute-store-id>
+    </repository>
+  </repositories>
+  <stores>
+    <attribute-stores/>
+    <identity-stores>
+      <identity-store>
+        <id>HibernateStore</id>
+        <class>org.picketlink.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class>
+        <external-config/>
+        <supported-relationship-types>
+          <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+          <relationship-type>JBOSS_IDENTITY_ROLE</relationship-type>
+        </supported-relationship-types>
+        <supported-identity-object-types>
+          <identity-object-type>
+            <name>USER</name>
+            <relationships/>
+            <credentials>
+              <credential-type>PASSWORD</credential-type>
+            </credentials>
+            <attributes/>
+            <options/>
+          </identity-object-type>
+        </supported-identity-object-types>
+        <options>
+          <option>
+            <name>hibernateSessionFactoryRegistryName</name>
+            <value>hibernateSessionFactory</value>
+          </option>
+          <option>
+            <name>populateRelationshipTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>populateIdentityObjectTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotDefinedIdentityObjectTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotDefinedAttributes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotCaseSensitiveSearch</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>isRealmAware</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>lazyStartOfHibernateTransaction</name>
+            <value>true</value>
+          </option>
+        </options>
+      </identity-store>
+      <identity-store>
+        <id>PortalLDAPStore</id>
+        <class>org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl</class>
+        <external-config/>
+        <supported-relationship-types>
+          <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+        </supported-relationship-types>
+        <supported-identity-object-types>
+          <identity-object-type>
+            <name>USER</name>
+            <relationships/>
+            <credentials>
+              <credential-type>PASSWORD</credential-type>
+            </credentials>
+            <attributes>
+              <attribute>
+                <name>firstName</name>
+                <mapping>cn</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+              <attribute>
+                <name>lastName</name>
+                <mapping>sn</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+              <attribute>
+                <name>email</name>
+                <mapping>mail</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+                <isUnique>true</isUnique>
+              </attribute>
+            </attributes>
+            <options>
+              <option>
+                <name>idAttributeName</name>
+                <value>uid</value>
+              </option>
+              <option>
+                <name>passwordAttributeName</name>
+                <value>userPassword</value>
+              </option>
+              <option>
+                <name>ctxDNs</name>
+                <value>ou=People,o=portal,o=gatein,dc=example,dc=com</value>
+              </option>
+              <option>
+                <name>allowCreateEntry</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>createEntryAttributeValues</name>
+                <value>objectClass=top</value>
+                <value>objectClass=inetOrgPerson</value>
+                <value>sn=</value>
+                <value>cn=</value>
+              </option>
+            </options>
+          </identity-object-type>
+          <identity-object-type>
+            <name>platform_type</name>
+            <relationships>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>USER</identity-object-type-ref>
+              </relationship>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>platform_type</identity-object-type-ref>
+              </relationship>
+            </relationships>
+            <credentials/>
+            <attributes/>
+            <options>
+              <option>
+                <name>idAttributeName</name>
+                <value>cn</value>
+              </option>
+              <option>
+                <name>ctxDNs</name>
+                <value>ou=Platform,o=portal,o=gatein,dc=example,dc=com</value>
+              </option>
+              <!--<option>-->
+              <!--<name>entrySearchFilter</name>-->
+              <!--<value></value>-->
+              <!--</option>-->
+              <option>
+                <name>allowCreateEntry</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>parentMembershipAttributeName</name>
+                <value>member</value>
+              </option>
+              <option>
+                <name>isParentMembershipAttributeDN</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>allowEmptyMemberships</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>createEntryAttributeValues</name>
+                <value>objectClass=top</value>
+                <value>objectClass=groupOfNames</value>
+              </option>
+            </options>
+          </identity-object-type>
+          <identity-object-type>
+            <name>organization_type</name>
+            <relationships>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>USER</identity-object-type-ref>
+              </relationship>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>organization_type</identity-object-type-ref>
+              </relationship>
+            </relationships>
+            <credentials/>
+            <attributes/>
+            <options>
+              <option>
+                <name>idAttributeName</name>
+                <value>cn</value>
+              </option>
+              <option>
+                <name>ctxDNs</name>
+                <value>ou=Organization,o=portal,o=gatein,dc=example,dc=com</value>
+              </option>
+              <!--<option>-->
+              <!--<name>entrySearchFilter</name>-->
+              <!--<value></value>-->
+              <!--</option>-->
+              <option>
+                <name>allowCreateEntry</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>parentMembershipAttributeName</name>
+                <value>member</value>
+              </option>
+              <option>
+                <name>isParentMembershipAttributeDN</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>allowEmptyMemberships</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>createEntryAttributeValues</name>
+                <value>objectClass=top</value>
+                <value>objectClass=groupOfNames</value>
+              </option>
+            </options>
+          </identity-object-type>
+        </supported-identity-object-types>
+        <options>
+          <option>
+            <name>providerURL</name>
+            <value>ldap://localhost:1389</value>
+          </option>
+          <option>
+            <name>adminDN</name>
+            <value>cn=Directory Manager</value>
+          </option>
+          <option>
+            <name>adminPassword</name>
+            <value>password</value>
+          </option>
+          <option>
+            <name>searchTimeLimit</name>
+            <value>10000</value>
+          </option>
+          <option>
+            <name>createMissingContexts</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>customJNDIConnectionParameters</name>
+            <value>com.sun.jndi.ldap.connect.pool=true</value>
+          </option>
+          <option>
+            <name>customSystemProperties</name>
+            <value>com.sun.jndi.ldap.connect.pool.maxsize=300000</value>
+            <value>com.sun.jndi.ldap.connect.pool.protocol=plain ssl</value>
+          </option>
+          <option>
+            <name>cache.providerRegistryName</name>
+            <value>storeCacheProvider</value>
+          </option>
+          <option>
+            <name>allowNotCaseSensitiveSearch</name>
+            <value>true</value>
+          </option>
+        </options>
+      </identity-store>
+    </identity-stores>
+  </stores>
+  <options>
+    <option>
+      <name>defaultTemplate</name>
+      <value>idm_realm</value>
+    </option>
+  </options>
+</jboss-identity>
\ No newline at end of file
diff --git a/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-msad-config.xml b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-msad-config.xml
new file mode 100644
index 000000000..711c4e13d
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-msad-config.xml
@@ -0,0 +1,424 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright (C) 2009 eXo Platform SAS.
+
+    This is free software; you can redistribute it and/or modify it
+    under the terms of the GNU Lesser General Public License as
+    published by the Free Software Foundation; either version 2.1 of
+    the License, or (at your option) any later version.
+
+    This software is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public
+    License along with this software; if not, write to the Free
+    Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+    02110-1301 USA, or see the FSF site: http://www.fsf.org.
+
+-->
+
+<jboss-identity xmlns="urn:picketlink:idm:config:v1_0_0_ga"
+                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                xsi:schemaLocation="urn:picketlink:idm:config:v1_0_0_ga identity-config.xsd">
+  <realms>
+    <realm>
+      <id>idm_realm_sample-portal</id>
+      <repository-id-ref>DefaultPortalRepository</repository-id-ref>
+      <identity-type-mappings>
+        <user-mapping>USER</user-mapping>
+      </identity-type-mappings>
+      <options>
+        <option>
+          <name>cache.providerRegistryName</name>
+          <value>apiCacheProvider</value>
+        </option>
+        <option>
+          <name>credentialEncoder.class</name>
+          <value>org.picketlink.idm.impl.credential.HashingEncoder</value>
+        </option>
+        <option>
+          <name>credentialEncoder.hashAlgorithm</name>
+          <value>MD5</value>
+        </option>
+      </options>
+    </realm>
+    <realm>
+      <id>idm_realm</id>
+      <repository-id-ref>PortalRepository</repository-id-ref>
+      <identity-type-mappings>
+        <user-mapping>USER</user-mapping>
+      </identity-type-mappings>
+      <options>
+        <option>
+          <name>template</name>
+          <value>true</value>
+        </option>
+        <option>
+          <name>cache.providerRegistryName</name>
+          <value>apiCacheProvider</value>
+        </option>
+        <option>
+          <name>credentialEncoder.class</name>
+          <value>org.picketlink.idm.impl.credential.HashingEncoder</value>
+        </option>
+        <option>
+          <name>credentialEncoder.hashAlgorithm</name>
+          <value>MD5</value>
+        </option>
+      </options>
+    </realm>
+  </realms>
+  <repositories>
+    <repository>
+      <id>PortalRepository</id>
+      <class>org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository</class>
+      <external-config/>
+      <default-identity-store-id>HibernateStore</default-identity-store-id>
+      <default-attribute-store-id>HibernateStore</default-attribute-store-id>
+      <identity-store-mappings>
+        <identity-store-mapping>
+          <identity-store-id>PortalLDAPStore</identity-store-id>
+          <identity-object-types>
+            <identity-object-type>USER</identity-object-type>
+            <identity-object-type>platform_type</identity-object-type>
+            <identity-object-type>organization_type</identity-object-type>
+          </identity-object-types>
+        </identity-store-mapping>
+      </identity-store-mappings>
+      <options>
+        <option>
+          <name>allowNotDefinedAttributes</name>
+          <value>true</value>
+        </option>
+      </options>
+    </repository>
+    <repository>
+      <id>DefaultPortalRepository</id>
+      <class>org.picketlink.idm.impl.repository.WrapperIdentityStoreRepository</class>
+      <external-config/>
+      <default-identity-store-id>HibernateStore</default-identity-store-id>
+      <default-attribute-store-id>HibernateStore</default-attribute-store-id>
+    </repository>
+  </repositories>
+  <stores>
+    <attribute-stores/>
+    <identity-stores>
+      <identity-store>
+        <id>HibernateStore</id>
+        <class>org.picketlink.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class>
+        <external-config/>
+        <supported-relationship-types>
+          <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+          <relationship-type>JBOSS_IDENTITY_ROLE</relationship-type>
+        </supported-relationship-types>
+        <supported-identity-object-types>
+          <identity-object-type>
+            <name>USER</name>
+            <relationships/>
+            <credentials>
+              <credential-type>PASSWORD</credential-type>
+            </credentials>
+            <attributes/>
+            <options/>
+          </identity-object-type>
+        </supported-identity-object-types>
+        <options>
+          <option>
+            <name>hibernateSessionFactoryRegistryName</name>
+            <value>hibernateSessionFactory</value>
+          </option>
+          <option>
+            <name>populateRelationshipTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>populateIdentityObjectTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotDefinedIdentityObjectTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotDefinedAttributes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotCaseSensitiveSearch</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>isRealmAware</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>lazyStartOfHibernateTransaction</name>
+            <value>true</value>
+          </option>
+        </options>
+      </identity-store>
+      <identity-store>
+        <id>PortalLDAPStore</id>
+        <class>org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl</class>
+        <external-config/>
+        <supported-relationship-types>
+          <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+        </supported-relationship-types>
+        <supported-identity-object-types>
+          <identity-object-type>
+            <name>USER</name>
+            <relationships/>
+            <credentials>
+              <credential-type>PASSWORD</credential-type>
+            </credentials>
+            <attributes>
+              <attribute>
+                <name>firstName</name>
+                <mapping>givenName</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+              <attribute>
+                <name>lastName</name>
+                <mapping>sn</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+              <attribute>
+                <name>email</name>
+                <mapping>mail</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+                <isUnique>true</isUnique>
+              </attribute>
+            </attributes>
+            <options>
+              <option>
+                <name>idAttributeName</name>
+                <value>cn</value>
+              </option>
+              <option>
+                <name>entrySearchFilter</name>
+                <value><![CDATA[(&(cn={0})(objectClass=User))]]></value>
+              </option>
+              <option>
+                <name>passwordAttributeName</name>
+                <value>unicodePwd</value>
+              </option>
+              <option>
+                <name>enclosePasswordWith</name>
+                <value>"</value>
+              </option>
+              <option>
+                <name>passwordEncoding</name>
+                <value>UTF-16LE</value>
+              </option>
+              <option>
+                <name>ctxDNs</name>
+                <value>ou=People,o=gatein,dc=test,dc=domain</value>
+              </option>
+              <option>
+                <name>allowCreateEntry</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>createEntryAttributeValues</name>
+                <value>objectClass=top</value>
+                <value>objectClass=inetOrgPerson</value>
+                <value>sn=</value>
+                <value>userAccountControl=514</value>
+              </option>
+              <option>
+                <name>passwordUpdateAttributeValues</name>
+                <value>userAccountControl=512</value>
+              </option>
+            </options>
+          </identity-object-type>
+          <identity-object-type>
+            <name>platform_type</name>
+            <relationships>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>USER</identity-object-type-ref>
+              </relationship>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>platform_type</identity-object-type-ref>
+              </relationship>
+            </relationships>
+            <credentials/>
+            <attributes>
+              <attribute>
+                <name>description</name>
+                <mapping>description</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+            </attributes>
+            <options>
+              <option>
+                <name>idAttributeName</name>
+                <value>cn</value>
+              </option>
+              <option>
+                <name>ctxDNs</name>
+                <value>ou=Platform,o=gatein,dc=test,dc=domain</value>
+              </option>
+              <option>
+                <name>entrySearchFilter</name>
+                <value><![CDATA[(&(cn={0})(objectClass=group))]]></value>
+              </option>
+              <option>
+                <name>allowCreateEntry</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>parentMembershipAttributeName</name>
+                <value>member</value>
+              </option>
+              <option>
+                <name>isParentMembershipAttributeDN</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>allowEmptyMemberships</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>createEntryAttributeValues</name>
+                <value>objectClass=top</value>
+                <value>objectClass=group</value>
+                <value>groupType=8</value>
+              </option>
+            </options>
+          </identity-object-type>
+          <identity-object-type>
+            <name>organization_type</name>
+            <relationships>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>USER</identity-object-type-ref>
+              </relationship>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>organization_type</identity-object-type-ref>
+              </relationship>
+            </relationships>
+            <credentials/>
+            <attributes>
+              <attribute>
+                <name>description</name>
+                <mapping>description</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+            </attributes>
+            <options>
+              <option>
+                <name>idAttributeName</name>
+                <value>cn</value>
+              </option>
+              <option>
+                <name>ctxDNs</name>
+                <value>ou=Organization,o=gatein,dc=test,dc=domain</value>
+              </option>
+              <option>
+                <name>entrySearchFilter</name>
+                <value><![CDATA[(&(cn={0})(objectClass=group))]]></value>
+              </option>
+              <option>
+                <name>allowCreateEntry</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>parentMembershipAttributeName</name>
+                <value>member</value>
+              </option>
+              <option>
+                <name>isParentMembershipAttributeDN</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>allowEmptyMemberships</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>createEntryAttributeValues</name>
+                <value>objectClass=top</value>
+                <value>objectClass=group</value>
+                <value>groupType=8</value>
+              </option>
+            </options>
+          </identity-object-type>
+        </supported-identity-object-types>
+        <options>
+          <option>
+            <name>providerURL</name>
+            <value>[ldap|ldaps]://[msad-host]:[port]</value>
+          </option>
+          <option>
+            <name>adminDN</name>
+            <value>TEST\Administrator</value>
+          </option>
+          <option>
+            <name>adminPassword</name>
+            <value>[adminPasswordValue]</value>
+          </option>
+          <option>
+            <name>authenticationMethod</name>
+            <value>simple</value>
+          </option>
+          <option>
+            <name>customSystemProperties</name>
+            <value>javax.net.ssl.trustStore=/path/to/msad.truststore</value>
+            <value>javax.net.ssl.trustStorePassword=password</value>
+          </option>
+          <option>
+            <name>searchTimeLimit</name>
+            <value>10000</value>
+          </option>
+          <option>
+            <name>createMissingContexts</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>customJNDIConnectionParameters</name>
+            <value>com.sun.jndi.ldap.connect.pool=true</value>
+          </option>
+          <option>
+            <name>customSystemProperties</name>
+            <value>com.sun.jndi.ldap.connect.pool.maxsize=300000</value>
+            <value>com.sun.jndi.ldap.connect.pool.protocol=plain ssl</value>
+          </option>
+          <option>
+            <name>cache.providerRegistryName</name>
+            <value>storeCacheProvider</value>
+          </option>
+          <option>
+            <name>allowNotCaseSensitiveSearch</name>
+            <value>true</value>
+          </option>
+        </options>
+      </identity-store>
+    </identity-stores>
+  </stores>
+  <options>
+    <option>
+      <name>defaultTemplate</name>
+      <value>idm_realm</value>
+    </option>
+  </options>
+</jboss-identity>
\ No newline at end of file
diff --git a/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-msad-readonly-config.xml b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-msad-readonly-config.xml
new file mode 100644
index 000000000..e1f8e8545
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-msad-readonly-config.xml
@@ -0,0 +1,378 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright (C) 2009 eXo Platform SAS.
+
+    This is free software; you can redistribute it and/or modify it
+    under the terms of the GNU Lesser General Public License as
+    published by the Free Software Foundation; either version 2.1 of
+    the License, or (at your option) any later version.
+
+    This software is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public
+    License along with this software; if not, write to the Free
+    Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+    02110-1301 USA, or see the FSF site: http://www.fsf.org.
+
+-->
+
+<jboss-identity xmlns="urn:picketlink:idm:config:v1_0_0_ga"
+                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                xsi:schemaLocation="urn:picketlink:idm:config:v1_0_0_ga identity-config.xsd">
+  <realms>
+    <realm>
+      <id>idm_realm_sample-portal</id>
+      <repository-id-ref>DefaultPortalRepository</repository-id-ref>
+      <identity-type-mappings>
+        <user-mapping>USER</user-mapping>
+      </identity-type-mappings>
+      <options>
+        <option>
+          <name>cache.providerRegistryName</name>
+          <value>apiCacheProvider</value>
+        </option>
+        <option>
+          <name>credentialEncoder.class</name>
+          <value>org.picketlink.idm.impl.credential.HashingEncoder</value>
+        </option>
+        <option>
+          <name>credentialEncoder.hashAlgorithm</name>
+          <value>MD5</value>
+        </option>
+      </options>
+    </realm>
+    <realm>
+      <id>idm_realm</id>
+      <repository-id-ref>PortalRepository</repository-id-ref>
+      <identity-type-mappings>
+        <user-mapping>USER</user-mapping>
+      </identity-type-mappings>
+      <options>
+        <option>
+          <name>template</name>
+          <value>true</value>
+        </option>
+        <option>
+          <name>cache.providerRegistryName</name>
+          <value>apiCacheProvider</value>
+        </option>
+        <option>
+          <name>credentialEncoder.class</name>
+          <value>org.picketlink.idm.impl.credential.HashingEncoder</value>
+        </option>
+        <option>
+          <name>credentialEncoder.hashAlgorithm</name>
+          <value>MD5</value>
+        </option>
+      </options>
+    </realm>
+  </realms>
+  <repositories>
+    <repository>
+      <id>PortalRepository</id>
+      <class>org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository</class>
+      <external-config/>
+      <default-identity-store-id>HibernateStore</default-identity-store-id>
+      <default-attribute-store-id>HibernateStore</default-attribute-store-id>
+      <identity-store-mappings>
+        <identity-store-mapping>
+          <identity-store-id>PortalLDAPStore</identity-store-id>
+          <identity-object-types>
+            <identity-object-type>USER</identity-object-type>
+            <identity-object-type>msad_roles_type</identity-object-type>
+          </identity-object-types>
+          <options>
+            <option>
+              <name>readOnly</name>
+              <value>true</value>
+            </option>
+          </options>
+        </identity-store-mapping>
+      </identity-store-mappings>
+      <options>
+        <option>
+          <name>allowNotDefinedAttributes</name>
+          <value>true</value>
+        </option>
+      </options>
+    </repository>
+    <repository>
+      <id>DefaultPortalRepository</id>
+      <class>org.picketlink.idm.impl.repository.WrapperIdentityStoreRepository</class>
+      <external-config/>
+      <default-identity-store-id>HibernateStore</default-identity-store-id>
+      <default-attribute-store-id>HibernateStore</default-attribute-store-id>
+    </repository>
+  </repositories>
+  <stores>
+    <attribute-stores/>
+    <identity-stores>
+      <identity-store>
+        <id>HibernateStore</id>
+        <class>org.picketlink.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class>
+        <external-config/>
+        <supported-relationship-types>
+          <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+          <relationship-type>JBOSS_IDENTITY_ROLE</relationship-type>
+        </supported-relationship-types>
+        <supported-identity-object-types>
+          <identity-object-type>
+            <name>USER</name>
+            <relationships/>
+            <credentials>
+              <credential-type>PASSWORD</credential-type>
+            </credentials>
+            <attributes/>
+            <options/>
+          </identity-object-type>
+        </supported-identity-object-types>
+        <options>
+          <option>
+            <name>hibernateSessionFactoryRegistryName</name>
+            <value>hibernateSessionFactory</value>
+          </option>
+          <option>
+            <name>populateRelationshipTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>populateIdentityObjectTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotDefinedIdentityObjectTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotDefinedAttributes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotCaseSensitiveSearch</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>isRealmAware</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>lazyStartOfHibernateTransaction</name>
+            <value>true</value>
+          </option>
+        </options>
+      </identity-store>
+      <identity-store>
+        <id>PortalLDAPStore</id>
+        <class>org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl</class>
+        <external-config/>
+        <supported-relationship-types>
+          <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+        </supported-relationship-types>
+        <supported-identity-object-types>
+          <identity-object-type>
+            <name>USER</name>
+            <relationships/>
+            <credentials>
+              <credential-type>PASSWORD</credential-type>
+            </credentials>
+            <attributes>
+              <attribute>
+                <name>firstName</name>
+                <mapping>givenName</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+              <attribute>
+                <name>lastName</name>
+                <mapping>sn</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+              <attribute>
+                <name>email</name>
+                <mapping>mail</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+                <isUnique>true</isUnique>
+              </attribute>
+            </attributes>
+            <options>
+              <option>
+                <name>idAttributeName</name>
+                <value>sAMAccountName</value>
+              </option>
+              <option>
+                <name>entrySearchFilter</name>
+                <value><![CDATA[(&(sAMAccountName={0})(objectClass=User))]]></value>
+              </option>
+              <option>
+                <name>passwordAttributeName</name>
+                <value>unicodePwd</value>
+              </option>
+              <option>
+                <name>enclosePasswordWith</name>
+                <value>"</value>
+              </option>
+              <option>
+                <name>passwordEncoding</name>
+                <value>UTF-16LE</value>
+              </option>
+              <option>
+                <name>ctxDNs</name>
+                <value>CN=Users,DC=test,DC=domain</value>
+              </option>
+              <option>
+                <name>allowCreateEntry</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>createEntryAttributeValues</name>
+                <value>objectClass=top</value>
+                <value>objectClass=inetOrgPerson</value>
+                <value>sn=</value>
+                <value>userAccountControl=514</value>
+                <!--<value>cn= </value>-->
+              </option>
+              <option>
+                <name>passwordUpdateAttributeValues</name>
+                <value>userAccountControl=512</value>
+              </option>
+            </options>
+          </identity-object-type>
+          <identity-object-type>
+            <name>msad_roles_type</name>
+            <relationships>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>USER</identity-object-type-ref>
+              </relationship>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>msad_roles_type</identity-object-type-ref>
+              </relationship>
+            </relationships>
+            <credentials/>
+            <attributes>
+              <attribute>
+                <name>label</name>
+                <mapping>cn</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>true</isReadOnly>
+              </attribute>
+              <attribute>
+                <name>description</name>
+                <mapping>description</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+            </attributes>
+            <options>
+              <option>
+                <name>idAttributeName</name>
+                <value>cn</value>
+              </option>
+              <option>
+                <name>ctxDNs</name>
+                <value>CN=Users,DC=test,DC=domain</value>
+              </option>
+              <option>
+                <name>entrySearchFilter</name>
+                <value><![CDATA[(&(sAMAccountName={0})(objectClass=group))]]></value>
+              </option>
+              <option>
+                <name>allowCreateEntry</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>parentMembershipAttributeName</name>
+                <value>member</value>
+              </option>
+              <option>
+                <name>isParentMembershipAttributeDN</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>allowEmptyMemberships</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>createEntryAttributeValues</name>
+                <value>objectClass=top</value>
+                <value>objectClass=group</value>
+                <value>groupType=8</value>
+              </option>
+            </options>
+          </identity-object-type>
+        </supported-identity-object-types>
+        <options>
+          <option>
+            <name>providerURL</name>
+            <value>[ldap|ldaps]://[msad-host]:[port]</value>
+          </option>
+          <option>
+            <name>adminDN</name>
+            <value>TEST\Administrator</value>
+          </option>
+          <option>
+            <name>adminPassword</name>
+            <value>[adminPasswordValue]</value>
+          </option>
+          <option>
+            <name>authenticationMethod</name>
+            <value>simple</value>
+          </option>
+          <!--<option>-->
+          <!--<name>customSystemProperties</name>-->
+          <!--<value>javax.net.ssl.trustStore=/path/to/msad.truststore</value>-->
+          <!--<value>javax.net.ssl.trustStorePassword=password</value>-->
+          <!--</option>-->
+          <option>
+            <name>searchTimeLimit</name>
+            <value>10000</value>
+          </option>
+          <option>
+            <name>createMissingContexts</name>
+            <value>false</value>
+          </option>
+          <option>
+            <name>customJNDIConnectionParameters</name>
+            <value>com.sun.jndi.ldap.connect.pool=true</value>
+          </option>
+          <option>
+            <name>customSystemProperties</name>
+            <value>com.sun.jndi.ldap.connect.pool.maxsize=300000</value>
+            <value>com.sun.jndi.ldap.connect.pool.protocol=plain ssl</value>
+          </option>
+          <option>
+            <name>cache.providerRegistryName</name>
+            <value>storeCacheProvider</value>
+          </option>
+        </options>
+        <option>
+          <name>allowNotCaseSensitiveSearch</name>
+          <value>true</value>
+        </option>
+      </identity-store>
+    </identity-stores>
+  </stores>
+  <options>
+    <option>
+      <name>defaultTemplate</name>
+      <value>idm_realm</value>
+    </option>
+  </options>
+</jboss-identity>
\ No newline at end of file
diff --git a/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-acme-config.xml b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-acme-config.xml
new file mode 100644
index 000000000..48eb1a1d4
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-acme-config.xml
@@ -0,0 +1,434 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright (C) 2009 eXo Platform SAS.
+
+    This is free software; you can redistribute it and/or modify it
+    under the terms of the GNU Lesser General Public License as
+    published by the Free Software Foundation; either version 2.1 of
+    the License, or (at your option) any later version.
+
+    This software is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public
+    License along with this software; if not, write to the Free
+    Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+    02110-1301 USA, or see the FSF site: http://www.fsf.org.
+
+-->
+
+<jboss-identity xmlns="urn:picketlink:idm:config:v1_0_0_ga"
+                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                xsi:schemaLocation="urn:picketlink:idm:config:v1_0_0_ga identity-config.xsd">
+  <realms>
+    <realm>
+      <id>idm_realm_sample-portal</id>
+      <repository-id-ref>DefaultPortalRepository</repository-id-ref>
+      <identity-type-mappings>
+        <user-mapping>USER</user-mapping>
+      </identity-type-mappings>
+      <options>
+        <option>
+          <name>cache.providerRegistryName</name>
+          <value>apiCacheProvider</value>
+        </option>
+        <option>
+          <name>credentialEncoder.class</name>
+          <value>org.picketlink.idm.impl.credential.HashingEncoder</value>
+        </option>
+        <option>
+          <name>credentialEncoder.hashAlgorithm</name>
+          <value>MD5</value>
+        </option>
+      </options>
+    </realm>
+    <realm>
+      <id>idm_realm</id>
+      <repository-id-ref>PortalRepository</repository-id-ref>
+      <identity-type-mappings>
+        <user-mapping>USER</user-mapping>
+      </identity-type-mappings>
+      <options>
+        <option>
+          <name>template</name>
+          <value>true</value>
+        </option>
+        <option>
+          <name>cache.providerRegistryName</name>
+          <value>apiCacheProvider</value>
+        </option>
+        <option>
+          <name>credentialEncoder.class</name>
+          <value>org.picketlink.idm.impl.credential.HashingEncoder</value>
+        </option>
+        <option>
+          <name>credentialEncoder.hashAlgorithm</name>
+          <value>MD5</value>
+        </option>
+      </options>
+    </realm>
+  </realms>
+  <repositories>
+    <repository>
+      <id>PortalRepository</id>
+      <class>org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository</class>
+      <external-config/>
+      <default-identity-store-id>HibernateStore</default-identity-store-id>
+      <default-attribute-store-id>HibernateStore</default-attribute-store-id>
+      <identity-store-mappings>
+        <identity-store-mapping>
+          <identity-store-id>PortalLDAPStore</identity-store-id>
+          <identity-object-types>
+            <identity-object-type>USER</identity-object-type>
+            <identity-object-type>acme_roles_type</identity-object-type>
+            <identity-object-type>acme_ou_type</identity-object-type>
+          </identity-object-types>
+          <options>
+            <option>
+              <name>readOnly</name>
+              <value>true</value>
+            </option>
+          </options>
+        </identity-store-mapping>
+      </identity-store-mappings>
+      <options>
+        <option>
+          <name>allowNotDefinedAttributes</name>
+          <value>true</value>
+        </option>
+      </options>
+    </repository>
+    <repository>
+      <id>DefaultPortalRepository</id>
+      <class>org.picketlink.idm.impl.repository.WrapperIdentityStoreRepository</class>
+      <external-config/>
+      <default-identity-store-id>HibernateStore</default-identity-store-id>
+      <default-attribute-store-id>HibernateStore</default-attribute-store-id>
+    </repository>
+  </repositories>
+  <stores>
+    <attribute-stores/>
+    <identity-stores>
+      <identity-store>
+        <id>HibernateStore</id>
+        <class>org.picketlink.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class>
+        <external-config/>
+        <supported-relationship-types>
+          <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+          <relationship-type>JBOSS_IDENTITY_ROLE</relationship-type>
+        </supported-relationship-types>
+        <supported-identity-object-types>
+          <identity-object-type>
+            <name>USER</name>
+            <relationships/>
+            <credentials>
+              <credential-type>PASSWORD</credential-type>
+            </credentials>
+            <attributes/>
+            <options/>
+          </identity-object-type>
+        </supported-identity-object-types>
+        <options>
+          <option>
+            <name>hibernateSessionFactoryRegistryName</name>
+            <value>hibernateSessionFactory</value>
+          </option>
+          <option>
+            <name>populateRelationshipTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>populateIdentityObjectTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotDefinedIdentityObjectTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotDefinedAttributes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotCaseSensitiveSearch</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>isRealmAware</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>lazyStartOfHibernateTransaction</name>
+            <value>true</value>
+          </option>
+        </options>
+      </identity-store>
+      <identity-store>
+        <id>PortalLDAPStore</id>
+        <class>org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl</class>
+        <external-config/>
+        <supported-relationship-types>
+          <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+        </supported-relationship-types>
+        <supported-identity-object-types>
+          <identity-object-type>
+            <name>USER</name>
+            <relationships/>
+            <credentials>
+              <credential-type>PASSWORD</credential-type>
+            </credentials>
+            <attributes>
+              <attribute>
+                <name>firstName</name>
+                <mapping>cn</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+              <attribute>
+                <name>lastName</name>
+                <mapping>sn</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+              <attribute>
+                <name>email</name>
+                <mapping>mail</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+                <isUnique>true</isUnique>
+              </attribute>
+            </attributes>
+            <options>
+              <option>
+                <name>idAttributeName</name>
+                <value>uid</value>
+              </option>
+              <option>
+                <name>passwordAttributeName</name>
+                <value>userPassword</value>
+              </option>
+              <option>
+                <name>ctxDNs</name>
+                <value>ou=People,o=acme,dc=my-domain,dc=com</value>
+              </option>
+              <option>
+                <name>allowCreateEntry</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>createEntryAttributeValues</name>
+                <value>objectClass=top</value>
+                <value>objectClass=inetOrgPerson</value>
+                <value>sn=</value>
+                <value>cn=</value>
+              </option>
+            </options>
+          </identity-object-type>
+          <identity-object-type>
+            <name>acme_roles_type</name>
+            <relationships>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>USER</identity-object-type-ref>
+              </relationship>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>acme_roles_type</identity-object-type-ref>
+              </relationship>
+            </relationships>
+            <credentials/>
+            <attributes>
+              <attribute>
+                <name>label</name>
+                <mapping>cn</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>true</isReadOnly>
+              </attribute>
+              <attribute>
+                <name>description</name>
+                <mapping>description</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+            </attributes>
+            <options>
+              <option>
+                <name>idAttributeName</name>
+                <value>cn</value>
+              </option>
+              <option>
+                <name>ctxDNs</name>
+                <value>ou=Roles,o=acme,dc=my-domain,dc=com</value>
+              </option>
+              <!--<option>-->
+              <!--<name>entrySearchFilter</name>-->
+              <!--<value></value>-->
+              <!--</option>-->
+              <option>
+                <name>parentMembershipAttributePlaceholder</name>
+                <value>ou=placeholder,o=acme,dc=my-domain,dc=com</value>
+              </option>
+              <option>
+                <name>allowCreateEntry</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>parentMembershipAttributeName</name>
+                <value>member</value>
+              </option>
+              <option>
+                <name>isParentMembershipAttributeDN</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>allowEmptyMemberships</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>createEntryAttributeValues</name>
+                <value>objectClass=top</value>
+                <value>objectClass=groupOfNames</value>
+                <value>member=ou=placeholder,o=acme,dc=my-domain,dc=com</value>
+              </option>
+            </options>
+          </identity-object-type>
+          <identity-object-type>
+            <name>acme_ou_type</name>
+            <relationships>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>USER</identity-object-type-ref>
+              </relationship>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>acme_ou_type</identity-object-type-ref>
+              </relationship>
+            </relationships>
+            <credentials/>
+            <attributes>
+              <attribute>
+                <name>label</name>
+                <mapping>cn</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>true</isReadOnly>
+              </attribute>
+              <attribute>
+                <name>description</name>
+                <mapping>description</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+            </attributes>
+            <options>
+              <option>
+                <name>idAttributeName</name>
+                <value>cn</value>
+              </option>
+              <option>
+                <name>ctxDNs</name>
+                <value>ou=OrganizationUnits,o=acme,dc=my-domain,dc=com</value>
+              </option>
+              <!--<option>-->
+              <!--<name>entrySearchFilter</name>-->
+              <!--<value></value>-->
+              <!--</option>-->
+
+              <option>
+                <name>allowCreateEntry</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>parentMembershipAttributeName</name>
+                <value>member</value>
+              </option>
+              <option>
+                <name>parentMembershipAttributePlaceholder</name>
+                <value>ou=placeholder,o=acme,dc=my-domain,dc=com</value>
+              </option>
+              <option>
+                <name>isParentMembershipAttributeDN</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>allowEmptyMemberships</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>createEntryAttributeValues</name>
+                <value>objectClass=top</value>
+                <value>objectClass=groupOfNames</value>
+                <value>member=ou=placeholder,o=acme,dc=my-domain,dc=com</value>
+              </option>
+            </options>
+          </identity-object-type>
+        </supported-identity-object-types>
+        <options>
+          <option>
+            <name>providerURL</name>
+            <value>ldap://localhost:1389</value>
+          </option>
+          <option>
+            <name>adminDN</name>
+            <value>cn=Manager,dc=my-domain,dc=com</value>
+          </option>
+          <option>
+            <name>adminPassword</name>
+            <value>secret</value>
+          </option>
+          <option>
+            <name>searchTimeLimit</name>
+            <value>10000</value>
+          </option>
+          <option>
+            <name>createMissingContexts</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>sortExtensionSupported</name>
+            <value>false</value>
+          </option>
+          <option>
+            <name>customJNDIConnectionParameters</name>
+            <value>com.sun.jndi.ldap.connect.pool=true</value>
+          </option>
+          <option>
+            <name>customSystemProperties</name>
+            <value>com.sun.jndi.ldap.connect.pool.maxsize=300000</value>
+            <value>com.sun.jndi.ldap.connect.pool.protocol=plain ssl</value>
+          </option>
+          <option>
+            <name>cache.providerRegistryName</name>
+            <value>storeCacheProvider</value>
+          </option>
+          <option>
+            <name>allowNotCaseSensitiveSearch</name>
+            <value>true</value>
+          </option>
+        </options>
+      </identity-store>
+    </identity-stores>
+  </stores>
+  <options>
+    <option>
+      <name>defaultTemplate</name>
+      <value>idm_realm</value>
+    </option>
+  </options>
+</jboss-identity>
\ No newline at end of file
diff --git a/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-config.xml b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-config.xml
new file mode 100644
index 000000000..bf08f8b5a
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-config.xml
@@ -0,0 +1,394 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright (C) 2009 eXo Platform SAS.
+
+    This is free software; you can redistribute it and/or modify it
+    under the terms of the GNU Lesser General Public License as
+    published by the Free Software Foundation; either version 2.1 of
+    the License, or (at your option) any later version.
+
+    This software is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public
+    License along with this software; if not, write to the Free
+    Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+    02110-1301 USA, or see the FSF site: http://www.fsf.org.
+
+-->
+
+<jboss-identity xmlns="urn:picketlink:idm:config:v1_0_0_ga"
+                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                xsi:schemaLocation="urn:picketlink:idm:config:v1_0_0_ga identity-config.xsd">
+  <realms>
+    <realm>
+      <id>idm_realm_sample-portal</id>
+      <repository-id-ref>DefaultPortalRepository</repository-id-ref>
+      <identity-type-mappings>
+        <user-mapping>USER</user-mapping>
+      </identity-type-mappings>
+      <options>
+        <option>
+          <name>cache.providerRegistryName</name>
+          <value>apiCacheProvider</value>
+        </option>
+        <option>
+          <name>credentialEncoder.class</name>
+          <value>org.picketlink.idm.impl.credential.HashingEncoder</value>
+        </option>
+        <option>
+          <name>credentialEncoder.hashAlgorithm</name>
+          <value>MD5</value>
+        </option>
+      </options>
+    </realm>
+    <realm>
+      <id>idm_realm</id>
+      <repository-id-ref>PortalRepository</repository-id-ref>
+      <identity-type-mappings>
+        <user-mapping>USER</user-mapping>
+      </identity-type-mappings>
+      <options>
+        <option>
+          <name>template</name>
+          <value>true</value>
+        </option>
+        <option>
+          <name>cache.providerRegistryName</name>
+          <value>apiCacheProvider</value>
+        </option>
+        <option>
+          <name>credentialEncoder.class</name>
+          <value>org.picketlink.idm.impl.credential.HashingEncoder</value>
+        </option>
+        <option>
+          <name>credentialEncoder.hashAlgorithm</name>
+          <value>MD5</value>
+        </option>
+      </options>
+    </realm>
+  </realms>
+  <repositories>
+    <repository>
+      <id>PortalRepository</id>
+      <class>org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository</class>
+      <external-config/>
+      <default-identity-store-id>HibernateStore</default-identity-store-id>
+      <default-attribute-store-id>HibernateStore</default-attribute-store-id>
+      <identity-store-mappings>
+        <identity-store-mapping>
+          <identity-store-id>PortalLDAPStore</identity-store-id>
+          <identity-object-types>
+            <identity-object-type>USER</identity-object-type>
+            <identity-object-type>platform_type</identity-object-type>
+            <identity-object-type>organization_type</identity-object-type>
+          </identity-object-types>
+          <options/>
+        </identity-store-mapping>
+      </identity-store-mappings>
+      <options>
+        <option>
+          <name>allowNotDefinedAttributes</name>
+          <value>true</value>
+        </option>
+      </options>
+    </repository>
+    <repository>
+      <id>DefaultPortalRepository</id>
+      <class>org.picketlink.idm.impl.repository.WrapperIdentityStoreRepository</class>
+      <external-config/>
+      <default-identity-store-id>HibernateStore</default-identity-store-id>
+      <default-attribute-store-id>HibernateStore</default-attribute-store-id>
+    </repository>
+  </repositories>
+  <stores>
+    <attribute-stores/>
+    <identity-stores>
+      <identity-store>
+        <id>HibernateStore</id>
+        <class>org.picketlink.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class>
+        <external-config/>
+        <supported-relationship-types>
+          <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+          <relationship-type>JBOSS_IDENTITY_ROLE</relationship-type>
+        </supported-relationship-types>
+        <supported-identity-object-types>
+          <identity-object-type>
+            <name>USER</name>
+            <relationships/>
+            <credentials>
+              <credential-type>PASSWORD</credential-type>
+            </credentials>
+            <attributes/>
+            <options/>
+          </identity-object-type>
+        </supported-identity-object-types>
+        <options>
+          <option>
+            <name>hibernateSessionFactoryRegistryName</name>
+            <value>hibernateSessionFactory</value>
+          </option>
+          <option>
+            <name>populateRelationshipTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>populateIdentityObjectTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotDefinedIdentityObjectTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotDefinedAttributes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotCaseSensitiveSearch</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>isRealmAware</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>lazyStartOfHibernateTransaction</name>
+            <value>true</value>
+          </option>
+        </options>
+      </identity-store>
+      <identity-store>
+        <id>PortalLDAPStore</id>
+        <class>org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl</class>
+        <external-config/>
+        <supported-relationship-types>
+          <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+        </supported-relationship-types>
+        <supported-identity-object-types>
+          <identity-object-type>
+            <name>USER</name>
+            <relationships/>
+            <credentials>
+              <credential-type>PASSWORD</credential-type>
+            </credentials>
+            <attributes>
+              <attribute>
+                <name>firstName</name>
+                <mapping>cn</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+              <attribute>
+                <name>lastName</name>
+                <mapping>sn</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+              </attribute>
+              <attribute>
+                <name>email</name>
+                <mapping>mail</mapping>
+                <type>text</type>
+                <isRequired>false</isRequired>
+                <isMultivalued>false</isMultivalued>
+                <isReadOnly>false</isReadOnly>
+                <isUnique>true</isUnique>
+              </attribute>
+            </attributes>
+            <options>
+              <option>
+                <name>idAttributeName</name>
+                <value>uid</value>
+              </option>
+              <option>
+                <name>passwordAttributeName</name>
+                <value>userPassword</value>
+              </option>
+              <option>
+                <name>ctxDNs</name>
+                <value>ou=People,o=portal,o=gatein,dc=my-domain,dc=com</value>
+              </option>
+              <option>
+                <name>allowCreateEntry</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>createEntryAttributeValues</name>
+                <value>objectClass=top</value>
+                <value>objectClass=inetOrgPerson</value>
+                <value>sn=</value>
+                <value>cn=</value>
+              </option>
+            </options>
+          </identity-object-type>
+          <identity-object-type>
+            <name>platform_type</name>
+            <relationships>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>USER</identity-object-type-ref>
+              </relationship>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>platform_type</identity-object-type-ref>
+              </relationship>
+            </relationships>
+            <credentials/>
+            <attributes/>
+            <options>
+              <option>
+                <name>idAttributeName</name>
+                <value>cn</value>
+              </option>
+              <option>
+                <name>ctxDNs</name>
+                <value>ou=Platform,o=portal,o=gatein,dc=my-domain,dc=com</value>
+              </option>
+              <!--<option>-->
+              <!--<name>entrySearchFilter</name>-->
+              <!--<value></value>-->
+              <!--</option>-->
+              <option>
+                <name>allowCreateEntry</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>parentMembershipAttributeName</name>
+                <value>member</value>
+              </option>
+              <option>
+                <name>parentMembershipAttributePlaceholder</name>
+                <value>ou=placeholder,o=portal,o=gatein,dc=my-domain,dc=com</value>
+              </option>
+              <option>
+                <name>isParentMembershipAttributeDN</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>allowEmptyMemberships</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>createEntryAttributeValues</name>
+                <value>objectClass=top</value>
+                <value>objectClass=groupOfNames</value>
+                <value>member=ou=placeholder,o=portal,o=gatein,dc=my-domain,dc=com</value>
+              </option>
+            </options>
+          </identity-object-type>
+          <identity-object-type>
+            <name>organization_type</name>
+            <relationships>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>USER</identity-object-type-ref>
+              </relationship>
+              <relationship>
+                <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+                <identity-object-type-ref>organization_type</identity-object-type-ref>
+              </relationship>
+            </relationships>
+            <credentials/>
+            <attributes/>
+            <options>
+              <option>
+                <name>idAttributeName</name>
+                <value>cn</value>
+              </option>
+              <option>
+                <name>ctxDNs</name>
+                <value>ou=Organization,o=portal,o=gatein,dc=my-domain,dc=com</value>
+              </option>
+              <!--<option>-->
+              <!--<name>entrySearchFilter</name>-->
+              <!--<value></value>-->
+              <!--</option>-->
+              <option>
+                <name>allowCreateEntry</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>parentMembershipAttributeName</name>
+                <value>member</value>
+              </option>
+              <option>
+                <name>parentMembershipAttributePlaceholder</name>
+                <value>ou=placeholder,o=portal,o=gatein,dc=my-domain,dc=com</value>
+              </option>
+              <option>
+                <name>isParentMembershipAttributeDN</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>allowEmptyMemberships</name>
+                <value>true</value>
+              </option>
+              <option>
+                <name>createEntryAttributeValues</name>
+                <value>objectClass=top</value>
+                <value>objectClass=groupOfNames</value>
+                <value>member=ou=placeholder,o=portal,o=gatein,dc=my-domain,dc=com</value>
+              </option>
+            </options>
+          </identity-object-type>
+        </supported-identity-object-types>
+        <options>
+          <option>
+            <name>providerURL</name>
+            <value>ldap://localhost:1389</value>
+          </option>
+          <option>
+            <name>adminDN</name>
+            <value>cn=Manager,dc=my-domain,dc=com</value>
+          </option>
+          <option>
+            <name>adminPassword</name>
+            <value>secret</value>
+          </option>
+          <option>
+            <name>searchTimeLimit</name>
+            <value>10000</value>
+          </option>
+          <option>
+            <name>createMissingContexts</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>sortExtensionSupported</name>
+            <value>false</value>
+          </option>
+          <option>
+            <name>customJNDIConnectionParameters</name>
+            <value>com.sun.jndi.ldap.connect.pool=true</value>
+          </option>
+          <option>
+            <name>customSystemProperties</name>
+            <value>com.sun.jndi.ldap.connect.pool.maxsize=300000</value>
+            <value>com.sun.jndi.ldap.connect.pool.protocol=plain ssl</value>
+          </option>
+          <option>
+            <name>cache.providerRegistryName</name>
+            <value>storeCacheProvider</value>
+          </option>
+          <option>
+            <name>allowNotCaseSensitiveSearch</name>
+            <value>true</value>
+          </option>
+        </options>
+      </identity-store>
+    </identity-stores>
+  </stores>
+  <options>
+    <option>
+      <name>defaultTemplate</name>
+      <value>idm_realm</value>
+    </option>
+  </options>
+</jboss-identity>
\ No newline at end of file
diff --git a/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/infinispan-cluster.xml b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/infinispan-cluster.xml
new file mode 100644
index 000000000..d3c6535ec
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/infinispan-cluster.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ JBoss, Home of Professional Open Source
+  ~ Copyright 2012 Red Hat Inc. and/or its affiliates and other
+  ~ contributors as indicated by the @author tags. All rights reserved.
+  ~ See the copyright.txt in the distribution for a full listing of
+  ~ individual contributors.
+  ~
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  -->
+<infinispan
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="urn:infinispan:config:5.1 http://www.infinispan.org/schemas/infinispan-config-5.1.xsd"
+    xmlns="urn:infinispan:config:5.1">
+
+  <global>
+
+    <!-- Jgroups configuration will be injected programmatically -->
+    <transport clusterName="${jboss.partition.name:DefaultPartition}-idm" distributedSyncTimeout="60000"
+               nodeName="${jboss.node.name:gtn}">
+      <properties>
+        <property name="configurationFile" value="jgroups/gatein-${gatein.default.jgroups.stack:udp}-ispn.xml"/>
+      </properties>
+    </transport>
+
+    <globalJmxStatistics enabled="true" cacheManagerName="plidm" jmxDomain="org.infinispan.plidm"
+                         mBeanServerLookup="org.infinispan.jmx.PlatformMBeanServerLookup"/>
+
+  </global>
+
+  <default>
+
+    <jmxStatistics enabled="true"/>
+
+    <clustering mode="replication">
+      <stateTransfer timeout="60000" fetchInMemoryState="true"/>
+      <sync replTimeout="20000"/>
+    </clustering>
+
+    <!-- JTA configuration. transactionManagerLookupClass will be configured programmatically to be:
+         - "org.infinispan.transaction.lookup.JBossTransactionManagerLookup" in JBoss AS environment
+         - "org.infinispan.transaction.lookup.JBossStandaloneJTAManagerLookup" in non-JBoss environment -->
+    <transaction transactionMode="TRANSACTIONAL" lockingMode="OPTIMISTIC" autoCommit="true"/>
+
+    <invocationBatching enabled="true"/>
+
+    <expiration lifespan="1800000" wakeUpInterval="5000"/>
+    <eviction strategy="LRU" maxEntries="100000"/>
+
+  </default>
+
+</infinispan>
\ No newline at end of file
diff --git a/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/infinispan.xml b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/infinispan.xml
new file mode 100644
index 000000000..c69da7973
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/infinispan.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ JBoss, Home of Professional Open Source
+  ~ Copyright 2012 Red Hat Inc. and/or its affiliates and other
+  ~ contributors as indicated by the @author tags. All rights reserved.
+  ~ See the copyright.txt in the distribution for a full listing of
+  ~ individual contributors.
+  ~
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  -->
+<infinispan
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="urn:infinispan:config:5.1 http://www.infinispan.org/schemas/infinispan-config-5.1.xsd"
+    xmlns="urn:infinispan:config:5.1">
+
+  <global>
+    <globalJmxStatistics enabled="true" cacheManagerName="plidm" jmxDomain="org.infinispan.plidm"
+                         mBeanServerLookup="org.infinispan.jmx.PlatformMBeanServerLookup"/>
+  </global>
+
+  <default>
+
+    <jmxStatistics enabled="true"/>
+
+    <!-- JTA configuration. transactionManagerLookupClass will be configured programmatically to be:
+         - "org.infinispan.transaction.lookup.JBossTransactionManagerLookup" in JBoss AS environment
+         - "org.infinispan.transaction.lookup.JBossStandaloneJTAManagerLookup" in non-JBoss environment -->
+    <transaction transactionMode="TRANSACTIONAL" lockingMode="OPTIMISTIC" autoCommit="true"/>
+
+    <invocationBatching enabled="true"/>
+
+    <expiration lifespan="1800000" wakeUpInterval="5000"/>
+    <eviction strategy="LRU" maxEntries="100000"/>
+
+  </default>
+
+</infinispan>
\ No newline at end of file
diff --git a/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/picketlink-idm-config.xml b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/picketlink-idm-config.xml
new file mode 100644
index 000000000..d8c778e25
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/organization/picketlink-idm/picketlink-idm-config.xml
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright (C) 2009 eXo Platform SAS.
+    
+    This is free software; you can redistribute it and/or modify it
+    under the terms of the GNU Lesser General Public License as
+    published by the Free Software Foundation; either version 2.1 of
+    the License, or (at your option) any later version.
+    
+    This software is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+    Lesser General Public License for more details.
+    
+    You should have received a copy of the GNU Lesser General Public
+    License along with this software; if not, write to the Free
+    Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+    02110-1301 USA, or see the FSF site: http://www.fsf.org.
+
+-->
+
+<jboss-identity xmlns="urn:picketlink:idm:config:v1_0_0_ga"
+                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                xsi:schemaLocation="urn:picketlink:idm:config:v1_0_0_ga identity-config.xsd">
+  <realms>
+    <realm>
+      <id>idm_realm</id>
+      <repository-id-ref>DefaultPortalRepository</repository-id-ref>
+      <identity-type-mappings>
+        <user-mapping>USER</user-mapping>
+      </identity-type-mappings>
+      <options>
+        <option>
+          <name>template</name>
+          <value>true</value>
+        </option>
+        <option>
+          <name>cache.providerRegistryName</name>
+          <value>apiCacheProvider</value>
+        </option>
+        <option>
+          <name>credentialEncoder.class</name>
+          <value>org.picketlink.idm.impl.credential.HashingEncoder</value>
+        </option>
+        <option>
+          <name>credentialEncoder.hashAlgorithm</name>
+          <value>MD5</value>
+        </option>
+      </options>
+    </realm>
+  </realms>
+  <repositories>
+    <repository>
+      <id>DefaultPortalRepository</id>
+      <class>org.picketlink.idm.impl.repository.WrapperIdentityStoreRepository</class>
+      <external-config/>
+      <default-identity-store-id>HibernateStore</default-identity-store-id>
+      <default-attribute-store-id>HibernateStore</default-attribute-store-id>
+    </repository>
+  </repositories>
+  <stores>
+    <attribute-stores/>
+    <identity-stores>
+      <identity-store>
+        <id>HibernateStore</id>
+        <class>org.picketlink.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class>
+        <external-config/>
+        <supported-relationship-types>
+          <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+          <relationship-type>JBOSS_IDENTITY_ROLE</relationship-type>
+        </supported-relationship-types>
+        <supported-identity-object-types>
+          <identity-object-type>
+            <name>USER</name>
+            <relationships/>
+            <credentials>
+              <credential-type>PASSWORD</credential-type>
+            </credentials>
+            <attributes/>
+            <options/>
+          </identity-object-type>
+        </supported-identity-object-types>
+        <options>
+          <option>
+            <name>hibernateSessionFactoryRegistryName</name>
+            <value>hibernateSessionFactory</value>
+          </option>
+          <option>
+            <name>populateRelationshipTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>populateIdentityObjectTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotDefinedIdentityObjectTypes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotDefinedAttributes</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>allowNotCaseSensitiveSearch</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>isRealmAware</name>
+            <value>true</value>
+          </option>
+          <option>
+            <name>lazyStartOfHibernateTransaction</name>
+            <value>true</value>
+          </option>
+        </options>
+      </identity-store>
+    </identity-stores>
+  </stores>
+  <options>
+    <option>
+      <name>defaultTemplate</name>
+      <value>idm_realm</value>
+    </option>
+  </options>
+</jboss-identity>
\ No newline at end of file
diff --git a/portal/web/src/test/resources/WEB-INF/conf/portal/portal/classic/navigation.xml b/portal/web/src/test/resources/WEB-INF/conf/portal/portal/classic/navigation.xml
new file mode 100644
index 000000000..4a20ac524
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/portal/portal/classic/navigation.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<navigation
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.gatein.org/xml/ns/gatein_objects_2_0 http://www.gatein.org/xml/ns/gatein_objects_2_0"
+    xmlns="http://www.gatein.org/xml/ns/gatein_objects_2_0">
+  <node>
+    <node>
+      <name>page1</name>
+      <page-ref>portal::classic::page1</page-ref>
+    </node>
+    <node>
+      <name>page2</name>
+      <page-ref>portal::classic::page2</page-ref>
+    </node>
+    <node>
+      <name>page3</name>
+      <page-ref>portal::classic::page3</page-ref>
+    </node>
+  </node>
+</navigation>
diff --git a/portal/web/src/test/resources/WEB-INF/conf/portal/portal/classic/pages.xml b/portal/web/src/test/resources/WEB-INF/conf/portal/portal/classic/pages.xml
new file mode 100644
index 000000000..b677a720c
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/portal/portal/classic/pages.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<page-set
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.gatein.org/xml/ns/gatein_objects_1_3 http://www.gatein.org/xml/ns/gatein_objects_1_3"
+    xmlns="http://www.gatein.org/xml/ns/gatein_objects_1_3">
+
+  <page>
+    <name>page1</name>
+    <access-permissions>Everyone</access-permissions>
+    <edit-permission>*:/platform/administrators</edit-permission>
+    <container>
+      <name>1</name>
+      <portlet-application>
+        <portlet>
+          <application-ref>portal</application-ref>
+          <portlet-ref>Portlet1</portlet-ref>
+        </portlet>
+        <access-permissions>Everyone</access-permissions>
+        <show-info-bar>false</show-info-bar>
+        <show-application-state>false</show-application-state>
+        <show-application-mode>false</show-application-mode>
+      </portlet-application>
+    </container>
+  </page>
+  <page>
+    <name>page2</name>
+    <access-permissions>Everyone</access-permissions>
+    <edit-permission>*:/platform/administrators</edit-permission>
+    <container>
+      <name>1</name>
+      <portlet-application>
+        <portlet>
+          <application-ref>portal</application-ref>
+          <portlet-ref>Portlet1</portlet-ref>
+        </portlet>
+        <access-permissions>Everyone</access-permissions>
+        <show-info-bar>false</show-info-bar>
+        <show-application-state>false</show-application-state>
+        <show-application-mode>false</show-application-mode>
+      </portlet-application>
+      <portlet-application>
+        <portlet>
+          <application-ref>portal</application-ref>
+          <portlet-ref>Portlet2</portlet-ref>
+        </portlet>
+        <access-permissions>Everyone</access-permissions>
+        <show-info-bar>false</show-info-bar>
+        <show-application-state>false</show-application-state>
+        <show-application-mode>false</show-application-mode>
+      </portlet-application>
+    </container>
+  </page>
+  <page>
+    <name>page3</name>
+    <access-permissions>Everyone</access-permissions>
+    <edit-permission>*:/platform/administrators</edit-permission>
+    <container>
+      <name>1</name>
+      <portlet-application>
+        <portlet>
+          <application-ref>portal</application-ref>
+          <portlet-ref>Portlet1</portlet-ref>
+        </portlet>
+        <access-permissions>Everyone</access-permissions>
+        <show-info-bar>false</show-info-bar>
+        <show-application-state>false</show-application-state>
+        <show-application-mode>false</show-application-mode>
+      </portlet-application>
+      <portlet-application>
+        <portlet>
+          <application-ref>portal</application-ref>
+          <portlet-ref>Portlet2</portlet-ref>
+        </portlet>
+        <access-permissions>Everyone</access-permissions>
+        <show-info-bar>false</show-info-bar>
+        <show-application-state>false</show-application-state>
+        <show-application-mode>false</show-application-mode>
+      </portlet-application>
+      <portlet-application>
+        <portlet>
+          <application-ref>portal</application-ref>
+          <portlet-ref>Portlet3</portlet-ref>
+        </portlet>
+        <access-permissions>Everyone</access-permissions>
+        <show-info-bar>false</show-info-bar>
+        <show-application-state>false</show-application-state>
+        <show-application-mode>false</show-application-mode>
+      </portlet-application>
+    </container>
+  </page>
+</page-set>
diff --git a/portal/web/src/test/resources/WEB-INF/conf/portal/portal/classic/portal.xml b/portal/web/src/test/resources/WEB-INF/conf/portal/portal/classic/portal.xml
new file mode 100644
index 000000000..d7276afcd
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/portal/portal/classic/portal.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<site
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.gatein.org/xml/ns/gatein_objects_2_0 http://www.gatein.org/xml/ns/gatein_objects_2_0"
+    xmlns="http://www.gatein.org/xml/ns/gatein_objects_2_0">
+  <name>test</name>
+  <locale>en</locale>
+</site>
diff --git a/portal/web/src/test/resources/WEB-INF/conf/portal/portal/sharedlayout.xml b/portal/web/src/test/resources/WEB-INF/conf/portal/portal/sharedlayout.xml
new file mode 100644
index 000000000..d0bf40b2e
--- /dev/null
+++ b/portal/web/src/test/resources/WEB-INF/conf/portal/portal/sharedlayout.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<container template="system:/groovy/portal/webui/container/UIContainer.gtmpl"
+           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+           xsi:schemaLocation="http://www.gatein.org/xml/ns/gatein_objects_1_3 http://www.gatein.org/xml/ns/gatein_objects_1_3"
+           xmlns="http://www.gatein.org/xml/ns/gatein_objects_1_3">
+</container>
\ No newline at end of file
diff --git a/portal/web/src/test/resources/web.xml b/portal/web/src/test/resources/web.xml
index f19d50010..7be8fa1fe 100644
--- a/portal/web/src/test/resources/web.xml
+++ b/portal/web/src/test/resources/web.xml
@@ -72,4 +72,29 @@
     <url-pattern>/assets/*</url-pattern>
   </servlet-mapping>
 
+
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>user authentication</web-resource-name>
+      <url-pattern>/dologin</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>users</role-name>
+    </auth-constraint>
+    <user-data-constraint>
+      <transport-guarantee>NONE</transport-guarantee>
+    </user-data-constraint>
+  </security-constraint>
+  <security-role>
+    <role-name>users</role-name>
+  </security-role>
+  <login-config>
+    <auth-method>FORM</auth-method>
+    <realm-name>gatein-domain</realm-name>
+    <form-login-config>
+      <form-login-page>/login</form-login-page>
+      <form-error-page>/login</form-error-page>
+    </form-login-config>
+  </login-config>
+
 </web-app>
\ No newline at end of file