summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore1
-rw-r--r--auth/docker/Dockerfile4
-rwxr-xr-x[-rw-r--r--]auth/docker/dbuild.sh0
-rw-r--r--auth/docker/dclean.sh7
-rw-r--r--auth/docker/dpush.sh10
-rw-r--r--auth/docker/drun.sh3
-rw-r--r--auth/docker/dstart.sh7
-rw-r--r--auth/docker/dstop.sh5
-rw-r--r--auth/sample/backup/backup.sh32
-rw-r--r--auth/sample/backup/cbackup.sh8
-rw-r--r--auth/sample/data/identities.dat38
-rw-r--r--auth/sample/data/sample.identities.dat27
-rw-r--r--auth/sample/etc/org.osaaf.cm.props14
-rw-r--r--auth/sample/etc/org.osaaf.common.props30
-rw-r--r--auth/sample/etc/org.osaaf.fs.props10
-rw-r--r--auth/sample/etc/org.osaaf.gui.props30
-rw-r--r--auth/sample/etc/org.osaaf.hello.props8
-rw-r--r--auth/sample/etc/org.osaaf.locate.props8
-rw-r--r--auth/sample/etc/org.osaaf.log4j.props51
-rw-r--r--auth/sample/etc/org.osaaf.oauth.props8
-rw-r--r--auth/sample/etc/org.osaaf.orgs.props11
-rw-r--r--auth/sample/etc/org.osaaf.service.props8
-rw-r--r--auth/sample/local/org.osaaf.aaf.keyfile27
-rw-r--r--auth/sample/local/org.osaaf.aaf.p12bin0 -> 3950 bytes
-rw-r--r--auth/sample/local/org.osaaf.aaf.trust.p12bin0 -> 4180 bytes
-rw-r--r--auth/sample/local/org.osaaf.cassandra.props29
-rw-r--r--auth/sample/local/org.osaaf.cm.ca.props11
-rw-r--r--auth/sample/local/org.osaaf.location.props12
-rw-r--r--auth/sample/local/org.osaaf.props17
-rw-r--r--auth/sample/public/AAF_RootCA.cer31
-rw-r--r--auth/sample/public/aaf_2_0.xsd527
-rw-r--r--auth/sample/public/iframe_denied_test.html10
-rw-r--r--auth/sample/public/truststoreONAP.p12bin0 -> 4180 bytes
-rw-r--r--auth/sample/public/truststoreONAPall.jksbin0 -> 117990 bytes
34 files changed, 960 insertions, 24 deletions
diff --git a/.gitignore b/.gitignore
index cde269b1..f0ac2df4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
/.project
/target/
/temp/
+.metadata/
diff --git a/auth/docker/Dockerfile b/auth/docker/Dockerfile
index 729a460e..7afe69d8 100644
--- a/auth/docker/Dockerfile
+++ b/auth/docker/Dockerfile
@@ -15,10 +15,10 @@ COPY lib /opt/app/aaf/${AAF_COMPONENT}/lib
COPY theme /opt/app/aaf/${AAF_COMPONENT}/theme
COPY bin /opt/app/aaf/${AAF_COMPONENT}/bin
-#CMD ["/bin/bash","/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"]
+CMD ["/bin/bash","-c","/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT} >> /opt/app/osaaf/logs/${AAF_COMPONENT}/stdout`date -I` 2>> /opt/app/osaaf/logs/${AAF_COMPONENT}/stderr`date -I`"]
# For Debugging installation
-CMD ["/bin/bash","-c","pwd;cd /opt/app/osaaf;find /opt/app/osaaf -depth;df -k; cat /opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT};cat /etc/hosts;/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"]
+# CMD ["/bin/bash","-c","pwd;cd /opt/app/osaaf;find /opt/app/osaaf -depth;df -k; cat /opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT};cat /etc/hosts;/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"]
# Java Debugging VM Args
# "-Xdebug",\
# "-Xnoagent",\
diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh
index 23fa72f5..23fa72f5 100644..100755
--- a/auth/docker/dbuild.sh
+++ b/auth/docker/dbuild.sh
diff --git a/auth/docker/dclean.sh b/auth/docker/dclean.sh
index 4c2dd3bf..d83f61c8 100644
--- a/auth/docker/dclean.sh
+++ b/auth/docker/dclean.sh
@@ -1,9 +1,6 @@
#!/bin/bash dclean.sh
-ORG=onap
-PROJECT=aaf
-DOCKER_REPOSITORY=nexus3.onap.org:10003
-VERSION=2.1.0-SNAPSHOT
-./d.props
+# Pull in Variables from d.props
+. ./d.props
if [ "$1" == "" ]; then
AAF_COMPONENTS=`ls ../aaf_${VERSION}/bin | grep -v '\.'`
diff --git a/auth/docker/dpush.sh b/auth/docker/dpush.sh
index a9a03875..99a88f96 100644
--- a/auth/docker/dpush.sh
+++ b/auth/docker/dpush.sh
@@ -1,12 +1,8 @@
#
# Docker push Script. Reads all the components generated by install, on per-version basis
#
-
-ORG=onap
-PROJECT=aaf
-DOCKER_REPOSITORY=nexus3.onap.org:10003
-VERSION=2.1.0-SNAPSHOT
-# TODO add ability to do DEBUG settings
+# Pull in Variables from d.props
+. ./d.props
if ["$1" == ""]; then
AAF_COMPONENTS=`ls ../aaf_*HOT/bin | grep -v '\.'`
@@ -17,4 +13,4 @@ fi
for AAF_COMPONENT in ${AAF_COMPONENTS}; do
docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION}
-done \ No newline at end of file
+done
diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh
index 2b5f709a..b4c64d09 100644
--- a/auth/docker/drun.sh
+++ b/auth/docker/drun.sh
@@ -1,4 +1,5 @@
#!/bin/bash drun.sh
+# Pull in Variables from d.props
. ./d.props
@@ -40,7 +41,7 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do
echo Starting aaf_$AAF_COMPONENT...
docker run \
- -d \
+ -i \
--name aaf_$AAF_COMPONENT \
--hostname="${AAF_COMPONENT}.aaf.osaaf.org" \
--add-host="$HOSTNAME:$HOST_IP" \
diff --git a/auth/docker/dstart.sh b/auth/docker/dstart.sh
index ac8ffd06..41aa6a45 100644
--- a/auth/docker/dstart.sh
+++ b/auth/docker/dstart.sh
@@ -1,9 +1,6 @@
#!/bin/bash dstop.sh
-ORG=onap
-PROJECT=aaf
-DOCKER_REPOSITORY=nexus3.onap.org:10003
-VERSION=2.1.0-SNAPSHOT
-./d.props
+# Pull in Props
+. ./d.props
if [ "$1" == "" ]; then
AAF_COMPONENTS=`ls -r ../aaf_${VERSION}/bin | grep -v '\.'`
diff --git a/auth/docker/dstop.sh b/auth/docker/dstop.sh
index 6105a00b..58ac0bf7 100644
--- a/auth/docker/dstop.sh
+++ b/auth/docker/dstop.sh
@@ -1,8 +1,5 @@
#!/bin/bash dstop.sh
-ORG=onap
-PROJECT=aaf
-DOCKER_REPOSITORY=nexus3.onap.org:10003
-VERSION=2.1.0-SNAPSHOT
+# Pull in Properties
. ./d.props
if [ "$1" == "" ]; then
diff --git a/auth/sample/backup/backup.sh b/auth/sample/backup/backup.sh
new file mode 100644
index 00000000..1359d3de
--- /dev/null
+++ b/auth/sample/backup/backup.sh
@@ -0,0 +1,32 @@
+# BEGIN Store prev
+BD=/opt/app/osaaf/backup
+if [ -e "$BD/6day" ]; then
+ rm -Rf $BD/6day
+fi
+
+PREV=$BD/6day
+for D in $BD/5day $BD/4day $BD/3day $BD/2day $BD/yesterday; do
+ if [ -e "$D" ]; then
+ mv "$D" "$PREV"
+ fi
+ PREV="$D"
+done
+
+if [ -e "$BD/today" ]; then
+ if [ -e "$BD/backup.log" ]; then
+ mv $BD/backup.log $BD/today
+ fi
+ gzip $BD/today/*
+ mv $BD/today $BD/yesterday
+fi
+
+mkdir $BD/today
+
+# END Store prev
+date
+docker exec -t aaf_cass bash -c "mkdir -p /opt/app/cass_backup"
+docker container cp $BD/cbackup.sh aaf_cass:/opt/app/cass_backup/backup.sh
+# echo "login as Root, then run \nbash /opt/app/cass_backup/backup.sh"
+docker exec -t aaf_cass bash /opt/app/cass_backup/backup.sh
+docker container cp aaf_cass:/opt/app/cass_backup/. $BD/today
+date
diff --git a/auth/sample/backup/cbackup.sh b/auth/sample/backup/cbackup.sh
new file mode 100644
index 00000000..9c91d0c6
--- /dev/null
+++ b/auth/sample/backup/cbackup.sh
@@ -0,0 +1,8 @@
+cd /opt/app/cass_backup
+DATA="ns role perm ns_attrib user_role cred cert x509 delegate approval approved future notify artifact health history"
+PWD=cassandra
+CQLSH="cqlsh -u cassandra -k authz -p $PWD"
+for T in $DATA ; do
+ echo "Creating $T.dat"
+ $CQLSH -e "COPY authz.$T TO '$T.dat' WITH DELIMITER='|'"
+done
diff --git a/auth/sample/data/identities.dat b/auth/sample/data/identities.dat
new file mode 100644
index 00000000..93bfcdb3
--- /dev/null
+++ b/auth/sample/data/identities.dat
@@ -0,0 +1,38 @@
+#
+# Identities.dat
+# This file is for use with the "Default Organization". It is a simple mechanism to have a basic ILM structure to use with
+# out-of-the-box tire-kicking, or even for Small companies
+#
+# For Larger Companies, you will want to create a new class implementing the "Organization" interface, making calls to your ILM, or utilizing
+# batch feeds, as is appropriate for your company.
+#
+# Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split
+# out AppIDs, choose your own status indicators, or whatever you use.
+# 0 - unique ID
+# 1 - full name
+# 2 - first name
+# 3 - last name
+# 4 - phone
+# 5 - official email
+# 6 - employment status e=employee, c=contractor, a=application, n=no longer with company
+# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID)
+jonathan|Jonathan C Gathman|Jonathan|Gathman|314-550-3312|jonathan.gathman@att.com|e|
+clefevre|Catherine LeFevre|Catherine|LeFevre||catherine.lefevre@att.com|e|
+ramkoya|Ram Koya|Ram|Koya||ram.koya@att.com|e|clefevre
+chris|Chris Varner|Chris|Varner|469-375-0774|chris.varner@att.com|c|anne
+ian|Ian Howell|Ian|Howell|314-450-2782|ian.howell@att.com|e|jonathan
+gabe|Gabe B Maurer|Gabe|Maurer|314-962-9579|gabe.maurer@att.com|e|jonathan
+sai|Sai Gandham|Sai|Gandham|424-265-9959|sai.gandham@att.com|c|anne
+anne|Anne E Kopp|Anne|Kopp|512-244-4280|anne.e.kopp@att.com|e|jonathan
+a2345z|AAF App|AAF|Application||DL-aaf-support@att.com|a|jonathan
+aaf_authz|AAF App|AAF|Application||jonathan.gathman@att.com|a|jonathan
+kirankamieni|Kiran K Kamineni|Kiran|Kamineni|999-999=9999|kiran.k.kamineni@intel.com|ramkoya
+aaf_sms|Secret Management Service|SMS|Secret Management Service provides secure storage for sensitive information such as passwords and userIDs||kiran.k.kamineni@intel.com|a|kirankamieni
+djtimoney|Dan Timoney|Dan|Timoney|+1 (732) 420-3226|dt5972@att.com|e|ramkoya
+xuegao|Xue Gao|Xue|Gao|0032479670327|xg353y@att.com|e|clefevre
+clamp|Clamp Application|clamp|Application||xg353y@att.com|a|xuegao
+dmaapbc|DMaap Bus Controller|DMaap|Bus Controller||dgl@research.att.com|a|dgfromatt
+dglfromatt|Dominic Lunanuova|Dominic|Lunanuova|732-420-9618|dgl@research.att.com|e|ramokoya
+puthenpura|Sarat Puthenpura|Sarat|Puthenpura|||e|clefevre
+ruoyu|Ruoyu Ying|Ruoyu|Ying|13661960772|ruoyu.ying@intel.com|e|puthenpura
+
diff --git a/auth/sample/data/sample.identities.dat b/auth/sample/data/sample.identities.dat
new file mode 100644
index 00000000..39d18a12
--- /dev/null
+++ b/auth/sample/data/sample.identities.dat
@@ -0,0 +1,27 @@
+#
+# Sample Identities.dat
+# This file is for use with the "Default Organization". It is a simple mechanism to have a basic ILM structure to use with
+# out-of-the-box tire-kicking, or even for Small companies
+#
+# For Larger Companies, you will want to create a new class implementing the "Organization" interface, making calls to your ILM, or utilizing
+# batch feeds, as is appropriate for your company.
+#
+# Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split
+# out AppIDs, choose your own status indicators, or whatever you use.
+# 0 - unique ID
+# 1 - full name
+# 2 - first name
+# 3 - last name
+# 4 - phone
+# 5 - official email
+# 6 - employment status e=employee, c=contractor, a=application, n=no longer with company
+# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID)
+#
+
+iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e|
+mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna
+bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager
+mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager
+ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager
+iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
+osaaf|ID of AAF|||||a|bdevl
diff --git a/auth/sample/etc/org.osaaf.cm.props b/auth/sample/etc/org.osaaf.cm.props
new file mode 100644
index 00000000..da5ea872
--- /dev/null
+++ b/auth/sample/etc/org.osaaf.cm.props
@@ -0,0 +1,14 @@
+##
+## org.osaaf.cm.props
+## AAF Certificate Manager properties
+## Note: Link to CA Properties in "local" dir
+##
+cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/local/org.osaaf.cm.ca.props
+aaf_component=AAF_NS.cm:2.1.0.0
+port=8150
+
+#Certman
+cm_public_dir=/opt/app/osaaf/public
+cm_trust_cas=AAF_RootCA.cer
+
+
diff --git a/auth/sample/etc/org.osaaf.common.props b/auth/sample/etc/org.osaaf.common.props
new file mode 100644
index 00000000..e1477468
--- /dev/null
+++ b/auth/sample/etc/org.osaaf.common.props
@@ -0,0 +1,30 @@
+############################################################
+# Common properties for all AAF Components
+# on 2018-03-02 06:59.628-0500
+############################################################
+# Pull in Global Coordinates and Certificate Information
+aaf_root_ns=org.osaaf.aaf
+aaf_trust_perm=org.osaaf.aaf|org.onap|trust
+
+cadi_prop_files=/opt/app/osaaf/local/org.osaaf.location.props:/opt/app/osaaf/local/org.osaaf.props
+cadi_protocols=TLSv1.1,TLSv1.2
+
+aaf_locate_url=https://aaf.osaaf.org
+aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0
+cadi_loginpage_url=https://AAF_LOCATE_URL/AAF_NS.gui:2.0/login
+
+# Standard for this App/Machine
+aaf_env=DEV
+aaf_data_dir=/opt/app/osaaf/data
+cadi_loglevel=DEBUG
+
+# Domain Support (which will accept)
+aaf_domain_support=.com:.org
+
+# Basic Auth
+aaf_default_realm=people.osaaf.org
+
+# OAuth2
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect
+
diff --git a/auth/sample/etc/org.osaaf.fs.props b/auth/sample/etc/org.osaaf.fs.props
new file mode 100644
index 00000000..96d91f9d
--- /dev/null
+++ b/auth/sample/etc/org.osaaf.fs.props
@@ -0,0 +1,10 @@
+##
+## org.osaaf.locator
+## AAF Locator Properties
+##
+cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props
+aaf_component=AAF_NS.fs:2.1.0.0
+port=8096
+
+
+aaf_public_dir=/opt/app/osaaf/public
diff --git a/auth/sample/etc/org.osaaf.gui.props b/auth/sample/etc/org.osaaf.gui.props
new file mode 100644
index 00000000..f1a2770d
--- /dev/null
+++ b/auth/sample/etc/org.osaaf.gui.props
@@ -0,0 +1,30 @@
+##
+## org.osaaf.locator
+## AAF Locator Properties
+##
+cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/etc/org.osaaf.orgs.props
+aaf_component=AAF_NS.gui:2.1.0.0
+port=8200
+
+aaf_gui_title=AAF
+aaf_gui_copyright=(c) 2018 AT&T Intellectual Property. All rights reserved.
+aaf_gui_theme=theme/onap
+cadi_loginpage_url=https://AAF_LOCATE_URL/com.att.aaf.gui:2.0/login
+
+# GUI URLS and Help URLS
+cm_url=https://aaf.osaaf.org:8150
+gw_url=https://aaf.osaaf.org:8095
+fs_url=http://aaf.osaaf.org:8096
+
+aaf_url.gui_onboard=https://wiki.web.att.com/display/aaf/OnBoarding
+aaf_url.cuigui=https://wiki.web.att.com/display/aaf/Using+the+Command+Prompt
+
+aaf_url.aaf_help=https://wiki.onap.org/display/DW/Application+Authorization+Framework+Documentation
+aaf_url.aaf_help.sub=Bootstrapping+AAF,Installation+Guide
+aaf_url.aaf_help.sub.Bootstrapping+AAF=https://wiki.onap.org/display/DW/Bootstrapping+AAF
+aaf_url.aaf_help.sub.Installation+Guide=https://wiki.onap.org/display/DW/AAF+Installation+Guide
+#aaf_url.cadi_help=
+aaf_url.tools=AAF+Projects,AAF+Jira,AAF+Calendar
+aaf_url.tool=AAF+Jira=https://jira.onap.org/secure/RapidBoard.jspa?rapidView=69&projectKey=AAF&view=detail&selectedIssue=AAF-134
+aaf_url.tool.AAF+Projects=https://gerrit.onap.org/r/#/admin/projects/?filter=aaf%2F
+aaf_url.tool.AAF+Calendar=https://wiki.onap.org/pages/viewpage.action?pageId=6587439
diff --git a/auth/sample/etc/org.osaaf.hello.props b/auth/sample/etc/org.osaaf.hello.props
new file mode 100644
index 00000000..9f77986e
--- /dev/null
+++ b/auth/sample/etc/org.osaaf.hello.props
@@ -0,0 +1,8 @@
+##
+## org.osaaf.locator
+## AAF Locator Properties
+##
+cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props
+aaf_component=AAF_NS.hello:2.1.0.0
+port=8130
+
diff --git a/auth/sample/etc/org.osaaf.locate.props b/auth/sample/etc/org.osaaf.locate.props
new file mode 100644
index 00000000..d85c735e
--- /dev/null
+++ b/auth/sample/etc/org.osaaf.locate.props
@@ -0,0 +1,8 @@
+##
+## org.osaaf.locator
+## AAF Locator Properties
+##
+cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props
+aaf_component=AAF_NS.locator:2.1.0.0
+port=8095
+
diff --git a/auth/sample/etc/org.osaaf.log4j.props b/auth/sample/etc/org.osaaf.log4j.props
new file mode 100644
index 00000000..9f108028
--- /dev/null
+++ b/auth/sample/etc/org.osaaf.log4j.props
@@ -0,0 +1,51 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.INIT.File=${LOG4J_FILENAME_init}
+log4j.appender.INIT.DatePattern='.'yyyy-MM-dd
+log4j.appender.INIT.layout=org.apache.log4j.PatternLayout
+log4j.appender.INIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n
+
+log4j.appender.SRVR=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.SRVR.File=${LOG4J_FILENAME_service}
+log4j.appender.SRVR.DatePattern='.'yyyy-MM-dd
+log4j.appender.SRVR.layout=org.apache.log4j.PatternLayout
+log4j.appender.SRVR.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %p [%c] %m %n
+
+log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.AUDIT.File=${LOG4J_FILENAME_audit}
+log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd
+log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout
+log4j.appender.AUDIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n
+
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n
+
+# General Apache libraries
+log4j.rootLogger=WARN.SRVR
+log4j.logger.org.apache=WARN,SRVR
+log4j.logger.com.datastax=WARN,SRVR
+log4j.logger.init=INFO,INIT
+log4j.logger.service=${LOGGING_LEVEL},SRVR
+log4j.logger.audit=INFO,AUDIT
+# Additional configs, not cauth with Root Logger
+log4j.logger.io.netty=INFO,SRVR
+log4j.logger.org.eclipse=INFO,SRVR
+
+
diff --git a/auth/sample/etc/org.osaaf.oauth.props b/auth/sample/etc/org.osaaf.oauth.props
new file mode 100644
index 00000000..5be90174
--- /dev/null
+++ b/auth/sample/etc/org.osaaf.oauth.props
@@ -0,0 +1,8 @@
+##
+## org.osaaf.locator
+## AAF Locator Properties
+##
+cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props
+aaf_component=AAF_NS.oauth:2.1.0.0
+port=8140
+
diff --git a/auth/sample/etc/org.osaaf.orgs.props b/auth/sample/etc/org.osaaf.orgs.props
new file mode 100644
index 00000000..66bfd2fa
--- /dev/null
+++ b/auth/sample/etc/org.osaaf.orgs.props
@@ -0,0 +1,11 @@
+#
+# Define Organizations for use in some of the components. Not all use them
+#
+Organization.org.osaaf=org.onap.aaf.org.DefaultOrg
+org.osaaf.mailHost=smtp.mail.att.com
+org.osaaf.mailFrom=DL-aaf-support@aaf.att.com
+org.osaaf.default=true
+org.osaaf.also_supports=org.osaaf.people
+
+
+
diff --git a/auth/sample/etc/org.osaaf.service.props b/auth/sample/etc/org.osaaf.service.props
new file mode 100644
index 00000000..1b4df0e8
--- /dev/null
+++ b/auth/sample/etc/org.osaaf.service.props
@@ -0,0 +1,8 @@
+##
+## org.osaaf.service
+## AAF Service Properties
+##
+cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/etc/org.osaaf.orgs.props
+aaf_component=AAF_NS.service:2.1.0.0
+port=8100
+
diff --git a/auth/sample/local/org.osaaf.aaf.keyfile b/auth/sample/local/org.osaaf.aaf.keyfile
new file mode 100644
index 00000000..7206ad93
--- /dev/null
+++ b/auth/sample/local/org.osaaf.aaf.keyfile
@@ -0,0 +1,27 @@
+rmaOaytuFLnhz07oilUO0nO_mZ18XInIi56OoezdUTR5f1GR45lp_nX7marcYv7j2ZS-dpWOSur0
+sK5M-ByrgxfUPyk749Ex4nGSMLnAq-nFMaREpGZPmNP-ul_vCxCmaHUnWKPJB4jx_K_osKPb0-ng
+tqX0hnpbmcq4okV94MUdUs084ymM5LU-qVU_oYbLUM4dXatobe1go8eX2umrutZbQTjz75i4UEcF
+Dv9nDwVqHRGUFMU0NeJlrSlRSO-eiDgVtoSCBGtIkDdKPBTUT3wachHmUBiSBJ3GF05yQP1CwWzz
+AQRSwphP11xKI7tSViT5RoxjxfQZiVEbeyg9g9BROe_pLyIDskoW_ujdnPOWRcSIx6Q4J0eew3kb
+yqcWUPf1K2nSyBSshlsQ6A9NSOLz_KhyIvP_1OG82m1gir3I77Usl7QqMF8IBXCjJ-H_qqR1u-By
+qm_AFjagYA2TgF2YQN-fcneom_5_cA74_xwJ41juhOP72ZWGkX1bAdbiKf85uYo2H3g5HeNWijQL
+y4wJ4qFrSptQRyV2Ntf9OLgpOsKsPPiLlNBugmCjHBMaPMbQAYRbsyCH2nKdjjTG3c6iF5Cj9Jco
+6McvcrYYuq3ynH-2HoL-T-Zgl2AXLxqK4_dl_H243H-GutoJsmIkELLGS_pCpSt4t7xaDvzqxrTj
+4qZ1OjozcpnsqM8HebS28IgoqFaOmrCMqO1MLM_CjAyliTy31P28XEbcYvjEY-FWmnJRSpMLc1Pz
+-KOH-2V8uTqn5YlUsFt2TNnc8lEwMH6GSV1vkgxwPQaMUgWV2svc0FfBmTLZI4zNmpMu4cGjaG-f
+Z8r_hX7pDPANBTaqFxTp999dnaS3lLdZMNbJNEKFF0xxdRuBzsPKDiLa7ItixInZlUcEnwJVWOhC
+kcI2J0cEFGxHxWYmYdqyJIvQzjebk6iDqB-mLi0ai-_XYm1niCxZizT_XJADo9LQtTzq1V6pMgYR
+PPfbDKoiYRK6D8nbWsGNOh6xOS7zs8qrnTPxwu5CuZX_EFoejmooHTrXEqw2RzRFw9XqXM8p50C3
+YrwI2lA6kTQItGm0yftAxqfbhbjJp_K1P91ckOYL3ZSYze_hXRmguwYuT5NWlKhBtm5aawuDjXEg
+yn7PnRTT0smW40hbYbks5L-2VVxTd3tith6Ltqh95miL6vpG5ByDDQlZCWwkq7XH7iScejDvT6UN
+jF1K86mNa8CLXuuSzGl1li1CMxoVzW55G3s0-ICDHqjytiUkiUen2V9VzGT9h4BgDfzbShf31M4_
+biO4NL-mkqlDBbh-KcrYjvNj5qQwHSiLSLuQQBoBtJ3hG9jCu4YBYVWJYctV8r3Js_sGDH4rl5w1
+ujEF6QHWZIF73-u53G_LtvoXBnQcrBW8oLpqP-1Pz5d1bio--bRsNa5qAAilNbYmttiKYOYJn4My
+c6QvzF81SqTRZy0Fd0NK_hMCglPkH7sd32UX-LBquvQ_yDqB_ml_pADJhWcfuD4iPAQjR2Vgclxf
+GPCDva6YpJDzjjnaExDYmGFVFpbIPLfvGUCit_9zAycx0nW1J_cVT1BWFHijjAh_gnIpa6MtY3BE
+G3d8ee6_LAQvvVdBwZ955UwyRd-C7Buc7Xcccw-8hcNBKqOCDlE9j4tie2SdO9m53vZRzcLY6Aiw
+BiulIAllqHZQYs0OBcaYgbNgJU-gn9ZMWgS9i3ijPvTTBSNX7y7k4L1a4QOceyuOtt7nkv024YUS
+acTRmaGotRBuVfI-C0L4Q9NL56_nUATB5ca2GqgLEKnWKsiN3T9cBg4Ji88E8OdiVcoO8segB-0d
+QwWCqCZ8_z_R7zBMlDqpfu5wbvoVx0w9JhLgO9f7eoRozqA3qGLv94i1pN6LuU-Q7YPz4jVxmbb_
+2CHyP1n-o1ZWHfWdz6aByXEzrAZdvjfEWwwMYV5l5jFilTXaCNOCjr9S4YjNn0HITdl7E64C06Im
+3QWOsnDv9z1APjnFo12KH_1yWscU0t9gx7FG210Ug6C-G3Bko_tm_YOp0Lkum4qrnxgHMf_a \ No newline at end of file
diff --git a/auth/sample/local/org.osaaf.aaf.p12 b/auth/sample/local/org.osaaf.aaf.p12
new file mode 100644
index 00000000..08ed3be8
--- /dev/null
+++ b/auth/sample/local/org.osaaf.aaf.p12
Binary files differ
diff --git a/auth/sample/local/org.osaaf.aaf.trust.p12 b/auth/sample/local/org.osaaf.aaf.trust.p12
new file mode 100644
index 00000000..d01e8569
--- /dev/null
+++ b/auth/sample/local/org.osaaf.aaf.trust.p12
Binary files differ
diff --git a/auth/sample/local/org.osaaf.cassandra.props b/auth/sample/local/org.osaaf.cassandra.props
new file mode 100644
index 00000000..4489a36b
--- /dev/null
+++ b/auth/sample/local/org.osaaf.cassandra.props
@@ -0,0 +1,29 @@
+############################################################
+# Cassandra properties for AAF Components needing
+# on 2018-03-02 06:59.628-0500
+############################################################
+# LOCAL Cassandra
+cassandra.clusters=cass.aaf.osaaf.org
+cassandra.clusters.port=9042
+#need this to be fully qualified name when REAL AAF integration
+cassandra.clusters.user=cassandra
+cassandra.clusters.password=enc:gF_I93pTRMIvj3rof-dx-yK84XYT1UKGf98s1LAJyWV
+
+# Name for exception that has happened in the past
+cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed"
+
+# Example Consistency Settings for Clusters with at least instances
+#cassandra.writeConsistency.ns=LOCAL_QUORUM
+#cassandra.writeConsistency.perm=LOCAL_QUORUM
+#cassandra.writeConsistency.role=LOCAL_QUORUM
+#cassandra.writeConsistency.user_role=LOCAL_QUORUM
+#cassandra.writeConsistency.cred=LOCAL_QUORUM
+#cassandra.writeConsistency.ns_attrib=LOCAL_QUORUM
+
+# Consistency Settings when Single Instance
+cassandra.writeConsistency.ns=ONE
+cassandra.writeConsistency.perm=ONE
+cassandra.writeConsistency.role=ONE
+cassandra.writeConsistency.user_role=ONE
+cassandra.writeConsistency.cred=ONE
+cassandra.writeConsistency.ns_attrib=ONE
diff --git a/auth/sample/local/org.osaaf.cm.ca.props b/auth/sample/local/org.osaaf.cm.ca.props
new file mode 100644
index 00000000..5293f0bb
--- /dev/null
+++ b/auth/sample/local/org.osaaf.cm.ca.props
@@ -0,0 +1,11 @@
+##
+## org.osaaf.cm.ca.props
+## Properties to access Certifiate Authority
+##
+
+#Certman
+cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/intermediate_1.p12;intermediate_1;enc:kieWQoNgaIfCrdoqOTsjDQwIp8V1NM4mLgDW3X1g8oyOhBQ-aOmdo12kvL_AMs6u
+cm_ca.local.idDomains=org.osaaf
+cm_ca.local.baseSubject=/OU=OSAAF/O=ONAP/C=US
+cm_ca.local.perm_type=org.osaaf.aaf.ca
+
diff --git a/auth/sample/local/org.osaaf.location.props b/auth/sample/local/org.osaaf.location.props
new file mode 100644
index 00000000..d6d04ef4
--- /dev/null
+++ b/auth/sample/local/org.osaaf.location.props
@@ -0,0 +1,12 @@
+##
+## org.osaaf.location.props
+##
+## Localized Machine Information
+##
+# Almeda California
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
+
+cadi_registration_hostname=aaf-onap-beijing-test.osaaf.org
+cadi_trust_masks=10.12.6/24
+
diff --git a/auth/sample/local/org.osaaf.props b/auth/sample/local/org.osaaf.props
new file mode 100644
index 00000000..5ae86c34
--- /dev/null
+++ b/auth/sample/local/org.osaaf.props
@@ -0,0 +1,17 @@
+############################################################
+# Properties Generated by AT&T Certificate Manager
+# by jg1555
+# on 2018-02-21T10:28:08.909-0600
+# @copyright 2016, AT&T
+############################################################
+cm_url=https://aaf.osaaf.org:8150
+#hostname=aaf.osaaf.org
+aaf_env=DEV
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US
+cadi_keyfile=/opt/app/osaaf/local/org.osaaf.aaf.keyfile
+cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12
+cadi_keystore_password=enc:4L1xY_7mYTuk57SPWZetza5WlgBUYBe8pbT1-AWKO1-5PAbSTynQEc5TU7ZeomfN
+#cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)>
+cadi_alias=a2345z@aaf.osaaf.org
+cadi_truststore=/opt/app/osaaf/local/org.osaaf.aaf.trust.p12
+cadi_truststore_password=enc:5nzj6v3Rb0oZPV1zCxg8EJFfkFvWFGJflLB0i_FN0Np
diff --git a/auth/sample/public/AAF_RootCA.cer b/auth/sample/public/AAF_RootCA.cer
new file mode 100644
index 00000000..e9a50d7e
--- /dev/null
+++ b/auth/sample/public/AAF_RootCA.cer
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
+BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
+NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
+DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
+XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
+H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
+pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
+NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
+2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
+wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
+ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
+P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
+aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
+PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
+A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
+UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
+BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
+L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
+7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
+c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
+jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
+RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
+PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
+CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
+Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
+cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
+ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
+dYY=
+-----END CERTIFICATE-----
diff --git a/auth/sample/public/aaf_2_0.xsd b/auth/sample/public/aaf_2_0.xsd
new file mode 100644
index 00000000..59d4331b
--- /dev/null
+++ b/auth/sample/public/aaf_2_0.xsd
@@ -0,0 +1,527 @@
+<!-- Used by AAF (ATT inc 2013) -->
+<xs:schema
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:aaf="urn:aaf:v2_0"
+ targetNamespace="urn:aaf:v2_0"
+ elementFormDefault="qualified">
+
+<!--
+ June 2, 2017, adding Roles, Perms, etc to NSRequest for Onboarding purposes.
+
+ Note: jan 22, 2015. Deprecating the "force" element in the "Request" Structure. Do that
+ with Query Params.
+
+ Eliminate in 3.0
+ -->
+<!--
+ Errors
+ Note: This Error Structure has been made to conform to the AT&T TSS Policies
+ -->
+ <xs:element name="error">
+ <xs:complexType>
+ <xs:sequence>
+ <!--
+ Unique message identifier of the format ‘ABCnnnn’ where ‘ABC’ is
+ either ‘SVC’ for Service Exceptions or ‘POL’ for Policy Exception.
+ Exception numbers may be in the range of 0001 to 9999 where :
+ * 0001 to 0199 are reserved for common exception messages
+ * 0200 to 0999 are reserved for Parlay Web Services specification use
+ * 1000-9999 are available for exceptions
+ -->
+ <xs:element name="messageId" type="xs:string" minOccurs="1" maxOccurs="1"/>
+
+ <!--
+ Message text, with replacement
+ variables marked with %n, where n is
+ an index into the list of <variables>
+ elements, starting at 1
+ -->
+ <xs:element name="text" type="xs:string" minOccurs="1" maxOccurs="1"/>
+
+ <!--
+ List of zero or more strings that
+ represent the contents of the variables
+ used by the message text. -->
+ <xs:element name="variables" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Requests
+ -->
+ <xs:complexType name="Request">
+ <xs:sequence>
+ <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
+ <xs:element name="end" type="xs:dateTime" minOccurs="1" maxOccurs="1"/>
+ <!-- Deprecated. Use Query Command
+ <xs:element name="force" type="xs:string" minOccurs="1" maxOccurs="1" default="false"/>
+ -->
+ </xs:sequence>
+ </xs:complexType>
+
+<!--
+ Keys
+ -->
+ <xs:element name="keys">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="key" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+
+<!--
+ Permissions
+-->
+ <xs:complexType name = "pkey">
+ <xs:sequence>
+ <xs:element name="type" type="xs:string"/>
+ <xs:element name="instance" type="xs:string"/>
+ <xs:element name="action" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name="permKey">
+ <xs:complexType >
+ <xs:complexContent>
+ <xs:extension base="aaf:pkey" />
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="perm">
+ <xs:complexType >
+ <xs:complexContent>
+ <xs:extension base="aaf:pkey">
+ <xs:sequence>
+ <xs:element name="roles" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- This data not filled in unless Requested -->
+ <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="perms">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="aaf:perm" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="permRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="type" type="xs:string"/>
+ <xs:element name="instance" type="xs:string"/>
+ <xs:element name="action" type="xs:string"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+
+<!--
+ Roles
+-->
+ <xs:complexType name="rkey">
+ <xs:sequence>
+ <xs:element name="name" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name="roleKey">
+ <xs:complexType >
+ <xs:complexContent>
+ <xs:extension base="aaf:rkey" />
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="role">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:rkey">
+ <xs:sequence>
+ <xs:element name="perms" type="aaf:pkey" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- This data not filled in unless Requested -->
+ <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="roles">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="aaf:role" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="roleRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <!-- Added userRole return types jg1555 9/16/2015 -->
+ <xs:element name="userRole">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="expires" type="xs:date" minOccurs="1" maxOccurs="1" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <!-- Added userRoles return types jg1555 9/16/2015 -->
+ <xs:element name="userRoles">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="aaf:userRole" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="userRoleRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="rolePermRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="perm" type="aaf:pkey" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="nsRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="admin" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <xs:element name="responsible" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Note: dec 11, 2015. Request-able NS Type JG -->
+ <xs:element name="type" type="xs:string" minOccurs="0" maxOccurs="1"/>
+
+ <!-- "scope" is deprecated and unused as of AAF 2.0.11. It will be removed in future versions
+ <xs:element name="scope" type="xs:int" minOccurs="0" maxOccurs="1"/>
+
+
+ <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="aaf_id" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+
+ -->
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="nsAttribRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="ns" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name = "nss">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name = "ns" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name = "name" type = "xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name = "responsible" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name = "admin" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name = "description" type = "xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Note: Dec 16, 2015. Added description field. Verify backward compatibility. JG -->
+ <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Users
+-->
+ <xs:element name="users">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="user" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" />
+ <!-- Changed type to dateTime, because of importance of Certs -->
+ <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
+ <!-- need to differentiate User Cred Types, jg1555 5/20/2015
+ This Return Object is shared by multiple functions:
+ Type is not returned for "UserRole", but only "Cred"
+ -->
+ <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Certs
+ Added jg1555 5/20/2015 to support identifying Certificate based Services
+ -->
+ <xs:element name="certs">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="cert" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" />
+ <xs:element name="x500" type="xs:string" minOccurs="1" maxOccurs="1" />
+ <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
+ <xs:element name="fingerprint" type="xs:hexBinary" minOccurs="1" maxOccurs="1" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Credentials
+-->
+ <xs:element name="credRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="id" type="xs:string"/>
+ <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1"/>
+ <xs:choice >
+ <xs:element name="password" type="xs:string" />
+ <xs:element name="entry" type="xs:string" />
+ </xs:choice>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Multi Request
+ -->
+
+ <xs:element name="multiRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element ref="aaf:nsRequest" minOccurs="0" maxOccurs="1"/>
+ <xs:element ref="aaf:nsAttribRequest" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="aaf:credRequest" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="aaf:rolePermRequest" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ History
+ -->
+ <xs:element name="history">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="item" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="YYYYMM" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="timestamp" type="xs:dateTime" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="subject" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="target" type = "xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="action" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="memo" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Approvals
+ -->
+ <xs:complexType name="approval">
+ <xs:sequence>
+ <!-- Note, id is set by system -->
+ <xs:element name="id" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <xs:element name="ticket" type="xs:string"/>
+ <xs:element name="user" type="xs:string"/>
+ <xs:element name="approver" type="xs:string"/>
+ <xs:element name="type" type="xs:string"/>
+ <xs:element name="memo" type="xs:string"/>
+ <xs:element name="updated" type="xs:dateTime"/>
+ <xs:element name="status">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="approve"/>
+ <xs:enumeration value="reject"/>
+ <xs:enumeration value="pending"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ <xs:element name="operation">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="C"/>
+ <xs:enumeration value="U"/>
+ <xs:enumeration value="D"/>
+ <xs:enumeration value="G"/>
+ <xs:enumeration value="UG"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="approvals">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="approvals" type="aaf:approval" minOccurs="1" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Delegates
+-->
+ <xs:complexType name="delg">
+ <xs:sequence>
+ <xs:element name="user" type="xs:string"/>
+ <xs:element name="delegate" type="xs:string"/>
+ <xs:element name="expires" type="xs:date"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name="delgRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="delegate" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="delgs">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="delgs" type="aaf:delg" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <!-- jg 3/11/2015 New for 2.0.8 -->
+ <xs:element name="api">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="route" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="meth" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="path" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="param" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="desc" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="comments" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="contentType" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="expected" type="xs:int" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="explicitErr" type="xs:int" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+</xs:schema> \ No newline at end of file
diff --git a/auth/sample/public/iframe_denied_test.html b/auth/sample/public/iframe_denied_test.html
new file mode 100644
index 00000000..613e9c70
--- /dev/null
+++ b/auth/sample/public/iframe_denied_test.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+<body>
+
+<iframe src="https://mithrilcsp.sbc.com:8095/gui/home">
+ <p>Your browser does not support iframes.</p>
+</iframe>
+
+</body>
+</html>
diff --git a/auth/sample/public/truststoreONAP.p12 b/auth/sample/public/truststoreONAP.p12
new file mode 100644
index 00000000..d01e8569
--- /dev/null
+++ b/auth/sample/public/truststoreONAP.p12
Binary files differ
diff --git a/auth/sample/public/truststoreONAPall.jks b/auth/sample/public/truststoreONAPall.jks
new file mode 100644
index 00000000..ff844b10
--- /dev/null
+++ b/auth/sample/public/truststoreONAPall.jks
Binary files differ