[jboss-cvs] Picketlink SVN: r1089 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst and 11 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Thu Jul 14 11:04:04 EDT 2011


Author: sguilhen at redhat.com
Date: 2011-07-14 11:04:04 -0400 (Thu, 14 Jul 2011)
New Revision: 1089

Modified:
   federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11AssertionParser.java
   federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTCancelTargetParser.java
   federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRenewTargetParser.java
   federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTValidateTargetParser.java
   federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java
   federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java
   federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java
   federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java
   federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java
   federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/STSIssuingLoginModule.java
   federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
   federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTResponseAssertionHOKCertificateTestCase.java
   federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchIssueParsingTestCase.java
   federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchValidateParsingTestCase.java
   federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustCancelTargetSamlTestCase.java
   federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java
   federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustRenewTargetParsingTestCase.java
   federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustValidateSamlTestCase.java
   federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java
   federation/trunk/picketlink-fed-core/src/test/resources/parser/wst/wst-batch-validate.xml
   federation/trunk/picketlink-fed-core/src/test/resources/parser/wst/wst-cancel-saml.xml
   federation/trunk/picketlink-fed-core/src/test/resources/parser/wst/wst-renew-saml.xml
   federation/trunk/picketlink-fed-core/src/test/resources/parser/wst/wst-validate-saml.xml
   federation/trunk/picketlink-fed-core/src/test/resources/sts/picketlink-sts.xml
   federation/trunk/picketlink-webapps/picketlink-sts/src/main/resources/picketlink-sts.xml
Log:
PLFED-205: Added the SAML11TokenProvider to generate SAMLv1.1 assertions via WS-Trust

Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11AssertionParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11AssertionParser.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11AssertionParser.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -189,7 +189,7 @@
       String majVersion = StaxParserUtil.getAttributeValue(majVersionAttribute);
       StringUtil.match("1", majVersion);
 
-      Attribute minVersionAttribute = nextElement.getAttributeByName(new QName(SAML11Constants.MAJOR_VERSION));
+      Attribute minVersionAttribute = nextElement.getAttributeByName(new QName(SAML11Constants.MINOR_VERSION));
       String minVersion = StaxParserUtil.getAttributeValue(minVersionAttribute);
       StringUtil.match("1", minVersion);
 

Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTCancelTargetParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTCancelTargetParser.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTCancelTargetParser.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -27,11 +27,8 @@
 
 import org.picketlink.identity.federation.core.exceptions.ParsingException;
 import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport;
-import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
 import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
-import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
 import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
 import org.picketlink.identity.federation.ws.trust.CancelTargetType;
 
 /**
@@ -53,25 +50,14 @@
       {
          throw new ParsingException("Unable to parse cancel token request: security token is null");
       }
-      String tag = StaxParserUtil.getStartElementName(startElement);
-
-      if (tag.equals(JBossSAMLConstants.ASSERTION.get()))
+      // this is an unknown type - parse using the transformer.
+      try
       {
-         SAMLParser assertionParser = new SAMLParser();
-         AssertionType assertion = (AssertionType) assertionParser.parse(xmlEventReader);
-         cancelTarget.add(assertion);
+         cancelTarget.add(StaxParserUtil.getDOMElement(xmlEventReader));
       }
-      else
+      catch (Exception e)
       {
-         // this is an unknown type - parse using the transformer.
-         try
-         {
-            cancelTarget.add(StaxParserUtil.getDOMElement(xmlEventReader));
-         }
-         catch (Exception e)
-         {
-            throw new ParsingException("Error parsing security token: " + e.getMessage(), e);
-         }
+         throw new ParsingException("Error parsing security token: " + e.getMessage(), e);
       }
       return cancelTarget;
    }

Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRenewTargetParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRenewTargetParser.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRenewTargetParser.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -23,11 +23,8 @@
 
 import org.picketlink.identity.federation.core.exceptions.ParsingException;
 import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport;
-import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
 import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
-import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
 import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
 import org.picketlink.identity.federation.ws.trust.RenewTargetType;
 
 /**
@@ -51,25 +48,15 @@
       {
          throw new ParsingException("Unable to parse renew token request: security token is null");
       }
-      String tag = StaxParserUtil.getStartElementName(startElement);
 
-      if (tag.equals(JBossSAMLConstants.ASSERTION.get()))
+      // this is an unknown type - parse using the transformer.
+      try
       {
-         SAMLParser assertionParser = new SAMLParser();
-         AssertionType assertion = (AssertionType) assertionParser.parse(xmlEventReader);
-         renewTargetType.add(assertion);
+         renewTargetType.add(StaxParserUtil.getDOMElement(xmlEventReader));
       }
-      else
+      catch (Exception e)
       {
-         // this is an unknown type - parse using the transformer.
-         try
-         {
-            renewTargetType.add(StaxParserUtil.getDOMElement(xmlEventReader));
-         }
-         catch (Exception e)
-         {
-            throw new ParsingException("Error parsing security token: " + e.getMessage(), e);
-         }
+         throw new ParsingException("Error parsing security token: " + e.getMessage(), e);
       }
       return renewTargetType;
    }

Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTValidateTargetParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTValidateTargetParser.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTValidateTargetParser.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -53,25 +53,15 @@
       {
          throw new ParsingException("Unable to parse validate token request: security token is null");
       }
-      String tag = StaxParserUtil.getStartElementName(startElement);
 
-      if (tag.equals(JBossSAMLConstants.ASSERTION.get()))
+      // this is an unknown type - parse using the transformer.
+      try
       {
-         SAMLParser assertionParser = new SAMLParser();
-         AssertionType assertion = (AssertionType) assertionParser.parse(xmlEventReader);
-         validateTargetType.add(assertion);
+         validateTargetType.add(StaxParserUtil.getDOMElement(xmlEventReader));
       }
-      else
+      catch (Exception e)
       {
-         // this is an unknown type - parse using the transformer.
-         try
-         {
-            validateTargetType.add(StaxParserUtil.getDOMElement(xmlEventReader));
-         }
-         catch (Exception e)
-         {
-            throw new ParsingException("Error parsing security token: " + e.getMessage(), e);
-         }
+         throw new ParsingException("Error parsing security token: " + e.getMessage(), e);
       }
 
       return validateTargetType;

Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -85,6 +85,8 @@
    String FORMAT = "Format";
 
    String FORMAT_EMAIL_ADDRESS = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress";
+   
+   String FORMAT_UNSPECIFIED = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
 
    String IN_RESPONSE_TO = "InResponseTo";
 

Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -82,6 +82,7 @@
       StaxUtil.writeDefaultNameSpace(writer, ns);
 
       // Attributes
+//      StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), assertion.getID());
       StaxUtil.writeAttribute(writer, SAML11Constants.ASSERTIONID, assertion.getID());
       StaxUtil.writeAttribute(writer, SAML11Constants.MAJOR_VERSION, assertion.getMajorVersion() + "");
       StaxUtil.writeAttribute(writer, SAML11Constants.MINOR_VERSION, assertion.getMinorVersion() + "");

Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/XMLSignatureUtil.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -1,23 +1,19 @@
 /*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors. 
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and individual contributors as
+ * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual
+ * contributors.
+ * 
+ * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any
+ * later version.
+ * 
+ * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to
+ * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site:
+ * http://www.fsf.org.
  */
 package org.picketlink.identity.federation.core.util;
 
@@ -52,6 +48,7 @@
 import javax.xml.crypto.dsig.keyinfo.KeyValue;
 import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
 import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+import javax.xml.namespace.QName;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerException;
@@ -62,6 +59,7 @@
 import org.picketlink.identity.federation.core.exceptions.ProcessingException;
 import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
 import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
 import org.picketlink.identity.xmlsec.w3.xmldsig.SignatureType;
 import org.w3c.dom.Document;
 import org.w3c.dom.Node;
@@ -69,9 +67,9 @@
 import org.xml.sax.SAXException;
 
 /**
- * Utility for XML Signature
- * <b>Note:</b> You can change the canonicalization method type by using
- * the system property  "picketlink.xmlsig.canonicalization"
+ * Utility for XML Signature <b>Note:</b> You can change the canonicalization method type by using the system property
+ * "picketlink.xmlsig.canonicalization"
+ * 
  * @author Anil.Saldhana at redhat.com
  * @since Dec 15, 2008
  */
@@ -95,13 +93,13 @@
       }
       catch (Exception err)
       {
-         //JDK5
+         // JDK5
          xsf = XMLSignatureFactory.getInstance("DOM", new org.jcp.xml.dsig.internal.dom.XMLDSigRI());
       }
       return xsf;
    }
 
-   //Set some system properties
+   // Set some system properties
    static
    {
       SystemPropertiesUtil.ensure();
@@ -109,6 +107,7 @@
 
    /**
     * Set the canonicalization method type
+    * 
     * @param canonical
     */
    public static void setCanonicalizationMethodType(String canonical)
@@ -118,8 +117,8 @@
    }
 
    /**
-    * Precheck whether the document that will be validated
-    * has the right signedinfo
+    * Precheck whether the document that will be validated has the right signedinfo
+    * 
     * @param doc
     * @return
     */
@@ -131,18 +130,25 @@
 
    /**
     * Sign a node in a document
-    * @param doc Document
-    * @param parentOfNodeToBeSigned Parent Node of the node to be signed
-    * @param signingKey Private Key
-    * @param certificate X509 Certificate holding the public key
-    * @param digestMethod (Example: DigestMethod.SHA1)
-    * @param signatureMethod (Example: SignatureMethod.DSA_SHA1)
+    * 
+    * @param doc
+    *           Document
+    * @param parentOfNodeToBeSigned
+    *           Parent Node of the node to be signed
+    * @param signingKey
+    *           Private Key
+    * @param certificate
+    *           X509 Certificate holding the public key
+    * @param digestMethod
+    *           (Example: DigestMethod.SHA1)
+    * @param signatureMethod
+    *           (Example: SignatureMethod.DSA_SHA1)
     * @param referenceURI
     * @return Document that contains the signed node
-    * @throws XMLSignatureException 
-    * @throws MarshalException 
-    * @throws GeneralSecurityException 
-    * @throws ParserConfigurationException  
+    * @throws XMLSignatureException
+    * @throws MarshalException
+    * @throws GeneralSecurityException
+    * @throws ParserConfigurationException
     */
    public static Document sign(Document doc, Node parentOfNodeToBeSigned, PrivateKey signingKey,
          X509Certificate certificate, String digestMethod, String signatureMethod, String referenceURI)
@@ -154,6 +160,7 @@
 
    /**
     * Sign a node in a document
+    * 
     * @param doc
     * @param nodeToBeSigned
     * @param keyPair
@@ -162,10 +169,10 @@
     * @param signatureMethod
     * @param referenceURI
     * @return
-    * @throws ParserConfigurationException  
-    * @throws XMLSignatureException 
-    * @throws MarshalException 
-    * @throws GeneralSecurityException 
+    * @throws ParserConfigurationException
+    * @throws XMLSignatureException
+    * @throws MarshalException
+    * @throws GeneralSecurityException
     */
    public static Document sign(Document doc, Node nodeToBeSigned, KeyPair keyPair, String digestMethod,
          String signatureMethod, String referenceURI) throws ParserConfigurationException, GeneralSecurityException,
@@ -180,35 +187,50 @@
 
       Node parentNode = nodeToBeSigned.getParentNode();
 
-      //Let us create a new Document
+      // Let us create a new Document
       Document newDoc = DocumentUtil.createDocument();
-      //Import the node
+      // Import the node
       Node signingNode = newDoc.importNode(nodeToBeSigned, true);
       newDoc.appendChild(signingNode);
 
       newDoc = sign(newDoc, keyPair, digestMethod, signatureMethod, referenceURI);
 
-      //Now let us import this signed doc into the original document we got in the method call
+      // if the signed element is a SAMLv2.0 assertion we need to move the signature element to the position
+      // specified in the schema (before the assertion subject element).
+      if (nodeToBeSigned.getLocalName().equals("Assertion")
+            && WSTrustConstants.SAML2_ASSERTION_NS.equals(nodeToBeSigned.getNamespaceURI()))
+      {
+         Node signatureNode = DocumentUtil.getElement(newDoc, new QName(WSTrustConstants.DSIG_NS, "Signature"));
+         Node subjectNode = DocumentUtil.getElement(newDoc, new QName(WSTrustConstants.SAML2_ASSERTION_NS, "Subject"));
+         if (signatureNode != null && subjectNode != null)
+         {
+            newDoc.getDocumentElement().removeChild(signatureNode);
+            newDoc.getDocumentElement().insertBefore(signatureNode, subjectNode);
+         }
+      }
+
+      // Now let us import this signed doc into the original document we got in the method call
       Node signedNode = doc.importNode(newDoc.getFirstChild(), true);
 
       parentNode.replaceChild(signedNode, nodeToBeSigned);
-      //doc.getDocumentElement().replaceChild(signedNode, nodeToBeSigned);
+      // doc.getDocumentElement().replaceChild(signedNode, nodeToBeSigned);
 
       return doc;
    }
 
    /**
     * Sign the root element
-    * @param doc 
+    * 
+    * @param doc
     * @param signingKey
     * @param publicKey
     * @param digestMethod
     * @param signatureMethod
     * @param referenceURI
-    * @return 
-    * @throws GeneralSecurityException  
-    * @throws XMLSignatureException 
-    * @throws MarshalException 
+    * @return
+    * @throws GeneralSecurityException
+    * @throws XMLSignatureException
+    * @throws MarshalException
     */
    public static Document sign(Document doc, KeyPair keyPair, String digestMethod, String signatureMethod,
          String referenceURI) throws GeneralSecurityException, MarshalException, XMLSignatureException
@@ -253,11 +275,12 @@
 
    /**
     * Validate a signed document with the given public key
+    * 
     * @param signedDoc
     * @param publicKey
-    * @return 
-    * @throws MarshalException 
-    * @throws XMLSignatureException 
+    * @return
+    * @throws MarshalException
+    * @throws XMLSignatureException
     */
    @SuppressWarnings("unchecked")
    public static boolean validate(Document signedDoc, Key publicKey) throws MarshalException, XMLSignatureException
@@ -293,24 +316,27 @@
 
    /**
     * Marshall a SignatureType to output stream
+    * 
     * @param signature
-    * @param os 
-    * @throws SAXException 
-    * @throws JAXBException 
+    * @param os
+    * @throws SAXException
+    * @throws JAXBException
     */
    public static void marshall(SignatureType signature, OutputStream os) throws JAXBException, SAXException
    {
       throw new RuntimeException("NYI");
-      /*JAXBElement<SignatureType> jsig = objectFactory.createSignature(signature);
-      Marshaller marshaller = JAXBUtil.getValidatingMarshaller(pkgName, schemaLocation);
-      marshaller.marshal(jsig, os);*/
+      /*
+       * JAXBElement<SignatureType> jsig = objectFactory.createSignature(signature); Marshaller marshaller =
+       * JAXBUtil.getValidatingMarshaller(pkgName, schemaLocation); marshaller.marshal(jsig, os);
+       */
    }
 
    /**
     * Marshall the signed document to an output stream
+    * 
     * @param signedDocument
     * @param os
-    * @throws TransformerException 
+    * @throws TransformerException
     */
    public static void marshall(Document signedDocument, OutputStream os) throws TransformerException
    {
@@ -321,6 +347,7 @@
 
    /**
     * Given the X509Certificate in the keyinfo element, get a {@link X509Certificate}
+    * 
     * @param certificateString
     * @return
     * @throws ProcessingException

Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -394,7 +394,7 @@
 
       // create a context and dispatch to the proper security token provider for renewal.
       WSTrustRequestContext context = new WSTrustRequestContext(request, callerPrincipal);
-
+      context.setTokenIssuer(this.configuration.getSTSName());
       // if the renew request was made on behalf of another identity, get the principal of that identity.
       if (request.getOnBehalfOf() != null)
       {

Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -101,8 +101,6 @@
    QName FAILED_AUTHENTICATION = new QName(WSSE_NS, "FailedAuthentication");
 
    //Token Types
-   String SAML2_TOKEN_TYPE = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
-
    String RSTR_STATUS_TOKEN_TYPE = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Status";
 
    //Element Names

Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/STSIssuingLoginModule.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/STSIssuingLoginModule.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/STSIssuingLoginModule.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -29,8 +29,8 @@
 import javax.security.auth.login.LoginException;
 
 import org.picketlink.identity.federation.core.wstrust.STSClient;
-import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
 import org.picketlink.identity.federation.core.wstrust.WSTrustException;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
 import org.w3c.dom.Element;
 
 /**
@@ -79,7 +79,7 @@
          endpointURI = (String) options.get(ENDPOINT_ADDRESS); //base class
       tokenType = (String) options.get(TOKEN_TYPE_OPTION);
       if (tokenType == null)
-         tokenType = WSTrustConstants.SAML2_TOKEN_TYPE;
+         tokenType = SAMLUtil.SAML2_TOKEN_TYPE;
    }
 
    /**

Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -405,7 +405,7 @@
     */
    public String tokenType()
    {
-      return WSTrustConstants.SAML2_TOKEN_TYPE;
+      return SAMLUtil.SAML2_TOKEN_TYPE;
    }
 
    /**

Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTResponseAssertionHOKCertificateTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTResponseAssertionHOKCertificateTestCase.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTResponseAssertionHOKCertificateTestCase.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -33,6 +33,7 @@
 import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser;
 import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
 import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
 import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
 import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection;
 import org.picketlink.identity.federation.ws.addressing.EndpointReferenceType;
@@ -60,7 +61,7 @@
       RequestSecurityTokenResponse rstr = coll.getRequestSecurityTokenResponses().get(0);
 
       assertEquals("testcontext", rstr.getContext());
-      assertEquals(WSTrustConstants.SAML2_TOKEN_TYPE, rstr.getTokenType().toASCIIString());
+      assertEquals(SAMLUtil.SAML2_TOKEN_TYPE, rstr.getTokenType().toASCIIString());
 
       assertEquals(XMLTimeUtil.parse("2010-11-11T16:34:19.602Z"), rstr.getLifetime().getCreated());
       assertEquals(XMLTimeUtil.parse("2010-11-11T18:34:19.602Z"), rstr.getLifetime().getExpires());
@@ -82,7 +83,7 @@
       Map<QName, String> map = secRef.getOtherAttributes();
       QName wsseTokenType = new QName(WSTrustConstants.WSSE11_NS, WSTrustConstants.TOKEN_TYPE,
             WSTrustConstants.WSSE.PREFIX_11);
-      assertEquals(WSTrustConstants.SAML2_TOKEN_TYPE, map.get(wsseTokenType));
+      assertEquals(SAMLUtil.SAML2_TOKEN_TYPE, map.get(wsseTokenType));
 
       KeyIdentifierType keyId = (KeyIdentifierType) secRef.getAny().get(0);
       assertEquals("#ID_5a15fc70-daa1-4808-b70e-9cbf6b8e4d4f", keyId.getValue());

Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchIssueParsingTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchIssueParsingTestCase.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchIssueParsingTestCase.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -34,6 +34,7 @@
 import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
 import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
 import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
 import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
 import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenCollection;
 import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
@@ -66,7 +67,7 @@
       RequestSecurityToken rst1 = tokens.get(0);
       assertEquals("context1", rst1.getContext());
       assertEquals(WSTrustConstants.BATCH_ISSUE_REQUEST, rst1.getRequestType().toASCIIString());
-      assertEquals(WSTrustConstants.SAML2_TOKEN_TYPE, rst1.getTokenType().toASCIIString());
+      assertEquals(SAMLUtil.SAML2_TOKEN_TYPE, rst1.getTokenType().toASCIIString());
 
       RequestSecurityToken rst2 = tokens.get(1);
       assertEquals("context2", rst2.getContext());

Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchValidateParsingTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchValidateParsingTestCase.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchValidateParsingTestCase.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -77,6 +77,8 @@
 
       Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
       baos.close();
+      
+      System.out.println(DocumentUtil.asString(doc));
 
       JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
    }

Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustCancelTargetSamlTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustCancelTargetSamlTestCase.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustCancelTargetSamlTestCase.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -36,6 +36,7 @@
 import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
 import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
 import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
 import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
 import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
 import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
@@ -45,6 +46,7 @@
 import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
 import org.picketlink.identity.federation.ws.trust.CancelTargetType;
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 
 /**
  * Validate the WST Cancel Target for SAML assertions
@@ -66,7 +68,8 @@
 
       CancelTargetType cancelTarget = requestToken.getCancelTarget();
 
-      AssertionType assertion = (AssertionType) cancelTarget.getAny().get(0);
+      Element assertionElement = (Element) cancelTarget.getAny().get(0);
+      AssertionType assertion = SAMLUtil.fromElement(assertionElement);
       validateAssertion(assertion);
 
       //Now for the writing part

Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -32,6 +32,7 @@
 import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
 import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
 import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
 import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
 import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
 import org.w3c.dom.Document;
@@ -54,7 +55,7 @@
 
       assertEquals("testcontext", requestToken.getContext());
       assertEquals(WSTrustConstants.ISSUE_REQUEST, requestToken.getRequestType().toASCIIString());
-      assertEquals(WSTrustConstants.SAML2_TOKEN_TYPE, requestToken.getTokenType().toASCIIString());
+      assertEquals(SAMLUtil.SAML2_TOKEN_TYPE, requestToken.getTokenType().toASCIIString());
 
       //Now for the writing part
       ByteArrayOutputStream baos = new ByteArrayOutputStream();

Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustRenewTargetParsingTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustRenewTargetParsingTestCase.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustRenewTargetParsingTestCase.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -32,6 +32,7 @@
 import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
 import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
 import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
 import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
 import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
 import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
@@ -39,6 +40,7 @@
 import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
 import org.picketlink.identity.federation.ws.trust.RenewTargetType;
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 
 /**
  * Validate the parsing of wst-batch-validate.xml
@@ -57,10 +59,11 @@
       RequestSecurityToken requestToken = (RequestSecurityToken) parser.parse(configStream);
       assertEquals("renewcontext", requestToken.getContext());
       assertEquals(WSTrustConstants.RENEW_REQUEST, requestToken.getRequestType().toASCIIString());
-      assertEquals(WSTrustConstants.SAML2_TOKEN_TYPE, requestToken.getTokenType().toASCIIString());
+      assertEquals(SAMLUtil.SAML2_TOKEN_TYPE, requestToken.getTokenType().toASCIIString());
 
       RenewTargetType renewTarget = requestToken.getRenewTarget();
-      AssertionType assertion = (AssertionType) renewTarget.getAny().get(0);
+      Element assertionElement = (Element) renewTarget.getAny().get(0);
+      AssertionType assertion = SAMLUtil.fromElement(assertionElement);
       assertEquals("ID_654b6092-c725-40ea-8044-de453b59cb28", assertion.getID());
       assertEquals("Test STS", assertion.getIssuer().getValue());
       SubjectType subject = assertion.getSubject();

Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustValidateSamlTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustValidateSamlTestCase.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustValidateSamlTestCase.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -32,11 +32,13 @@
 import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
 import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
 import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
 import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
 import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
 import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
 import org.picketlink.identity.federation.ws.trust.ValidateTargetType;
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 
 /**
  * Validate the parsing of wst-validate-saml.xml
@@ -58,7 +60,8 @@
       assertEquals(WSTrustConstants.RSTR_STATUS_TOKEN_TYPE, rst1.getTokenType().toASCIIString());
 
       ValidateTargetType validateTarget = rst1.getValidateTarget();
-      AssertionType assertion = (AssertionType) validateTarget.getAny().get(0);
+      Element assertionElement = (Element) validateTarget.getAny().get(0);
+      AssertionType assertion = SAMLUtil.fromElement(assertionElement);
       assertEquals("ID_654b6092-c725-40ea-8044-de453b59cb28", assertion.getID());
 
       //Now for the writing part

Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java	2011-07-14 15:04:04 UTC (rev 1089)
@@ -59,6 +59,7 @@
 import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
 import org.picketlink.identity.federation.core.parsers.sts.STSConfigParser;
 import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser;
+import org.picketlink.identity.federation.core.saml.v1.SAML11Constants;
 import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
 import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
 import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
@@ -73,6 +74,7 @@
 import org.picketlink.identity.federation.core.wstrust.WSTrustException;
 import org.picketlink.identity.federation.core.wstrust.WSTrustRequestHandler;
 import org.picketlink.identity.federation.core.wstrust.WSTrustUtil;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML11TokenProvider;
 import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider;
 import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
 import org.picketlink.identity.federation.core.wstrust.wrappers.BaseRequestSecurityTokenResponse;
@@ -81,6 +83,12 @@
 import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
 import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection;
 import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthenticationStatementType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11NameIdentifierType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11StatementAbstractType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectConfirmationType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType;
 import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
 import org.picketlink.identity.federation.saml.v2.assertion.AudienceRestrictionType;
 import org.picketlink.identity.federation.saml.v2.assertion.ConditionAbstractType;
@@ -157,9 +165,20 @@
     *     &lt;RequestHandler&gt;org.jboss.identity.federation.core.wstrust.StandardRequestHandler&lt;/RequestHandler&gt;
     *     &lt;TokenProviders&gt;
     *         &lt;TokenProvider ProviderClass=&quot;org.jboss.test.identity.federation.bindings.trust.SpecialTokenProvider&quot;
-    *             TokenType=&quot;http://www.tokens.org/SpecialToken&quot;/&gt;
+    *             TokenType=&quot;http://www.tokens.org/SpecialToken&quot;
+    *             TokenElement=&quot;SpecialToken&quot;
+    *             TokenElementNS=&quot;http://www.tokens.org&quot;&gt;
+    *             &lt;Property Key=&quot;Property1&quot; Value=&quot;Value1&quot;/&gt;
+    *             &lt;Property Key=&quot;Property2&quot; Value=&quot;Value2&quot;/&gt;
+    *         &lt;/TokenProvider&gt;
+    *         &lt;TokenProvider ProviderClass=&quot;org.jboss.identity.federation.core.wstrust.SAML11TokenProvider&quot;
+    *             TokenType=&quot;http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1&quot;
+    *             TokenElement=&quot;Assertion&quot;
+    *             TokenElementNS=&quot;urn:oasis:names:tc:SAML:1.0:assertion&quot;/&gt;
     *         &lt;TokenProvider ProviderClass=&quot;org.jboss.identity.federation.core.wstrust.SAML20TokenProvider&quot;
-    *             TokenType=&quot;http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0&quot;/&gt;
+    *             TokenType=&quot;http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0&quot;
+    *             TokenElement=&quot;Assertion&quot;
+    *             TokenElementNS=&quot;urn:oasis:names:tc:SAML:2.0:assertion&quot;/&gt;/&gt;
     *     &lt;/TokenProviders&gt;
     *     &lt;ServiceProviders&gt;
     *         &lt;ServiceProvider Endpoint=&quot;http://services.testcorp.org/provider1&quot; TokenType=&quot;http://www.tokens.org/SpecialToken&quot;
@@ -201,6 +220,9 @@
       provider = config.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE);
       assertNotNull("Unexpected null token provider", provider);
       assertTrue("Unexpected token provider type", provider instanceof SAML20TokenProvider);
+      provider = config.getProviderForTokenType(SAMLUtil.SAML11_TOKEN_TYPE);
+      assertNotNull("Unexpected null token provider", provider);
+      assertTrue("Unexpected token provider type", provider instanceof SAML11TokenProvider);
       assertNull(config.getProviderForTokenType("unexistentType"));
 
       // check the service provider -> token provider mapping.
@@ -222,23 +244,27 @@
             JBossSAMLConstants.ASSERTION.get()));
       assertNotNull("Unexpected null token provider", provider);
       assertTrue("Unexpected token provider type", provider instanceof SAML20TokenProvider);
+      provider = config.getProviderForTokenElementNS(family, new QName(SAML11Constants.ASSERTION_11_NSURI,
+            JBossSAMLConstants.ASSERTION.get()));
+      assertNotNull("Unexpected null token provider", provider);
+      assertTrue("Unexpected token provider type", provider instanceof SAML11TokenProvider);
       assertNull(config.getProviderForTokenElementNS(family, new QName("InvalidNamespace", "SpecialToken")));
 
       // check the service provider -> token type mapping.
-      assertEquals("Invalid token type for service provider 1", "http://www.tokens.org/SpecialToken",
-            config.getTokenTypeForService("http://services.testcorp.org/provider1"));
-      assertEquals("Invalid token type for service provider 2", SAMLUtil.SAML2_TOKEN_TYPE,
-            config.getTokenTypeForService("http://services.testcorp.org/provider2"));
+      assertEquals("Invalid token type for service provider 1", "http://www.tokens.org/SpecialToken", config
+            .getTokenTypeForService("http://services.testcorp.org/provider1"));
+      assertEquals("Invalid token type for service provider 2", SAMLUtil.SAML2_TOKEN_TYPE, config
+            .getTokenTypeForService("http://services.testcorp.org/provider2"));
       assertNull(config.getTokenTypeForService("http://invalid.service/service"));
 
       // check the keystore configuration.
       assertNotNull("Invalid null STS key pair", config.getSTSKeyPair());
       assertNotNull("Invalid null STS public key", config.getSTSKeyPair().getPublic());
       assertNotNull("Invalid null STS private key", config.getSTSKeyPair().getPrivate());
-      assertNotNull("Invalid null validating key for service provider 1",
-            config.getServiceProviderPublicKey("http://services.testcorp.org/provider1"));
-      assertNotNull("Invalid null validating key for service provider 2",
-            config.getServiceProviderPublicKey("http://services.testcorp.org/provider2"));
+      assertNotNull("Invalid null validating key for service provider 1", config
+            .getServiceProviderPublicKey("http://services.testcorp.org/provider1"));
+      assertNotNull("Invalid null validating key for service provider 2", config
+            .getServiceProviderPublicKey("http://services.testcorp.org/provider2"));
    }
 
    /**
@@ -276,6 +302,31 @@
 
    /**
     * <p>
+    * This tests sends a SAMLV2.0 security token request to PicketLinkSTS. This request should be handled by the {@code
+    * SAML11TokenProvider} and should result in a SAMLV1.1 assertion.
+    * </p>
+    * 
+    * @throws Exception
+    *            if an error occurs while running the test.
+    */
+   @Test
+   public void testInvokeSAML11() throws Exception
+   {
+      // create a simple token request, asking for a SAMLv1.1 token.
+      RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST,
+            SAMLUtil.SAML11_TOKEN_TYPE, null);
+      Source requestMessage = this.createSourceFromRequest(request);
+
+      // invoke the token service.
+      Source responseMessage = this.tokenService.invoke(requestMessage);
+      InputStream is = DocumentUtil.getSourceAsStream(responseMessage);
+      BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser().parse(is);
+      // validate the security token response.
+      this.validateSAML11AssertionResponse(baseResponse, "testcontext", "jduke", SAMLUtil.SAML11_BEARER_URI);
+   }
+
+   /**
+    * <p>
     * This tests sends a SAMLV2.0 security token request to PicketLinkSTS. This request should be handled by the
     * standard {@code SAML20TokenProvider} and should result in a SAMLV2.0 assertion that looks like the following:
     * 
@@ -608,6 +659,78 @@
 
    /**
     * <p>
+    * This test case first generates a SAMLV1.1 assertion and then sends a WS-Trust validate message to the STS to get
+    * the assertion validated, checking the validation results.
+    * </p>
+    * 
+    * @throws Exception
+    *            if an error occurs while running the test.
+    */
+   @Test
+   public void testInvokeSAML11Validate() throws Exception
+   {
+      // create a simple token request.
+      RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST,
+            SAMLUtil.SAML11_TOKEN_TYPE, null);
+
+      Source requestMessage = this.createSourceFromRequest(request);
+
+      // invoke the token service.
+      Source responseMessage = this.tokenService.invoke(requestMessage);
+      WSTrustParser parser = new WSTrustParser();
+      BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil
+            .getSourceAsStream(responseMessage));
+
+      // validate the response and get the SAML assertion from the request.
+      this.validateSAML11AssertionResponse(baseResponse, "testcontext", "jduke", SAMLUtil.SAML11_BEARER_URI);
+      RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
+      Element assertion = (Element) collection.getRequestSecurityTokenResponses().get(0).getRequestedSecurityToken()
+            .getAny().get(0);
+
+      // now construct a WS-Trust validate request with the generated assertion.
+      request = this.createRequest("validatecontext", WSTrustConstants.VALIDATE_REQUEST, WSTrustConstants.STATUS_TYPE,
+            null);
+      ValidateTargetType validateTarget = new ValidateTargetType();
+      validateTarget.add(assertion);
+      request.setValidateTarget(validateTarget);
+
+      // invoke the token service.
+      responseMessage = this.tokenService.invoke(this.createSourceFromRequest(request));
+      baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil.getSourceAsStream(responseMessage));
+
+      // validate the response contents.
+      assertNotNull("Unexpected null response", baseResponse);
+      assertTrue("Unexpected response type", baseResponse instanceof RequestSecurityTokenResponseCollection);
+      collection = (RequestSecurityTokenResponseCollection) baseResponse;
+      assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
+      RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
+      assertEquals("Unexpected response context", "validatecontext", response.getContext());
+      assertEquals("Unexpected token type", WSTrustConstants.STATUS_TYPE, response.getTokenType().toString());
+      StatusType status = response.getStatus();
+      assertNotNull("Unexpected null status", status);
+      assertEquals("Unexpected status code", WSTrustConstants.STATUS_CODE_VALID, status.getCode());
+      assertEquals("Unexpected status reason", "SAMLV1.1 Assertion successfuly validated", status.getReason());
+
+      // now let's temper the SAML assertion and try to validate it again.
+      // assertion.getAttributeNode("Issuer").setNodeValue("ABC");
+      // request.getValidateTarget().add(assertion);
+      // Source theRequest = this.createSourceFromRequest(request);
+      // responseMessage = this.tokenService.invoke(theRequest);
+      // collection = (RequestSecurityTokenResponseCollection) parser.parse(DocumentUtil
+      // .getSourceAsStream(responseMessage));
+      // assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
+      // response = collection.getRequestSecurityTokenResponses().get(0);
+      // assertEquals("Unexpected response context", "validatecontext", response.getContext());
+      // assertEquals("Unexpected token type", WSTrustConstants.STATUS_TYPE, response.getTokenType().toString());
+      // status = response.getStatus();
+      // assertNotNull("Unexpected null status", status);
+      // assertEquals("Unexpected status code", WSTrustConstants.STATUS_CODE_INVALID, status.getCode());
+      // assertEquals("Unexpected status reason", "Validation failure: digital signature is invalid",
+      // status.getReason());
+   }
+
+   /**
+    * <p>
     * This test case first generates a SAMLV2.0 assertion and then sends a WS-Trust validate message to the STS to get
     * the assertion validated, checking the validation results.
     * </p>
@@ -661,7 +784,7 @@
       assertEquals("Unexpected status reason", "SAMLV2.0 Assertion successfuly validated", status.getReason());
 
       // now let's temper the SAML assertion and try to validate it again.
-      assertion.getFirstChild().getFirstChild().setNodeValue("Tempered Issuer");
+      assertion.setAttribute("Version", "X");
       request.getValidateTarget().add(assertion);
       Source theRequest = this.createSourceFromRequest(request);
       responseMessage = this.tokenService.invoke(theRequest);
@@ -679,6 +802,65 @@
 
    /**
     * <p>
+    * This test case first generates a SAMLV1.1 assertion and then sends a WS-Trust renew message to the STS to get the
+    * assertion renewed (i.e. get a new assertion with an updated lifetime).
+    * </p>
+    * 
+    * @throws Exception
+    *            if an error occurs while running the test.
+    */
+   @Test
+   public void testInvokeSAML11Renew() throws Exception
+   {
+      // create a simple token request.
+      RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST,
+            SAMLUtil.SAML11_TOKEN_TYPE, null);
+
+      Source requestMessage = this.createSourceFromRequest(request);
+
+      // invoke the token service.
+      Source responseMessage = this.tokenService.invoke(requestMessage);
+      WSTrustParser parser = new WSTrustParser();
+      BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil
+            .getSourceAsStream(responseMessage));
+
+      // validate the response and get the SAML assertion from the request.
+      this.validateSAML11AssertionResponse(baseResponse, "testcontext", "jduke", SAMLUtil.SAML11_BEARER_URI);
+      RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
+      Element assertionElement = (Element) collection.getRequestSecurityTokenResponses().get(0)
+            .getRequestedSecurityToken().getAny().get(0);
+
+      // now construct a WS-Trust renew request with the generated assertion.
+      request = this.createRequest("renewcontext", WSTrustConstants.RENEW_REQUEST, SAMLUtil.SAML11_TOKEN_TYPE, null);
+      RenewTargetType renewTarget = new RenewTargetType();
+      renewTarget.add(assertionElement);
+      request.setRenewTarget(renewTarget);
+
+      // invoke the token service.
+      responseMessage = this.tokenService.invoke(this.createSourceFromRequest(request));
+      baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil.getSourceAsStream(responseMessage));
+
+      // validate the renew response contents and get the renewed token.
+      this.validateSAML11AssertionResponse(baseResponse, "renewcontext", "jduke", SAMLUtil.SAML11_BEARER_URI);
+      collection = (RequestSecurityTokenResponseCollection) baseResponse;
+      Element renewedAssertionElement = (Element) collection.getRequestSecurityTokenResponses().get(0)
+            .getRequestedSecurityToken().getAny().get(0);
+
+      // compare the assertions, checking if the lifetime has been updated.
+      SAML11AssertionType originalAssertion = SAMLUtil.saml11FromElement(assertionElement);
+      SAML11AssertionType renewedAssertion = SAMLUtil.saml11FromElement(renewedAssertionElement);
+
+      // assertions should have different ids and lifetimes.
+      assertFalse("Renewed assertion should have a unique id", originalAssertion.getID().equals(
+            renewedAssertion.getID()));
+      assertEquals(DatatypeConstants.LESSER, originalAssertion.getConditions().getNotBefore().compare(
+            renewedAssertion.getConditions().getNotBefore()));
+      assertEquals(DatatypeConstants.LESSER, originalAssertion.getConditions().getNotOnOrAfter().compare(
+            renewedAssertion.getConditions().getNotOnOrAfter()));
+   }
+
+   /**
+    * <p>
     * This test case first generates a SAMLV2.0 assertion and then sends a WS-Trust renew message to the STS to get the
     * assertion renewed (i.e. get a new assertion with an updated lifetime).
     * </p>
@@ -728,18 +910,107 @@
       AssertionType renewedAssertion = SAMLUtil.fromElement(renewedAssertionElement);
 
       // assertions should have different ids and lifetimes.
-      assertFalse("Renewed assertion should have a unique id",
-            originalAssertion.getID().equals(renewedAssertion.getID()));
-      assertEquals(DatatypeConstants.LESSER,
-            originalAssertion.getConditions().getNotBefore().compare(renewedAssertion.getConditions().getNotBefore()));
-      assertEquals(
-            DatatypeConstants.LESSER,
-            originalAssertion.getConditions().getNotOnOrAfter()
-                  .compare(renewedAssertion.getConditions().getNotOnOrAfter()));
+      assertFalse("Renewed assertion should have a unique id", originalAssertion.getID().equals(
+            renewedAssertion.getID()));
+      assertEquals(DatatypeConstants.LESSER, originalAssertion.getConditions().getNotBefore().compare(
+            renewedAssertion.getConditions().getNotBefore()));
+      assertEquals(DatatypeConstants.LESSER, originalAssertion.getConditions().getNotOnOrAfter().compare(
+            renewedAssertion.getConditions().getNotOnOrAfter()));
    }
 
    /**
     * <p>
+    * This test case first generates a SAMLV1.1 assertion and then sends a WS-Trust cancel message to the STS to cancel
+    * the assertion. A canceled assertion cannot be renewed or considered valid anymore.
+    * </p>
+    * 
+    * @throws Exception
+    *            if an error occurs while running the test.
+    */
+   @Test
+   public void testInvokeSAML11Cancel() throws Exception
+   {
+      // create a simple token request.
+      RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST,
+            SAMLUtil.SAML11_TOKEN_TYPE, null);
+
+      Source requestMessage = this.createSourceFromRequest(request);
+
+      // invoke the token service.
+      Source responseMessage = this.tokenService.invoke(requestMessage);
+      WSTrustParser parser = new WSTrustParser();
+      BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil
+            .getSourceAsStream(responseMessage));
+
+      // validate the response and get the SAML assertion from the request.
+      this.validateSAML11AssertionResponse(baseResponse, "testcontext", "jduke", SAMLUtil.SAML11_BEARER_URI);
+      RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
+      Element assertion = (Element) collection.getRequestSecurityTokenResponses().get(0).getRequestedSecurityToken()
+            .getAny().get(0);
+
+      // now construct a WS-Trust cancel request with the generated assertion.
+      request = this.createRequest("cancelcontext", WSTrustConstants.CANCEL_REQUEST, null, null);
+      CancelTargetType cancelTarget = new CancelTargetType();
+      cancelTarget.add(assertion);
+      request.setCancelTarget(cancelTarget);
+
+      // invoke the token service.
+      responseMessage = this.tokenService.invoke(this.createSourceFromRequest(request));
+      baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil.getSourceAsStream(responseMessage));
+
+      // validate the response contents.
+      assertNotNull("Unexpected null response", baseResponse);
+      assertTrue("Unexpected response type", baseResponse instanceof RequestSecurityTokenResponseCollection);
+      collection = (RequestSecurityTokenResponseCollection) baseResponse;
+      assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
+      RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
+      assertEquals("Unexpected response context", "cancelcontext", response.getContext());
+      assertNotNull("Cancel response should contain a RequestedTokenCancelled element", response
+            .getRequestedTokenCancelled());
+
+      // try to validate the canceled assertion.
+      request = this.createRequest("validatecontext", WSTrustConstants.VALIDATE_REQUEST, null, null);
+      ValidateTargetType validateTarget = new ValidateTargetType();
+      validateTarget.add(assertion);
+      request.setValidateTarget(validateTarget);
+
+      // the response should contain a status indicating that the token is not valid.
+      responseMessage = this.tokenService.invoke(this.createSourceFromRequest(request));
+      collection = (RequestSecurityTokenResponseCollection) parser.parse(DocumentUtil
+            .getSourceAsStream(responseMessage));
+      assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
+      response = collection.getRequestSecurityTokenResponses().get(0);
+      assertEquals("Unexpected response context", "validatecontext", response.getContext());
+      assertEquals("Unexpected token type", WSTrustConstants.STATUS_TYPE, response.getTokenType().toString());
+      StatusType status = response.getStatus();
+      assertNotNull("Unexpected null status", status);
+      assertEquals("Unexpected status code", WSTrustConstants.STATUS_CODE_INVALID, status.getCode());
+      assertEquals("Unexpected status reason", "Validation failure: assertion with id "
+            + assertion.getAttribute("AssertionID") + " has been canceled", status.getReason());
+
+      // now try to renew the canceled assertion.
+      request = this.createRequest("renewcontext", WSTrustConstants.RENEW_REQUEST, null, null);
+      RenewTargetType renewTarget = new RenewTargetType();
+      renewTarget.add(assertion);
+      request.setRenewTarget(renewTarget);
+
+      // we should receive an exception when renewing the token.
+      try
+      {
+         this.tokenService.invoke(this.createSourceFromRequest(request));
+         fail("Renewing a canceled token should result in an exception being thrown");
+      }
+      catch (WebServiceException we)
+      {
+         assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
+         assertEquals("Unexpected exception message", "SAMLV1.1 Assertion with id "
+               + assertion.getAttribute("AssertionID") + " has been canceled and cannot be renewed", we.getCause()
+               .getCause().getMessage());
+      }
+   }
+
+   /**
+    * <p>
     * This test case first generates a SAMLV2.0 assertion and then sends a WS-Trust cancel message to the STS to cancel
     * the assertion. A canceled assertion cannot be renewed or considered valid anymore.
     * </p>
@@ -785,8 +1056,8 @@
       assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
       RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
       assertEquals("Unexpected response context", "cancelcontext", response.getContext());
-      assertNotNull("Cancel response should contain a RequestedTokenCancelled element",
-            response.getRequestedTokenCancelled());
+      assertNotNull("Cancel response should contain a RequestedTokenCancelled element", response
+            .getRequestedTokenCancelled());
 
       // try to validate the canceled assertion.
       request = this.createRequest("validatecontext", WSTrustConstants.VALIDATE_REQUEST, null, null);
@@ -884,8 +1155,10 @@
       {
          assertNotNull("Unexpected null cause", we.getCause());
          assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
-         /*assertEquals("Either AppliesTo or TokenType must be present in a security token request", we.getCause()
-               .getMessage());*/
+         /*
+          * assertEquals("Either AppliesTo or TokenType must be present in a security token request", we.getCause()
+          * .getMessage());
+          */
       }
 
       // a request that asks for a public key to be used as proof key will fail if the public key is not available.
@@ -962,8 +1235,10 @@
       {
          assertNotNull("Unexpected null cause", we.getCause());
          assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
-         /*assertEquals("No SecurityTokenProvider configured for http://www.unknowntoken.org:UnknownToken", we.getCause()
-               .getMessage());*/
+         /*
+          * assertEquals("No SecurityTokenProvider configured for http://www.unknowntoken.org:UnknownToken",
+          * we.getCause() .getMessage());
+          */
       }
    }
 
@@ -1024,7 +1299,7 @@
          RequestSecurityTokenResponse response = baseResponseColl.getRequestSecurityTokenResponses().get(0);
          StatusType status = response.getStatus();
          assertTrue(status.getCode().equals(WSTrustConstants.STATUS_CODE_INVALID));
-         //fail("An exception should have been raised by the security token service");
+         // fail("An exception should have been raised by the security token service");
       }
       catch (WebServiceException we)
       {
@@ -1132,13 +1407,98 @@
       Element element = (Element) requestedToken.getAny().get(0);
       assertEquals("Unexpected root element name", "SpecialToken", element.getLocalName());
       assertEquals("Unexpected namespace value", "http://www.tokens.org", element.getNamespaceURI());
-      assertEquals("Unexpected attribute value", "http://www.tokens.org/SpecialToken",
-            element.getAttribute("TokenType"));
+      assertEquals("Unexpected attribute value", "http://www.tokens.org/SpecialToken", element
+            .getAttribute("TokenType"));
       element = (Element) element.getFirstChild();
       assertEquals("Unexpected child element name", "SpecialTokenValue", element.getLocalName());
       assertEquals("Unexpected token value", "Principal:jduke", element.getFirstChild().getNodeValue());
    }
 
+   private SAML11AssertionType validateSAML11AssertionResponse(BaseRequestSecurityTokenResponse baseResponse,
+         String context, String principal, String confirmationMethod) throws Exception
+   {
+
+      // =============================== WS-Trust Security Token Response Validation ===============================//
+
+      assertNotNull("Unexpected null response", baseResponse);
+      assertTrue("Unexpected response type", baseResponse instanceof RequestSecurityTokenResponseCollection);
+      RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
+      assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
+      RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
+      assertEquals("Unexpected response context", context, response.getContext());
+      assertEquals("Unexpected token type", SAMLUtil.SAML11_TOKEN_TYPE, response.getTokenType().toString());
+      Lifetime lifetime = response.getLifetime();
+      assertNotNull("Unexpected null token lifetime", lifetime);
+
+      // validate the attached token reference.
+      RequestedReferenceType reference = response.getRequestedAttachedReference();
+      assertNotNull("Unexpected null attached reference", reference);
+      SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference();
+      assertNotNull("Unexpected null security reference", securityRef);
+      String tokenTypeAttr = securityRef.getOtherAttributes().get(new QName(WSTrustConstants.WSSE11_NS, "TokenType"));
+      assertNotNull("Required attribute TokenType is missing", tokenTypeAttr);
+      assertEquals("TokenType attribute has an unexpected value", SAMLUtil.SAML11_TOKEN_TYPE, tokenTypeAttr);
+      KeyIdentifierType keyId = (KeyIdentifierType) securityRef.getAny().get(0);
+      assertEquals("Unexpected key value type", SAMLUtil.SAML11_VALUE_TYPE, keyId.getValueType());
+      assertNotNull("Unexpected null key identifier value", keyId.getValue());
+
+      // ====================================== SAMLV1.1 Assertion Validation ======================================//
+
+      RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken();
+      assertNotNull("Unexpected null requested security token", requestedToken);
+
+      // unmarshall the SAMLV1.1 assertion.
+      Element assertionElement = (Element) requestedToken.getAny().get(0);
+      SAML11AssertionType assertion = SAMLUtil.saml11FromElement(assertionElement);
+
+      // verify the contents of the unmarshalled assertion.
+      assertNotNull("Invalid null assertion ID", assertion.getID());
+      assertEquals(keyId.getValue().substring(1), assertion.getID());
+      assertEquals(lifetime.getCreated(), assertion.getIssueInstant());
+      assertEquals(1, assertion.getMajorVersion());
+      assertEquals(1, assertion.getMinorVersion());
+
+      // validate the assertion issuer.
+      assertNotNull("Unexpected null assertion issuer", assertion.getIssuer());
+      assertEquals("Unexpected assertion issuer name", "Test STS", assertion.getIssuer());
+
+      // validate the assertion authentication statement.
+      List<SAML11StatementAbstractType> statements = assertion.getStatements();
+      assertTrue("At least one statement is expected in a SAMLV1.1 assertion", statements.size() > 0);
+      SAML11AuthenticationStatementType authStatement = null;
+      for (SAML11StatementAbstractType statement : statements)
+      {
+         if (statement instanceof SAML11AuthenticationStatementType)
+         {
+            authStatement = (SAML11AuthenticationStatementType) statement;
+            break;
+         }
+      }
+      assertNotNull("SAMLV1.1 assertion is missing the authentication statement", authStatement);
+
+      // validate the assertion subject.
+      assertNotNull("Unexpected null subject", authStatement.getSubject());
+      SAML11SubjectType subject = authStatement.getSubject();
+
+      SAML11NameIdentifierType nameID = subject.getChoice().getNameID();
+      assertEquals("Unexpected NameIdentifier format", SAML11Constants.FORMAT_UNSPECIFIED, nameID.getFormat()
+            .toString());
+      assertEquals("Unexpected NameIdentifier value", principal, nameID.getValue());
+
+      SAML11SubjectConfirmationType subjType = subject.getSubjectConfirmation();
+      assertEquals("Unexpected confirmation method", confirmationMethod, subjType.getConfirmationMethod().get(0)
+            .toString());
+
+      // validate the assertion conditions.
+      assertNotNull("Unexpected null conditions", assertion.getConditions());
+      assertEquals(lifetime.getCreated(), assertion.getConditions().getNotBefore());
+      assertEquals(lifetime.getExpires(), assertion.getConditions().getNotOnOrAfter());
+
+      assertNotNull("Assertion should have been signed", assertion.getSignature());
+
+      return assertion;
+   }
+
    /**
     * <p>
     * Validates the contents of a WS-Trust response message that contains a SAMLV2.0 assertion issued by the {@code
@@ -1255,8 +1615,8 @@
       if (WSTrustConstants.KEY_TYPE_SYMMETRIC.equals(keyType))
       {
          Element encKeyElement = (Element) keyInfo.getContent().get(0);
-         assertEquals("Unexpected key info content type", WSTrustConstants.XMLEnc.ENCRYPTED_KEY,
-               encKeyElement.getLocalName());
+         assertEquals("Unexpected key info content type", WSTrustConstants.XMLEnc.ENCRYPTED_KEY, encKeyElement
+               .getLocalName());
       }
       // if the key is public, KeyInfo should either contain an encoded certificate or an encoded public key.
       else if (WSTrustConstants.KEY_TYPE_PUBLIC.equals(keyType))

Modified: federation/trunk/picketlink-fed-core/src/test/resources/parser/wst/wst-batch-validate.xml
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/resources/parser/wst/wst-batch-validate.xml	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/test/resources/parser/wst/wst-batch-validate.xml	2011-07-14 15:04:04 UTC (rev 1089)
@@ -6,11 +6,6 @@
       <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_ab0392ef-b557-4453-95a8-a7e168da8ac5" 
           IssueInstant="2010-09-30T19:13:37.869Z" Version="2.0">
         <saml2:Issuer>Test STS</saml2:Issuer>
-        <saml2:Subject>
-          <saml2:NameID NameQualifier="urn:picketlink:identity-federation">jduke</saml2:NameID>
-          <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
-        </saml2:Subject>
-        <saml2:Conditions NotBefore="2010-09-30T19:13:37.869Z" NotOnOrAfter="2010-09-30T21:13:37.869Z"/>
         <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
           <ds:SignedInfo>
             <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
@@ -42,6 +37,11 @@
             </ds:KeyValue>
           </ds:KeyInfo>
         </ds:Signature>
+        <saml2:Subject>
+          <saml2:NameID NameQualifier="urn:picketlink:identity-federation">jduke</saml2:NameID>
+          <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
+        </saml2:Subject>
+        <saml2:Conditions NotBefore="2010-09-30T19:13:37.869Z" NotOnOrAfter="2010-09-30T21:13:37.869Z"/>
       </saml2:Assertion>
     </wst:ValidateTarget>
   </wst:RequestSecurityToken>
@@ -52,15 +52,6 @@
       <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_cf9efbf0-9d7f-4b4a-b77f-d83ecaafd374" 
         IssueInstant="2010-09-30T19:13:37.911Z" Version="2.0">
         <saml2:Issuer>Test STS</saml2:Issuer>
-        <saml2:Subject>
-          <saml2:NameID NameQualifier="urn:picketlink:identity-federation">jduke</saml2:NameID>
-          <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
-        </saml2:Subject>
-        <saml2:Conditions NotBefore="2010-09-30T19:13:37.911Z" NotOnOrAfter="2010-09-30T21:13:37.911Z">
-          <saml2:AudienceRestriction>
-            <saml2:Audience>http://services.testcorp.org/provider2</saml2:Audience>
-          </saml2:AudienceRestriction>
-        </saml2:Conditions>
         <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
           <ds:SignedInfo>
             <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
@@ -92,6 +83,15 @@
             </ds:KeyValue>
           </ds:KeyInfo>
         </ds:Signature>
+        <saml2:Subject>
+          <saml2:NameID NameQualifier="urn:picketlink:identity-federation">jduke</saml2:NameID>
+          <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
+        </saml2:Subject>
+        <saml2:Conditions NotBefore="2010-09-30T19:13:37.911Z" NotOnOrAfter="2010-09-30T21:13:37.911Z">
+          <saml2:AudienceRestriction>
+            <saml2:Audience>http://services.testcorp.org/provider2</saml2:Audience>
+          </saml2:AudienceRestriction>
+        </saml2:Conditions>
       </saml2:Assertion>
     </wst:ValidateTarget>
   </wst:RequestSecurityToken>

Modified: federation/trunk/picketlink-fed-core/src/test/resources/parser/wst/wst-cancel-saml.xml
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/resources/parser/wst/wst-cancel-saml.xml	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/test/resources/parser/wst/wst-cancel-saml.xml	2011-07-14 15:04:04 UTC (rev 1089)
@@ -4,11 +4,6 @@
     <saml2:Assertion ID="ID_cb1eadf5-50a6-4fdf-96bc-412514f52882" IssueInstant="2010-09-30T19:13:37.603Z" Version="2.0"
         xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
       <saml2:Issuer>Test STS</saml2:Issuer>
-      <saml2:Subject>
-        <saml2:NameID NameQualifier="urn:picketlink:identity-federation">jduke</saml2:NameID>
-        <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
-      </saml2:Subject>
-      <saml2:Conditions NotBefore="2010-09-30T19:13:37.603Z" NotOnOrAfter="2010-09-30T21:13:37.603Z"/>
       <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <ds:SignedInfo>
           <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
@@ -40,6 +35,11 @@
           </ds:KeyValue>
         </ds:KeyInfo>
       </ds:Signature>
+      <saml2:Subject>
+        <saml2:NameID NameQualifier="urn:picketlink:identity-federation">jduke</saml2:NameID>
+        <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
+      </saml2:Subject>
+      <saml2:Conditions NotBefore="2010-09-30T19:13:37.603Z" NotOnOrAfter="2010-09-30T21:13:37.603Z"/>
     </saml2:Assertion>
   </wst:CancelTarget>
 </wst:RequestSecurityToken>

Modified: federation/trunk/picketlink-fed-core/src/test/resources/parser/wst/wst-renew-saml.xml
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/resources/parser/wst/wst-renew-saml.xml	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/test/resources/parser/wst/wst-renew-saml.xml	2011-07-14 15:04:04 UTC (rev 1089)
@@ -5,15 +5,6 @@
     <saml2:Assertion ID="ID_654b6092-c725-40ea-8044-de453b59cb28" IssueInstant="2010-09-30T19:13:37.429Z" Version="2.0"
         xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
       <saml2:Issuer>Test STS</saml2:Issuer>
-      <saml2:Subject>
-        <saml2:NameID NameQualifier="urn:picketlink:identity-federation">jduke</saml2:NameID>
-        <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
-      </saml2:Subject>
-      <saml2:Conditions NotBefore="2010-09-30T19:13:37.429Z" NotOnOrAfter="2010-09-30T21:13:37.429Z">
-        <saml2:AudienceRestriction>
-          <saml2:Audience>http://services.testcorp.org/provider2</saml2:Audience>
-        </saml2:AudienceRestriction>
-      </saml2:Conditions>
       <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <ds:SignedInfo>
           <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
@@ -45,6 +36,15 @@
           </ds:KeyValue>
         </ds:KeyInfo>
       </ds:Signature>
+      <saml2:Subject>
+        <saml2:NameID NameQualifier="urn:picketlink:identity-federation">jduke</saml2:NameID>
+        <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
+      </saml2:Subject>
+      <saml2:Conditions NotBefore="2010-09-30T19:13:37.429Z" NotOnOrAfter="2010-09-30T21:13:37.429Z">
+        <saml2:AudienceRestriction>
+          <saml2:Audience>http://services.testcorp.org/provider2</saml2:Audience>
+        </saml2:AudienceRestriction>
+      </saml2:Conditions>
     </saml2:Assertion>
   </wst:RenewTarget>
 </wst:RequestSecurityToken>

Modified: federation/trunk/picketlink-fed-core/src/test/resources/parser/wst/wst-validate-saml.xml
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/resources/parser/wst/wst-validate-saml.xml	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/test/resources/parser/wst/wst-validate-saml.xml	2011-07-14 15:04:04 UTC (rev 1089)
@@ -5,11 +5,6 @@
     <saml2:Assertion ID="ID_654b6092-c725-40ea-8044-de453b59cb28" IssueInstant="2010-09-30T19:13:37.186Z" Version="2.0"
         xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
       <saml2:Issuer>Test STS</saml2:Issuer>
-      <saml2:Subject>
-        <saml2:NameID NameQualifier="urn:picketlink:identity-federation">jduke</saml2:NameID>
-        <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
-      </saml2:Subject>
-      <saml2:Conditions NotBefore="2010-09-30T19:13:37.186Z" NotOnOrAfter="2010-09-30T21:13:37.186Z"/>
       <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <ds:SignedInfo>
           <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
@@ -41,6 +36,11 @@
           </ds:KeyValue>
         </ds:KeyInfo>
       </ds:Signature>
+      <saml2:Subject>
+        <saml2:NameID NameQualifier="urn:picketlink:identity-federation">jduke</saml2:NameID>
+        <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
+      </saml2:Subject>
+      <saml2:Conditions NotBefore="2010-09-30T19:13:37.186Z" NotOnOrAfter="2010-09-30T21:13:37.186Z"/>
     </saml2:Assertion>
   </wst:ValidateTarget>
 </wst:RequestSecurityToken>

Modified: federation/trunk/picketlink-fed-core/src/test/resources/sts/picketlink-sts.xml
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/resources/sts/picketlink-sts.xml	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-fed-core/src/test/resources/sts/picketlink-sts.xml	2011-07-14 15:04:04 UTC (rev 1089)
@@ -17,6 +17,10 @@
 			<Property Key="Property1" Value="Value1"/>
 			<Property Key="Property2" Value="Value2"/>
 		</TokenProvider>
+		<TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML11TokenProvider"
+			TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
+			TokenElement="Assertion"
+			TokenElementNS="urn:oasis:names:tc:SAML:1.0:assertion"/>
 		<TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider"
 			TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
 			TokenElement="Assertion"

Modified: federation/trunk/picketlink-webapps/picketlink-sts/src/main/resources/picketlink-sts.xml
===================================================================
--- federation/trunk/picketlink-webapps/picketlink-sts/src/main/resources/picketlink-sts.xml	2011-07-13 19:35:11 UTC (rev 1088)
+++ federation/trunk/picketlink-webapps/picketlink-sts/src/main/resources/picketlink-sts.xml	2011-07-14 15:04:04 UTC (rev 1089)
@@ -8,9 +8,13 @@
   		<ValidatingAlias Key="http://services.testcorp.org/provider1" Value="service1"/>
 	</KeyProvider>
 	<TokenProviders>
-        <TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider"
-            TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
+            <TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML11TokenProvider"
+                TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
 	        TokenElement="Assertion"
+	        TokenElementNS="urn:oasis:names:tc:SAML:1.0:assertion"/>
+            <TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider"
+                TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
+	        TokenElement="Assertion"
 	        TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion"/>
 	</TokenProviders>
 	<ServiceProviders>



More information about the jboss-cvs-commits mailing list