[seam-commits] Seam SVN: r13608 - in modules/security/trunk/external: src/main/java/org/jboss/seam/security and 5 other directories.

seam-commits at lists.jboss.org seam-commits at lists.jboss.org
Thu Aug 12 17:50:32 EDT 2010


Author: shane.bryzak at jboss.com
Date: 2010-08-12 17:50:30 -0400 (Thu, 12 Aug 2010)
New Revision: 13608

Added:
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationFilter.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationService.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticator.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InternalAuthenticator.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InvalidRequestException.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/LoggedInEvent.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdConsumerManagerFactory.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdPrincipal.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdRequest.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginReceiver.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginSender.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdXrdsProvider.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/PagesSupportingExternalAuthentication.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestContext.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestOrResponse.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/Requests.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlConstants.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageFactory.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageReceiver.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageSender.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMetaDataProvider.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlProfile.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForPostBinding.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForRedirectBinding.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutReceiver.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutSender.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnReceiver.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnSender.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlUtils.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SeamSamlPrincipal.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/
Removed:
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationFilter.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationService.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticator.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InternalAuthenticator.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InvalidRequestException.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/LoggedInEvent.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdConsumerManagerFactory.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdPrincipal.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdRequest.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginReceiver.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginSender.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdXrdsProvider.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/PagesSupportingExternalAuthentication.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestContext.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestOrResponse.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/Requests.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlConstants.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageFactory.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageReceiver.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageSender.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMetaDataProvider.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlProfile.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForPostBinding.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForRedirectBinding.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutReceiver.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutSender.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnReceiver.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnSender.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlUtils.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SeamSamlPrincipal.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/
Modified:
   modules/security/trunk/external/pom.xml
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Binding.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Configuration.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/OpenIdConfiguration.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlConfiguration.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlEndpoint.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlIdentityProvider.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlService.java
   modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/ServiceProvider.java
   modules/security/trunk/external/src/main/resources/schema/config/external-authentication-config.xsd
   modules/security/trunk/external/src/main/xjb/samlv2-bindings.xjb
Log:
renamed external_authentication package to just external


Modified: modules/security/trunk/external/pom.xml
===================================================================
--- modules/security/trunk/external/pom.xml	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/pom.xml	2010-08-12 21:50:30 UTC (rev 13608)
@@ -12,7 +12,7 @@
    <groupId>org.jboss.seam.security</groupId>
    <artifactId>seam-security-external</artifactId>
    <packaging>jar</packaging>
-   <name>Seam Security External Authentication</name>
+   <name>Seam Security External Authentication Services</name>
 
    <build>
       <plugins>
@@ -38,7 +38,7 @@
                   <id>jaxb-xrds</id>
                   <configuration>
                      <schemaDirectory>${basedir}/src/main/resources/schema/xrds</schemaDirectory>
-                     <packageName>org.jboss.seam.security.external_authentication.jaxb.xrds</packageName>
+                     <packageName>org.jboss.seam.security.external.jaxb.xrds</packageName>
                      <outputDirectory>${basedir}/src/main/generated-source</outputDirectory>
                      <clearOutputDir>false</clearOutputDir>
                      <staleFile>${project.build.directory}/.staleFlag_xrds</staleFile>
@@ -52,7 +52,7 @@
                   <id>jaxb-config</id>
                   <configuration>
                      <schemaDirectory>${basedir}/src/main/resources/schema/config</schemaDirectory>
-                     <packageName>org.jboss.seam.security.external_authentication.jaxb.config</packageName>
+                     <packageName>org.jboss.seam.security.external.jaxb.config</packageName>
                      <outputDirectory>${basedir}/src/main/generated-source</outputDirectory>
                      <clearOutputDir>false</clearOutputDir>
                      <staleFile>${project.build.directory}/.staleFlag_config</staleFile>
@@ -106,6 +106,11 @@
       </dependency>
 
       <dependency>
+         <groupId>org.jboss.seam.security</groupId>
+         <artifactId>seam-security-impl</artifactId>
+      </dependency>
+
+      <dependency>
          <groupId>org.picketlink.idm</groupId>
          <artifactId>picketlink-idm-core</artifactId>
          <exclusions>

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationFilter.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationFilter.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationFilter.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationFilter.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,220 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.external.configuration.Configuration;
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Seam Servlet Filter supporting SAMLv2 authentication. It implements the Web
+ * Browser SSO Profile. For outgoing authentication requests it can use either
+ * HTTP Post or HTTP Redirect binding. For the responses, it uses HTTP Post
+ * binding, with or without signature validation.
+ */
+ at WebFilter
+public class ExternalAuthenticationFilter implements Filter
+{
+   public static final String IDP_ENTITY_ID_PARAMETER = "idpEntityId";
+
+   public static final String RETURN_URL_PARAMETER = "returnUrl";
+
+   public static final String OPEN_ID_PARAMETER = "openId";
+
+   private final Logger log = LoggerFactory.getLogger(ExternalAuthenticationFilter.class);
+
+   @Inject
+   private Configuration configuration;
+
+   @Inject
+   private SamlMessageReceiver samlMessageReceiver;
+
+   @Inject
+   private OpenIdSingleLoginReceiver openIdSingleLoginReceiver;
+
+   @Inject
+   private SamlSingleSignOnSender samlSingleSignOnSender;
+
+   @Inject
+   private OpenIdSingleLoginSender openIdSingleLoginSender;
+
+   @Inject
+   private SamlSingleLogoutSender samlSingleLogoutSender;
+
+   @Inject
+   private SamlMetaDataProvider samlMetaDataProvider;
+
+   @Inject
+   private OpenIdXrdsProvider openIdXrdsProvider;
+
+   @Inject
+   private Instance<Identity> identity;
+
+   public void init(FilterConfig filterConfig) throws ServletException
+   {
+      configuration.setContextRoot(filterConfig.getServletContext().getContextPath());
+   }
+
+   public void doFilter(ServletRequest request, ServletResponse response, final FilterChain chain) throws IOException, ServletException
+   {
+      if (!(request instanceof HttpServletRequest))
+      {
+         throw new ServletException("This filter can only process HttpServletRequest requests");
+      }
+
+      final HttpServletRequest httpRequest = (HttpServletRequest) request;
+      final HttpServletResponse httpResponse = (HttpServletResponse) response;
+
+      final ExternalAuthenticationService service = determineService(httpRequest);
+
+      if (service != null)
+      {
+         try
+         {
+            doFilter(httpRequest, httpResponse, service);
+         }
+         catch (InvalidRequestException e)
+         {
+            httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+            if (log.isInfoEnabled())
+            {
+               log.info("Bad request received from {0} ({1})", new Object[] { e.getCause(), httpRequest.getRemoteHost(), e.getDescription() });
+            }
+         }
+      }
+      else
+      {
+         // Request is not related to external authentication. Pass the request
+         // on to
+         // the next filter in the chain.
+         chain.doFilter(httpRequest, httpResponse);
+      }
+   }
+
+   private void doFilter(HttpServletRequest httpRequest, HttpServletResponse httpResponse, ExternalAuthenticationService service) throws InvalidRequestException, IOException, ServletException
+   {
+      switch (service)
+      {
+      case OPEN_ID_SERVICE:
+         openIdSingleLoginReceiver.handleIncomingMessage(httpRequest, httpResponse);
+         break;
+      case SAML_SINGLE_LOGOUT_SERVICE:
+         samlMessageReceiver.handleIncomingSamlMessage(SamlProfile.SINGLE_LOGOUT, httpRequest, httpResponse);
+         break;
+      case SAML_ASSERTION_CONSUMER_SERVICE:
+         samlMessageReceiver.handleIncomingSamlMessage(SamlProfile.SINGLE_SIGN_ON, httpRequest, httpResponse);
+         break;
+      case AUTHENTICATION_SERVICE:
+         String returnUrl = httpRequest.getParameter(RETURN_URL_PARAMETER);
+
+         String providerName = httpRequest.getParameter(IDP_ENTITY_ID_PARAMETER);
+         if (providerName != null)
+         {
+            SamlIdentityProvider identityProvider = configuration.getServiceProvider().getSamlConfiguration().getSamlIdentityProviderByEntityId(providerName);
+
+            // User requested a page for which login is required. Return a page
+            // that instructs the browser to post an authentication request to
+            // the IDP.
+            if (identityProvider instanceof SamlIdentityProvider)
+            {
+               samlSingleSignOnSender.sendAuthenticationRequestToIDP(httpRequest, httpResponse, (SamlIdentityProvider) identityProvider, returnUrl);
+            }
+            else
+            {
+               throw new RuntimeException("Only SAML identity providers are supported in this version");
+            }
+         }
+         else
+         {
+            String openId = httpRequest.getParameter(OPEN_ID_PARAMETER);
+            openIdSingleLoginSender.sendAuthRequest(openId, returnUrl, httpResponse);
+         }
+         break;
+      case LOGOUT_SERVICE:
+         if (!identity.get().isLoggedIn())
+         {
+            throw new RuntimeException("User not logged in.");
+         }
+         // FIXME SeamSamlPrincipal principal = (SeamSamlPrincipal)
+         // identity.getPrincipal();
+         SeamSamlPrincipal principal = (SeamSamlPrincipal) httpRequest.getUserPrincipal();
+         SamlIdentityProvider idp = principal.getIdentityProvider();
+         if (!(idp instanceof SamlIdentityProvider))
+         {
+            throw new RuntimeException("Only SAML identity providers are supported in this version");
+         }
+
+         samlSingleLogoutSender.sendSingleLogoutRequestToIDP(httpRequest, httpResponse, identity.get());
+         break;
+      case SAML_META_DATA_SERVICE:
+
+         samlMetaDataProvider.writeMetaData(httpResponse.getOutputStream());
+         httpResponse.setCharacterEncoding("UTF-8");
+         httpResponse.setContentType("application/xml");
+         httpResponse.flushBuffer();
+         break;
+      case OPEN_ID_XRDS_SERVICE:
+
+         openIdXrdsProvider.writeMetaData(httpResponse.getOutputStream());
+         httpResponse.setCharacterEncoding("UTF-8");
+         httpResponse.setContentType("application/xrds+xml");
+         httpResponse.flushBuffer();
+         break;
+      default:
+         throw new RuntimeException("Unsupported service " + service);
+      }
+   }
+
+   private ExternalAuthenticationService determineService(HttpServletRequest httpRequest)
+   {
+      String path = ((HttpServletRequest) httpRequest).getRequestURI().replace(".seam", "");
+
+      for (ExternalAuthenticationService service : ExternalAuthenticationService.values())
+      {
+         if (path.endsWith("/" + service.getName()))
+         {
+            return service;
+         }
+      }
+      return null;
+   }
+
+   public void destroy()
+   {
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationService.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationService.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationService.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticationService.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,52 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+public enum ExternalAuthenticationService
+{
+
+   AUTHENTICATION_SERVICE("AuthenticationService"),
+
+   LOGOUT_SERVICE("LogoutService"),
+
+   SAML_ASSERTION_CONSUMER_SERVICE("AssertionConsumerService"),
+
+   SAML_SINGLE_LOGOUT_SERVICE("SingleLogoutService"),
+
+   SAML_META_DATA_SERVICE("MetaDataService"),
+
+   OPEN_ID_SERVICE("OpenIdService"),
+
+   OPEN_ID_XRDS_SERVICE("OpenIdXrdsService");
+
+   private String name;
+
+   private ExternalAuthenticationService(String name)
+   {
+      this.name = name;
+   }
+
+   public String getName()
+   {
+      return name;
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticator.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticator.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticator.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ExternalAuthenticator.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,174 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.faces.context.FacesContext;
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.servlet.annotation.WebFilter;
+
+import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+
+/**
+ * Filter that manages the external authentication of users (using, for example,
+ * SAML or OpenID).
+ */
+ at Named("externalAuthenticator")
+ at WebFilter
+// FIXME: page scope
+public class ExternalAuthenticator
+{
+   private String returnUrl;
+
+   private String openId;
+
+   @Inject
+   private ServiceProvider serviceProvider;
+
+   @Inject
+   private Identity identity;
+
+   public void samlSignOn(String idpEntityId)
+   {
+      if (serviceProvider.getSamlConfiguration() == null)
+      {
+         throw new RuntimeException("SAML is not configured.");
+      }
+
+      SamlIdentityProvider idp = serviceProvider.getSamlConfiguration().getSamlIdentityProviderByEntityId(idpEntityId);
+      if (idp == null)
+      {
+         throw new RuntimeException("Identity provider " + idpEntityId + " not found");
+      }
+
+      String authenticationServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.AUTHENTICATION_SERVICE);
+      Map<String, String> params = new HashMap<String, String>();
+      params.put(ExternalAuthenticationFilter.IDP_ENTITY_ID_PARAMETER, idpEntityId);
+      params.put(ExternalAuthenticationFilter.RETURN_URL_PARAMETER, returnUrl);
+      redirect(authenticationServiceURL, params);
+   }
+
+   public void openIdSignOn()
+   {
+      openIdSignOn(openId);
+   }
+
+   public void openIdSignOn(String openId)
+   {
+      if (serviceProvider.getOpenIdConfiguration() == null)
+      {
+         throw new RuntimeException("OpenID is not configured.");
+      }
+      String authenticationServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.AUTHENTICATION_SERVICE);
+      Map<String, String> params = new HashMap<String, String>();
+      params.put(ExternalAuthenticationFilter.RETURN_URL_PARAMETER, returnUrl);
+      params.put(ExternalAuthenticationFilter.OPEN_ID_PARAMETER, openId);
+      redirect(authenticationServiceURL, params);
+   }
+
+   public void singleLogout()
+   {
+      if (!identity.isLoggedIn())
+      {
+         throw new RuntimeException("Not logged in");
+      }
+      if (false /* FIXME !(identity.getPrincipal() instanceof SeamSamlPrincipal) */)
+      {
+         throw new RuntimeException("Single logout is only supported for SAML");
+      }
+      String logoutServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.LOGOUT_SERVICE);
+      redirect(logoutServiceURL, null);
+   }
+
+   private void redirect(String urlBase, Map<String, String> params)
+   {
+      StringBuilder url = new StringBuilder();
+      url.append(urlBase);
+      if (params != null && params.size() > 0)
+      {
+         url.append("?");
+         boolean first = true;
+         for (Map.Entry<String, String> paramEntry : params.entrySet())
+         {
+            if (first)
+            {
+               first = false;
+            }
+            else
+            {
+               url.append("&");
+            }
+            url.append(paramEntry.getKey());
+            url.append("=");
+            try
+            {
+               String paramValue = paramEntry.getValue();
+               if (paramValue == null || paramValue == "")
+                  throw new RuntimeException("Param Key:" + paramEntry.getKey() + " has value that is null");
+               url.append(URLEncoder.encode(paramValue, "UTF-8"));
+            }
+            catch (UnsupportedEncodingException e)
+            {
+               throw new RuntimeException(e);
+            }
+         }
+      }
+
+      try
+      {
+         FacesContext.getCurrentInstance().getExternalContext().redirect(url.toString());
+      }
+      catch (IOException e)
+      {
+         throw new RuntimeException(e);
+
+      }
+   }
+
+   public String getReturnUrl()
+   {
+      return returnUrl;
+   }
+
+   public void setReturnUrl(String returnUrl)
+   {
+      this.returnUrl = returnUrl;
+   }
+
+   public String getOpenId()
+   {
+      return openId;
+   }
+
+   public void setOpenId(String openId)
+   {
+      this.openId = openId;
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InternalAuthenticator.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InternalAuthenticator.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InternalAuthenticator.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InternalAuthenticator.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,78 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.security.Principal;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.enterprise.inject.spi.BeanManager;
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.security.auth.login.LoginException;
+import javax.servlet.http.HttpServletRequest;
+
+import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.events.LoginFailedEvent;
+import org.jboss.seam.security.events.PostAuthenticateEvent;
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+
+ at Named("internalAuthenticator")
+public class InternalAuthenticator
+{
+   @Inject
+   private Identity identity;
+
+   @Inject
+   private ServiceProvider serviceProvider;
+
+   @Inject
+   private BeanManager beanManager;
+
+   public boolean authenticate(Principal principal, HttpServletRequest httpRequest)
+   {
+      List<String> roles = new LinkedList<String>();
+      Boolean internallyAuthenticated = null; // FIXME =
+      // serviceProvider.getInternalAuthenticationMethod().invoke(principal,
+      // roles);
+
+      beanManager.fireEvent(new PostAuthenticateEvent());
+
+      if (internallyAuthenticated)
+      {
+         // FIXME identity.acceptExternallyAuthenticatedPrincipal(principal);
+
+         for (String role : roles)
+         {
+            // FIXME identity.addRole(role);
+         }
+
+         beanManager.fireEvent(new LoggedInEvent(null) /* FIXME: no user */);
+      }
+      else
+      {
+         beanManager.fireEvent(new LoginFailedEvent(new LoginException()));
+      }
+
+      return internallyAuthenticated;
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InvalidRequestException.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InvalidRequestException.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InvalidRequestException.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/InvalidRequestException.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,61 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+/**
+ * Exception thrown to indicate that the request is invalid.
+ */
+public class InvalidRequestException extends Exception
+{
+   private static final long serialVersionUID = -9127592026257210986L;
+
+   private String description;
+
+   private Exception cause;
+
+   public InvalidRequestException(String description)
+   {
+      this(description, null);
+   }
+
+   public InvalidRequestException(String description, Exception cause)
+   {
+      super();
+      this.description = description;
+      this.cause = cause;
+   }
+
+   public String getDescription()
+   {
+      return description;
+   }
+
+   public Exception getCause()
+   {
+      return cause;
+   }
+
+   public void setCause(Exception cause)
+   {
+      this.cause = cause;
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/LoggedInEvent.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/LoggedInEvent.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/LoggedInEvent.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/LoggedInEvent.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,32 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+public class LoggedInEvent
+{
+
+   public LoggedInEvent(Object object)
+   {
+      // TODO Auto-generated constructor stub
+   }
+
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdConsumerManagerFactory.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdConsumerManagerFactory.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdConsumerManagerFactory.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdConsumerManagerFactory.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Produces;
+import javax.inject.Inject;
+import javax.inject.Named;
+
+import org.openid4java.consumer.ConsumerManager;
+
+ at Named("openIdConsumerManager")
+ at ApplicationScoped
+public class OpenIdConsumerManagerFactory
+{
+   private ConsumerManager consumerManager;
+
+   @Produces
+   public ConsumerManager getConsumerManager()
+   {
+      return consumerManager;
+   }
+
+   @Inject
+   public void startup() throws Exception
+   {
+      consumerManager = new ConsumerManager();
+   }
+}
\ No newline at end of file

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdPrincipal.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdPrincipal.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdPrincipal.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdPrincipal.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,65 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.net.URL;
+import java.security.Principal;
+import java.util.List;
+import java.util.Map;
+
+public class OpenIdPrincipal implements Principal
+{
+   private String identifier;
+
+   private URL openIdProvider;
+
+   private Map<String, List<String>> attributes;
+
+   public OpenIdPrincipal(String identifier, URL openIdProvider, Map<String, List<String>> attributes)
+   {
+      super();
+      this.identifier = identifier;
+      this.openIdProvider = openIdProvider;
+      this.attributes = attributes;
+   }
+
+   public String getName()
+   {
+      return identifier;
+   }
+
+   public String getIdentifier()
+   {
+      return identifier;
+   }
+
+   public URL getOpenIdProvider()
+   {
+      return openIdProvider;
+   }
+
+   public Map<String, List<String>> getAttributes()
+   {
+      return attributes;
+   }
+
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdRequest.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdRequest.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdRequest.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdRequest.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,56 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import javax.enterprise.context.SessionScoped;
+import javax.inject.Named;
+
+import org.openid4java.discovery.DiscoveryInformation;
+
+ at Named("openIdRequest")
+ at SessionScoped
+public class OpenIdRequest
+{
+   private DiscoveryInformation discoveryInformation;
+
+   private String returnUrl;
+
+   public DiscoveryInformation getDiscoveryInformation()
+   {
+      return discoveryInformation;
+   }
+
+   public void setDiscoveryInformation(DiscoveryInformation discoveryInformation)
+   {
+      this.discoveryInformation = discoveryInformation;
+   }
+
+   public String getReturnUrl()
+   {
+      return returnUrl;
+   }
+
+   public void setReturnUrl(String returnUrl)
+   {
+      this.returnUrl = returnUrl;
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginReceiver.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginReceiver.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginReceiver.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginReceiver.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,139 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+import java.net.URL;
+import java.util.List;
+import java.util.Map;
+
+import javax.enterprise.inject.spi.BeanManager;
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.security.auth.login.LoginException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.events.LoginFailedEvent;
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.openid4java.OpenIDException;
+import org.openid4java.consumer.ConsumerManager;
+import org.openid4java.consumer.VerificationResult;
+import org.openid4java.discovery.DiscoveryInformation;
+import org.openid4java.discovery.Identifier;
+import org.openid4java.message.AuthSuccess;
+import org.openid4java.message.ParameterList;
+import org.openid4java.message.ax.AxMessage;
+import org.openid4java.message.ax.FetchResponse;
+
+ at Named("openIdSingleLoginReceiver")
+public class OpenIdSingleLoginReceiver
+{
+   @Inject
+   private OpenIdRequest openIdRequest;
+
+   @Inject
+   private ConsumerManager openIdConsumerManager;
+
+   @Inject
+   private InternalAuthenticator internalAuthenticator;
+
+   @Inject
+   private ServiceProvider serviceProvider;
+
+   @Inject
+   private BeanManager manager;
+
+   @SuppressWarnings("unchecked")
+   public void handleIncomingMessage(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws InvalidRequestException
+   {
+      try
+      {
+         // extract the parameters from the authentication response
+         // (which comes in as a HTTP request from the OpenID provider)
+         ParameterList response = new ParameterList(httpRequest.getParameterMap());
+
+         // retrieve the previously stored discovery information
+         DiscoveryInformation discovered = openIdRequest.getDiscoveryInformation();
+
+         // extract the receiving URL from the HTTP request
+         StringBuffer receivingURL = httpRequest.getRequestURL();
+         String queryString = httpRequest.getQueryString();
+         if (queryString != null && queryString.length() > 0)
+            receivingURL.append("?").append(httpRequest.getQueryString());
+
+         // verify the response; ConsumerManager needs to be the same
+         // (static) instance used to place the authentication request
+         VerificationResult verification = openIdConsumerManager.verify(receivingURL.toString(), response, discovered);
+
+         boolean authenticated = true;
+
+         // examine the verification result and extract the verified identifier
+         Identifier identifier = verification.getVerifiedId();
+
+         if (identifier != null)
+         {
+            AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();
+
+            Map<String, List<String>> attributes = null;
+            if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX))
+            {
+               FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
+
+               attributes = fetchResp.getAttributes();
+            }
+
+            OpenIdPrincipal principal = createPrincipal(identifier.getIdentifier(), discovered.getOPEndpoint(), attributes);
+
+            authenticated = internalAuthenticator.authenticate(principal, httpRequest);
+         }
+         else
+         {
+            manager.fireEvent(new LoginFailedEvent(new LoginException()));
+            authenticated = false;
+         }
+
+         if (authenticated)
+         {
+            httpResponse.sendRedirect(openIdRequest.getReturnUrl());
+         }
+         else
+         {
+            httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
+         }
+      }
+      catch (OpenIDException e)
+      {
+         throw new RuntimeException(e);
+      }
+      catch (IOException e)
+      {
+         throw new RuntimeException(e);
+      }
+
+   }
+
+   private OpenIdPrincipal createPrincipal(String identifier, URL openIdProvider, Map<String, List<String>> attributes)
+   {
+      return new OpenIdPrincipal(identifier, openIdProvider, attributes);
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginSender.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginSender.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginSender.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdSingleLoginSender.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,113 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.enterprise.inject.spi.BeanManager;
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.security.auth.login.LoginException;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.events.LoginFailedEvent;
+import org.jboss.seam.security.events.PreAuthenticateEvent;
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.jboss.seam.security.external.jaxb.config.OpenIdAttributeType;
+import org.openid4java.OpenIDException;
+import org.openid4java.consumer.ConsumerManager;
+import org.openid4java.discovery.DiscoveryInformation;
+import org.openid4java.message.AuthRequest;
+import org.openid4java.message.ax.FetchRequest;
+
+ at Named("org.jboss.seam.security.external.openIdSingleLoginSender")
+public class OpenIdSingleLoginSender
+{
+   @Inject
+   private OpenIdRequest openIdRequest;
+
+   @Inject
+   private ConsumerManager openIdConsumerManager;
+
+   @Inject
+   private ServiceProvider serviceProvider;
+
+   @Inject
+   private BeanManager manager;
+
+   public String sendAuthRequest(String openId, String returnUrl, HttpServletResponse httpResponse)
+   {
+      try
+      {
+         @SuppressWarnings("unchecked")
+         List<DiscoveryInformation> discoveries = openIdConsumerManager.discover(openId);
+
+         DiscoveryInformation discovered = openIdConsumerManager.associate(discoveries);
+
+         openIdRequest.setDiscoveryInformation(discovered);
+         openIdRequest.setReturnUrl(returnUrl);
+
+         String openIdServiceUrl = serviceProvider.getServiceURL(ExternalAuthenticationService.OPEN_ID_SERVICE);
+         String realm = serviceProvider.getOpenIdRealm();
+         AuthRequest authReq = openIdConsumerManager.authenticate(discovered, openIdServiceUrl, realm);
+
+         // Request attributes
+         List<OpenIdAttributeType> attributes = serviceProvider.getOpenIdConfiguration().getAttributes();
+         if (attributes.size() > 0)
+         {
+            FetchRequest fetch = FetchRequest.createFetchRequest();
+            for (OpenIdAttributeType attribute : attributes)
+            {
+               fetch.addAttribute(attribute.getAlias(), attribute.getTypeUri(), attribute.isRequired());
+            }
+            // attach the extension to the authentication request
+            authReq.addExtension(fetch);
+         }
+
+         String url = authReq.getDestinationUrl(true);
+
+         manager.fireEvent(new PreAuthenticateEvent());
+
+         httpResponse.sendRedirect(url);
+      }
+      catch (OpenIDException e)
+      {
+         try
+         {
+            manager.fireEvent(new LoginFailedEvent(new LoginException()));
+
+            httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
+         }
+         catch (IOException e1)
+         {
+            throw new RuntimeException(e);
+         }
+      }
+      catch (IOException e)
+      {
+         throw new RuntimeException(e);
+      }
+
+      return null;
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdXrdsProvider.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdXrdsProvider.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdXrdsProvider.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/OpenIdXrdsProvider.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,79 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.OutputStream;
+
+import javax.inject.Inject;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.jboss.seam.security.external.jaxb.xrds.ObjectFactory;
+import org.jboss.seam.security.external.jaxb.xrds.Service;
+import org.jboss.seam.security.external.jaxb.xrds.Type;
+import org.jboss.seam.security.external.jaxb.xrds.URIPriorityAppendPattern;
+import org.jboss.seam.security.external.jaxb.xrds.XRD;
+import org.jboss.seam.security.external.jaxb.xrds.XRDS;
+import org.openid4java.discovery.DiscoveryInformation;
+
+public class OpenIdXrdsProvider
+{
+   @Inject
+   private ServiceProvider serviceProvider;
+
+   public void writeMetaData(OutputStream stream)
+   {
+      try
+      {
+         ObjectFactory objectFactory = new ObjectFactory();
+
+         XRDS xrds = objectFactory.createXRDS();
+
+         XRD xrd = objectFactory.createXRD();
+
+         Type type = objectFactory.createType();
+         type.setValue(DiscoveryInformation.OPENID2_RP);
+         URIPriorityAppendPattern uri = objectFactory.createURIPriorityAppendPattern();
+         uri.setValue(serviceProvider.getServiceURL(ExternalAuthenticationService.OPEN_ID_SERVICE));
+
+         Service service = objectFactory.createService();
+         service.getType().add(type);
+         service.getURI().add(uri);
+
+         xrd.getService().add(service);
+
+         xrds.getOtherelement().add(xrd);
+
+         JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.seam.security.external.jaxb.xrds");
+         Marshaller marshaller = jaxbContext.createMarshaller();
+         marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
+         marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
+         marshaller.marshal(xrds, stream);
+      }
+      catch (JAXBException e)
+      {
+         throw new RuntimeException(e);
+      }
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/PagesSupportingExternalAuthentication.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/PagesSupportingExternalAuthentication.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/PagesSupportingExternalAuthentication.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/PagesSupportingExternalAuthentication.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,81 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+/**
+ * Override of Seam's Pages component. It replaces the login page redirection method with a version
+ * that redirects to an URL that is filtered by the SamlAuthenticationFilter.
+ */
+
+// FIXME
+
+//@ApplicationScoped
+//@BypassInterceptors
+//@Name("org.jboss.seam.navigation.pages")
+//@Injectstall(precedence = Install.FRAMEWORK, classDependencies = "javax.faces.context.FacesContext")
+//@Startup
+//public class PagesSupportingExternalAuthentication extends Pages
+//{
+//   @Override
+//   public void redirectToLoginView()
+//   {
+//      notLoggedIn();
+//
+//      HttpServletRequest httpRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext()
+//            .getRequest();
+//
+//      StringBuffer returnUrl = httpRequest.getRequestURL();
+//
+//      ExternalAuthenticator externalAuthenticator = (ExternalAuthenticator) Component
+//            .getInstance(ExternalAuthenticator.class);
+//      externalAuthenticator.setReturnUrl(returnUrl.toString());
+//
+//      ServiceProvider serviceProvider = Configuration.instance().getServiceProvider();
+//
+//      // Use default SAML identity provider, if configured
+//      SamlConfiguration samlConfiguration = serviceProvider.getSamlConfiguration();
+//      if (samlConfiguration != null && samlConfiguration.getDefaultIdentityProvider() != null)
+//      {
+//         externalAuthenticator.samlSignOn(samlConfiguration.getDefaultIdentityProvider().getEntityId());
+//      }
+//      else
+//      {
+//         // Otherwise, use default OpenId identity provider, if configured
+//         OpenIdConfiguration openIdConfiguration = serviceProvider.getOpenIdConfiguration();
+//         if (openIdConfiguration != null && openIdConfiguration.getDefaultOpenIdProvider() != null)
+//         {
+//            externalAuthenticator.openIdSignOn(openIdConfiguration.getDefaultOpenIdProvider());
+//         }
+//         else
+//         {
+//            // Otherwise, redirect to the login view, so that the user can choose an IDP
+//            if (getLoginViewId() == null)
+//            {
+//               throw new RuntimeException("Login view id not specified in pages.xml.");
+//            }
+//            Map<String, Object> parameters = new HashMap<String, Object>();
+//            parameters.put(ExternalAuthenticationFilter.RETURN_URL_PARAMETER, returnUrl);
+//            FacesManager.instance().redirect(getLoginViewId(), parameters, false);
+//         }
+//      }
+//   }
+// }

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestContext.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestContext.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestContext.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestContext.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,75 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+
+/**
+ * Context of an authentication request.
+ * 
+ */
+public class RequestContext
+{
+   private String id;
+
+   private SamlIdentityProvider identityProvider;
+
+   private String urlToRedirectToAfterLogin;
+
+   public RequestContext(String id, SamlIdentityProvider identityProvider, String urlToRedirectToAfterLogin)
+   {
+      super();
+      this.id = id;
+      this.identityProvider = identityProvider;
+      this.urlToRedirectToAfterLogin = urlToRedirectToAfterLogin;
+   }
+
+   public String getId()
+   {
+      return id;
+   }
+
+   public void setId(String id)
+   {
+      this.id = id;
+   }
+
+   public SamlIdentityProvider getIdentityProvider()
+   {
+      return identityProvider;
+   }
+
+   public void setIdentityProvider(SamlIdentityProvider identityProvider)
+   {
+      this.identityProvider = identityProvider;
+   }
+
+   public String getUrlToRedirectToAfterLogin()
+   {
+      return urlToRedirectToAfterLogin;
+   }
+
+   public void setUrlToRedirectToAfterLogin(String urlToRedirectToAfterLogin)
+   {
+      this.urlToRedirectToAfterLogin = urlToRedirectToAfterLogin;
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestOrResponse.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestOrResponse.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestOrResponse.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/RequestOrResponse.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,37 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+public enum RequestOrResponse
+{
+   REQUEST, RESPONSE;
+
+   public boolean isRequest()
+   {
+      return this == REQUEST;
+   }
+
+   public boolean isResponse()
+   {
+      return this == RESPONSE;
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/Requests.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/Requests.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/Requests.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/Requests.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,81 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.enterprise.context.SessionScoped;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Session scoped component that stores requests that have been sent to the
+ * identity provider.
+ */
+ at SessionScoped
+public class Requests
+{
+   private Map<String, RequestContext> requests = new HashMap<String, RequestContext>();
+
+   private Logger log = LoggerFactory.getLogger(Requests.class);
+
+   public void addRequest(String id, SamlIdentityProvider identityProvider, String urlToRedirectToAfterLogin)
+   {
+      requests.put(id, new RequestContext(id, identityProvider, urlToRedirectToAfterLogin));
+   }
+
+   public RequestContext getRequest(String id)
+   {
+      return requests.get(id);
+   }
+
+   public void removeRequest(String id)
+   {
+      requests.remove(id);
+   }
+
+   public void redirect(String id, HttpServletResponse response)
+   {
+      String requestURL = requests.get(id).getUrlToRedirectToAfterLogin();
+      if (requestURL == null)
+      {
+         throw new RuntimeException("Couldn't find URL to redirect to for request " + id);
+      }
+      try
+      {
+         if (log.isDebugEnabled())
+         {
+            log.debug("Redirecting to " + requestURL);
+         }
+         response.sendRedirect(requestURL);
+      }
+      catch (IOException e)
+      {
+         throw new RuntimeException(e);
+      }
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlConstants.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlConstants.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlConstants.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlConstants.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,59 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+public class SamlConstants
+{
+   // Query string parameters used by the HTTP_Redirect binding
+   public static final String QSP_SAML_REQUEST = "SAMLRequest";
+
+   public static final String QSP_SAML_RESPONSE = "SAMLResponse";
+
+   public static final String QSP_SIGNATURE = "Signature";
+
+   public static final String QSP_SIG_ALG = "SigAlg";
+
+   public static final String QSP_RELAY_STATE = "RelayState";
+
+   public static final String HTTP_POST_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
+
+   public static final String HTTP_REDIRECT_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";
+
+   public static final String CONFIRMATION_METHOD_BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
+
+   public static final String VERSION_2_0 = "2.0";
+
+   public static final String PROTOCOL_NSURI = "urn:oasis:names:tc:SAML:2.0:protocol";
+
+   public static final String STATUS_SUCCESS = "urn:oasis:names:tc:SAML:2.0:status:Success";
+
+   public static final String XMLDSIG_NSURI = "http://www.w3.org/2000/09/xmldsig#";
+
+   public static final String SIGNATURE_SHA1_WITH_DSA = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
+
+   public static final String SIGNATURE_SHA1_WITH_RSA = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+
+   public static final String DSA_SIGNATURE_ALGORITHM = "SHA1withDSA";
+
+   public static final String RSA_SIGNATURE_ALGORITHM = "SHA1withRSA";
+
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageFactory.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageFactory.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageFactory.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageFactory.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,128 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.util.UUID;
+
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.NameIDType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.AuthnRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.ObjectFactory;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusCodeType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusType;
+
+public class SamlMessageFactory
+{
+   @Inject
+   private ServiceProvider serviceProvider;
+
+   public StatusResponseType createStatusResponse(RequestAbstractType request, String statusCode, String statusMessage)
+   {
+      ObjectFactory objectFactory = new ObjectFactory();
+      org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory assertionObjectFactory = new org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory();
+
+      StatusResponseType response = objectFactory.createStatusResponseType();
+
+      response.setID(generateId());
+      response.setIssueInstant(SamlUtils.getXMLGregorianCalendar());
+
+      NameIDType issuer = assertionObjectFactory.createNameIDType();
+      issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
+      response.setIssuer(issuer);
+
+      response.setVersion(SamlConstants.VERSION_2_0);
+      response.setInResponseTo(request.getID());
+
+      StatusCodeType statusCodeJaxb = objectFactory.createStatusCodeType();
+      statusCodeJaxb.setValue(statusCode);
+
+      StatusType statusType = objectFactory.createStatusType();
+      statusType.setStatusCode(statusCodeJaxb);
+      if (statusMessage != null)
+      {
+         statusType.setStatusMessage(statusMessage);
+      }
+
+      response.setStatus(statusType);
+
+      return response;
+   }
+
+   public AuthnRequestType createAuthnRequest()
+   {
+      ObjectFactory objectFactory = new ObjectFactory();
+      org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory assertionObjectFactory = new org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory();
+
+      AuthnRequestType authnRequest = objectFactory.createAuthnRequestType();
+
+      authnRequest.setID(generateId());
+      authnRequest.setIssueInstant(SamlUtils.getXMLGregorianCalendar());
+
+      NameIDType issuer = assertionObjectFactory.createNameIDType();
+      issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
+      authnRequest.setIssuer(issuer);
+
+      authnRequest.setVersion(SamlConstants.VERSION_2_0);
+
+      // Fill in the optional fields that indicate where and how the response
+      // should be delivered.
+      authnRequest.setAssertionConsumerServiceURL(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
+      authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+
+      return authnRequest;
+   }
+
+   public LogoutRequestType createLogoutRequest(SeamSamlPrincipal principal) throws ConfigurationException
+   {
+      ObjectFactory objectFactory = new ObjectFactory();
+      org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory assertionObjectFactory = new org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory();
+
+      LogoutRequestType logoutRequest = objectFactory.createLogoutRequestType();
+
+      logoutRequest.setID(generateId());
+      logoutRequest.setIssueInstant(SamlUtils.getXMLGregorianCalendar());
+
+      NameIDType issuer = assertionObjectFactory.createNameIDType();
+      issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
+      logoutRequest.setIssuer(issuer);
+
+      NameIDType nameID = assertionObjectFactory.createNameIDType();
+      nameID.setValue(principal.getNameId().getValue());
+      logoutRequest.setNameID(nameID);
+
+      logoutRequest.setVersion(SamlConstants.VERSION_2_0);
+      logoutRequest.getSessionIndex().add(principal.getSessionIndex());
+
+      return logoutRequest;
+   }
+
+   private String generateId()
+   {
+      return "ID_" + UUID.randomUUID();
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageReceiver.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageReceiver.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageReceiver.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageReceiver.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,279 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.util.zip.Inflater;
+import java.util.zip.InflaterInputStream;
+
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
+import org.jboss.seam.security.util.Base64;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.xml.sax.SAXException;
+
+public class SamlMessageReceiver
+{
+   private static final Logger log = LoggerFactory.getLogger(SamlMessageReceiver.class);
+
+   @Inject
+   private Requests requests;
+
+   @Inject
+   private SamlSingleLogoutReceiver samlSingleLogoutReceiver;
+
+   @Inject
+   private SamlSingleSignOnReceiver samlSingleSignOnReceiver;
+
+   @Inject
+   private ServiceProvider serviceProvider;
+
+   @Inject
+   private SamlSignatureUtilForPostBinding signatureUtilForPostBinding;
+
+   @Inject
+   private SamlSignatureUtilForRedirectBinding signatureUtilForRedirectBinding;
+
+   private JAXBContext jaxbContext;
+
+   @Inject
+   public void init()
+   {
+      try
+      {
+         jaxbContext = JAXBContext.newInstance(StatusResponseType.class);
+      }
+      catch (JAXBException e)
+      {
+         throw new RuntimeException(e);
+      }
+   }
+
+   public void handleIncomingSamlMessage(SamlProfile samlProfile, HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws InvalidRequestException
+   {
+      String samlRequestParam = httpRequest.getParameter(SamlConstants.QSP_SAML_REQUEST);
+      String samlResponseParam = httpRequest.getParameter(SamlConstants.QSP_SAML_RESPONSE);
+
+      RequestOrResponse requestOrResponse;
+      String samlMessage;
+
+      if (samlRequestParam != null && samlResponseParam == null)
+      {
+         samlMessage = samlRequestParam;
+         requestOrResponse = RequestOrResponse.REQUEST;
+      }
+      else if (samlRequestParam == null && samlResponseParam != null)
+      {
+         samlMessage = samlResponseParam;
+         requestOrResponse = RequestOrResponse.RESPONSE;
+      }
+      else
+      {
+         throw new InvalidRequestException("SAML message should either have a SAMLRequest parameter or a SAMLResponse parameter");
+      }
+
+      InputStream is;
+      if (httpRequest.getMethod().equals("POST"))
+      {
+         byte[] decodedMessage = Base64.decode(samlMessage);
+         is = new ByteArrayInputStream(decodedMessage);
+      }
+      else
+      {
+         String urlDecoded;
+         try
+         {
+            urlDecoded = URLDecoder.decode(samlMessage, "UTF-8");
+         }
+         catch (UnsupportedEncodingException e)
+         {
+            throw new RuntimeException(e);
+         }
+         byte[] base64Decoded = Base64.decode(urlDecoded);
+         ByteArrayInputStream bais = new ByteArrayInputStream(base64Decoded);
+         is = new InflaterInputStream(bais, new Inflater(true));
+      }
+
+      Document document = getDocument(is);
+      String issuerEntityId;
+      RequestAbstractType samlRequest = null;
+      StatusResponseType samlResponse = null;
+      if (requestOrResponse.isRequest())
+      {
+         samlRequest = getSamlRequest(document);
+         issuerEntityId = samlRequest.getIssuer().getValue();
+      }
+      else
+      {
+         samlResponse = getSamlResponse(document);
+         issuerEntityId = samlResponse.getIssuer().getValue();
+      }
+      if (log.isDebugEnabled())
+      {
+         log.debug("Received from IDP: " + SamlUtils.getDocumentAsString(document));
+      }
+
+      SamlIdentityProvider idp = serviceProvider.getSamlConfiguration().getSamlIdentityProviderByEntityId(issuerEntityId);
+      if (idp == null)
+      {
+         throw new InvalidRequestException("Received message from unknown idp " + issuerEntityId);
+      }
+
+      boolean validate;
+      if (samlProfile == SamlProfile.SINGLE_SIGN_ON)
+      {
+         validate = serviceProvider.getSamlConfiguration().isWantAssertionsSigned();
+      }
+      else
+      {
+         validate = idp.isSingleLogoutMessagesSigned();
+      }
+
+      if (validate)
+      {
+         if (log.isDebugEnabled())
+         {
+            log.debug("Validating the signature");
+         }
+         if (httpRequest.getMethod().equals("POST"))
+         {
+            signatureUtilForPostBinding.validateSignature(idp, document);
+         }
+         else
+         {
+            signatureUtilForRedirectBinding.validateSignature(idp, httpRequest, requestOrResponse);
+         }
+      }
+
+      RequestContext requestContext = null;
+      if (requestOrResponse.isResponse() && samlResponse.getInResponseTo() != null)
+      {
+         requestContext = requests.getRequest(samlResponse.getInResponseTo());
+         if (requestContext == null)
+         {
+            throw new InvalidRequestException("No request that corresponds with the received response");
+         }
+         else if (!(requestContext.getIdentityProvider().equals(idp)))
+         {
+            throw new InvalidRequestException("Identity provider of request and response do not match");
+         }
+      }
+
+      if (samlProfile == SamlProfile.SINGLE_SIGN_ON)
+      {
+         if (requestOrResponse.isRequest())
+         {
+            throw new InvalidRequestException("Assertion consumer service can only process SAML responses");
+         }
+         else
+         {
+            samlSingleSignOnReceiver.processIDPResponse(httpRequest, httpResponse, samlResponse, requestContext, idp);
+         }
+      }
+      else
+      {
+         if (requestOrResponse.isRequest())
+         {
+            samlSingleLogoutReceiver.processIDPRequest(httpRequest, httpResponse, samlRequest, idp);
+         }
+         else
+         {
+            samlSingleLogoutReceiver.processIDPResponse(httpRequest, httpResponse, samlResponse, requestContext, idp);
+         }
+      }
+   }
+
+   private RequestAbstractType getSamlRequest(Document document) throws InvalidRequestException
+   {
+      try
+      {
+         Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+         @SuppressWarnings("unchecked")
+         JAXBElement<RequestAbstractType> jaxbRequest = (JAXBElement<RequestAbstractType>) unmarshaller.unmarshal(document);
+         RequestAbstractType request = jaxbRequest.getValue();
+         return request;
+      }
+      catch (JAXBException e)
+      {
+         throw new InvalidRequestException("SAML message could not be parsed", e);
+      }
+   }
+
+   private StatusResponseType getSamlResponse(Document document) throws InvalidRequestException
+   {
+      try
+      {
+         Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+         @SuppressWarnings("unchecked")
+         JAXBElement<StatusResponseType> jaxbResponseType = (JAXBElement<StatusResponseType>) unmarshaller.unmarshal(document);
+         StatusResponseType statusResponse = jaxbResponseType.getValue();
+         return statusResponse;
+      }
+      catch (JAXBException e)
+      {
+         throw new InvalidRequestException("SAML message could not be parsed", e);
+      }
+   }
+
+   private Document getDocument(InputStream is) throws InvalidRequestException
+   {
+      try
+      {
+         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+         factory.setNamespaceAware(true);
+         factory.setXIncludeAware(true);
+         DocumentBuilder builder = factory.newDocumentBuilder();
+         return builder.parse(is);
+      }
+      catch (ParserConfigurationException e)
+      {
+         throw new RuntimeException(e);
+      }
+      catch (SAXException e)
+      {
+         throw new InvalidRequestException("SAML request could not be parsed", e);
+      }
+      catch (IOException e)
+      {
+         throw new RuntimeException(e);
+      }
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageSender.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageSender.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageSender.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMessageSender.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,366 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.util.zip.Deflater;
+import java.util.zip.DeflaterOutputStream;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.Binder;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.jboss.seam.security.external.configuration.Binding;
+import org.jboss.seam.security.external.configuration.SamlEndpoint;
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.external.configuration.SamlService;
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.AuthnRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.ObjectFactory;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
+import org.jboss.seam.security.util.Base64;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+
+ at Named("org.picketlink.identity.seam.federation.samlMessageSender")
+public class SamlMessageSender
+{
+   private Logger log = LoggerFactory.getLogger(SamlMessageSender.class);
+
+   @Inject
+   private ServiceProvider serviceProvider;
+
+   @Inject
+   private SamlSignatureUtilForPostBinding signatureUtilForPostBinding;
+
+   @Inject
+   private SamlSignatureUtilForRedirectBinding signatureUtilForRedirectBinding;
+
+   private JAXBContext jaxbContextRequestAbstractType;
+
+   private JAXBContext jaxbContextStatusResponseType;
+
+   @Inject
+   public void init()
+   {
+      try
+      {
+         jaxbContextRequestAbstractType = JAXBContext.newInstance(RequestAbstractType.class);
+         jaxbContextStatusResponseType = JAXBContext.newInstance(StatusResponseType.class);
+      }
+      catch (JAXBException e)
+      {
+         throw new RuntimeException(e);
+      }
+   }
+
+   public void sendRequestToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, SamlProfile profile, RequestAbstractType samlRequest)
+   {
+      Document message = null;
+      SamlEndpoint endpoint = null;
+      try
+      {
+         SamlService service = samlIdentityProvider.getService(profile);
+         endpoint = service.getEndpointForBinding(Binding.HTTP_Post);
+         if (endpoint == null)
+         {
+            endpoint = service.getEndpointForBinding(Binding.HTTP_Redirect);
+         }
+         if (endpoint == null)
+         {
+            throw new RuntimeException("Idp " + samlIdentityProvider.getEntityId() + " has no endpoint found for profile " + profile);
+         }
+         samlRequest.setDestination(endpoint.getLocation());
+
+         JAXBElement<?> requestElement;
+         if (samlRequest instanceof AuthnRequestType)
+         {
+            AuthnRequestType authnRequest = (AuthnRequestType) samlRequest;
+            requestElement = new ObjectFactory().createAuthnRequest(authnRequest);
+         }
+         else if (samlRequest instanceof LogoutRequestType)
+         {
+            LogoutRequestType logoutRequest = (LogoutRequestType) samlRequest;
+            requestElement = new ObjectFactory().createLogoutRequest(logoutRequest);
+         }
+         else
+         {
+            throw new RuntimeException("Currently only authentication and logout requests can be sent");
+         }
+
+         Binder<Node> binder = jaxbContextRequestAbstractType.createBinder();
+
+         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+         factory.setNamespaceAware(true);
+         factory.setXIncludeAware(true);
+         DocumentBuilder builder;
+         builder = factory.newDocumentBuilder();
+         message = builder.newDocument();
+
+         binder.marshal(requestElement, message);
+      }
+      catch (JAXBException e)
+      {
+         throw new RuntimeException(e);
+      }
+      catch (ParserConfigurationException e)
+      {
+         throw new RuntimeException(e);
+      }
+
+      sendMessageToIDP(request, response, samlIdentityProvider, message, RequestOrResponse.REQUEST, endpoint);
+   }
+
+   public void sendResponseToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, SamlEndpoint endpoint, StatusResponseType samlResponse)
+   {
+      Document message = null;
+      try
+      {
+         samlResponse.setDestination(endpoint.getResponseLocation());
+
+         JAXBElement<StatusResponseType> responseElement;
+         if (endpoint.getService().getProfile().equals(SamlProfile.SINGLE_LOGOUT))
+         {
+            responseElement = new ObjectFactory().createLogoutResponse(samlResponse);
+         }
+         else
+         {
+            throw new RuntimeException("Responses can currently only be created for the single logout service");
+         }
+
+         Binder<Node> binder = jaxbContextStatusResponseType.createBinder();
+
+         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+         factory.setNamespaceAware(true);
+         factory.setXIncludeAware(true);
+         DocumentBuilder builder;
+         builder = factory.newDocumentBuilder();
+         message = builder.newDocument();
+
+         binder.marshal(responseElement, message);
+      }
+      catch (JAXBException e)
+      {
+         throw new RuntimeException(e);
+      }
+      catch (ParserConfigurationException e)
+      {
+         throw new RuntimeException(e);
+      }
+
+      sendMessageToIDP(request, response, samlIdentityProvider, message, RequestOrResponse.RESPONSE, endpoint);
+   }
+
+   private void sendMessageToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, Document message, RequestOrResponse requestOrResponse, SamlEndpoint endpoint)
+   {
+      if (log.isDebugEnabled())
+      {
+         log.debug("Sending over to IDP: " + SamlUtils.getDocumentAsString(message));
+      }
+
+      try
+      {
+         boolean signMessage;
+         if (endpoint.getService().getProfile().equals(SamlProfile.SINGLE_SIGN_ON))
+         {
+            signMessage = samlIdentityProvider.isWantAuthnRequestsSigned();
+         }
+         else
+         {
+            signMessage = samlIdentityProvider.isWantSingleLogoutMessagesSigned();
+         }
+
+         PrivateKey privateKey = serviceProvider.getSamlConfiguration().getPrivateKey();
+
+         if (endpoint.getBinding() == Binding.HTTP_Redirect)
+         {
+            byte[] responseBytes = SamlUtils.getDocumentAsString(message).getBytes("UTF-8");
+
+            ByteArrayOutputStream baos = new ByteArrayOutputStream();
+            Deflater deflater = new Deflater(Deflater.DEFLATED, true);
+            DeflaterOutputStream deflaterStream = new DeflaterOutputStream(baos, deflater);
+            deflaterStream.write(responseBytes);
+            deflaterStream.finish();
+
+            byte[] deflatedMsg = baos.toByteArray();
+            String urlEncodedResponse = Base64.encodeBytes(deflatedMsg);
+
+            String finalDest = endpoint.getLocation() + getQueryString(urlEncodedResponse, signMessage, requestOrResponse, privateKey);
+            SamlUtils.sendRedirect(finalDest, response);
+         }
+         else
+         {
+            if (signMessage)
+            {
+               PublicKey publicKey = serviceProvider.getSamlConfiguration().getCertificate().getPublicKey();
+               signSAMLDocument(message, new KeyPair(publicKey, privateKey));
+            }
+            byte[] responseBytes = SamlUtils.getDocumentAsString(message).getBytes("UTF-8");
+
+            String samlResponse = Base64.encodeBytes(responseBytes, Base64.DONT_BREAK_LINES);
+
+            sendPost(endpoint.getLocation(), samlResponse, response, requestOrResponse.isRequest());
+
+         }
+      }
+      catch (IOException e)
+      {
+         throw new RuntimeException(e);
+      }
+   }
+
+   private void signSAMLDocument(Document samlDocument, KeyPair keypair)
+   {
+      // Get the ID from the root
+      String id = samlDocument.getDocumentElement().getAttribute("ID");
+
+      String referenceURI = "#" + id;
+
+      signatureUtilForPostBinding.sign(samlDocument, keypair, DigestMethod.SHA1, SignatureMethod.RSA_SHA1, referenceURI);
+   }
+
+   private String getQueryString(String urlEncodedSamlMessage, boolean supportSignature, RequestOrResponse requestOrResponse, PrivateKey signingKey)
+   {
+      StringBuilder sb = new StringBuilder();
+      sb.append("?");
+
+      if (supportSignature)
+      {
+         try
+         {
+            sb.append(getURLWithSignature(requestOrResponse, urlEncodedSamlMessage, signingKey));
+         }
+         catch (IOException e)
+         {
+            throw new RuntimeException(e);
+         }
+         catch (GeneralSecurityException e)
+         {
+            throw new RuntimeException(e);
+         }
+      }
+      else
+      {
+         if (requestOrResponse == RequestOrResponse.REQUEST)
+         {
+            sb.append(SamlConstants.QSP_SAML_REQUEST);
+         }
+         else
+         {
+            sb.append(SamlConstants.QSP_SAML_RESPONSE);
+         }
+         sb.append("=").append(urlEncodedSamlMessage);
+      }
+      return sb.toString();
+   }
+
+   private void sendPost(String destination, String samlMessage, HttpServletResponse response, boolean request) throws IOException
+   {
+      String key = request ? SamlConstants.QSP_SAML_REQUEST : SamlConstants.QSP_SAML_RESPONSE;
+
+      if (destination == null)
+         throw new IllegalStateException("Destination is null");
+
+      response.setContentType("text/html");
+      PrintWriter out = response.getWriter();
+      response.setCharacterEncoding("UTF-8");
+      response.setHeader("Pragma", "no-cache");
+      response.setHeader("Cache-Control", "no-cache, no-store");
+      StringBuilder builder = new StringBuilder();
+
+      builder.append("<HTML>");
+      builder.append("<HEAD>");
+      if (request)
+         builder.append("<TITLE>HTTP Post Binding (Request)</TITLE>");
+      else
+         builder.append("<TITLE>HTTP Post Binding Response (Response)</TITLE>");
+
+      builder.append("</HEAD>");
+      builder.append("<BODY Onload=\"document.forms[0].submit()\">");
+
+      builder.append("<FORM METHOD=\"POST\" ACTION=\"" + destination + "\">");
+      builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\"" + key + "\"" + " VALUE=\"" + samlMessage + "\"/>");
+      builder.append("</FORM></BODY></HTML>");
+
+      String str = builder.toString();
+      out.println(str);
+      out.close();
+   }
+
+   private String getURLWithSignature(RequestOrResponse requestOrResponse, String urlEncodedResponse, PrivateKey signingKey) throws IOException, GeneralSecurityException
+   {
+      String messageParameter;
+      if (requestOrResponse == RequestOrResponse.REQUEST)
+      {
+         messageParameter = SamlConstants.QSP_SAML_REQUEST;
+      }
+      else
+      {
+         messageParameter = SamlConstants.QSP_SAML_RESPONSE;
+      }
+
+      byte[] signature = signatureUtilForRedirectBinding.computeSignature(messageParameter + "=" + urlEncodedResponse, signingKey);
+      String sigAlgo = signingKey.getAlgorithm();
+
+      StringBuilder sb = new StringBuilder();
+      sb.append(messageParameter + "=").append(urlEncodedResponse);
+
+      try
+      {
+         sb.append("&").append(SamlConstants.QSP_SIG_ALG).append("=");
+         String sigAlg = signatureUtilForRedirectBinding.getXMLSignatureAlgorithmURI(sigAlgo);
+         sb.append(URLEncoder.encode(sigAlg, "UTF-8"));
+
+         sb.append("&").append(SamlConstants.QSP_SIGNATURE).append("=");
+         String base64encodedSignature = Base64.encodeBytes(signature, Base64.DONT_BREAK_LINES);
+         sb.append(URLEncoder.encode(base64encodedSignature, "UTF-8"));
+      }
+      catch (UnsupportedEncodingException e)
+      {
+         throw new RuntimeException(e);
+      }
+
+      return sb.toString();
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMetaDataProvider.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMetaDataProvider.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMetaDataProvider.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlMetaDataProvider.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,130 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.OutputStream;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+
+import javax.inject.Inject;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.EntityDescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.IndexedEndpointType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.KeyDescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.KeyTypes;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.ObjectFactory;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.SPSSODescriptorType;
+import org.jboss.seam.security.external.jaxb.xmldsig.KeyInfoType;
+import org.jboss.seam.security.external.jaxb.xmldsig.X509DataType;
+
+public class SamlMetaDataProvider
+{
+   @Inject
+   private ServiceProvider serviceProvider;
+
+   public void writeMetaData(OutputStream stream)
+   {
+      try
+      {
+         ObjectFactory metaDataFactory = new ObjectFactory();
+
+         IndexedEndpointType acsRedirectEndpoint = metaDataFactory.createIndexedEndpointType();
+         acsRedirectEndpoint.setBinding(SamlConstants.HTTP_REDIRECT_BINDING);
+         acsRedirectEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
+
+         IndexedEndpointType acsPostEndpoint = metaDataFactory.createIndexedEndpointType();
+         acsPostEndpoint.setBinding(SamlConstants.HTTP_POST_BINDING);
+         acsPostEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
+
+         IndexedEndpointType sloRedirectEndpoint = metaDataFactory.createIndexedEndpointType();
+         sloRedirectEndpoint.setBinding(SamlConstants.HTTP_REDIRECT_BINDING);
+         sloRedirectEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE));
+
+         IndexedEndpointType sloPostEndpoint = metaDataFactory.createIndexedEndpointType();
+         sloPostEndpoint.setBinding(SamlConstants.HTTP_POST_BINDING);
+         sloPostEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE));
+
+         SPSSODescriptorType spSsoDescriptor = metaDataFactory.createSPSSODescriptorType();
+         spSsoDescriptor.setAuthnRequestsSigned(serviceProvider.getSamlConfiguration().isAuthnRequestsSigned());
+         spSsoDescriptor.setWantAssertionsSigned(serviceProvider.getSamlConfiguration().isWantAssertionsSigned());
+
+         spSsoDescriptor.getAssertionConsumerService().add(acsRedirectEndpoint);
+         spSsoDescriptor.getAssertionConsumerService().add(acsPostEndpoint);
+         spSsoDescriptor.getSingleLogoutService().add(sloRedirectEndpoint);
+         spSsoDescriptor.getSingleLogoutService().add(sloPostEndpoint);
+
+         spSsoDescriptor.getProtocolSupportEnumeration().add(SamlConstants.PROTOCOL_NSURI);
+
+         spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
+         spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
+         spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
+         spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress");
+
+         org.jboss.seam.security.external.jaxb.xmldsig.ObjectFactory signatureFactory = new org.jboss.seam.security.external.jaxb.xmldsig.ObjectFactory();
+
+         X509Certificate certificate = serviceProvider.getSamlConfiguration().getCertificate();
+         if (certificate == null)
+            throw new RuntimeException("Certificate obtained from configuration is null");
+
+         JAXBElement<byte[]> X509Certificate;
+         try
+         {
+            X509Certificate = signatureFactory.createX509DataTypeX509Certificate(certificate.getEncoded());
+         }
+         catch (CertificateEncodingException e)
+         {
+            throw new RuntimeException(e);
+         }
+
+         X509DataType X509Data = signatureFactory.createX509DataType();
+         X509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(X509Certificate);
+
+         KeyInfoType keyInfo = signatureFactory.createKeyInfoType();
+         keyInfo.getContent().add(signatureFactory.createX509Data(X509Data));
+
+         KeyDescriptorType keyDescriptor = metaDataFactory.createKeyDescriptorType();
+         keyDescriptor.setUse(KeyTypes.SIGNING);
+         keyDescriptor.setKeyInfo(keyInfo);
+
+         spSsoDescriptor.getKeyDescriptor().add(keyDescriptor);
+
+         EntityDescriptorType entityDescriptor = metaDataFactory.createEntityDescriptorType();
+         entityDescriptor.setEntityID(serviceProvider.getSamlConfiguration().getEntityId());
+         entityDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor().add(spSsoDescriptor);
+
+         JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.metadata");
+         Marshaller marshaller = jaxbContext.createMarshaller();
+         marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
+         marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
+         marshaller.marshal(metaDataFactory.createEntityDescriptor(entityDescriptor), stream);
+      }
+      catch (JAXBException e)
+      {
+         throw new RuntimeException(e);
+      }
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlProfile.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlProfile.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlProfile.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlProfile.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,27 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+public enum SamlProfile
+{
+   SINGLE_SIGN_ON, SINGLE_LOGOUT
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForPostBinding.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForPostBinding.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForPostBinding.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForPostBinding.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,199 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.security.AccessController;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.Key;
+import java.security.KeyException;
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PrivilegedAction;
+import java.security.PublicKey;
+import java.security.Security;
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.crypto.dsig.SignedInfo;
+import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.KeyValue;
+import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
+import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.NodeList;
+
+public class SamlSignatureUtilForPostBinding
+{
+   private Logger log = LoggerFactory.getLogger(SamlSignatureUtilForPostBinding.class);
+
+   private XMLSignatureFactory fac = getXMLSignatureFactory();
+
+   private XMLSignatureFactory getXMLSignatureFactory()
+   {
+      if (Security.getProvider("DOM") != null)
+      {
+         return XMLSignatureFactory.getInstance("DOM");
+      }
+      else
+      {
+         // No security provider found for the XML Digital Signature API (JSR
+         // 105). Probably we have to do with JDK 1.5 or lower.
+         // See
+         // http://weblogs.java.net/blog/2008/02/27/using-jsr-105-jdk-14-or-15.
+         // We assume that the reference implementation of JSR 105 is available
+         // at runtime.
+         return XMLSignatureFactory.getInstance("DOM", new org.jcp.xml.dsig.internal.dom.XMLDSigRI());
+      }
+   }
+
+   static
+   {
+      AccessController.doPrivileged(new PrivilegedAction<Object>()
+      {
+         public Object run()
+         {
+            System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true");
+            return null;
+         }
+      });
+   };
+
+   public Document sign(Document doc, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI)
+   {
+      if (log.isTraceEnabled())
+      {
+         log.trace("Document to be signed={0}", new Object[] { SamlUtils.getDocumentAsString(doc) });
+      }
+      PrivateKey signingKey = keyPair.getPrivate();
+      PublicKey publicKey = keyPair.getPublic();
+
+      DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
+      dsc.setDefaultNamespacePrefix("dsig");
+
+      try
+      {
+         DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null);
+         Transform transform = fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
+
+         List<Transform> transformList = Collections.singletonList(transform);
+         Reference ref = fac.newReference(referenceURI, digestMethodObj, transformList, null, null);
+
+         String canonicalizationMethodType = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
+         CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod(canonicalizationMethodType, (C14NMethodParameterSpec) null);
+
+         List<Reference> referenceList = Collections.singletonList(ref);
+         SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null);
+         SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethodObj, referenceList);
+
+         KeyInfoFactory kif = fac.getKeyInfoFactory();
+         KeyValue kv = kif.newKeyValue(publicKey);
+         KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
+
+         XMLSignature signature = fac.newXMLSignature(si, ki);
+
+         signature.sign(dsc);
+      }
+      catch (XMLSignatureException e)
+      {
+         throw new RuntimeException(e);
+      }
+      catch (NoSuchAlgorithmException e)
+      {
+         throw new RuntimeException(e);
+      }
+      catch (InvalidAlgorithmParameterException e)
+      {
+         throw new RuntimeException(e);
+      }
+      catch (KeyException e)
+      {
+         throw new RuntimeException(e);
+      }
+      catch (MarshalException e)
+      {
+         throw new RuntimeException(e);
+
+      }
+      return doc;
+   }
+
+   public void validateSignature(SamlIdentityProvider idp, Document signedDoc) throws InvalidRequestException
+   {
+      Key publicKey = idp.getPublicKey();
+
+      NodeList nl = signedDoc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
+      if (nl == null || nl.getLength() == 0)
+      {
+         throw new InvalidRequestException("Signature element is not present or has zero length.");
+      }
+
+      try
+      {
+         DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0));
+         XMLSignature signature = fac.unmarshalXMLSignature(valContext);
+         boolean signatureValid = signature.validate(valContext);
+
+         if (log.isTraceEnabled() && !signatureValid)
+         {
+            boolean sv = signature.getSignatureValue().validate(valContext);
+            log.trace("Signature validation status: " + sv);
+
+            @SuppressWarnings("unchecked")
+            List<Reference> references = signature.getSignedInfo().getReferences();
+            for (Reference ref : references)
+            {
+               log.trace("[Ref id=" + ref.getId() + ":uri=" + ref.getURI() + "] validity status:" + ref.validate(valContext));
+            }
+         }
+
+         if (!signatureValid)
+         {
+            throw new InvalidRequestException("Invalid signature.");
+         }
+      }
+      catch (XMLSignatureException e)
+      {
+         throw new RuntimeException(e);
+      }
+      catch (MarshalException e)
+      {
+         throw new RuntimeException(e);
+      }
+   }
+}
\ No newline at end of file

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForRedirectBinding.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForRedirectBinding.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForRedirectBinding.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSignatureUtilForRedirectBinding.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,174 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.net.URLEncoder;
+import java.security.GeneralSecurityException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Signature;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.util.Base64;
+
+public class SamlSignatureUtilForRedirectBinding
+{
+   byte[] computeSignature(String requestOrResponseKeyValuePair, PrivateKey signingKey) throws IOException, GeneralSecurityException
+   {
+      StringBuilder sb = new StringBuilder();
+      sb.append(requestOrResponseKeyValuePair);
+      String algo = signingKey.getAlgorithm();
+
+      String sigAlg = getXMLSignatureAlgorithmURI(algo);
+      sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
+      sb.append("&SigAlg=").append(sigAlg);
+
+      byte[] sigValue = sign(sb.toString(), signingKey);
+
+      return sigValue;
+   }
+
+   private byte[] sign(String stringToBeSigned, PrivateKey signingKey) throws GeneralSecurityException
+   {
+      String algo = signingKey.getAlgorithm();
+      Signature sig = getSignature(algo);
+      sig.initSign(signingKey);
+      sig.update(stringToBeSigned.getBytes());
+      return sig.sign();
+   }
+
+   public void validateSignature(SamlIdentityProvider idp, HttpServletRequest httpRequest, RequestOrResponse requestOrResponse) throws InvalidRequestException
+   {
+      String sigValueParam = httpRequest.getParameter(SamlConstants.QSP_SIGNATURE);
+      if (sigValueParam == null)
+      {
+         throw new InvalidRequestException("Signature parameter is not present.");
+      }
+
+      String decodedString;
+      try
+      {
+         decodedString = URLDecoder.decode(sigValueParam, "UTF-8");
+      }
+      catch (UnsupportedEncodingException e)
+      {
+         throw new RuntimeException(e);
+      }
+
+      byte[] sigValue = Base64.decode(decodedString);
+
+      String samlMessageParameter;
+      if (requestOrResponse == RequestOrResponse.REQUEST)
+      {
+         samlMessageParameter = SamlConstants.QSP_SAML_REQUEST;
+      }
+      else
+      {
+         samlMessageParameter = SamlConstants.QSP_SAML_RESPONSE;
+      }
+
+      // Construct the url again
+      String reqFromURL = httpRequest.getParameter(samlMessageParameter);
+      String relayStateFromURL = httpRequest.getParameter(SamlConstants.QSP_RELAY_STATE);
+      String sigAlgFromURL = httpRequest.getParameter(SamlConstants.QSP_SIG_ALG);
+
+      StringBuilder sb = new StringBuilder();
+      sb.append(samlMessageParameter).append("=").append(reqFromURL);
+
+      if (relayStateFromURL != null && relayStateFromURL.length() != 0)
+      {
+         sb.append("&").append(SamlConstants.QSP_RELAY_STATE).append("=").append(relayStateFromURL);
+      }
+      sb.append("&").append(SamlConstants.QSP_SIG_ALG).append("=").append(sigAlgFromURL);
+
+      PublicKey validatingKey = idp.getPublicKey();
+
+      boolean isValid;
+      try
+      {
+         isValid = validate(sb.toString().getBytes("UTF-8"), sigValue, validatingKey);
+      }
+      catch (UnsupportedEncodingException e)
+      {
+         throw new RuntimeException(e);
+      }
+      catch (GeneralSecurityException e)
+      {
+         throw new RuntimeException(e);
+      }
+
+      if (!isValid)
+      {
+         throw new InvalidRequestException("Invalid signature.");
+      }
+   }
+
+   private boolean validate(byte[] signedContent, byte[] signatureValue, PublicKey validatingKey) throws GeneralSecurityException
+   {
+      // We assume that the sigatureValue has the same algorithm as the public
+      // key
+      // If not, there will be an exception anyway
+      String algo = validatingKey.getAlgorithm();
+      Signature sig = getSignature(algo);
+
+      sig.initVerify(validatingKey);
+      sig.update(signedContent);
+      return sig.verify(signatureValue);
+   }
+
+   private Signature getSignature(String algo) throws GeneralSecurityException
+   {
+      Signature sig = null;
+
+      if ("DSA".equalsIgnoreCase(algo))
+      {
+         sig = Signature.getInstance(SamlConstants.DSA_SIGNATURE_ALGORITHM);
+      }
+      else if ("RSA".equalsIgnoreCase(algo))
+      {
+         sig = Signature.getInstance(SamlConstants.RSA_SIGNATURE_ALGORITHM);
+      }
+      else
+         throw new RuntimeException("Unknown signature algorithm:" + algo);
+      return sig;
+   }
+
+   public String getXMLSignatureAlgorithmURI(String algo)
+   {
+      String xmlSignatureAlgo = null;
+
+      if ("DSA".equalsIgnoreCase(algo))
+      {
+         xmlSignatureAlgo = SamlConstants.SIGNATURE_SHA1_WITH_DSA;
+      }
+      else if ("RSA".equalsIgnoreCase(algo))
+      {
+         xmlSignatureAlgo = SamlConstants.SIGNATURE_SHA1_WITH_RSA;
+      }
+      return xmlSignatureAlgo;
+   }
+}
\ No newline at end of file

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutReceiver.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutReceiver.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutReceiver.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutReceiver.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,94 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.external.configuration.Binding;
+import org.jboss.seam.security.external.configuration.SamlEndpoint;
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
+
+public class SamlSingleLogoutReceiver
+{
+   @Inject
+   private SamlMessageFactory samlMessageFactory;
+
+   @Inject
+   private SamlMessageSender samlMessageSender;
+
+   @Inject
+   private Identity identity;
+
+   @Inject
+   private ServiceProvider serviceProvider;
+
+   public void processIDPRequest(HttpServletRequest httpRequest, HttpServletResponse httpResponse, RequestAbstractType request, SamlIdentityProvider idp) throws InvalidRequestException
+   {
+      if (!(request instanceof LogoutRequestType))
+      {
+         throw new InvalidRequestException("Request should be a single logout request.");
+      }
+
+      if (!identity.isLoggedIn())
+      {
+         throw new InvalidRequestException("No active session to logout.");
+      }
+
+      // FIXME: Identity.instance().logout();
+
+      StatusResponseType response = samlMessageFactory.createStatusResponse(request, SamlConstants.STATUS_SUCCESS, null);
+
+      Binding binding = httpRequest.getMethod().equals("POST") ? Binding.HTTP_Post : Binding.HTTP_Redirect;
+      SamlEndpoint endpoint = idp.getService(SamlProfile.SINGLE_LOGOUT).getEndpointForBinding(binding);
+
+      samlMessageSender.sendResponseToIDP(httpRequest, httpResponse, idp, endpoint, response);
+   }
+
+   public void processIDPResponse(HttpServletRequest httpRequest, HttpServletResponse httpResponse, StatusResponseType response, RequestContext requestContext, SamlIdentityProvider idp)
+   {
+      if (response.getStatus() != null && response.getStatus().getStatusCode().getValue().equals(SamlConstants.STATUS_SUCCESS))
+      {
+         // FIXME Identity.instance().logout();
+      }
+      else
+      {
+         throw new RuntimeException("Single logout failed. Status code: " + (response.getStatus() == null ? "null" : response.getStatus().getStatusCode().getValue()));
+      }
+      try
+      {
+         httpResponse.sendRedirect(serviceProvider.getLoggedOutUrl());
+      }
+      catch (IOException e)
+      {
+         throw new RuntimeException(e);
+      }
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutSender.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutSender.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutSender.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleLogoutSender.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,65 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
+
+public class SamlSingleLogoutSender
+{
+   @Inject
+   private Requests requests;
+
+   @Inject
+   private SamlMessageSender samlMessageSender;
+
+   @Inject
+   private SamlMessageFactory samlMessageFactory;
+
+   public void sendSingleLogoutRequestToIDP(HttpServletRequest request, HttpServletResponse response, Identity identity)
+   {
+      SeamSamlPrincipal principal = (SeamSamlPrincipal) null; // FIXME:
+                                                              // identity.getPrincipal()
+                                                              // is not
+                                                              // available any
+                                                              // more
+      SamlIdentityProvider idp = (SamlIdentityProvider) principal.getIdentityProvider();
+      LogoutRequestType logoutRequest;
+      try
+      {
+         logoutRequest = samlMessageFactory.createLogoutRequest(principal);
+         requests.addRequest(logoutRequest.getID(), idp, null);
+      }
+      catch (ConfigurationException e)
+      {
+         throw new RuntimeException(e);
+      }
+
+      samlMessageSender.sendRequestToIDP(request, response, idp, SamlProfile.SINGLE_LOGOUT, logoutRequest);
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnReceiver.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnReceiver.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnReceiver.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnReceiver.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,314 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.enterprise.inject.spi.BeanManager;
+import javax.inject.Inject;
+import javax.security.auth.login.LoginException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBElement;
+import javax.xml.datatype.DatatypeConstants;
+
+import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.events.LoginFailedEvent;
+import org.jboss.seam.security.events.PostAuthenticateEvent;
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.external.configuration.ServiceProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AssertionType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeStatementType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AuthnStatementType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.NameIDType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.StatementAbstractType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.SubjectConfirmationDataType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.SubjectConfirmationType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.ResponseType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SamlSingleSignOnReceiver
+{
+   private Logger log = LoggerFactory.getLogger(SamlSingleSignOnReceiver.class);
+
+   @Inject
+   private Requests requests;
+
+   @Inject
+   private Identity identity;
+
+   @Inject
+   private InternalAuthenticator internalAuthenticator;
+
+   @Inject
+   private ServiceProvider serviceProvider;
+
+   @Inject
+   private BeanManager beanManager;
+
+   public void processIDPResponse(HttpServletRequest httpRequest, HttpServletResponse httpResponse, StatusResponseType statusResponse, RequestContext requestContext, SamlIdentityProvider idp) throws InvalidRequestException
+   {
+      StatusType status = statusResponse.getStatus();
+      if (status == null)
+      {
+         throw new InvalidRequestException("Response does not contain a status");
+      }
+
+      String statusValue = status.getStatusCode().getValue();
+      if (SamlConstants.STATUS_SUCCESS.equals(statusValue) == false)
+      {
+         throw new RuntimeException("IDP returned status " + statusValue);
+      }
+
+      if (!(statusResponse instanceof ResponseType))
+      {
+         throw new InvalidRequestException("Response does not have type ResponseType");
+      }
+
+      ResponseType response = (ResponseType) statusResponse;
+
+      List<Object> assertions = response.getAssertionOrEncryptedAssertion();
+      if (assertions.size() == 0)
+      {
+         throw new RuntimeException("IDP response does not contain assertions");
+      }
+
+      SeamSamlPrincipal principal = getAuthenticatedUser(response, requestContext);
+      if (principal == null)
+      {
+         try
+         {
+            beanManager.fireEvent(new PostAuthenticateEvent());
+            beanManager.fireEvent(new LoginFailedEvent(new LoginException()));
+
+            httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
+         }
+         catch (IOException e)
+         {
+            throw new RuntimeException(e);
+         }
+      }
+      else
+      {
+         // Login the user, and redirect to the requested page.
+         principal.setIdentityProvider(idp);
+         loginUser(httpRequest, httpResponse, principal, requestContext);
+      }
+   }
+
+   private SeamSamlPrincipal getAuthenticatedUser(ResponseType responseType, RequestContext requestContext)
+   {
+      SeamSamlPrincipal principal = null;
+
+      for (Object assertion : responseType.getAssertionOrEncryptedAssertion())
+      {
+         if (assertion instanceof AssertionType)
+         {
+            SeamSamlPrincipal assertionSubject = handleAssertion((AssertionType) assertion, requestContext);
+            if (principal == null)
+            {
+               principal = assertionSubject;
+            }
+            else
+            {
+               log.warn("Multiple authenticated users found in assertions. Using the first one.");
+            }
+         }
+         else
+         {
+            /* assertion instanceof EncryptedElementType */
+            log.warn("Encountered encrypted assertion. Skipping it because decryption is not yet supported.");
+         }
+      }
+      return principal;
+   }
+
+   private SeamSamlPrincipal handleAssertion(AssertionType assertion, RequestContext requestContext)
+   {
+      if (SamlUtils.hasAssertionExpired(assertion))
+      {
+         log.warn("Received assertion not processed because it has expired.");
+         return null;
+      }
+
+      AuthnStatementType authnStatement = extractValidAuthnStatement(assertion);
+      if (authnStatement == null)
+      {
+         log.warn("Received assertion not processed because it doesn't contain a valid authnStatement.");
+         return null;
+      }
+
+      NameIDType nameId = validateSubjectAndExtractNameID(assertion, requestContext);
+      if (nameId == null)
+      {
+         log.warn("Received assertion not processed because it doesn't contain a valid subject.");
+         return null;
+      }
+
+      SeamSamlPrincipal principal = new SeamSamlPrincipal();
+      principal.setAssertion(assertion);
+      principal.setSessionIndex(authnStatement.getSessionIndex());
+      principal.setNameId(nameId);
+
+      for (StatementAbstractType statement : assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement())
+      {
+         if (statement instanceof AttributeStatementType)
+         {
+            AttributeStatementType attributeStatement = (AttributeStatementType) statement;
+            List<AttributeType> attributes = new LinkedList<AttributeType>();
+            for (Object object : attributeStatement.getAttributeOrEncryptedAttribute())
+            {
+               if (object instanceof AttributeType)
+               {
+                  attributes.add((AttributeType) object);
+               }
+               else
+               {
+                  log.warn("Encrypted attributes are not supported. Ignoring the attribute.");
+               }
+            }
+            principal.setAttributes(attributes);
+         }
+      }
+
+      return principal;
+   }
+
+   private AuthnStatementType extractValidAuthnStatement(AssertionType assertion)
+   {
+      for (StatementAbstractType statement : assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement())
+      {
+         if (statement instanceof AuthnStatementType)
+         {
+            AuthnStatementType authnStatement = (AuthnStatementType) statement;
+            return authnStatement;
+         }
+      }
+
+      return null;
+   }
+
+   private NameIDType validateSubjectAndExtractNameID(AssertionType assertion, RequestContext requestContext)
+   {
+      NameIDType nameId = null;
+      boolean validConfirmationFound = false;
+
+      for (JAXBElement<?> contentElement : assertion.getSubject().getContent())
+      {
+         if (contentElement.getValue() instanceof NameIDType)
+         {
+            nameId = (NameIDType) contentElement.getValue();
+         }
+         if (contentElement.getValue() instanceof SubjectConfirmationType)
+         {
+            SubjectConfirmationType confirmation = (SubjectConfirmationType) contentElement.getValue();
+            if (confirmation.getMethod().equals(SamlConstants.CONFIRMATION_METHOD_BEARER))
+            {
+               SubjectConfirmationDataType confirmationData = confirmation.getSubjectConfirmationData();
+
+               boolean validRecipient = confirmationData.getRecipient().equals(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
+
+               boolean notTooLate = confirmationData.getNotOnOrAfter().compare(SamlUtils.getXMLGregorianCalendar()) == DatatypeConstants.GREATER;
+
+               boolean validInResponseTo = requestContext == null || confirmationData.getInResponseTo().equals(requestContext.getId());
+
+               if (validRecipient && notTooLate && validInResponseTo)
+               {
+                  validConfirmationFound = true;
+               }
+            }
+         }
+      }
+
+      if (validConfirmationFound)
+      {
+         return nameId;
+      }
+      else
+      {
+         return null;
+      }
+   }
+
+   private void loginUser(HttpServletRequest httpRequest, HttpServletResponse httpResponse, SeamSamlPrincipal principal, RequestContext requestContext)
+   {
+      if (identity.isLoggedIn())
+      {
+         throw new RuntimeException("User is already logged in.");
+      }
+
+      boolean internallyAuthenticated = internalAuthenticator.authenticate(principal, httpRequest);
+
+      try
+      {
+         if (internallyAuthenticated)
+         {
+            if (requestContext == null)
+            {
+               redirectForUnsolicitedAuthentication(httpRequest, httpResponse);
+            }
+            else
+            {
+               requests.redirect(requestContext.getId(), httpResponse);
+            }
+         }
+         else
+         {
+            httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
+         }
+      }
+      catch (IOException e)
+      {
+         throw new RuntimeException(e);
+      }
+   }
+
+   private void redirectForUnsolicitedAuthentication(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws IOException
+   {
+      String relayState = httpRequest.getParameter("RelayState");
+
+      /* Unsolicited authentication. */
+
+      if (relayState != null)
+      {
+         httpResponse.sendRedirect(relayState);
+      }
+      else
+      {
+         String unsolicitedAuthenticationUrl = serviceProvider.getUnsolicitedAuthenticationUrl();
+         if (unsolicitedAuthenticationUrl != null)
+         {
+            httpResponse.sendRedirect(unsolicitedAuthenticationUrl);
+         }
+         else
+         {
+            throw new RuntimeException("Unsolicited login could not be handled because the unsolicitedAuthenticationViewId property has not been configured");
+         }
+      }
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnSender.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnSender.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnSender.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlSingleSignOnSender.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,35 @@
+package org.jboss.seam.security.external;
+
+import javax.enterprise.inject.spi.BeanManager;
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.seam.security.events.PreAuthenticateEvent;
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.protocol.AuthnRequestType;
+
+public class SamlSingleSignOnSender
+{
+   @Inject
+   private Requests requests;
+
+   @Inject
+   private SamlMessageFactory samlMessageFactory;
+
+   @Inject
+   private SamlMessageSender samlMessageSender;
+
+   @Inject
+   private BeanManager beanManager;
+
+   public void sendAuthenticationRequestToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, String returnUrl)
+   {
+      AuthnRequestType authnRequest = samlMessageFactory.createAuthnRequest();
+      requests.addRequest(authnRequest.getID(), samlIdentityProvider, returnUrl);
+
+      beanManager.fireEvent(new PreAuthenticateEvent());
+
+      samlMessageSender.sendRequestToIDP(request, response, samlIdentityProvider, SamlProfile.SINGLE_SIGN_ON, authnRequest);
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlUtils.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlUtils.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlUtils.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SamlUtils.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,128 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.GregorianCalendar;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.datatype.DatatypeConfigurationException;
+import javax.xml.datatype.DatatypeConstants;
+import javax.xml.datatype.DatatypeFactory;
+import javax.xml.datatype.XMLGregorianCalendar;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AssertionType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.ConditionsType;
+import org.w3c.dom.Document;
+
+public class SamlUtils
+{
+
+   public static XMLGregorianCalendar getXMLGregorianCalendar()
+   {
+      try
+      {
+         DatatypeFactory dtf = DatatypeFactory.newInstance();
+         return dtf.newXMLGregorianCalendar(new GregorianCalendar());
+      }
+      catch (DatatypeConfigurationException e)
+      {
+         throw new RuntimeException(e);
+      }
+   }
+
+   public static boolean hasAssertionExpired(AssertionType assertion)
+   {
+      ConditionsType conditionsType = assertion.getConditions();
+      if (conditionsType != null)
+      {
+         XMLGregorianCalendar now = getXMLGregorianCalendar();
+         XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
+         XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
+
+         int val = notBefore.compare(now);
+         if (val == DatatypeConstants.INDETERMINATE || val == DatatypeConstants.GREATER)
+         {
+            return true;
+         }
+
+         val = notOnOrAfter.compare(now);
+         if (val != DatatypeConstants.GREATER)
+         {
+            return true;
+         }
+
+         return false;
+      }
+      else
+      {
+         return false;
+      }
+   }
+
+   public static String getDocumentAsString(Document document)
+   {
+      Source source = new DOMSource(document);
+      StringWriter sw = new StringWriter();
+
+      Result streamResult = new StreamResult(sw);
+      try
+      {
+         Transformer transformer = TransformerFactory.newInstance().newTransformer();
+         transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+         transformer.setOutputProperty(OutputKeys.INDENT, "no");
+         transformer.transform(source, streamResult);
+      }
+      catch (TransformerException e)
+      {
+         throw new RuntimeException(e);
+      }
+
+      return sw.toString();
+   }
+
+   public static void sendRedirect(String destination, HttpServletResponse response)
+   {
+      response.setCharacterEncoding("UTF-8");
+      response.setHeader("Location", destination);
+      response.setHeader("Pragma", "no-cache");
+      response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate,private");
+      response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
+      try
+      {
+         response.sendRedirect(destination);
+      }
+      catch (IOException e)
+      {
+         throw new RuntimeException();
+      }
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SeamSamlPrincipal.java (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SeamSamlPrincipal.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SeamSamlPrincipal.java	                        (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/SeamSamlPrincipal.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -0,0 +1,99 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external;
+
+import java.security.Principal;
+import java.util.LinkedList;
+import java.util.List;
+
+import org.jboss.seam.security.external.configuration.SamlIdentityProvider;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AssertionType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeType;
+import org.jboss.seam.security.external.jaxb.samlv2.assertion.NameIDType;
+
+public class SeamSamlPrincipal implements Principal
+{
+   private NameIDType nameId;
+
+   private SamlIdentityProvider identityProvider;
+
+   private List<AttributeType> attributes = new LinkedList<AttributeType>();
+
+   private String sessionIndex;
+
+   private AssertionType assertion;
+
+   public NameIDType getNameId()
+   {
+      return nameId;
+   }
+
+   public void setNameId(NameIDType nameId)
+   {
+      this.nameId = nameId;
+   }
+
+   public SamlIdentityProvider getIdentityProvider()
+   {
+      return identityProvider;
+   }
+
+   public void setIdentityProvider(SamlIdentityProvider identityProvider)
+   {
+      this.identityProvider = identityProvider;
+   }
+
+   public List<AttributeType> getAttributes()
+   {
+      return attributes;
+   }
+
+   public void setAttributes(List<AttributeType> attributes)
+   {
+      this.attributes = attributes;
+   }
+
+   public String getSessionIndex()
+   {
+      return sessionIndex;
+   }
+
+   public void setSessionIndex(String sessionIndex)
+   {
+      this.sessionIndex = sessionIndex;
+   }
+
+   public AssertionType getAssertion()
+   {
+      return assertion;
+   }
+
+   public void setAssertion(AssertionType assertion)
+   {
+      this.assertion = assertion;
+   }
+
+   public String getName()
+   {
+      return nameId.getValue();
+   }
+}

Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration (from rev 13603, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration)

Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Binding.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/Binding.java	2010-08-12 09:37:21 UTC (rev 13603)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Binding.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -19,7 +19,7 @@
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
-package org.jboss.seam.security.external_authentication.configuration;
+package org.jboss.seam.security.external.configuration;
 
 public enum Binding
 {

Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Configuration.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/Configuration.java	2010-08-12 09:37:21 UTC (rev 13603)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/Configuration.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -19,7 +19,7 @@
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
-package org.jboss.seam.security.external_authentication.configuration;
+package org.jboss.seam.security.external.configuration;
 
 import java.net.URL;
 import java.util.HashMap;
@@ -38,8 +38,8 @@
 import javax.xml.validation.Schema;
 import javax.xml.validation.SchemaFactory;
 
-import org.jboss.seam.security.external_authentication.jaxb.config.ExternalAuthenticationConfigType;
-import org.jboss.seam.security.external_authentication.jaxb.config.ServiceProviderType;
+import org.jboss.seam.security.external.jaxb.config.ExternalAuthenticationConfigType;
+import org.jboss.seam.security.external.jaxb.config.ServiceProviderType;
 import org.xml.sax.SAXException;
 
 @Named("configuration")
@@ -78,7 +78,7 @@
       ExternalAuthenticationConfigType externalAuthenticationConfig;
       try
       {
-         JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.seam.security.external_authentication.jaxb.config");
+         JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.seam.security.external.jaxb.config");
          Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
          URL schemaURL = getClass().getResource("/schema/config/external-authentication-config.xsd");
          Schema schema;

Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/OpenIdConfiguration.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/OpenIdConfiguration.java	2010-08-12 09:37:21 UTC (rev 13603)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/OpenIdConfiguration.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -19,12 +19,12 @@
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
-package org.jboss.seam.security.external_authentication.configuration;
+package org.jboss.seam.security.external.configuration;
 
 import java.util.List;
 
-import org.jboss.seam.security.external_authentication.jaxb.config.OpenIdAttributeType;
-import org.jboss.seam.security.external_authentication.jaxb.config.OpenIdConfigType;
+import org.jboss.seam.security.external.jaxb.config.OpenIdAttributeType;
+import org.jboss.seam.security.external.jaxb.config.OpenIdConfigType;
 
 public class OpenIdConfiguration
 {

Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlConfiguration.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/SamlConfiguration.java	2010-08-12 09:37:21 UTC (rev 13603)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlConfiguration.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -19,7 +19,7 @@
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
-package org.jboss.seam.security.external_authentication.configuration;
+package org.jboss.seam.security.external.configuration;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -42,12 +42,12 @@
 import javax.xml.bind.JAXBException;
 import javax.xml.bind.Unmarshaller;
 
-import org.jboss.seam.security.external_authentication.jaxb.config.SamlConfigType;
-import org.jboss.seam.security.external_authentication.jaxb.config.SamlIdentityProviderType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.EntitiesDescriptorType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.EntityDescriptorType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.IDPSSODescriptorType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.RoleDescriptorType;
+import org.jboss.seam.security.external.jaxb.config.SamlConfigType;
+import org.jboss.seam.security.external.jaxb.config.SamlIdentityProviderType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.EntitiesDescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.EntityDescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.IDPSSODescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.RoleDescriptorType;
 
 public class SamlConfiguration
 {

Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlEndpoint.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/SamlEndpoint.java	2010-08-12 09:37:21 UTC (rev 13603)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlEndpoint.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -19,7 +19,7 @@
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
-package org.jboss.seam.security.external_authentication.configuration;
+package org.jboss.seam.security.external.configuration;
 
 public class SamlEndpoint
 {

Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlIdentityProvider.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/SamlIdentityProvider.java	2010-08-12 09:37:21 UTC (rev 13603)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlIdentityProvider.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -19,7 +19,7 @@
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
-package org.jboss.seam.security.external_authentication.configuration;
+package org.jboss.seam.security.external.configuration;
 
 import java.security.PublicKey;
 import java.util.HashMap;
@@ -28,11 +28,11 @@
 import javax.security.cert.X509Certificate;
 import javax.xml.bind.JAXBElement;
 
-import org.jboss.seam.security.external_authentication.SamlProfile;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.IDPSSODescriptorType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.KeyDescriptorType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.KeyTypes;
-import org.jboss.seam.security.external_authentication.jaxb.xmldsig.X509DataType;
+import org.jboss.seam.security.external.SamlProfile;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.IDPSSODescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.KeyDescriptorType;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.KeyTypes;
+import org.jboss.seam.security.external.jaxb.xmldsig.X509DataType;
 
 public class SamlIdentityProvider
 {

Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/SamlService.java	2010-08-12 09:37:21 UTC (rev 13603)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/SamlService.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -19,13 +19,13 @@
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
-package org.jboss.seam.security.external_authentication.configuration;
+package org.jboss.seam.security.external.configuration;
 
 import java.util.LinkedList;
 import java.util.List;
 
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.EndpointType;
-import org.jboss.seam.security.external_authentication.SamlProfile;
+import org.jboss.seam.security.external.SamlProfile;
+import org.jboss.seam.security.external.jaxb.samlv2.metadata.EndpointType;
 
 public class SamlService
 {

Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/ServiceProvider.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/configuration/ServiceProvider.java	2010-08-12 09:37:21 UTC (rev 13603)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/configuration/ServiceProvider.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -19,15 +19,15 @@
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
-package org.jboss.seam.security.external_authentication.configuration;
+package org.jboss.seam.security.external.configuration;
 
 import java.net.MalformedURLException;
 import java.net.URL;
 
 import javax.el.MethodExpression;
 
-import org.jboss.seam.security.external_authentication.ExternalAuthenticationService;
-import org.jboss.seam.security.external_authentication.jaxb.config.ServiceProviderType;
+import org.jboss.seam.security.external.ExternalAuthenticationService;
+import org.jboss.seam.security.external.jaxb.config.ServiceProviderType;
 
 public class ServiceProvider
 {

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationFilter.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationFilter.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationFilter.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,220 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-
-import javax.enterprise.inject.Instance;
-import javax.inject.Inject;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.annotation.WebFilter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.external_authentication.configuration.Configuration;
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Seam Servlet Filter supporting SAMLv2 authentication. It implements the Web
- * Browser SSO Profile. For outgoing authentication requests it can use either
- * HTTP Post or HTTP Redirect binding. For the responses, it uses HTTP Post
- * binding, with or without signature validation.
- */
- at WebFilter
-public class ExternalAuthenticationFilter implements Filter
-{
-   public static final String IDP_ENTITY_ID_PARAMETER = "idpEntityId";
-
-   public static final String RETURN_URL_PARAMETER = "returnUrl";
-
-   public static final String OPEN_ID_PARAMETER = "openId";
-
-   private final Logger log = LoggerFactory.getLogger(ExternalAuthenticationFilter.class);
-
-   @Inject
-   private Configuration configuration;
-
-   @Inject
-   private SamlMessageReceiver samlMessageReceiver;
-
-   @Inject
-   private OpenIdSingleLoginReceiver openIdSingleLoginReceiver;
-
-   @Inject
-   private SamlSingleSignOnSender samlSingleSignOnSender;
-
-   @Inject
-   private OpenIdSingleLoginSender openIdSingleLoginSender;
-
-   @Inject
-   private SamlSingleLogoutSender samlSingleLogoutSender;
-
-   @Inject
-   private SamlMetaDataProvider samlMetaDataProvider;
-
-   @Inject
-   private OpenIdXrdsProvider openIdXrdsProvider;
-
-   @Inject
-   private Instance<Identity> identity;
-
-   public void init(FilterConfig filterConfig) throws ServletException
-   {
-      configuration.setContextRoot(filterConfig.getServletContext().getContextPath());
-   }
-
-   public void doFilter(ServletRequest request, ServletResponse response, final FilterChain chain) throws IOException, ServletException
-   {
-      if (!(request instanceof HttpServletRequest))
-      {
-         throw new ServletException("This filter can only process HttpServletRequest requests");
-      }
-
-      final HttpServletRequest httpRequest = (HttpServletRequest) request;
-      final HttpServletResponse httpResponse = (HttpServletResponse) response;
-
-      final ExternalAuthenticationService service = determineService(httpRequest);
-
-      if (service != null)
-      {
-         try
-         {
-            doFilter(httpRequest, httpResponse, service);
-         }
-         catch (InvalidRequestException e)
-         {
-            httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
-            if (log.isInfoEnabled())
-            {
-               log.info("Bad request received from {0} ({1})", new Object[] { e.getCause(), httpRequest.getRemoteHost(), e.getDescription() });
-            }
-         }
-      }
-      else
-      {
-         // Request is not related to external authentication. Pass the request
-         // on to
-         // the next filter in the chain.
-         chain.doFilter(httpRequest, httpResponse);
-      }
-   }
-
-   private void doFilter(HttpServletRequest httpRequest, HttpServletResponse httpResponse, ExternalAuthenticationService service) throws InvalidRequestException, IOException, ServletException
-   {
-      switch (service)
-      {
-      case OPEN_ID_SERVICE:
-         openIdSingleLoginReceiver.handleIncomingMessage(httpRequest, httpResponse);
-         break;
-      case SAML_SINGLE_LOGOUT_SERVICE:
-         samlMessageReceiver.handleIncomingSamlMessage(SamlProfile.SINGLE_LOGOUT, httpRequest, httpResponse);
-         break;
-      case SAML_ASSERTION_CONSUMER_SERVICE:
-         samlMessageReceiver.handleIncomingSamlMessage(SamlProfile.SINGLE_SIGN_ON, httpRequest, httpResponse);
-         break;
-      case AUTHENTICATION_SERVICE:
-         String returnUrl = httpRequest.getParameter(RETURN_URL_PARAMETER);
-
-         String providerName = httpRequest.getParameter(IDP_ENTITY_ID_PARAMETER);
-         if (providerName != null)
-         {
-            SamlIdentityProvider identityProvider = configuration.getServiceProvider().getSamlConfiguration().getSamlIdentityProviderByEntityId(providerName);
-
-            // User requested a page for which login is required. Return a page
-            // that instructs the browser to post an authentication request to
-            // the IDP.
-            if (identityProvider instanceof SamlIdentityProvider)
-            {
-               samlSingleSignOnSender.sendAuthenticationRequestToIDP(httpRequest, httpResponse, (SamlIdentityProvider) identityProvider, returnUrl);
-            }
-            else
-            {
-               throw new RuntimeException("Only SAML identity providers are supported in this version");
-            }
-         }
-         else
-         {
-            String openId = httpRequest.getParameter(OPEN_ID_PARAMETER);
-            openIdSingleLoginSender.sendAuthRequest(openId, returnUrl, httpResponse);
-         }
-         break;
-      case LOGOUT_SERVICE:
-         if (!identity.get().isLoggedIn())
-         {
-            throw new RuntimeException("User not logged in.");
-         }
-         // FIXME SeamSamlPrincipal principal = (SeamSamlPrincipal)
-         // identity.getPrincipal();
-         SeamSamlPrincipal principal = (SeamSamlPrincipal) httpRequest.getUserPrincipal();
-         SamlIdentityProvider idp = principal.getIdentityProvider();
-         if (!(idp instanceof SamlIdentityProvider))
-         {
-            throw new RuntimeException("Only SAML identity providers are supported in this version");
-         }
-
-         samlSingleLogoutSender.sendSingleLogoutRequestToIDP(httpRequest, httpResponse, identity.get());
-         break;
-      case SAML_META_DATA_SERVICE:
-
-         samlMetaDataProvider.writeMetaData(httpResponse.getOutputStream());
-         httpResponse.setCharacterEncoding("UTF-8");
-         httpResponse.setContentType("application/xml");
-         httpResponse.flushBuffer();
-         break;
-      case OPEN_ID_XRDS_SERVICE:
-
-         openIdXrdsProvider.writeMetaData(httpResponse.getOutputStream());
-         httpResponse.setCharacterEncoding("UTF-8");
-         httpResponse.setContentType("application/xrds+xml");
-         httpResponse.flushBuffer();
-         break;
-      default:
-         throw new RuntimeException("Unsupported service " + service);
-      }
-   }
-
-   private ExternalAuthenticationService determineService(HttpServletRequest httpRequest)
-   {
-      String path = ((HttpServletRequest) httpRequest).getRequestURI().replace(".seam", "");
-
-      for (ExternalAuthenticationService service : ExternalAuthenticationService.values())
-      {
-         if (path.endsWith("/" + service.getName()))
-         {
-            return service;
-         }
-      }
-      return null;
-   }
-
-   public void destroy()
-   {
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationService.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticationService.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,52 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-public enum ExternalAuthenticationService
-{
-
-   AUTHENTICATION_SERVICE("AuthenticationService"),
-
-   LOGOUT_SERVICE("LogoutService"),
-
-   SAML_ASSERTION_CONSUMER_SERVICE("AssertionConsumerService"),
-
-   SAML_SINGLE_LOGOUT_SERVICE("SingleLogoutService"),
-
-   SAML_META_DATA_SERVICE("MetaDataService"),
-
-   OPEN_ID_SERVICE("OpenIdService"),
-
-   OPEN_ID_XRDS_SERVICE("OpenIdXrdsService");
-
-   private String name;
-
-   private ExternalAuthenticationService(String name)
-   {
-      this.name = name;
-   }
-
-   public String getName()
-   {
-      return name;
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticator.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticator.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/ExternalAuthenticator.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,174 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.URLEncoder;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.faces.context.FacesContext;
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.servlet.annotation.WebFilter;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-
-/**
- * Filter that manages the external authentication of users (using, for example,
- * SAML or OpenID).
- */
- at Named("externalAuthenticator")
- at WebFilter
-// FIXME: page scope
-public class ExternalAuthenticator
-{
-   private String returnUrl;
-
-   private String openId;
-
-   @Inject
-   private ServiceProvider serviceProvider;
-
-   @Inject
-   private Identity identity;
-
-   public void samlSignOn(String idpEntityId)
-   {
-      if (serviceProvider.getSamlConfiguration() == null)
-      {
-         throw new RuntimeException("SAML is not configured.");
-      }
-
-      SamlIdentityProvider idp = serviceProvider.getSamlConfiguration().getSamlIdentityProviderByEntityId(idpEntityId);
-      if (idp == null)
-      {
-         throw new RuntimeException("Identity provider " + idpEntityId + " not found");
-      }
-
-      String authenticationServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.AUTHENTICATION_SERVICE);
-      Map<String, String> params = new HashMap<String, String>();
-      params.put(ExternalAuthenticationFilter.IDP_ENTITY_ID_PARAMETER, idpEntityId);
-      params.put(ExternalAuthenticationFilter.RETURN_URL_PARAMETER, returnUrl);
-      redirect(authenticationServiceURL, params);
-   }
-
-   public void openIdSignOn()
-   {
-      openIdSignOn(openId);
-   }
-
-   public void openIdSignOn(String openId)
-   {
-      if (serviceProvider.getOpenIdConfiguration() == null)
-      {
-         throw new RuntimeException("OpenID is not configured.");
-      }
-      String authenticationServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.AUTHENTICATION_SERVICE);
-      Map<String, String> params = new HashMap<String, String>();
-      params.put(ExternalAuthenticationFilter.RETURN_URL_PARAMETER, returnUrl);
-      params.put(ExternalAuthenticationFilter.OPEN_ID_PARAMETER, openId);
-      redirect(authenticationServiceURL, params);
-   }
-
-   public void singleLogout()
-   {
-      if (!identity.isLoggedIn())
-      {
-         throw new RuntimeException("Not logged in");
-      }
-      if (false /* FIXME !(identity.getPrincipal() instanceof SeamSamlPrincipal) */)
-      {
-         throw new RuntimeException("Single logout is only supported for SAML");
-      }
-      String logoutServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.LOGOUT_SERVICE);
-      redirect(logoutServiceURL, null);
-   }
-
-   private void redirect(String urlBase, Map<String, String> params)
-   {
-      StringBuilder url = new StringBuilder();
-      url.append(urlBase);
-      if (params != null && params.size() > 0)
-      {
-         url.append("?");
-         boolean first = true;
-         for (Map.Entry<String, String> paramEntry : params.entrySet())
-         {
-            if (first)
-            {
-               first = false;
-            }
-            else
-            {
-               url.append("&");
-            }
-            url.append(paramEntry.getKey());
-            url.append("=");
-            try
-            {
-               String paramValue = paramEntry.getValue();
-               if (paramValue == null || paramValue == "")
-                  throw new RuntimeException("Param Key:" + paramEntry.getKey() + " has value that is null");
-               url.append(URLEncoder.encode(paramValue, "UTF-8"));
-            }
-            catch (UnsupportedEncodingException e)
-            {
-               throw new RuntimeException(e);
-            }
-         }
-      }
-
-      try
-      {
-         FacesContext.getCurrentInstance().getExternalContext().redirect(url.toString());
-      }
-      catch (IOException e)
-      {
-         throw new RuntimeException(e);
-
-      }
-   }
-
-   public String getReturnUrl()
-   {
-      return returnUrl;
-   }
-
-   public void setReturnUrl(String returnUrl)
-   {
-      this.returnUrl = returnUrl;
-   }
-
-   public String getOpenId()
-   {
-      return openId;
-   }
-
-   public void setOpenId(String openId)
-   {
-      this.openId = openId;
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InternalAuthenticator.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InternalAuthenticator.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InternalAuthenticator.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,78 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.security.Principal;
-import java.util.LinkedList;
-import java.util.List;
-
-import javax.enterprise.inject.spi.BeanManager;
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletRequest;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.events.LoginFailedEvent;
-import org.jboss.seam.security.events.PostAuthenticateEvent;
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-
- at Named("internalAuthenticator")
-public class InternalAuthenticator
-{
-   @Inject
-   private Identity identity;
-
-   @Inject
-   private ServiceProvider serviceProvider;
-
-   @Inject
-   private BeanManager beanManager;
-
-   public boolean authenticate(Principal principal, HttpServletRequest httpRequest)
-   {
-      List<String> roles = new LinkedList<String>();
-      Boolean internallyAuthenticated = null; // FIXME =
-      // serviceProvider.getInternalAuthenticationMethod().invoke(principal,
-      // roles);
-
-      beanManager.fireEvent(new PostAuthenticateEvent());
-
-      if (internallyAuthenticated)
-      {
-         // FIXME identity.acceptExternallyAuthenticatedPrincipal(principal);
-
-         for (String role : roles)
-         {
-            // FIXME identity.addRole(role);
-         }
-
-         beanManager.fireEvent(new LoggedInEvent(null) /* FIXME: no user */);
-      }
-      else
-      {
-         beanManager.fireEvent(new LoginFailedEvent(new LoginException()));
-      }
-
-      return internallyAuthenticated;
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InvalidRequestException.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InvalidRequestException.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/InvalidRequestException.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,61 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-/**
- * Exception thrown to indicate that the request is invalid.
- */
-public class InvalidRequestException extends Exception
-{
-   private static final long serialVersionUID = -9127592026257210986L;
-
-   private String description;
-
-   private Exception cause;
-
-   public InvalidRequestException(String description)
-   {
-      this(description, null);
-   }
-
-   public InvalidRequestException(String description, Exception cause)
-   {
-      super();
-      this.description = description;
-      this.cause = cause;
-   }
-
-   public String getDescription()
-   {
-      return description;
-   }
-
-   public Exception getCause()
-   {
-      return cause;
-   }
-
-   public void setCause(Exception cause)
-   {
-      this.cause = cause;
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/LoggedInEvent.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/LoggedInEvent.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/LoggedInEvent.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,32 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-public class LoggedInEvent
-{
-
-   public LoggedInEvent(Object object)
-   {
-      // TODO Auto-generated constructor stub
-   }
-
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdConsumerManagerFactory.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdConsumerManagerFactory.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdConsumerManagerFactory.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,48 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import javax.enterprise.context.ApplicationScoped;
-import javax.enterprise.inject.Produces;
-import javax.inject.Inject;
-import javax.inject.Named;
-
-import org.openid4java.consumer.ConsumerManager;
-
- at Named("openIdConsumerManager")
- at ApplicationScoped
-public class OpenIdConsumerManagerFactory
-{
-   private ConsumerManager consumerManager;
-
-   @Produces
-   public ConsumerManager getConsumerManager()
-   {
-      return consumerManager;
-   }
-
-   @Inject
-   public void startup() throws Exception
-   {
-      consumerManager = new ConsumerManager();
-   }
-}
\ No newline at end of file

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdPrincipal.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdPrincipal.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdPrincipal.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,65 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.net.URL;
-import java.security.Principal;
-import java.util.List;
-import java.util.Map;
-
-public class OpenIdPrincipal implements Principal
-{
-   private String identifier;
-
-   private URL openIdProvider;
-
-   private Map<String, List<String>> attributes;
-
-   public OpenIdPrincipal(String identifier, URL openIdProvider, Map<String, List<String>> attributes)
-   {
-      super();
-      this.identifier = identifier;
-      this.openIdProvider = openIdProvider;
-      this.attributes = attributes;
-   }
-
-   public String getName()
-   {
-      return identifier;
-   }
-
-   public String getIdentifier()
-   {
-      return identifier;
-   }
-
-   public URL getOpenIdProvider()
-   {
-      return openIdProvider;
-   }
-
-   public Map<String, List<String>> getAttributes()
-   {
-      return attributes;
-   }
-
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdRequest.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdRequest.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdRequest.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,56 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import javax.enterprise.context.SessionScoped;
-import javax.inject.Named;
-
-import org.openid4java.discovery.DiscoveryInformation;
-
- at Named("openIdRequest")
- at SessionScoped
-public class OpenIdRequest
-{
-   private DiscoveryInformation discoveryInformation;
-
-   private String returnUrl;
-
-   public DiscoveryInformation getDiscoveryInformation()
-   {
-      return discoveryInformation;
-   }
-
-   public void setDiscoveryInformation(DiscoveryInformation discoveryInformation)
-   {
-      this.discoveryInformation = discoveryInformation;
-   }
-
-   public String getReturnUrl()
-   {
-      return returnUrl;
-   }
-
-   public void setReturnUrl(String returnUrl)
-   {
-      this.returnUrl = returnUrl;
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginReceiver.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginReceiver.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginReceiver.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,139 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-import java.net.URL;
-import java.util.List;
-import java.util.Map;
-
-import javax.enterprise.inject.spi.BeanManager;
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.events.LoginFailedEvent;
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.openid4java.OpenIDException;
-import org.openid4java.consumer.ConsumerManager;
-import org.openid4java.consumer.VerificationResult;
-import org.openid4java.discovery.DiscoveryInformation;
-import org.openid4java.discovery.Identifier;
-import org.openid4java.message.AuthSuccess;
-import org.openid4java.message.ParameterList;
-import org.openid4java.message.ax.AxMessage;
-import org.openid4java.message.ax.FetchResponse;
-
- at Named("openIdSingleLoginReceiver")
-public class OpenIdSingleLoginReceiver
-{
-   @Inject
-   private OpenIdRequest openIdRequest;
-
-   @Inject
-   private ConsumerManager openIdConsumerManager;
-
-   @Inject
-   private InternalAuthenticator internalAuthenticator;
-
-   @Inject
-   private ServiceProvider serviceProvider;
-
-   @Inject
-   private BeanManager manager;
-
-   @SuppressWarnings("unchecked")
-   public void handleIncomingMessage(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws InvalidRequestException
-   {
-      try
-      {
-         // extract the parameters from the authentication response
-         // (which comes in as a HTTP request from the OpenID provider)
-         ParameterList response = new ParameterList(httpRequest.getParameterMap());
-
-         // retrieve the previously stored discovery information
-         DiscoveryInformation discovered = openIdRequest.getDiscoveryInformation();
-
-         // extract the receiving URL from the HTTP request
-         StringBuffer receivingURL = httpRequest.getRequestURL();
-         String queryString = httpRequest.getQueryString();
-         if (queryString != null && queryString.length() > 0)
-            receivingURL.append("?").append(httpRequest.getQueryString());
-
-         // verify the response; ConsumerManager needs to be the same
-         // (static) instance used to place the authentication request
-         VerificationResult verification = openIdConsumerManager.verify(receivingURL.toString(), response, discovered);
-
-         boolean authenticated = true;
-
-         // examine the verification result and extract the verified identifier
-         Identifier identifier = verification.getVerifiedId();
-
-         if (identifier != null)
-         {
-            AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();
-
-            Map<String, List<String>> attributes = null;
-            if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX))
-            {
-               FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);
-
-               attributes = fetchResp.getAttributes();
-            }
-
-            OpenIdPrincipal principal = createPrincipal(identifier.getIdentifier(), discovered.getOPEndpoint(), attributes);
-
-            authenticated = internalAuthenticator.authenticate(principal, httpRequest);
-         }
-         else
-         {
-            manager.fireEvent(new LoginFailedEvent(new LoginException()));
-            authenticated = false;
-         }
-
-         if (authenticated)
-         {
-            httpResponse.sendRedirect(openIdRequest.getReturnUrl());
-         }
-         else
-         {
-            httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
-         }
-      }
-      catch (OpenIDException e)
-      {
-         throw new RuntimeException(e);
-      }
-      catch (IOException e)
-      {
-         throw new RuntimeException(e);
-      }
-
-   }
-
-   private OpenIdPrincipal createPrincipal(String identifier, URL openIdProvider, Map<String, List<String>> attributes)
-   {
-      return new OpenIdPrincipal(identifier, openIdProvider, attributes);
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginSender.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginSender.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdSingleLoginSender.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,113 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-import java.util.List;
-
-import javax.enterprise.inject.spi.BeanManager;
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.events.LoginFailedEvent;
-import org.jboss.seam.security.events.PreAuthenticateEvent;
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.jboss.seam.security.external_authentication.jaxb.config.OpenIdAttributeType;
-import org.openid4java.OpenIDException;
-import org.openid4java.consumer.ConsumerManager;
-import org.openid4java.discovery.DiscoveryInformation;
-import org.openid4java.message.AuthRequest;
-import org.openid4java.message.ax.FetchRequest;
-
- at Named("org.jboss.seam.security.external_authentication.openIdSingleLoginSender")
-public class OpenIdSingleLoginSender
-{
-   @Inject
-   private OpenIdRequest openIdRequest;
-
-   @Inject
-   private ConsumerManager openIdConsumerManager;
-
-   @Inject
-   private ServiceProvider serviceProvider;
-
-   @Inject
-   private BeanManager manager;
-
-   public String sendAuthRequest(String openId, String returnUrl, HttpServletResponse httpResponse)
-   {
-      try
-      {
-         @SuppressWarnings("unchecked")
-         List<DiscoveryInformation> discoveries = openIdConsumerManager.discover(openId);
-
-         DiscoveryInformation discovered = openIdConsumerManager.associate(discoveries);
-
-         openIdRequest.setDiscoveryInformation(discovered);
-         openIdRequest.setReturnUrl(returnUrl);
-
-         String openIdServiceUrl = serviceProvider.getServiceURL(ExternalAuthenticationService.OPEN_ID_SERVICE);
-         String realm = serviceProvider.getOpenIdRealm();
-         AuthRequest authReq = openIdConsumerManager.authenticate(discovered, openIdServiceUrl, realm);
-
-         // Request attributes
-         List<OpenIdAttributeType> attributes = serviceProvider.getOpenIdConfiguration().getAttributes();
-         if (attributes.size() > 0)
-         {
-            FetchRequest fetch = FetchRequest.createFetchRequest();
-            for (OpenIdAttributeType attribute : attributes)
-            {
-               fetch.addAttribute(attribute.getAlias(), attribute.getTypeUri(), attribute.isRequired());
-            }
-            // attach the extension to the authentication request
-            authReq.addExtension(fetch);
-         }
-
-         String url = authReq.getDestinationUrl(true);
-
-         manager.fireEvent(new PreAuthenticateEvent());
-
-         httpResponse.sendRedirect(url);
-      }
-      catch (OpenIDException e)
-      {
-         try
-         {
-            manager.fireEvent(new LoginFailedEvent(new LoginException()));
-
-            httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
-         }
-         catch (IOException e1)
-         {
-            throw new RuntimeException(e);
-         }
-      }
-      catch (IOException e)
-      {
-         throw new RuntimeException(e);
-      }
-
-      return null;
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdXrdsProvider.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdXrdsProvider.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/OpenIdXrdsProvider.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,79 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.OutputStream;
-
-import javax.inject.Inject;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.jboss.seam.security.external_authentication.jaxb.xrds.ObjectFactory;
-import org.jboss.seam.security.external_authentication.jaxb.xrds.Service;
-import org.jboss.seam.security.external_authentication.jaxb.xrds.Type;
-import org.jboss.seam.security.external_authentication.jaxb.xrds.URIPriorityAppendPattern;
-import org.jboss.seam.security.external_authentication.jaxb.xrds.XRD;
-import org.jboss.seam.security.external_authentication.jaxb.xrds.XRDS;
-import org.openid4java.discovery.DiscoveryInformation;
-
-public class OpenIdXrdsProvider
-{
-   @Inject
-   private ServiceProvider serviceProvider;
-
-   public void writeMetaData(OutputStream stream)
-   {
-      try
-      {
-         ObjectFactory objectFactory = new ObjectFactory();
-
-         XRDS xrds = objectFactory.createXRDS();
-
-         XRD xrd = objectFactory.createXRD();
-
-         Type type = objectFactory.createType();
-         type.setValue(DiscoveryInformation.OPENID2_RP);
-         URIPriorityAppendPattern uri = objectFactory.createURIPriorityAppendPattern();
-         uri.setValue(serviceProvider.getServiceURL(ExternalAuthenticationService.OPEN_ID_SERVICE));
-
-         Service service = objectFactory.createService();
-         service.getType().add(type);
-         service.getURI().add(uri);
-
-         xrd.getService().add(service);
-
-         xrds.getOtherelement().add(xrd);
-
-         JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.seam.security.external_authentication.jaxb.xrds");
-         Marshaller marshaller = jaxbContext.createMarshaller();
-         marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
-         marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
-         marshaller.marshal(xrds, stream);
-      }
-      catch (JAXBException e)
-      {
-         throw new RuntimeException(e);
-      }
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/PagesSupportingExternalAuthentication.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/PagesSupportingExternalAuthentication.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/PagesSupportingExternalAuthentication.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,81 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-/**
- * Override of Seam's Pages component. It replaces the login page redirection method with a version
- * that redirects to an URL that is filtered by the SamlAuthenticationFilter.
- */
-
-// FIXME
-
-//@ApplicationScoped
-//@BypassInterceptors
-//@Name("org.jboss.seam.navigation.pages")
-//@Injectstall(precedence = Install.FRAMEWORK, classDependencies = "javax.faces.context.FacesContext")
-//@Startup
-//public class PagesSupportingExternalAuthentication extends Pages
-//{
-//   @Override
-//   public void redirectToLoginView()
-//   {
-//      notLoggedIn();
-//
-//      HttpServletRequest httpRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext()
-//            .getRequest();
-//
-//      StringBuffer returnUrl = httpRequest.getRequestURL();
-//
-//      ExternalAuthenticator externalAuthenticator = (ExternalAuthenticator) Component
-//            .getInstance(ExternalAuthenticator.class);
-//      externalAuthenticator.setReturnUrl(returnUrl.toString());
-//
-//      ServiceProvider serviceProvider = Configuration.instance().getServiceProvider();
-//
-//      // Use default SAML identity provider, if configured
-//      SamlConfiguration samlConfiguration = serviceProvider.getSamlConfiguration();
-//      if (samlConfiguration != null && samlConfiguration.getDefaultIdentityProvider() != null)
-//      {
-//         externalAuthenticator.samlSignOn(samlConfiguration.getDefaultIdentityProvider().getEntityId());
-//      }
-//      else
-//      {
-//         // Otherwise, use default OpenId identity provider, if configured
-//         OpenIdConfiguration openIdConfiguration = serviceProvider.getOpenIdConfiguration();
-//         if (openIdConfiguration != null && openIdConfiguration.getDefaultOpenIdProvider() != null)
-//         {
-//            externalAuthenticator.openIdSignOn(openIdConfiguration.getDefaultOpenIdProvider());
-//         }
-//         else
-//         {
-//            // Otherwise, redirect to the login view, so that the user can choose an IDP
-//            if (getLoginViewId() == null)
-//            {
-//               throw new RuntimeException("Login view id not specified in pages.xml.");
-//            }
-//            Map<String, Object> parameters = new HashMap<String, Object>();
-//            parameters.put(ExternalAuthenticationFilter.RETURN_URL_PARAMETER, returnUrl);
-//            FacesManager.instance().redirect(getLoginViewId(), parameters, false);
-//         }
-//      }
-//   }
-// }

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestContext.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestContext.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestContext.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,75 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-
-/**
- * Context of an authentication request.
- * 
- */
-public class RequestContext
-{
-   private String id;
-
-   private SamlIdentityProvider identityProvider;
-
-   private String urlToRedirectToAfterLogin;
-
-   public RequestContext(String id, SamlIdentityProvider identityProvider, String urlToRedirectToAfterLogin)
-   {
-      super();
-      this.id = id;
-      this.identityProvider = identityProvider;
-      this.urlToRedirectToAfterLogin = urlToRedirectToAfterLogin;
-   }
-
-   public String getId()
-   {
-      return id;
-   }
-
-   public void setId(String id)
-   {
-      this.id = id;
-   }
-
-   public SamlIdentityProvider getIdentityProvider()
-   {
-      return identityProvider;
-   }
-
-   public void setIdentityProvider(SamlIdentityProvider identityProvider)
-   {
-      this.identityProvider = identityProvider;
-   }
-
-   public String getUrlToRedirectToAfterLogin()
-   {
-      return urlToRedirectToAfterLogin;
-   }
-
-   public void setUrlToRedirectToAfterLogin(String urlToRedirectToAfterLogin)
-   {
-      this.urlToRedirectToAfterLogin = urlToRedirectToAfterLogin;
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestOrResponse.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestOrResponse.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/RequestOrResponse.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,37 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-public enum RequestOrResponse
-{
-   REQUEST, RESPONSE;
-
-   public boolean isRequest()
-   {
-      return this == REQUEST;
-   }
-
-   public boolean isResponse()
-   {
-      return this == RESPONSE;
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/Requests.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/Requests.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/Requests.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,81 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.enterprise.context.SessionScoped;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Session scoped component that stores requests that have been sent to the
- * identity provider.
- */
- at SessionScoped
-public class Requests
-{
-   private Map<String, RequestContext> requests = new HashMap<String, RequestContext>();
-
-   private Logger log = LoggerFactory.getLogger(Requests.class);
-
-   public void addRequest(String id, SamlIdentityProvider identityProvider, String urlToRedirectToAfterLogin)
-   {
-      requests.put(id, new RequestContext(id, identityProvider, urlToRedirectToAfterLogin));
-   }
-
-   public RequestContext getRequest(String id)
-   {
-      return requests.get(id);
-   }
-
-   public void removeRequest(String id)
-   {
-      requests.remove(id);
-   }
-
-   public void redirect(String id, HttpServletResponse response)
-   {
-      String requestURL = requests.get(id).getUrlToRedirectToAfterLogin();
-      if (requestURL == null)
-      {
-         throw new RuntimeException("Couldn't find URL to redirect to for request " + id);
-      }
-      try
-      {
-         if (log.isDebugEnabled())
-         {
-            log.debug("Redirecting to " + requestURL);
-         }
-         response.sendRedirect(requestURL);
-      }
-      catch (IOException e)
-      {
-         throw new RuntimeException(e);
-      }
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlConstants.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlConstants.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlConstants.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,59 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-public class SamlConstants
-{
-   // Query string parameters used by the HTTP_Redirect binding
-   public static final String QSP_SAML_REQUEST = "SAMLRequest";
-
-   public static final String QSP_SAML_RESPONSE = "SAMLResponse";
-
-   public static final String QSP_SIGNATURE = "Signature";
-
-   public static final String QSP_SIG_ALG = "SigAlg";
-
-   public static final String QSP_RELAY_STATE = "RelayState";
-
-   public static final String HTTP_POST_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
-
-   public static final String HTTP_REDIRECT_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";
-
-   public static final String CONFIRMATION_METHOD_BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
-
-   public static final String VERSION_2_0 = "2.0";
-
-   public static final String PROTOCOL_NSURI = "urn:oasis:names:tc:SAML:2.0:protocol";
-
-   public static final String STATUS_SUCCESS = "urn:oasis:names:tc:SAML:2.0:status:Success";
-
-   public static final String XMLDSIG_NSURI = "http://www.w3.org/2000/09/xmldsig#";
-
-   public static final String SIGNATURE_SHA1_WITH_DSA = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
-
-   public static final String SIGNATURE_SHA1_WITH_RSA = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
-
-   public static final String DSA_SIGNATURE_ALGORITHM = "SHA1withDSA";
-
-   public static final String RSA_SIGNATURE_ALGORITHM = "SHA1withRSA";
-
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageFactory.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageFactory.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageFactory.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,128 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.util.UUID;
-
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.NameIDType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.AuthnRequestType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.LogoutRequestType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.ObjectFactory;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.RequestAbstractType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.StatusCodeType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.StatusResponseType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.StatusType;
-
-public class SamlMessageFactory
-{
-   @Inject
-   private ServiceProvider serviceProvider;
-
-   public StatusResponseType createStatusResponse(RequestAbstractType request, String statusCode, String statusMessage)
-   {
-      ObjectFactory objectFactory = new ObjectFactory();
-      org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.ObjectFactory assertionObjectFactory = new org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.ObjectFactory();
-
-      StatusResponseType response = objectFactory.createStatusResponseType();
-
-      response.setID(generateId());
-      response.setIssueInstant(SamlUtils.getXMLGregorianCalendar());
-
-      NameIDType issuer = assertionObjectFactory.createNameIDType();
-      issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
-      response.setIssuer(issuer);
-
-      response.setVersion(SamlConstants.VERSION_2_0);
-      response.setInResponseTo(request.getID());
-
-      StatusCodeType statusCodeJaxb = objectFactory.createStatusCodeType();
-      statusCodeJaxb.setValue(statusCode);
-
-      StatusType statusType = objectFactory.createStatusType();
-      statusType.setStatusCode(statusCodeJaxb);
-      if (statusMessage != null)
-      {
-         statusType.setStatusMessage(statusMessage);
-      }
-
-      response.setStatus(statusType);
-
-      return response;
-   }
-
-   public AuthnRequestType createAuthnRequest()
-   {
-      ObjectFactory objectFactory = new ObjectFactory();
-      org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.ObjectFactory assertionObjectFactory = new org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.ObjectFactory();
-
-      AuthnRequestType authnRequest = objectFactory.createAuthnRequestType();
-
-      authnRequest.setID(generateId());
-      authnRequest.setIssueInstant(SamlUtils.getXMLGregorianCalendar());
-
-      NameIDType issuer = assertionObjectFactory.createNameIDType();
-      issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
-      authnRequest.setIssuer(issuer);
-
-      authnRequest.setVersion(SamlConstants.VERSION_2_0);
-
-      // Fill in the optional fields that indicate where and how the response
-      // should be delivered.
-      authnRequest.setAssertionConsumerServiceURL(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
-      authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
-
-      return authnRequest;
-   }
-
-   public LogoutRequestType createLogoutRequest(SeamSamlPrincipal principal) throws ConfigurationException
-   {
-      ObjectFactory objectFactory = new ObjectFactory();
-      org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.ObjectFactory assertionObjectFactory = new org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.ObjectFactory();
-
-      LogoutRequestType logoutRequest = objectFactory.createLogoutRequestType();
-
-      logoutRequest.setID(generateId());
-      logoutRequest.setIssueInstant(SamlUtils.getXMLGregorianCalendar());
-
-      NameIDType issuer = assertionObjectFactory.createNameIDType();
-      issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId());
-      logoutRequest.setIssuer(issuer);
-
-      NameIDType nameID = assertionObjectFactory.createNameIDType();
-      nameID.setValue(principal.getNameId().getValue());
-      logoutRequest.setNameID(nameID);
-
-      logoutRequest.setVersion(SamlConstants.VERSION_2_0);
-      logoutRequest.getSessionIndex().add(principal.getSessionIndex());
-
-      return logoutRequest;
-   }
-
-   private String generateId()
-   {
-      return "ID_" + UUID.randomUUID();
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageReceiver.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageReceiver.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageReceiver.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,279 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
-import java.net.URLDecoder;
-import java.util.zip.Inflater;
-import java.util.zip.InflaterInputStream;
-
-import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.RequestAbstractType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.StatusResponseType;
-import org.jboss.seam.security.util.Base64;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.xml.sax.SAXException;
-
-public class SamlMessageReceiver
-{
-   private static final Logger log = LoggerFactory.getLogger(SamlMessageReceiver.class);
-
-   @Inject
-   private Requests requests;
-
-   @Inject
-   private SamlSingleLogoutReceiver samlSingleLogoutReceiver;
-
-   @Inject
-   private SamlSingleSignOnReceiver samlSingleSignOnReceiver;
-
-   @Inject
-   private ServiceProvider serviceProvider;
-
-   @Inject
-   private SamlSignatureUtilForPostBinding signatureUtilForPostBinding;
-
-   @Inject
-   private SamlSignatureUtilForRedirectBinding signatureUtilForRedirectBinding;
-
-   private JAXBContext jaxbContext;
-
-   @Inject
-   public void init()
-   {
-      try
-      {
-         jaxbContext = JAXBContext.newInstance(StatusResponseType.class);
-      }
-      catch (JAXBException e)
-      {
-         throw new RuntimeException(e);
-      }
-   }
-
-   public void handleIncomingSamlMessage(SamlProfile samlProfile, HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws InvalidRequestException
-   {
-      String samlRequestParam = httpRequest.getParameter(SamlConstants.QSP_SAML_REQUEST);
-      String samlResponseParam = httpRequest.getParameter(SamlConstants.QSP_SAML_RESPONSE);
-
-      RequestOrResponse requestOrResponse;
-      String samlMessage;
-
-      if (samlRequestParam != null && samlResponseParam == null)
-      {
-         samlMessage = samlRequestParam;
-         requestOrResponse = RequestOrResponse.REQUEST;
-      }
-      else if (samlRequestParam == null && samlResponseParam != null)
-      {
-         samlMessage = samlResponseParam;
-         requestOrResponse = RequestOrResponse.RESPONSE;
-      }
-      else
-      {
-         throw new InvalidRequestException("SAML message should either have a SAMLRequest parameter or a SAMLResponse parameter");
-      }
-
-      InputStream is;
-      if (httpRequest.getMethod().equals("POST"))
-      {
-         byte[] decodedMessage = Base64.decode(samlMessage);
-         is = new ByteArrayInputStream(decodedMessage);
-      }
-      else
-      {
-         String urlDecoded;
-         try
-         {
-            urlDecoded = URLDecoder.decode(samlMessage, "UTF-8");
-         }
-         catch (UnsupportedEncodingException e)
-         {
-            throw new RuntimeException(e);
-         }
-         byte[] base64Decoded = Base64.decode(urlDecoded);
-         ByteArrayInputStream bais = new ByteArrayInputStream(base64Decoded);
-         is = new InflaterInputStream(bais, new Inflater(true));
-      }
-
-      Document document = getDocument(is);
-      String issuerEntityId;
-      RequestAbstractType samlRequest = null;
-      StatusResponseType samlResponse = null;
-      if (requestOrResponse.isRequest())
-      {
-         samlRequest = getSamlRequest(document);
-         issuerEntityId = samlRequest.getIssuer().getValue();
-      }
-      else
-      {
-         samlResponse = getSamlResponse(document);
-         issuerEntityId = samlResponse.getIssuer().getValue();
-      }
-      if (log.isDebugEnabled())
-      {
-         log.debug("Received from IDP: " + SamlUtils.getDocumentAsString(document));
-      }
-
-      SamlIdentityProvider idp = serviceProvider.getSamlConfiguration().getSamlIdentityProviderByEntityId(issuerEntityId);
-      if (idp == null)
-      {
-         throw new InvalidRequestException("Received message from unknown idp " + issuerEntityId);
-      }
-
-      boolean validate;
-      if (samlProfile == SamlProfile.SINGLE_SIGN_ON)
-      {
-         validate = serviceProvider.getSamlConfiguration().isWantAssertionsSigned();
-      }
-      else
-      {
-         validate = idp.isSingleLogoutMessagesSigned();
-      }
-
-      if (validate)
-      {
-         if (log.isDebugEnabled())
-         {
-            log.debug("Validating the signature");
-         }
-         if (httpRequest.getMethod().equals("POST"))
-         {
-            signatureUtilForPostBinding.validateSignature(idp, document);
-         }
-         else
-         {
-            signatureUtilForRedirectBinding.validateSignature(idp, httpRequest, requestOrResponse);
-         }
-      }
-
-      RequestContext requestContext = null;
-      if (requestOrResponse.isResponse() && samlResponse.getInResponseTo() != null)
-      {
-         requestContext = requests.getRequest(samlResponse.getInResponseTo());
-         if (requestContext == null)
-         {
-            throw new InvalidRequestException("No request that corresponds with the received response");
-         }
-         else if (!(requestContext.getIdentityProvider().equals(idp)))
-         {
-            throw new InvalidRequestException("Identity provider of request and response do not match");
-         }
-      }
-
-      if (samlProfile == SamlProfile.SINGLE_SIGN_ON)
-      {
-         if (requestOrResponse.isRequest())
-         {
-            throw new InvalidRequestException("Assertion consumer service can only process SAML responses");
-         }
-         else
-         {
-            samlSingleSignOnReceiver.processIDPResponse(httpRequest, httpResponse, samlResponse, requestContext, idp);
-         }
-      }
-      else
-      {
-         if (requestOrResponse.isRequest())
-         {
-            samlSingleLogoutReceiver.processIDPRequest(httpRequest, httpResponse, samlRequest, idp);
-         }
-         else
-         {
-            samlSingleLogoutReceiver.processIDPResponse(httpRequest, httpResponse, samlResponse, requestContext, idp);
-         }
-      }
-   }
-
-   private RequestAbstractType getSamlRequest(Document document) throws InvalidRequestException
-   {
-      try
-      {
-         Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
-         @SuppressWarnings("unchecked")
-         JAXBElement<RequestAbstractType> jaxbRequest = (JAXBElement<RequestAbstractType>) unmarshaller.unmarshal(document);
-         RequestAbstractType request = jaxbRequest.getValue();
-         return request;
-      }
-      catch (JAXBException e)
-      {
-         throw new InvalidRequestException("SAML message could not be parsed", e);
-      }
-   }
-
-   private StatusResponseType getSamlResponse(Document document) throws InvalidRequestException
-   {
-      try
-      {
-         Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
-         @SuppressWarnings("unchecked")
-         JAXBElement<StatusResponseType> jaxbResponseType = (JAXBElement<StatusResponseType>) unmarshaller.unmarshal(document);
-         StatusResponseType statusResponse = jaxbResponseType.getValue();
-         return statusResponse;
-      }
-      catch (JAXBException e)
-      {
-         throw new InvalidRequestException("SAML message could not be parsed", e);
-      }
-   }
-
-   private Document getDocument(InputStream is) throws InvalidRequestException
-   {
-      try
-      {
-         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-         factory.setNamespaceAware(true);
-         factory.setXIncludeAware(true);
-         DocumentBuilder builder = factory.newDocumentBuilder();
-         return builder.parse(is);
-      }
-      catch (ParserConfigurationException e)
-      {
-         throw new RuntimeException(e);
-      }
-      catch (SAXException e)
-      {
-         throw new InvalidRequestException("SAML request could not be parsed", e);
-      }
-      catch (IOException e)
-      {
-         throw new RuntimeException(e);
-      }
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageSender.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageSender.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMessageSender.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,366 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.io.UnsupportedEncodingException;
-import java.net.URLEncoder;
-import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.util.zip.Deflater;
-import java.util.zip.DeflaterOutputStream;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.Binder;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.SignatureMethod;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.jboss.seam.security.external_authentication.configuration.Binding;
-import org.jboss.seam.security.external_authentication.configuration.SamlEndpoint;
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external_authentication.configuration.SamlService;
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.AuthnRequestType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.LogoutRequestType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.ObjectFactory;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.RequestAbstractType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.StatusResponseType;
-import org.jboss.seam.security.util.Base64;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-
- at Named("org.picketlink.identity.seam.federation.samlMessageSender")
-public class SamlMessageSender
-{
-   private Logger log = LoggerFactory.getLogger(SamlMessageSender.class);
-
-   @Inject
-   private ServiceProvider serviceProvider;
-
-   @Inject
-   private SamlSignatureUtilForPostBinding signatureUtilForPostBinding;
-
-   @Inject
-   private SamlSignatureUtilForRedirectBinding signatureUtilForRedirectBinding;
-
-   private JAXBContext jaxbContextRequestAbstractType;
-
-   private JAXBContext jaxbContextStatusResponseType;
-
-   @Inject
-   public void init()
-   {
-      try
-      {
-         jaxbContextRequestAbstractType = JAXBContext.newInstance(RequestAbstractType.class);
-         jaxbContextStatusResponseType = JAXBContext.newInstance(StatusResponseType.class);
-      }
-      catch (JAXBException e)
-      {
-         throw new RuntimeException(e);
-      }
-   }
-
-   public void sendRequestToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, SamlProfile profile, RequestAbstractType samlRequest)
-   {
-      Document message = null;
-      SamlEndpoint endpoint = null;
-      try
-      {
-         SamlService service = samlIdentityProvider.getService(profile);
-         endpoint = service.getEndpointForBinding(Binding.HTTP_Post);
-         if (endpoint == null)
-         {
-            endpoint = service.getEndpointForBinding(Binding.HTTP_Redirect);
-         }
-         if (endpoint == null)
-         {
-            throw new RuntimeException("Idp " + samlIdentityProvider.getEntityId() + " has no endpoint found for profile " + profile);
-         }
-         samlRequest.setDestination(endpoint.getLocation());
-
-         JAXBElement<?> requestElement;
-         if (samlRequest instanceof AuthnRequestType)
-         {
-            AuthnRequestType authnRequest = (AuthnRequestType) samlRequest;
-            requestElement = new ObjectFactory().createAuthnRequest(authnRequest);
-         }
-         else if (samlRequest instanceof LogoutRequestType)
-         {
-            LogoutRequestType logoutRequest = (LogoutRequestType) samlRequest;
-            requestElement = new ObjectFactory().createLogoutRequest(logoutRequest);
-         }
-         else
-         {
-            throw new RuntimeException("Currently only authentication and logout requests can be sent");
-         }
-
-         Binder<Node> binder = jaxbContextRequestAbstractType.createBinder();
-
-         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-         factory.setNamespaceAware(true);
-         factory.setXIncludeAware(true);
-         DocumentBuilder builder;
-         builder = factory.newDocumentBuilder();
-         message = builder.newDocument();
-
-         binder.marshal(requestElement, message);
-      }
-      catch (JAXBException e)
-      {
-         throw new RuntimeException(e);
-      }
-      catch (ParserConfigurationException e)
-      {
-         throw new RuntimeException(e);
-      }
-
-      sendMessageToIDP(request, response, samlIdentityProvider, message, RequestOrResponse.REQUEST, endpoint);
-   }
-
-   public void sendResponseToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, SamlEndpoint endpoint, StatusResponseType samlResponse)
-   {
-      Document message = null;
-      try
-      {
-         samlResponse.setDestination(endpoint.getResponseLocation());
-
-         JAXBElement<StatusResponseType> responseElement;
-         if (endpoint.getService().getProfile().equals(SamlProfile.SINGLE_LOGOUT))
-         {
-            responseElement = new ObjectFactory().createLogoutResponse(samlResponse);
-         }
-         else
-         {
-            throw new RuntimeException("Responses can currently only be created for the single logout service");
-         }
-
-         Binder<Node> binder = jaxbContextStatusResponseType.createBinder();
-
-         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-         factory.setNamespaceAware(true);
-         factory.setXIncludeAware(true);
-         DocumentBuilder builder;
-         builder = factory.newDocumentBuilder();
-         message = builder.newDocument();
-
-         binder.marshal(responseElement, message);
-      }
-      catch (JAXBException e)
-      {
-         throw new RuntimeException(e);
-      }
-      catch (ParserConfigurationException e)
-      {
-         throw new RuntimeException(e);
-      }
-
-      sendMessageToIDP(request, response, samlIdentityProvider, message, RequestOrResponse.RESPONSE, endpoint);
-   }
-
-   private void sendMessageToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, Document message, RequestOrResponse requestOrResponse, SamlEndpoint endpoint)
-   {
-      if (log.isDebugEnabled())
-      {
-         log.debug("Sending over to IDP: " + SamlUtils.getDocumentAsString(message));
-      }
-
-      try
-      {
-         boolean signMessage;
-         if (endpoint.getService().getProfile().equals(SamlProfile.SINGLE_SIGN_ON))
-         {
-            signMessage = samlIdentityProvider.isWantAuthnRequestsSigned();
-         }
-         else
-         {
-            signMessage = samlIdentityProvider.isWantSingleLogoutMessagesSigned();
-         }
-
-         PrivateKey privateKey = serviceProvider.getSamlConfiguration().getPrivateKey();
-
-         if (endpoint.getBinding() == Binding.HTTP_Redirect)
-         {
-            byte[] responseBytes = SamlUtils.getDocumentAsString(message).getBytes("UTF-8");
-
-            ByteArrayOutputStream baos = new ByteArrayOutputStream();
-            Deflater deflater = new Deflater(Deflater.DEFLATED, true);
-            DeflaterOutputStream deflaterStream = new DeflaterOutputStream(baos, deflater);
-            deflaterStream.write(responseBytes);
-            deflaterStream.finish();
-
-            byte[] deflatedMsg = baos.toByteArray();
-            String urlEncodedResponse = Base64.encodeBytes(deflatedMsg);
-
-            String finalDest = endpoint.getLocation() + getQueryString(urlEncodedResponse, signMessage, requestOrResponse, privateKey);
-            SamlUtils.sendRedirect(finalDest, response);
-         }
-         else
-         {
-            if (signMessage)
-            {
-               PublicKey publicKey = serviceProvider.getSamlConfiguration().getCertificate().getPublicKey();
-               signSAMLDocument(message, new KeyPair(publicKey, privateKey));
-            }
-            byte[] responseBytes = SamlUtils.getDocumentAsString(message).getBytes("UTF-8");
-
-            String samlResponse = Base64.encodeBytes(responseBytes, Base64.DONT_BREAK_LINES);
-
-            sendPost(endpoint.getLocation(), samlResponse, response, requestOrResponse.isRequest());
-
-         }
-      }
-      catch (IOException e)
-      {
-         throw new RuntimeException(e);
-      }
-   }
-
-   private void signSAMLDocument(Document samlDocument, KeyPair keypair)
-   {
-      // Get the ID from the root
-      String id = samlDocument.getDocumentElement().getAttribute("ID");
-
-      String referenceURI = "#" + id;
-
-      signatureUtilForPostBinding.sign(samlDocument, keypair, DigestMethod.SHA1, SignatureMethod.RSA_SHA1, referenceURI);
-   }
-
-   private String getQueryString(String urlEncodedSamlMessage, boolean supportSignature, RequestOrResponse requestOrResponse, PrivateKey signingKey)
-   {
-      StringBuilder sb = new StringBuilder();
-      sb.append("?");
-
-      if (supportSignature)
-      {
-         try
-         {
-            sb.append(getURLWithSignature(requestOrResponse, urlEncodedSamlMessage, signingKey));
-         }
-         catch (IOException e)
-         {
-            throw new RuntimeException(e);
-         }
-         catch (GeneralSecurityException e)
-         {
-            throw new RuntimeException(e);
-         }
-      }
-      else
-      {
-         if (requestOrResponse == RequestOrResponse.REQUEST)
-         {
-            sb.append(SamlConstants.QSP_SAML_REQUEST);
-         }
-         else
-         {
-            sb.append(SamlConstants.QSP_SAML_RESPONSE);
-         }
-         sb.append("=").append(urlEncodedSamlMessage);
-      }
-      return sb.toString();
-   }
-
-   private void sendPost(String destination, String samlMessage, HttpServletResponse response, boolean request) throws IOException
-   {
-      String key = request ? SamlConstants.QSP_SAML_REQUEST : SamlConstants.QSP_SAML_RESPONSE;
-
-      if (destination == null)
-         throw new IllegalStateException("Destination is null");
-
-      response.setContentType("text/html");
-      PrintWriter out = response.getWriter();
-      response.setCharacterEncoding("UTF-8");
-      response.setHeader("Pragma", "no-cache");
-      response.setHeader("Cache-Control", "no-cache, no-store");
-      StringBuilder builder = new StringBuilder();
-
-      builder.append("<HTML>");
-      builder.append("<HEAD>");
-      if (request)
-         builder.append("<TITLE>HTTP Post Binding (Request)</TITLE>");
-      else
-         builder.append("<TITLE>HTTP Post Binding Response (Response)</TITLE>");
-
-      builder.append("</HEAD>");
-      builder.append("<BODY Onload=\"document.forms[0].submit()\">");
-
-      builder.append("<FORM METHOD=\"POST\" ACTION=\"" + destination + "\">");
-      builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\"" + key + "\"" + " VALUE=\"" + samlMessage + "\"/>");
-      builder.append("</FORM></BODY></HTML>");
-
-      String str = builder.toString();
-      out.println(str);
-      out.close();
-   }
-
-   private String getURLWithSignature(RequestOrResponse requestOrResponse, String urlEncodedResponse, PrivateKey signingKey) throws IOException, GeneralSecurityException
-   {
-      String messageParameter;
-      if (requestOrResponse == RequestOrResponse.REQUEST)
-      {
-         messageParameter = SamlConstants.QSP_SAML_REQUEST;
-      }
-      else
-      {
-         messageParameter = SamlConstants.QSP_SAML_RESPONSE;
-      }
-
-      byte[] signature = signatureUtilForRedirectBinding.computeSignature(messageParameter + "=" + urlEncodedResponse, signingKey);
-      String sigAlgo = signingKey.getAlgorithm();
-
-      StringBuilder sb = new StringBuilder();
-      sb.append(messageParameter + "=").append(urlEncodedResponse);
-
-      try
-      {
-         sb.append("&").append(SamlConstants.QSP_SIG_ALG).append("=");
-         String sigAlg = signatureUtilForRedirectBinding.getXMLSignatureAlgorithmURI(sigAlgo);
-         sb.append(URLEncoder.encode(sigAlg, "UTF-8"));
-
-         sb.append("&").append(SamlConstants.QSP_SIGNATURE).append("=");
-         String base64encodedSignature = Base64.encodeBytes(signature, Base64.DONT_BREAK_LINES);
-         sb.append(URLEncoder.encode(base64encodedSignature, "UTF-8"));
-      }
-      catch (UnsupportedEncodingException e)
-      {
-         throw new RuntimeException(e);
-      }
-
-      return sb.toString();
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMetaDataProvider.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMetaDataProvider.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlMetaDataProvider.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,130 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.OutputStream;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-
-import javax.inject.Inject;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.EntityDescriptorType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.IndexedEndpointType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.KeyDescriptorType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.KeyTypes;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.ObjectFactory;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata.SPSSODescriptorType;
-import org.jboss.seam.security.external_authentication.jaxb.xmldsig.KeyInfoType;
-import org.jboss.seam.security.external_authentication.jaxb.xmldsig.X509DataType;
-
-public class SamlMetaDataProvider
-{
-   @Inject
-   private ServiceProvider serviceProvider;
-
-   public void writeMetaData(OutputStream stream)
-   {
-      try
-      {
-         ObjectFactory metaDataFactory = new ObjectFactory();
-
-         IndexedEndpointType acsRedirectEndpoint = metaDataFactory.createIndexedEndpointType();
-         acsRedirectEndpoint.setBinding(SamlConstants.HTTP_REDIRECT_BINDING);
-         acsRedirectEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
-
-         IndexedEndpointType acsPostEndpoint = metaDataFactory.createIndexedEndpointType();
-         acsPostEndpoint.setBinding(SamlConstants.HTTP_POST_BINDING);
-         acsPostEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
-
-         IndexedEndpointType sloRedirectEndpoint = metaDataFactory.createIndexedEndpointType();
-         sloRedirectEndpoint.setBinding(SamlConstants.HTTP_REDIRECT_BINDING);
-         sloRedirectEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE));
-
-         IndexedEndpointType sloPostEndpoint = metaDataFactory.createIndexedEndpointType();
-         sloPostEndpoint.setBinding(SamlConstants.HTTP_POST_BINDING);
-         sloPostEndpoint.setLocation(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE));
-
-         SPSSODescriptorType spSsoDescriptor = metaDataFactory.createSPSSODescriptorType();
-         spSsoDescriptor.setAuthnRequestsSigned(serviceProvider.getSamlConfiguration().isAuthnRequestsSigned());
-         spSsoDescriptor.setWantAssertionsSigned(serviceProvider.getSamlConfiguration().isWantAssertionsSigned());
-
-         spSsoDescriptor.getAssertionConsumerService().add(acsRedirectEndpoint);
-         spSsoDescriptor.getAssertionConsumerService().add(acsPostEndpoint);
-         spSsoDescriptor.getSingleLogoutService().add(sloRedirectEndpoint);
-         spSsoDescriptor.getSingleLogoutService().add(sloPostEndpoint);
-
-         spSsoDescriptor.getProtocolSupportEnumeration().add(SamlConstants.PROTOCOL_NSURI);
-
-         spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
-         spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
-         spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
-         spSsoDescriptor.getNameIDFormat().add("urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress");
-
-         org.jboss.seam.security.external_authentication.jaxb.xmldsig.ObjectFactory signatureFactory = new org.jboss.seam.security.external_authentication.jaxb.xmldsig.ObjectFactory();
-
-         X509Certificate certificate = serviceProvider.getSamlConfiguration().getCertificate();
-         if (certificate == null)
-            throw new RuntimeException("Certificate obtained from configuration is null");
-
-         JAXBElement<byte[]> X509Certificate;
-         try
-         {
-            X509Certificate = signatureFactory.createX509DataTypeX509Certificate(certificate.getEncoded());
-         }
-         catch (CertificateEncodingException e)
-         {
-            throw new RuntimeException(e);
-         }
-
-         X509DataType X509Data = signatureFactory.createX509DataType();
-         X509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(X509Certificate);
-
-         KeyInfoType keyInfo = signatureFactory.createKeyInfoType();
-         keyInfo.getContent().add(signatureFactory.createX509Data(X509Data));
-
-         KeyDescriptorType keyDescriptor = metaDataFactory.createKeyDescriptorType();
-         keyDescriptor.setUse(KeyTypes.SIGNING);
-         keyDescriptor.setKeyInfo(keyInfo);
-
-         spSsoDescriptor.getKeyDescriptor().add(keyDescriptor);
-
-         EntityDescriptorType entityDescriptor = metaDataFactory.createEntityDescriptorType();
-         entityDescriptor.setEntityID(serviceProvider.getSamlConfiguration().getEntityId());
-         entityDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor().add(spSsoDescriptor);
-
-         JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.metadata");
-         Marshaller marshaller = jaxbContext.createMarshaller();
-         marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
-         marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
-         marshaller.marshal(metaDataFactory.createEntityDescriptor(entityDescriptor), stream);
-      }
-      catch (JAXBException e)
-      {
-         throw new RuntimeException(e);
-      }
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlProfile.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlProfile.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlProfile.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,27 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-public enum SamlProfile
-{
-   SINGLE_SIGN_ON, SINGLE_LOGOUT
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForPostBinding.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForPostBinding.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForPostBinding.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,199 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.security.AccessController;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.Key;
-import java.security.KeyException;
-import java.security.KeyPair;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PrivilegedAction;
-import java.security.PublicKey;
-import java.security.Security;
-import java.util.Collections;
-import java.util.List;
-
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.Reference;
-import javax.xml.crypto.dsig.SignatureMethod;
-import javax.xml.crypto.dsig.SignedInfo;
-import javax.xml.crypto.dsig.Transform;
-import javax.xml.crypto.dsig.XMLSignature;
-import javax.xml.crypto.dsig.XMLSignatureException;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-import javax.xml.crypto.dsig.dom.DOMSignContext;
-import javax.xml.crypto.dsig.dom.DOMValidateContext;
-import javax.xml.crypto.dsig.keyinfo.KeyInfo;
-import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
-import javax.xml.crypto.dsig.keyinfo.KeyValue;
-import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
-
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.w3c.dom.NodeList;
-
-public class SamlSignatureUtilForPostBinding
-{
-   private Logger log = LoggerFactory.getLogger(SamlSignatureUtilForPostBinding.class);
-
-   private XMLSignatureFactory fac = getXMLSignatureFactory();
-
-   private XMLSignatureFactory getXMLSignatureFactory()
-   {
-      if (Security.getProvider("DOM") != null)
-      {
-         return XMLSignatureFactory.getInstance("DOM");
-      }
-      else
-      {
-         // No security provider found for the XML Digital Signature API (JSR
-         // 105). Probably we have to do with JDK 1.5 or lower.
-         // See
-         // http://weblogs.java.net/blog/2008/02/27/using-jsr-105-jdk-14-or-15.
-         // We assume that the reference implementation of JSR 105 is available
-         // at runtime.
-         return XMLSignatureFactory.getInstance("DOM", new org.jcp.xml.dsig.internal.dom.XMLDSigRI());
-      }
-   }
-
-   static
-   {
-      AccessController.doPrivileged(new PrivilegedAction<Object>()
-      {
-         public Object run()
-         {
-            System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true");
-            return null;
-         }
-      });
-   };
-
-   public Document sign(Document doc, KeyPair keyPair, String digestMethod, String signatureMethod, String referenceURI)
-   {
-      if (log.isTraceEnabled())
-      {
-         log.trace("Document to be signed={0}", new Object[] { SamlUtils.getDocumentAsString(doc) });
-      }
-      PrivateKey signingKey = keyPair.getPrivate();
-      PublicKey publicKey = keyPair.getPublic();
-
-      DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
-      dsc.setDefaultNamespacePrefix("dsig");
-
-      try
-      {
-         DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null);
-         Transform transform = fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
-
-         List<Transform> transformList = Collections.singletonList(transform);
-         Reference ref = fac.newReference(referenceURI, digestMethodObj, transformList, null, null);
-
-         String canonicalizationMethodType = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
-         CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod(canonicalizationMethodType, (C14NMethodParameterSpec) null);
-
-         List<Reference> referenceList = Collections.singletonList(ref);
-         SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null);
-         SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethodObj, referenceList);
-
-         KeyInfoFactory kif = fac.getKeyInfoFactory();
-         KeyValue kv = kif.newKeyValue(publicKey);
-         KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
-
-         XMLSignature signature = fac.newXMLSignature(si, ki);
-
-         signature.sign(dsc);
-      }
-      catch (XMLSignatureException e)
-      {
-         throw new RuntimeException(e);
-      }
-      catch (NoSuchAlgorithmException e)
-      {
-         throw new RuntimeException(e);
-      }
-      catch (InvalidAlgorithmParameterException e)
-      {
-         throw new RuntimeException(e);
-      }
-      catch (KeyException e)
-      {
-         throw new RuntimeException(e);
-      }
-      catch (MarshalException e)
-      {
-         throw new RuntimeException(e);
-
-      }
-      return doc;
-   }
-
-   public void validateSignature(SamlIdentityProvider idp, Document signedDoc) throws InvalidRequestException
-   {
-      Key publicKey = idp.getPublicKey();
-
-      NodeList nl = signedDoc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
-      if (nl == null || nl.getLength() == 0)
-      {
-         throw new InvalidRequestException("Signature element is not present or has zero length.");
-      }
-
-      try
-      {
-         DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0));
-         XMLSignature signature = fac.unmarshalXMLSignature(valContext);
-         boolean signatureValid = signature.validate(valContext);
-
-         if (log.isTraceEnabled() && !signatureValid)
-         {
-            boolean sv = signature.getSignatureValue().validate(valContext);
-            log.trace("Signature validation status: " + sv);
-
-            @SuppressWarnings("unchecked")
-            List<Reference> references = signature.getSignedInfo().getReferences();
-            for (Reference ref : references)
-            {
-               log.trace("[Ref id=" + ref.getId() + ":uri=" + ref.getURI() + "] validity status:" + ref.validate(valContext));
-            }
-         }
-
-         if (!signatureValid)
-         {
-            throw new InvalidRequestException("Invalid signature.");
-         }
-      }
-      catch (XMLSignatureException e)
-      {
-         throw new RuntimeException(e);
-      }
-      catch (MarshalException e)
-      {
-         throw new RuntimeException(e);
-      }
-   }
-}
\ No newline at end of file

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForRedirectBinding.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForRedirectBinding.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSignatureUtilForRedirectBinding.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,174 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.URLDecoder;
-import java.net.URLEncoder;
-import java.security.GeneralSecurityException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Signature;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.util.Base64;
-
-public class SamlSignatureUtilForRedirectBinding
-{
-   byte[] computeSignature(String requestOrResponseKeyValuePair, PrivateKey signingKey) throws IOException, GeneralSecurityException
-   {
-      StringBuilder sb = new StringBuilder();
-      sb.append(requestOrResponseKeyValuePair);
-      String algo = signingKey.getAlgorithm();
-
-      String sigAlg = getXMLSignatureAlgorithmURI(algo);
-      sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
-      sb.append("&SigAlg=").append(sigAlg);
-
-      byte[] sigValue = sign(sb.toString(), signingKey);
-
-      return sigValue;
-   }
-
-   private byte[] sign(String stringToBeSigned, PrivateKey signingKey) throws GeneralSecurityException
-   {
-      String algo = signingKey.getAlgorithm();
-      Signature sig = getSignature(algo);
-      sig.initSign(signingKey);
-      sig.update(stringToBeSigned.getBytes());
-      return sig.sign();
-   }
-
-   public void validateSignature(SamlIdentityProvider idp, HttpServletRequest httpRequest, RequestOrResponse requestOrResponse) throws InvalidRequestException
-   {
-      String sigValueParam = httpRequest.getParameter(SamlConstants.QSP_SIGNATURE);
-      if (sigValueParam == null)
-      {
-         throw new InvalidRequestException("Signature parameter is not present.");
-      }
-
-      String decodedString;
-      try
-      {
-         decodedString = URLDecoder.decode(sigValueParam, "UTF-8");
-      }
-      catch (UnsupportedEncodingException e)
-      {
-         throw new RuntimeException(e);
-      }
-
-      byte[] sigValue = Base64.decode(decodedString);
-
-      String samlMessageParameter;
-      if (requestOrResponse == RequestOrResponse.REQUEST)
-      {
-         samlMessageParameter = SamlConstants.QSP_SAML_REQUEST;
-      }
-      else
-      {
-         samlMessageParameter = SamlConstants.QSP_SAML_RESPONSE;
-      }
-
-      // Construct the url again
-      String reqFromURL = httpRequest.getParameter(samlMessageParameter);
-      String relayStateFromURL = httpRequest.getParameter(SamlConstants.QSP_RELAY_STATE);
-      String sigAlgFromURL = httpRequest.getParameter(SamlConstants.QSP_SIG_ALG);
-
-      StringBuilder sb = new StringBuilder();
-      sb.append(samlMessageParameter).append("=").append(reqFromURL);
-
-      if (relayStateFromURL != null && relayStateFromURL.length() != 0)
-      {
-         sb.append("&").append(SamlConstants.QSP_RELAY_STATE).append("=").append(relayStateFromURL);
-      }
-      sb.append("&").append(SamlConstants.QSP_SIG_ALG).append("=").append(sigAlgFromURL);
-
-      PublicKey validatingKey = idp.getPublicKey();
-
-      boolean isValid;
-      try
-      {
-         isValid = validate(sb.toString().getBytes("UTF-8"), sigValue, validatingKey);
-      }
-      catch (UnsupportedEncodingException e)
-      {
-         throw new RuntimeException(e);
-      }
-      catch (GeneralSecurityException e)
-      {
-         throw new RuntimeException(e);
-      }
-
-      if (!isValid)
-      {
-         throw new InvalidRequestException("Invalid signature.");
-      }
-   }
-
-   private boolean validate(byte[] signedContent, byte[] signatureValue, PublicKey validatingKey) throws GeneralSecurityException
-   {
-      // We assume that the sigatureValue has the same algorithm as the public
-      // key
-      // If not, there will be an exception anyway
-      String algo = validatingKey.getAlgorithm();
-      Signature sig = getSignature(algo);
-
-      sig.initVerify(validatingKey);
-      sig.update(signedContent);
-      return sig.verify(signatureValue);
-   }
-
-   private Signature getSignature(String algo) throws GeneralSecurityException
-   {
-      Signature sig = null;
-
-      if ("DSA".equalsIgnoreCase(algo))
-      {
-         sig = Signature.getInstance(SamlConstants.DSA_SIGNATURE_ALGORITHM);
-      }
-      else if ("RSA".equalsIgnoreCase(algo))
-      {
-         sig = Signature.getInstance(SamlConstants.RSA_SIGNATURE_ALGORITHM);
-      }
-      else
-         throw new RuntimeException("Unknown signature algorithm:" + algo);
-      return sig;
-   }
-
-   public String getXMLSignatureAlgorithmURI(String algo)
-   {
-      String xmlSignatureAlgo = null;
-
-      if ("DSA".equalsIgnoreCase(algo))
-      {
-         xmlSignatureAlgo = SamlConstants.SIGNATURE_SHA1_WITH_DSA;
-      }
-      else if ("RSA".equalsIgnoreCase(algo))
-      {
-         xmlSignatureAlgo = SamlConstants.SIGNATURE_SHA1_WITH_RSA;
-      }
-      return xmlSignatureAlgo;
-   }
-}
\ No newline at end of file

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutReceiver.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutReceiver.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutReceiver.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,94 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-
-import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.external_authentication.configuration.Binding;
-import org.jboss.seam.security.external_authentication.configuration.SamlEndpoint;
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.LogoutRequestType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.RequestAbstractType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.StatusResponseType;
-
-public class SamlSingleLogoutReceiver
-{
-   @Inject
-   private SamlMessageFactory samlMessageFactory;
-
-   @Inject
-   private SamlMessageSender samlMessageSender;
-
-   @Inject
-   private Identity identity;
-
-   @Inject
-   private ServiceProvider serviceProvider;
-
-   public void processIDPRequest(HttpServletRequest httpRequest, HttpServletResponse httpResponse, RequestAbstractType request, SamlIdentityProvider idp) throws InvalidRequestException
-   {
-      if (!(request instanceof LogoutRequestType))
-      {
-         throw new InvalidRequestException("Request should be a single logout request.");
-      }
-
-      if (!identity.isLoggedIn())
-      {
-         throw new InvalidRequestException("No active session to logout.");
-      }
-
-      // FIXME: Identity.instance().logout();
-
-      StatusResponseType response = samlMessageFactory.createStatusResponse(request, SamlConstants.STATUS_SUCCESS, null);
-
-      Binding binding = httpRequest.getMethod().equals("POST") ? Binding.HTTP_Post : Binding.HTTP_Redirect;
-      SamlEndpoint endpoint = idp.getService(SamlProfile.SINGLE_LOGOUT).getEndpointForBinding(binding);
-
-      samlMessageSender.sendResponseToIDP(httpRequest, httpResponse, idp, endpoint, response);
-   }
-
-   public void processIDPResponse(HttpServletRequest httpRequest, HttpServletResponse httpResponse, StatusResponseType response, RequestContext requestContext, SamlIdentityProvider idp)
-   {
-      if (response.getStatus() != null && response.getStatus().getStatusCode().getValue().equals(SamlConstants.STATUS_SUCCESS))
-      {
-         // FIXME Identity.instance().logout();
-      }
-      else
-      {
-         throw new RuntimeException("Single logout failed. Status code: " + (response.getStatus() == null ? "null" : response.getStatus().getStatusCode().getValue()));
-      }
-      try
-      {
-         httpResponse.sendRedirect(serviceProvider.getLoggedOutUrl());
-      }
-      catch (IOException e)
-      {
-         throw new RuntimeException(e);
-      }
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutSender.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutSender.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleLogoutSender.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,65 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import javax.inject.Inject;
-import javax.naming.ConfigurationException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.LogoutRequestType;
-
-public class SamlSingleLogoutSender
-{
-   @Inject
-   private Requests requests;
-
-   @Inject
-   private SamlMessageSender samlMessageSender;
-
-   @Inject
-   private SamlMessageFactory samlMessageFactory;
-
-   public void sendSingleLogoutRequestToIDP(HttpServletRequest request, HttpServletResponse response, Identity identity)
-   {
-      SeamSamlPrincipal principal = (SeamSamlPrincipal) null; // FIXME:
-                                                              // identity.getPrincipal()
-                                                              // is not
-                                                              // available any
-                                                              // more
-      SamlIdentityProvider idp = (SamlIdentityProvider) principal.getIdentityProvider();
-      LogoutRequestType logoutRequest;
-      try
-      {
-         logoutRequest = samlMessageFactory.createLogoutRequest(principal);
-         requests.addRequest(logoutRequest.getID(), idp, null);
-      }
-      catch (ConfigurationException e)
-      {
-         throw new RuntimeException(e);
-      }
-
-      samlMessageSender.sendRequestToIDP(request, response, idp, SamlProfile.SINGLE_LOGOUT, logoutRequest);
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnReceiver.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnReceiver.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnReceiver.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,314 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-import java.util.LinkedList;
-import java.util.List;
-
-import javax.enterprise.inject.spi.BeanManager;
-import javax.inject.Inject;
-import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBElement;
-import javax.xml.datatype.DatatypeConstants;
-
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.events.LoginFailedEvent;
-import org.jboss.seam.security.events.PostAuthenticateEvent;
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external_authentication.configuration.ServiceProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.AssertionType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.AttributeStatementType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.AttributeType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.AuthnStatementType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.NameIDType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.StatementAbstractType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.SubjectConfirmationDataType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.SubjectConfirmationType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.ResponseType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.StatusResponseType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.StatusType;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class SamlSingleSignOnReceiver
-{
-   private Logger log = LoggerFactory.getLogger(SamlSingleSignOnReceiver.class);
-
-   @Inject
-   private Requests requests;
-
-   @Inject
-   private Identity identity;
-
-   @Inject
-   private InternalAuthenticator internalAuthenticator;
-
-   @Inject
-   private ServiceProvider serviceProvider;
-
-   @Inject
-   private BeanManager beanManager;
-
-   public void processIDPResponse(HttpServletRequest httpRequest, HttpServletResponse httpResponse, StatusResponseType statusResponse, RequestContext requestContext, SamlIdentityProvider idp) throws InvalidRequestException
-   {
-      StatusType status = statusResponse.getStatus();
-      if (status == null)
-      {
-         throw new InvalidRequestException("Response does not contain a status");
-      }
-
-      String statusValue = status.getStatusCode().getValue();
-      if (SamlConstants.STATUS_SUCCESS.equals(statusValue) == false)
-      {
-         throw new RuntimeException("IDP returned status " + statusValue);
-      }
-
-      if (!(statusResponse instanceof ResponseType))
-      {
-         throw new InvalidRequestException("Response does not have type ResponseType");
-      }
-
-      ResponseType response = (ResponseType) statusResponse;
-
-      List<Object> assertions = response.getAssertionOrEncryptedAssertion();
-      if (assertions.size() == 0)
-      {
-         throw new RuntimeException("IDP response does not contain assertions");
-      }
-
-      SeamSamlPrincipal principal = getAuthenticatedUser(response, requestContext);
-      if (principal == null)
-      {
-         try
-         {
-            beanManager.fireEvent(new PostAuthenticateEvent());
-            beanManager.fireEvent(new LoginFailedEvent(new LoginException()));
-
-            httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
-         }
-         catch (IOException e)
-         {
-            throw new RuntimeException(e);
-         }
-      }
-      else
-      {
-         // Login the user, and redirect to the requested page.
-         principal.setIdentityProvider(idp);
-         loginUser(httpRequest, httpResponse, principal, requestContext);
-      }
-   }
-
-   private SeamSamlPrincipal getAuthenticatedUser(ResponseType responseType, RequestContext requestContext)
-   {
-      SeamSamlPrincipal principal = null;
-
-      for (Object assertion : responseType.getAssertionOrEncryptedAssertion())
-      {
-         if (assertion instanceof AssertionType)
-         {
-            SeamSamlPrincipal assertionSubject = handleAssertion((AssertionType) assertion, requestContext);
-            if (principal == null)
-            {
-               principal = assertionSubject;
-            }
-            else
-            {
-               log.warn("Multiple authenticated users found in assertions. Using the first one.");
-            }
-         }
-         else
-         {
-            /* assertion instanceof EncryptedElementType */
-            log.warn("Encountered encrypted assertion. Skipping it because decryption is not yet supported.");
-         }
-      }
-      return principal;
-   }
-
-   private SeamSamlPrincipal handleAssertion(AssertionType assertion, RequestContext requestContext)
-   {
-      if (SamlUtils.hasAssertionExpired(assertion))
-      {
-         log.warn("Received assertion not processed because it has expired.");
-         return null;
-      }
-
-      AuthnStatementType authnStatement = extractValidAuthnStatement(assertion);
-      if (authnStatement == null)
-      {
-         log.warn("Received assertion not processed because it doesn't contain a valid authnStatement.");
-         return null;
-      }
-
-      NameIDType nameId = validateSubjectAndExtractNameID(assertion, requestContext);
-      if (nameId == null)
-      {
-         log.warn("Received assertion not processed because it doesn't contain a valid subject.");
-         return null;
-      }
-
-      SeamSamlPrincipal principal = new SeamSamlPrincipal();
-      principal.setAssertion(assertion);
-      principal.setSessionIndex(authnStatement.getSessionIndex());
-      principal.setNameId(nameId);
-
-      for (StatementAbstractType statement : assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement())
-      {
-         if (statement instanceof AttributeStatementType)
-         {
-            AttributeStatementType attributeStatement = (AttributeStatementType) statement;
-            List<AttributeType> attributes = new LinkedList<AttributeType>();
-            for (Object object : attributeStatement.getAttributeOrEncryptedAttribute())
-            {
-               if (object instanceof AttributeType)
-               {
-                  attributes.add((AttributeType) object);
-               }
-               else
-               {
-                  log.warn("Encrypted attributes are not supported. Ignoring the attribute.");
-               }
-            }
-            principal.setAttributes(attributes);
-         }
-      }
-
-      return principal;
-   }
-
-   private AuthnStatementType extractValidAuthnStatement(AssertionType assertion)
-   {
-      for (StatementAbstractType statement : assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement())
-      {
-         if (statement instanceof AuthnStatementType)
-         {
-            AuthnStatementType authnStatement = (AuthnStatementType) statement;
-            return authnStatement;
-         }
-      }
-
-      return null;
-   }
-
-   private NameIDType validateSubjectAndExtractNameID(AssertionType assertion, RequestContext requestContext)
-   {
-      NameIDType nameId = null;
-      boolean validConfirmationFound = false;
-
-      for (JAXBElement<?> contentElement : assertion.getSubject().getContent())
-      {
-         if (contentElement.getValue() instanceof NameIDType)
-         {
-            nameId = (NameIDType) contentElement.getValue();
-         }
-         if (contentElement.getValue() instanceof SubjectConfirmationType)
-         {
-            SubjectConfirmationType confirmation = (SubjectConfirmationType) contentElement.getValue();
-            if (confirmation.getMethod().equals(SamlConstants.CONFIRMATION_METHOD_BEARER))
-            {
-               SubjectConfirmationDataType confirmationData = confirmation.getSubjectConfirmationData();
-
-               boolean validRecipient = confirmationData.getRecipient().equals(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE));
-
-               boolean notTooLate = confirmationData.getNotOnOrAfter().compare(SamlUtils.getXMLGregorianCalendar()) == DatatypeConstants.GREATER;
-
-               boolean validInResponseTo = requestContext == null || confirmationData.getInResponseTo().equals(requestContext.getId());
-
-               if (validRecipient && notTooLate && validInResponseTo)
-               {
-                  validConfirmationFound = true;
-               }
-            }
-         }
-      }
-
-      if (validConfirmationFound)
-      {
-         return nameId;
-      }
-      else
-      {
-         return null;
-      }
-   }
-
-   private void loginUser(HttpServletRequest httpRequest, HttpServletResponse httpResponse, SeamSamlPrincipal principal, RequestContext requestContext)
-   {
-      if (identity.isLoggedIn())
-      {
-         throw new RuntimeException("User is already logged in.");
-      }
-
-      boolean internallyAuthenticated = internalAuthenticator.authenticate(principal, httpRequest);
-
-      try
-      {
-         if (internallyAuthenticated)
-         {
-            if (requestContext == null)
-            {
-               redirectForUnsolicitedAuthentication(httpRequest, httpResponse);
-            }
-            else
-            {
-               requests.redirect(requestContext.getId(), httpResponse);
-            }
-         }
-         else
-         {
-            httpResponse.sendRedirect(serviceProvider.getFailedAuthenticationUrl());
-         }
-      }
-      catch (IOException e)
-      {
-         throw new RuntimeException(e);
-      }
-   }
-
-   private void redirectForUnsolicitedAuthentication(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws IOException
-   {
-      String relayState = httpRequest.getParameter("RelayState");
-
-      /* Unsolicited authentication. */
-
-      if (relayState != null)
-      {
-         httpResponse.sendRedirect(relayState);
-      }
-      else
-      {
-         String unsolicitedAuthenticationUrl = serviceProvider.getUnsolicitedAuthenticationUrl();
-         if (unsolicitedAuthenticationUrl != null)
-         {
-            httpResponse.sendRedirect(unsolicitedAuthenticationUrl);
-         }
-         else
-         {
-            throw new RuntimeException("Unsolicited login could not be handled because the unsolicitedAuthenticationViewId property has not been configured");
-         }
-      }
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnSender.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnSender.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlSingleSignOnSender.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,35 +0,0 @@
-package org.jboss.seam.security.external_authentication;
-
-import javax.enterprise.inject.spi.BeanManager;
-import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.events.PreAuthenticateEvent;
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol.AuthnRequestType;
-
-public class SamlSingleSignOnSender
-{
-   @Inject
-   private Requests requests;
-
-   @Inject
-   private SamlMessageFactory samlMessageFactory;
-
-   @Inject
-   private SamlMessageSender samlMessageSender;
-
-   @Inject
-   private BeanManager beanManager;
-
-   public void sendAuthenticationRequestToIDP(HttpServletRequest request, HttpServletResponse response, SamlIdentityProvider samlIdentityProvider, String returnUrl)
-   {
-      AuthnRequestType authnRequest = samlMessageFactory.createAuthnRequest();
-      requests.addRequest(authnRequest.getID(), samlIdentityProvider, returnUrl);
-
-      beanManager.fireEvent(new PreAuthenticateEvent());
-
-      samlMessageSender.sendRequestToIDP(request, response, samlIdentityProvider, SamlProfile.SINGLE_SIGN_ON, authnRequest);
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlUtils.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlUtils.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SamlUtils.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,128 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.util.GregorianCalendar;
-
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.datatype.DatatypeConfigurationException;
-import javax.xml.datatype.DatatypeConstants;
-import javax.xml.datatype.DatatypeFactory;
-import javax.xml.datatype.XMLGregorianCalendar;
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Result;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.AssertionType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.ConditionsType;
-import org.w3c.dom.Document;
-
-public class SamlUtils
-{
-
-   public static XMLGregorianCalendar getXMLGregorianCalendar()
-   {
-      try
-      {
-         DatatypeFactory dtf = DatatypeFactory.newInstance();
-         return dtf.newXMLGregorianCalendar(new GregorianCalendar());
-      }
-      catch (DatatypeConfigurationException e)
-      {
-         throw new RuntimeException(e);
-      }
-   }
-
-   public static boolean hasAssertionExpired(AssertionType assertion)
-   {
-      ConditionsType conditionsType = assertion.getConditions();
-      if (conditionsType != null)
-      {
-         XMLGregorianCalendar now = getXMLGregorianCalendar();
-         XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
-         XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
-
-         int val = notBefore.compare(now);
-         if (val == DatatypeConstants.INDETERMINATE || val == DatatypeConstants.GREATER)
-         {
-            return true;
-         }
-
-         val = notOnOrAfter.compare(now);
-         if (val != DatatypeConstants.GREATER)
-         {
-            return true;
-         }
-
-         return false;
-      }
-      else
-      {
-         return false;
-      }
-   }
-
-   public static String getDocumentAsString(Document document)
-   {
-      Source source = new DOMSource(document);
-      StringWriter sw = new StringWriter();
-
-      Result streamResult = new StreamResult(sw);
-      try
-      {
-         Transformer transformer = TransformerFactory.newInstance().newTransformer();
-         transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
-         transformer.setOutputProperty(OutputKeys.INDENT, "no");
-         transformer.transform(source, streamResult);
-      }
-      catch (TransformerException e)
-      {
-         throw new RuntimeException(e);
-      }
-
-      return sw.toString();
-   }
-
-   public static void sendRedirect(String destination, HttpServletResponse response)
-   {
-      response.setCharacterEncoding("UTF-8");
-      response.setHeader("Location", destination);
-      response.setHeader("Pragma", "no-cache");
-      response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate,private");
-      response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
-      try
-      {
-         response.sendRedirect(destination);
-      }
-      catch (IOException e)
-      {
-         throw new RuntimeException();
-      }
-   }
-}

Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SeamSamlPrincipal.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SeamSamlPrincipal.java	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external_authentication/SeamSamlPrincipal.java	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,99 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external_authentication;
-
-import java.security.Principal;
-import java.util.LinkedList;
-import java.util.List;
-
-import org.jboss.seam.security.external_authentication.configuration.SamlIdentityProvider;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.AssertionType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.AttributeType;
-import org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion.NameIDType;
-
-public class SeamSamlPrincipal implements Principal
-{
-   private NameIDType nameId;
-
-   private SamlIdentityProvider identityProvider;
-
-   private List<AttributeType> attributes = new LinkedList<AttributeType>();
-
-   private String sessionIndex;
-
-   private AssertionType assertion;
-
-   public NameIDType getNameId()
-   {
-      return nameId;
-   }
-
-   public void setNameId(NameIDType nameId)
-   {
-      this.nameId = nameId;
-   }
-
-   public SamlIdentityProvider getIdentityProvider()
-   {
-      return identityProvider;
-   }
-
-   public void setIdentityProvider(SamlIdentityProvider identityProvider)
-   {
-      this.identityProvider = identityProvider;
-   }
-
-   public List<AttributeType> getAttributes()
-   {
-      return attributes;
-   }
-
-   public void setAttributes(List<AttributeType> attributes)
-   {
-      this.attributes = attributes;
-   }
-
-   public String getSessionIndex()
-   {
-      return sessionIndex;
-   }
-
-   public void setSessionIndex(String sessionIndex)
-   {
-      this.sessionIndex = sessionIndex;
-   }
-
-   public AssertionType getAssertion()
-   {
-      return assertion;
-   }
-
-   public void setAssertion(AssertionType assertion)
-   {
-      this.assertion = assertion;
-   }
-
-   public String getName()
-   {
-      return nameId.getValue();
-   }
-}

Modified: modules/security/trunk/external/src/main/resources/schema/config/external-authentication-config.xsd
===================================================================
--- modules/security/trunk/external/src/main/resources/schema/config/external-authentication-config.xsd	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/resources/schema/config/external-authentication-config.xsd	2010-08-12 21:50:30 UTC (rev 13608)
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:seam:security:external_authentication:config"
-  xmlns:tns="urn:seam:security:external_authentication:config" elementFormDefault="qualified">
+<schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:seam:security:external:config"
+  xmlns:tns="urn:seam:security:external:config" elementFormDefault="qualified">
   <complexType name="ExternalAuthenticationConfigType">
     <annotation>
       <documentation>
@@ -199,4 +199,4 @@
     </attribute>
   </complexType>
   <element name="ExternalAuthenticationConfig" type="tns:ExternalAuthenticationConfigType" />
-</schema>
\ No newline at end of file
+</schema>

Modified: modules/security/trunk/external/src/main/xjb/samlv2-bindings.xjb
===================================================================
--- modules/security/trunk/external/src/main/xjb/samlv2-bindings.xjb	2010-08-12 15:14:36 UTC (rev 13607)
+++ modules/security/trunk/external/src/main/xjb/samlv2-bindings.xjb	2010-08-12 21:50:30 UTC (rev 13608)
@@ -6,7 +6,7 @@
 		schemaLocation="../resources/schema/samlv2/saml-schema-assertion-2.0.xsd">
 		<jaxb:bindings node="/xs:schema">
 			<jaxb:schemaBindings>
-				<jaxb:package name="org.jboss.seam.security.external_authentication.jaxb.samlv2.assertion" />
+				<jaxb:package name="org.jboss.seam.security.external.jaxb.samlv2.assertion" />
 			</jaxb:schemaBindings>
 		</jaxb:bindings>
 	</jaxb:bindings>
@@ -15,7 +15,7 @@
 		schemaLocation="../resources/schema/samlv2/saml-schema-protocol-2.0.xsd">
 		<jaxb:bindings node="/xs:schema">
 			<jaxb:schemaBindings>
-				<jaxb:package name="org.jboss.seam.security.external_authentication.jaxb.samlv2.protocol" />
+				<jaxb:package name="org.jboss.seam.security.external.jaxb.samlv2.protocol" />
 			</jaxb:schemaBindings>
 		</jaxb:bindings>
 	</jaxb:bindings>
@@ -24,7 +24,7 @@
 		schemaLocation="../resources/schema/samlv2/saml-schema-metadata-2.0.xsd">
 		<jaxb:bindings node="/xs:schema">
 			<jaxb:schemaBindings>
-				<jaxb:package name="org.jboss.seam.security.external_authentication.jaxb.samlv2.metadata" />
+				<jaxb:package name="org.jboss.seam.security.external.jaxb.samlv2.metadata" />
 			</jaxb:schemaBindings>
 		</jaxb:bindings>
 	</jaxb:bindings>
@@ -32,7 +32,7 @@
 	<jaxb:bindings schemaLocation="../resources/schema/samlv2/xenc-schema.xsd">
 		<jaxb:bindings node="/xs:schema">
 			<jaxb:schemaBindings>
-				<jaxb:package name="org.jboss.seam.external_authentication.jaxb.xenc" />
+				<jaxb:package name="org.jboss.seam.external.jaxb.xenc" />
 			</jaxb:schemaBindings>
 		</jaxb:bindings>
 	</jaxb:bindings>
@@ -40,7 +40,7 @@
 	<jaxb:bindings schemaLocation="../resources/schema/samlv2/xmldsig-core-schema.xsd">
 		<jaxb:bindings node="/xs:schema">
 			<jaxb:schemaBindings>
-				<jaxb:package name="org.jboss.seam.security.external_authentication.jaxb.xmldsig" />
+				<jaxb:package name="org.jboss.seam.security.external.jaxb.xmldsig" />
 			</jaxb:schemaBindings>
 		</jaxb:bindings>
 	</jaxb:bindings>



More information about the seam-commits mailing list