From c1694a27918ad540c8c18f4eddd00eafd76c679d Mon Sep 17 00:00:00 2001
From: Bill Burke <bburke@redhat.com>
Date: Tue, 21 Oct 2014 09:05:24 -0400
Subject: [PATCH] more saml unit tests

---
 ...tBindingTest.java => SamlBindingTest.java} |  47 ++++++++++++++++--
 .../saml/encrypted-post/WEB-INF/keystore.jks  | Bin 0 -> 1707 bytes
 .../encrypted-post/WEB-INF/picketlink.xml     |  31 ++++++++++++
 .../saml/signed-get/WEB-INF/keystore.jks      | Bin 0 -> 1701 bytes
 .../saml/signed-get/WEB-INF/picketlink.xml    |  36 ++++++++++++++
 .../saml/simple-get/WEB-INF/picketlink.xml    |  20 ++++++++
 .../saml/simple-post/WEB-INF/picketlink.xml   |  20 ++++++++
 7 files changed, 149 insertions(+), 5 deletions(-)
 rename testsuite/integration/src/test/java/org/keycloak/testsuite/saml/{SamlSignedPostBindingTest.java => SamlBindingTest.java} (50%)
 create mode 100755 testsuite/integration/src/test/resources/saml/encrypted-post/WEB-INF/keystore.jks
 create mode 100755 testsuite/integration/src/test/resources/saml/encrypted-post/WEB-INF/picketlink.xml
 create mode 100755 testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/keystore.jks
 create mode 100755 testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/picketlink.xml
 create mode 100755 testsuite/integration/src/test/resources/saml/simple-get/WEB-INF/picketlink.xml
 create mode 100755 testsuite/integration/src/test/resources/saml/simple-post/WEB-INF/picketlink.xml

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlSignedPostBindingTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlBindingTest.java
similarity index 50%
rename from testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlSignedPostBindingTest.java
rename to testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlBindingTest.java
index 87d5db7bcf..2700d0f3cf 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlSignedPostBindingTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlBindingTest.java
@@ -14,17 +14,20 @@ import org.openqa.selenium.WebDriver;
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
  */
-public class SamlSignedPostBindingTest {
+public class SamlBindingTest {
 
     @ClassRule
     public static SamlKeycloakRule keycloakRule = new SamlKeycloakRule() {
         @Override
         public void initWars() {
-             ClassLoader classLoader = SamlSignedPostBindingTest.class.getClassLoader();
+             ClassLoader classLoader = SamlBindingTest.class.getClassLoader();
 
+            initializeSamlSecuredWar("/saml/simple-post", "/sales-post",  "post.war", classLoader);
             initializeSamlSecuredWar("/saml/signed-post", "/sales-post-sig",  "post-sig.war", classLoader);
+            initializeSamlSecuredWar("/saml/signed-get", "/employee-sig",  "employee-sig.war", classLoader);
             initializeSamlSecuredWar("/saml/bad-client-signed-post", "/bad-client-sales-post-sig",  "bad-client-post-sig.war", classLoader);
             initializeSamlSecuredWar("/saml/bad-realm-signed-post", "/bad-realm-sales-post-sig",  "bad-realm-post-sig.war", classLoader);
+            initializeSamlSecuredWar("/saml/encrypted-post", "/sales-post-enc",  "post-enc.war", classLoader);
 
         }
 
@@ -49,7 +52,18 @@ public class SamlSignedPostBindingTest {
 
 
     @Test
-    public void testSignedLoginLogout() {
+    public void testPostSimpleLoginLogout() {
+        driver.navigate().to("http://localhost:8081/sales-post/");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
+        loginPage.login("bburke", "password");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post/");
+        Assert.assertTrue(driver.getPageSource().contains("bburke"));
+        driver.navigate().to("http://localhost:8081/sales-post?GLO=true");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
+
+    }
+    @Test
+    public void testPostSignedLoginLogout() {
         driver.navigate().to("http://localhost:8081/sales-post-sig/");
         Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
         loginPage.login("bburke", "password");
@@ -60,7 +74,30 @@ public class SamlSignedPostBindingTest {
 
     }
     @Test
-    public void testBadClientSignature() {
+    public void testRedirectSignedLoginLogout() {
+        driver.navigate().to("http://localhost:8081/employee-sig/");
+        Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
+        loginPage.login("bburke", "password");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig/");
+        Assert.assertTrue(driver.getPageSource().contains("bburke"));
+        driver.navigate().to("http://localhost:8081/employee-sig?GLO=true");
+        Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
+
+    }
+
+    @Test
+    public void testPostEncryptedLoginLogout() {
+        driver.navigate().to("http://localhost:8081/sales-post-enc/");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
+        loginPage.login("bburke", "password");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-enc/");
+        Assert.assertTrue(driver.getPageSource().contains("bburke"));
+        driver.navigate().to("http://localhost:8081/sales-post-enc?GLO=true");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
+
+    }
+    @Test
+    public void testPostBadClientSignature() {
         driver.navigate().to("http://localhost:8081/bad-client-sales-post-sig/");
         Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
         Assert.assertEquals(driver.getTitle(), "We're sorry...");
@@ -68,7 +105,7 @@ public class SamlSignedPostBindingTest {
     }
 
     @Test
-    public void testBadRealmSignature() {
+    public void testPostBadRealmSignature() {
         driver.navigate().to("http://localhost:8081/bad-realm-sales-post-sig/");
         Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
         loginPage.login("bburke", "password");
diff --git a/testsuite/integration/src/test/resources/saml/encrypted-post/WEB-INF/keystore.jks b/testsuite/integration/src/test/resources/saml/encrypted-post/WEB-INF/keystore.jks
new file mode 100755
index 0000000000000000000000000000000000000000..822162ceafcff816168fc3f807f89fd92b3a5b50
GIT binary patch
literal 1707
zcmezO_TO6u1_mZ5W@J#!C@Cqh($~+)PfpCq$S*FjvM{hP&@WERNiEhb0P=NH^OE%$
z7#KYz6Cck2>fCM6#I)UjkBv*4jgf^>i%F1?k(Gg^iD_}UrK(uopPZv*t2wL8A259|
zI`aN?JiEB@-|zCT62!dE<>@TxeEi#`qr%MakaWne8HuU8&Rf+!eJZ~A)@+%b=gTI3
z<x~j^)#!WR8UNjWr)70FkJY^=3zgY#f4p_z-#7PZ#WzcyI-f7H{P}W~q01-B?u|+-
zrtt+mRMk1V-GV=VitNc}Cv+#=(h|()oOmJd2AgN+o>}t}Kh9&n=x<SUz;LU7aBWV^
zX@%hZclLCy`FQPAERR^*opRZ|c~^JaZ^`#HoBeb18qc>JALY&1%rE5Xtj}?DT3ccM
zzLjyk;p>I<D|hZtyl6Mu^>xtN$4~rTF4^4ps*5w|#qJs2RvHVwb2&4HHT}G6mX>j_
zB+o}SspL-?$AXY9wxY~mM~*v+D~M|>%H*l2iZEQN!al!g#~+h?y&1C}=&v$5_+O5#
zR%d3~n;*41-+Z&%&i3i$*)(=Ral;#RLfz^&PQ6<<Qy|*e%jm@pR{emP>Qk@kn?I8f
zjIOE4xjuWt#>U7;qK%6d3)<c~&AU6UODBd~=G->%2m14Fs+o7Q&E9j))cZvD$~6VY
z`K(_`wXXQUxM_Mhr?<J_CfO(dt|}``U)g=LAktw@@h<*kt`~L|L3N8<{(U^Z#Y*k{
z!Xp;{XS-clxb1Y}S7o86nwc|KN=W=|w0)%J!sD>CS~BYT&SjNF;a8)T1v<|-EnYKW
znfn*>D>c8X3LLs5P1|ff&b-t-VNq&;?Vioj(ITpk3UflLeQh3Y6*Tpj<UX-bPtD^|
z)QKy`*=pbKwq#AR_HcDQ^Xa#@L#&R%$A9y;=Cps2NlMq9$F;kdsYE6~((?agZ-t)E
zrW_*PAHT79uXB|8viWq+-(!0g1U!mKsCCU~_z;z0vGh>Z^9VuFHMb&eJmqcO-J4oF
zbGD7s$43iWZ3{J-+7!AQT!5*bk%2Wr&(y#Y$hu+B#CQdWZJF4BsXJ^AhXF4er&gOs
z+jm|@Ms8LH0|P@n106QzP!?uk;<AZ>oH(zciJ^g^nW2f1fr(j^IIj_mYh+{=MTUuu
z^O0Qz%xcVyy$lA8olK3547cC;aN0S}4X#t{Je7LzSJmIl-oix>zqec}-c+>ys(RVH
z%*jd*@*R%6abo$sQfPD2n-yw*WGopk6&-$JdYffp?5A2WsirksU*>P)Yuy^;GoQJ7
z@}8NwKluez+rJxDUkvYCeEasf4VtEsceWo(l%IaPF2wP{WQH&M1AlD0;(AL+lZly;
zff3nxz(8XLy31$n$L6n$@yBQXo_hZr(=E$&mcrE~rH(K5#ERZ8I&Z#b+bUs;BU`Pz
zr8c>A&r6AWl)yGM&1vQb4o#I_oh|BOuXM~qyRWUTO*ItA>|5^}DX-3=CvY~Copog}
z|N5DNGK~)=UHQ|pwxdD&?wy#ue<mylV(34z{NcgpMgosE2A;Qk2QJ)LQc`pCq2<<0
zM5IpzM)*X7#^2yLkC+jI=6nNwLtX=JNSuRBK#5W#Q<Nw*F$P8{h6a2wwmNLXI=>6r
zd2BP!>`mM!Yq(`!TJbIuv&C2Ewm#AOA#+G!JDbt5!_jU6S)7>#?>v{JPHTJiyvVW5
zru?pR{_i>e0}k$(tnC;r5oa2-Tz}z$Rl!j?$69MXo#%*GVPaaoN$;=8DZBZLmV5R~
zRC>-U{#CZmc$=BE5M#KQAhT%8+^_n$VvLhZT`uC}-UE*l?{^AlWvh6deKg5YY<{so
z^Q;Vw9PO7U<@L_LnB4EW+5EY0g8J|5$c6=1gidY{vHttw(t18eyGrhp*H{h&Mm|5)
z%XjibrSU~}U-!N`MaQ7}%Tf>4p1ZBL@64UmmXiN}_-uXncfFnNCXPLmB^?rPC~tmt
e?8L6K8&o7B!`iO)afL5ud@^C)tPg?}*4Y3Vufd)G

literal 0
HcmV?d00001

diff --git a/testsuite/integration/src/test/resources/saml/encrypted-post/WEB-INF/picketlink.xml b/testsuite/integration/src/test/resources/saml/encrypted-post/WEB-INF/picketlink.xml
new file mode 100755
index 0000000000..068d3ecfe5
--- /dev/null
+++ b/testsuite/integration/src/test/resources/saml/encrypted-post/WEB-INF/picketlink.xml
@@ -0,0 +1,31 @@
+<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
+	<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"
+		ServerEnvironment="tomcat" BindingType="POST" SupportsSignatures="true">
+        <IdentityURL>${idp-sig.url::http://localhost:8081/auth/realms/demo/protocol/saml}
+        </IdentityURL>
+		<ServiceURL>${sales-post-sig.url::http://localhost:8081/sales-post-enc/}
+		</ServiceURL>
+        <KeyProvider
+            ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
+            <Auth Key="KeyStoreURL" Value="saml/encrypted-post/WEB-INF/keystore.jks" />
+            <Auth Key="KeyStorePass" Value="store123" />
+            <Auth Key="SigningKeyPass" Value="test123" />
+            <Auth Key="SigningKeyAlias" Value="http://localhost:8080/sales-post-enc/" />
+            <ValidatingAlias Key="localhost" Value="demo" />
+            <ValidatingAlias Key="127.0.0.1" Value="demo" />
+        </KeyProvider>
+
+	</PicketLinkSP>
+	<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler" />
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler" />
+	</Handlers>
+</PicketLink>
diff --git a/testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/keystore.jks b/testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/keystore.jks
new file mode 100755
index 0000000000000000000000000000000000000000..4daad218a3f78b798d1de8996c39014785c45c95
GIT binary patch
literal 1701
zcmezO_TO6u1_mZ5W@J##C@Cqh($~+)PfpCq$S*FjvM{hP&`-@R$jPrvP1P;VOxI^%
zVDyw<_*fUHZ?{1c({=+sHZE;8MixdbCP79<RtA<Prp41#{1={(ex#H1vi`y<#vAYa
z7)?K$_vHGmQhf9wYjN$z?ZMiS8uEOzvQ^H?^OkohOR)YB`C0Cl!t-m2K>uyORg)YY
z9JblVoe37#<8yv++uHrwMt(`Nphxp#7ED_>S+vq3A$V?CM$x=F8~<1CpSc$wm(+Hu
zz411`BD+=kz1b=gKRL;#`<bQQ@CP(@zHHw3Kd)x)mc~6ghyFjUXuo>#Nn7@#d5Jgp
zyU+bqJSg}`^iOo<f_aL6!#B<6n8h)TvEV~|(~6gs(d*VYbYGXM+-=Z!=8-W+(DTBp
z8huw2wf=Q!So2$Vc=2yPH;GkOA@la@zt_^gesE=PJDogT*zsqIsGr;Hs3^(JrI%Go
zpMBXAEP26uli`b*FWxzEsc|;sR&CjC_y2Lu`Go<xi;jP<ZFoKPm2+v}ta!G`{O$)%
z&i!b3?1lRRtADCZXQTI6@XdUp{r_v?@k1xS@W0*g_wnOHVOe_}S8@McYq2J}vU6`e
zr(dD{^<23V4lis(RCX7&YSnD$Qdqj{UPS+5@8@P~Gjamf9?br4Ud*}Mt-#&Rck;B^
zhu6N{U?RPVHS1L8wLg#Tv<}~C48N@Pa&h)O9oGk<EGN&#zSunNKhwLV!jH9|a9@)#
zlq~*t=400<fxBWS_n$HO;<f#d2=kj8EidohTz-(*GF3iM_k8s?uO~qnLSO6oh3EcR
zf0?63DZ}v4U&(9pqI{NETne_{^k(&q<JJ$n7CiI3Sawl$x8R32i!IMpi;J87Tj1d>
zwxaAnwr1v=(`8HSvI0&q#(LVmKj`48_o=|ZF~sUz-)ZfXQ}aKUYj?g;S+jPLZ2MC8
zEpA)iUwZXc@|w-v(2Mr_Po{d<9q;Y+%6pbo7@Xb3k?<qNZ%w1nmH8L$|Is|+SmJNM
z{%wucp<-3VsKwhE7hJp7xmg~V<{24SBlJuSEP<>m22G3?fY_3W4Vb!TZxJxyW#iOp
z^Jx3d%gD&h%3z>psAHhT#vIDREKE!$F_07IH8e3aFf=!`G&VN1h!W>Df^kiaEuu&^
zuW>%Ii-6gTxv`hQps|ywv5{flH`fH4sGK&FZJD+Uo@ZwH{aw0pZ*tSun_+&BMB=y^
z-c2e|JryhF@lboSqNJ$VMAPivsn=Wtr>-(y5UJYq_2(w@J=?sZzH4Uv+~XE=KG0oV
z%k6FBuhuEy8?;t$$hlZO_hNdxV@r%s!{Sv3y`=Sau5!A_d*%0qkdsYQ+P9rwz|X|Y
z$iRr~JYaw^1Kp*x$!6m!!+N$2U59F>+Ehlq%vy6f=7g$ll>J<Dd8X2NUmava-}ByG
z+aEXK;J#PA%pZ<0iN-kb#7=o~ZI0ZU&wsjorQ0uVOUSQkD_2=m|1#u<-{<r%i}=mf
zGyVL>AT@7R&GCYog$eH$nhLh>b-VWDfl~L?*gnZUEWO_nVto$@tppcqEGenE`Oq>;
z4-w&0fssAYpz$|2zEk#1MRUFZzag&yHzdBnCLl$q1u#O*5D{u&Y-(&4g{c8wjI9pa
zu+Hy-b{^ZzGkX*F$r^6imsY&X#BA}^xvfw1e#jhB*v@8j>~OT3Ko)0a!8^|-sngn?
zJuh->vnjvpod0{y|A2!#CTlxJOT?K5E!SVTU{!Eb&au{-Pv<$}RhXETZ_@i~a>{Q0
zqUE0b5|y6wihq^uGu~!qEyNfuCde$>GWV-Kt{Bt!8Ol`uIwkVrY6hQMG0Vc--|c@>
z_11Di$61H3Yb+f~Hfi3Uxw>}!`N=XhR-HG~JPhu~3%XW))cNBg+UGy3J|?IC()^$P
zzJ;ylddv2%TfF-1tBtIV-#1IRPC2=Ef||6-p*3ssE@!Cj<9MC2<fehLflX)3#wC(5
j2Q|vFx=u&k_Q^_Ix<&H^OOK>0gXI3Dk|qo%RL%nc;dRUo

literal 0
HcmV?d00001

diff --git a/testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/picketlink.xml b/testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/picketlink.xml
new file mode 100755
index 0000000000..beed463689
--- /dev/null
+++ b/testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/picketlink.xml
@@ -0,0 +1,36 @@
+<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
+	<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"
+		ServerEnvironment="tomcat" BindingType="REDIRECT" SupportsSignatures="true">
+		<IdentityURL>${idp-sig.url::http://localhost:8081/auth/realms/demo/protocol/saml}
+		</IdentityURL>
+		<ServiceURL>${employee-sig.url::http://localhost:8081/employee-sig/}
+		</ServiceURL>
+		<KeyProvider
+			ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
+			<Auth Key="KeyStoreURL" Value="saml/signed-get/WEB-INF/keystore.jks" />
+			<Auth Key="KeyStorePass" Value="store123" />
+			<Auth Key="SigningKeyPass" Value="test123" />
+			<Auth Key="SigningKeyAlias" Value="http://localhost:8080/employee-sig/" />
+			<ValidatingAlias Key="localhost" Value="demo" />
+			<ValidatingAlias Key="127.0.0.1" Value="demo" />
+		</KeyProvider>
+	</PicketLinkSP>
+	<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
+		<Handler
+            class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler">
+            <!--
+                This is a optional configuration. By default, method http://www.w3.org/2000/09/xmldsig#rsa-sha1
+                and digest http://www.w3.org/2000/09/xmldsig#sha1 are used. -->
+            <Option Key="SIGN_METHOD" Value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+            <Option Key="SIGN_DIGEST" Value="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        </Handler>
+        <Handler
+            class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler" />
+	</Handlers>
+</PicketLink>
\ No newline at end of file
diff --git a/testsuite/integration/src/test/resources/saml/simple-get/WEB-INF/picketlink.xml b/testsuite/integration/src/test/resources/saml/simple-get/WEB-INF/picketlink.xml
new file mode 100755
index 0000000000..2fb11caca1
--- /dev/null
+++ b/testsuite/integration/src/test/resources/saml/simple-get/WEB-INF/picketlink.xml
@@ -0,0 +1,20 @@
+<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
+	<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"
+		ServerEnvironment="tomcat" BindingType="REDIRECT" RelayState="someURL">
+		<IdentityURL>${idp.url::http://localhost:8081/auth/realms/demo/protocol/saml}</IdentityURL>
+		<ServiceURL>${employee.url::http://localhost:8081/employee/}
+		</ServiceURL>
+	</PicketLinkSP>
+	<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler">
+			
+			<Option Key="ASSERTION_SESSION_ATTRIBUTE_NAME" Value="org.picketlink.sp.assertion"/>
+			
+		</Handler>
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
+	</Handlers>
+</PicketLink>
\ No newline at end of file
diff --git a/testsuite/integration/src/test/resources/saml/simple-post/WEB-INF/picketlink.xml b/testsuite/integration/src/test/resources/saml/simple-post/WEB-INF/picketlink.xml
new file mode 100755
index 0000000000..4e20d7e401
--- /dev/null
+++ b/testsuite/integration/src/test/resources/saml/simple-post/WEB-INF/picketlink.xml
@@ -0,0 +1,20 @@
+<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
+	<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"
+		ServerEnvironment="tomcat" BindingType="POST">
+		<IdentityURL>${idp.url::http://localhost:8081/auth/realms/demo/protocol/saml}</IdentityURL>
+		<ServiceURL>${sales-post.url::http://localhost:8081/sales-post/}</ServiceURL>
+        <Trust>
+			<Domains>localhost,jboss.com,jboss.org,amazonaws.com</Domains>
+		</Trust>
+	</PicketLinkSP>
+	<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
+        <Handler
+            class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" />
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
+		<Handler
+			class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
+	</Handlers>
+</PicketLink>
\ No newline at end of file