Continued changes to facilitate the setup of an ATS.

CASA-auth-token/java/server/Svc/Makefile.am

@@ -20,7 +20,7 @@
 #######################################################################
 
 SUBDIRS = src
-DIST_SUBDIRS = src external tomcat5 linux manifest
+DIST_SUBDIRS = src external tomcat5 linux manifest templates
 
 EXTRA_DIST = authtoken.settings \
 		identoken.settings \

CASA-auth-token/java/server/Svc/README

@@ -207,8 +207,8 @@ Note the following about the sample auth.policy file:
   
 - The authentication mechanism entries are: mechanism and mechanism_info. The mechanism
   entry specifies the name of the authentication mechanism. The mechanism_info specifies
-  some mechanism specific information. Both authentication mechanism entries must be
-  specified for an auth_source entry.
+  some mechanism specific information, the need for this entry is dependent on the
+  configuration requirements of the specified mechanism.
   
 - The name of the Krb5 Authentication mechanism is "Krb5Authenticate". This mechanism
   defaults the service principal name to host/hostname@KERBEROS_REALM. You can use a
@@ -238,7 +238,7 @@ Note the following about the sample authtoken.settings file:
 - The TokenLifetime setting specifies the number of seconds for which a token is good
   for after being issued. The default value for this setting is 3600 seconds. Note that
   a larger value reduces overhead, but it also gives more time for an intruder to
-  utilize the token if it becomes compromized.
+  utilize the token if it becomes compromised.
   
 - The LifetimeShorter setting specifies the number of seconds that should be substracted
   from the TokenLifetime when calculating the number of seconds that clients are told

CASA-auth-token/java/server/Svc/TODO

@@ -15,4 +15,5 @@ OUTSTANDING ITEMS
 - Add logging.
 - Create plug-in API for Identity Token Providers.
 - Change printfs used for debugging into a suitable mechanism.
+- Create tool to connect Tomcat instance to Apache Server and disabling port 2645 listener.
  

CASA-auth-token/java/server/Svc/authtoken.settings

@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<settings>
-	<TokenLifetime>3600</TokenLifetime>
-</settings>

CASA-auth-token/java/server/Svc/identoken.settings

@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<settings>
-	<EncryptAttributes>false</EncryptAttributes>
-	<Attributes>sn</Attributes>
-</settings>
-

CASA-auth-token/java/server/Svc/linux/CasaAuthPolicyEditor.sh

@@ -1,3 +1,37 @@
 #!/bin/sh
+########################################################################
+# 
+#   Copyright (C) 2006 Novell, Inc. All Rights Reserved.
+# 
+#   This library is free software; you can redistribute it and/or
+#   modify it under the terms of the GNU Lesser General Public
+#   License as published by the Free Software Foundation; version 2.1
+#   of the License.
+# 
+#   This library is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#   Library Lesser General Public License for more details.
+# 
+#   You should have received a copy of the GNU Lesser General Public
+#   License along with this library; if not, Novell, Inc.
+#  
+#   To contact Novell about this file by physical or electronic mail, 
+#   you may find current contact information at www.novell.com.
+#  
+#   Author: Juan Carlos Luciani <jluciani@novell.com>
+#   
+########################################################################
+
+########################################################################
+#
+# Script for editing auth.policy files
+#
+########################################################################
+
+# Source our environment variables file
+. /etc/CASA/authtoken/svc/envvars
+
+# Perform the operation requested
 $JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.jar $*
 

CASA-auth-token/java/server/Svc/linux/CasaAuthTokenSettingsEditor.sh

@@ -1,3 +1,37 @@
 #!/bin/sh
+########################################################################
+# 
+#   Copyright (C) 2006 Novell, Inc. All Rights Reserved.
+# 
+#   This library is free software; you can redistribute it and/or
+#   modify it under the terms of the GNU Lesser General Public
+#   License as published by the Free Software Foundation; version 2.1
+#   of the License.
+# 
+#   This library is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#   Library Lesser General Public License for more details.
+# 
+#   You should have received a copy of the GNU Lesser General Public
+#   License along with this library; if not, Novell, Inc.
+#  
+#   To contact Novell about this file by physical or electronic mail, 
+#   you may find current contact information at www.novell.com.
+#  
+#   Author: Juan Carlos Luciani <jluciani@novell.com>
+#   
+########################################################################
+
+########################################################################
+#
+# Script for editing authtoken.settings files
+#
+########################################################################
+
+# Source our environment variables file
+. /etc/CASA/authtoken/svc/envvars
+
+# Perform the operation requested
 $JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.jar $*
 

CASA-auth-token/java/server/Svc/linux/CasaBasicATSSetup.sh

@@ -0,0 +1,221 @@
+#!/bin/sh
+########################################################################
+# 
+#   Copyright (C) 2006 Novell, Inc. All Rights Reserved.
+# 
+#   This library is free software; you can redistribute it and/or
+#   modify it under the terms of the GNU Lesser General Public
+#   License as published by the Free Software Foundation; version 2.1
+#   of the License.
+# 
+#   This library is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#   Library Lesser General Public License for more details.
+# 
+#   You should have received a copy of the GNU Lesser General Public
+#   License along with this library; if not, Novell, Inc.
+#  
+#   To contact Novell about this file by physical or electronic mail, 
+#   you may find current contact information at www.novell.com.
+#  
+#   Author: Juan Carlos Luciani <jluciani@novell.com>
+#   
+########################################################################
+
+########################################################################
+#
+# Scrip for setting up iaRealm.xml and auth.policy files for ATS
+# using a single LDAP Realm.
+# 
+# Notice that this scrip is very basic and only supports a single LDAP
+# server.
+#
+########################################################################
+
+DEFAULT_TEMPLATE_FILE_FOLDER=/etc/CASA/authtoken/svc/templates
+DEFAULT_CONFIG_FILE_FOLDER=/etc/CASA/authtoken/svc
+
+function display_usage
+{
+   echo "usage: CasaBasicATSSetup.sh [-h] [TemplateFileFolder] [ConfigFileFolder]"
+   echo "  where the position dependent parameters are:"
+   echo "    -h - Display this information"
+   echo "    TemplateFileFolder - Path to the folder containing the template files. If"
+   echo "                         not specified, the parameter defaults to"
+   echo "                         $DEFAULT_TEMPLATE_FILE_FOLDER."
+   echo "    ConfigFileFolder - Path to the output file folder. If not specified, the"
+   echo "                       parameter defaults to $DEFAULT_CONFIG_FILE_FOLDER."
+   echo ""
+   echo "  The following environment variables MUST be exported when"
+   echo "  executing this script:"
+   echo "    REALM - The name of the LDAP Realm, example: Tree name"
+   echo "    LDAP_HOST_NAME - The host name of the LDAP server"
+   echo "    PROXY_USER_NAME - The name of the LDAP Proxy User"
+   echo "    PROXY_USER_PW - The password of the LDAP Proxy User"
+   echo ""
+   echo "  The following environment variables MAY be exported when"
+   echo "  executing this script:"
+   echo "    LDAP_LISTEN_PORT - The port used by the LDAP server to listen for connections"
+   echo ""
+   echo "  WARNING: CURRENTLY THERE IS A LIMITATION THAT PREVENTS YOU FROM"
+   echo "           USING ENVIRONMENT VARIABLES WITH THE CHARACTER ':'."
+   echo ""
+}
+
+function setup_iaRealms_file
+{
+   # Determine the file names 
+   TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/iaRealms.xml
+   CONFIG_FILE=$CONFIG_FILE_FOLDER/iaRealms.xml
+
+   # Verify that the template file exists
+   if [ ! -f $TEMPLATE_FILE ]; then
+      echo "Template file $TEMPLATE_FILE does not exist"
+      return 2
+   fi
+
+   # Verify that the output folder exists
+   if [ ! -d $CONFIG_FILE_FOLDER ]; then
+      echo "Output folder $CONFIG_FILE_FOLDER does not exist"
+      return 2
+   fi
+
+   # Clean-up the output folder
+   rm -f $CONFIG_FILE
+
+   # Verify that all of the appropriate environment variables have been set
+   if [ "$REALM" != "" ]; then
+      if [ "$LDAP_HOST_NAME" != "" ]; then
+         if [ "$PROXY_USER_NAME" != "" ]; then
+            if [ "$PROXY_USER_PW" != "" ]; then
+               # Create and edit the output file
+               sed s:REALM:$REALM:g $TEMPLATE_FILE > $CONFIG_FILE
+               sed -i s:LDAP_HOST_NAME:$LDAP_HOST_NAME:g $CONFIG_FILE
+               sed -i s:PROXY_USER_NAME:$PROXY_USER_NAME:g $CONFIG_FILE
+               sed -i s:PROXY_USER_PW:$PROXY_USER_PW:g $CONFIG_FILE
+               if [ "$LDAP_LISTEN_PORT" != '' ]; then
+                  sed -i s:LDAP_LISTEN_PORT:$LDAP_LISTEN_PORT:g $CONFIG_FILE
+               else
+                  sed -i s:LDAP_LISTEN_PORT:389:g $CONFIG_FILE
+               fi
+               return 0
+            else
+               return 1
+            fi
+         else
+            return 1
+         fi
+      else
+         return 1
+      fi
+   else
+      return 1
+   fi
+}
+
+
+function setup_authPolicy_file
+{
+   # Determine the file names 
+   TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/auth.policy
+   CONFIG_FILE=$CONFIG_FILE_FOLDER/auth.policy
+
+   # Verify that the template file exists
+   if [ ! -f $TEMPLATE_FILE ]; then
+      echo "Template file $TEMPLATE_FILE does not exist"
+      return 2
+   fi
+
+   # Verify that the output folder exists
+   if [ ! -d $CONFIG_FILE_FOLDER ]; then
+      echo "Output folder $CONFIG_FILE_FOLDER does not exist"
+      return 2
+   fi
+
+   # Clean-up the output folder
+   rm -f $CONFIG_FILE
+
+   # Verify that all of the appropriate environment variables have been set
+   if [ "$REALM" != "" ]; then
+      # Create and edit the output file
+      sed s:REALM:$REALM:g $TEMPLATE_FILE > $CONFIG_FILE
+      return 0
+   else
+      return 1
+   fi
+}
+
+
+function setup_svcSettings_file
+{
+   # Determine the file names 
+   TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/svc.settings
+   CONFIG_FILE=$CONFIG_FILE_FOLDER/svc.settings
+   IAREALMS_FILE_PATH=$CONFIG_FILE_FOLDER/iaRealms.xml
+
+   # Verify that the template file exists
+   if [ ! -f $TEMPLATE_FILE ]; then
+      echo "Template file $TEMPLATE_FILE does not exist"
+      return 2
+   fi
+
+   # Verify that the output folder exists
+   if [ ! -d $CONFIG_FILE_FOLDER ]; then
+      echo "Output folder $CONFIG_FILE_FOLDER does not exist"
+      return 2
+   fi
+
+   # Clean-up the output folder
+   rm -f $CONFIG_FILE
+
+   # Create and edit the output file
+   sed s:IAREALMS_FILE_PATH:$IAREALMS_FILE_PATH:g $TEMPLATE_FILE > $CONFIG_FILE
+   return 0
+}
+
+
+#### MAIN ####
+
+# Determine what folders to utilize based on the input
+# parameters and our defaults.
+if [ "$1" != "" ]; then
+   if [ "$1" != "-h" ]; then
+      TEMPLATE_FILE_FOLDER=$1
+   else
+      display_usage
+      exit 0
+   fi
+else
+   TEMPLATE_FILE_FOLDER=DEFAULT_TEMPLATE_FILE_FOLDER
+fi
+
+if [ "$2" != "" ]; then
+   CONFIG_FILE_FOLDER=$2
+else
+   CONFIG_FILE_FOLDER=DEFAULT_CONFIG_FILE_FOLDER
+fi
+
+# Setup the configuration files
+setup_iaRealms_file
+RETVAL=$?
+if [ "$RETVAL" = "0" ]; then
+   setup_authPolicy_file
+   RETVAL=$?
+   if [ "$RETVAL" = "0" ]; then
+      setup_svcSettings_file
+      RETVAL=$?
+   fi
+fi
+
+if [ "$RETVAL" != "0" ]; then
+   if [ "$RETVAL" = "1" ]; then
+      display_usage
+   fi
+   exit 1
+else
+   exit 0
+fi
+
+
+

CASA-auth-token/java/server/Svc/linux/CasaIdenTokenSettingsEditor.sh

@@ -1,3 +1,37 @@
 #!/bin/sh
+########################################################################
+# 
+#   Copyright (C) 2006 Novell, Inc. All Rights Reserved.
+# 
+#   This library is free software; you can redistribute it and/or
+#   modify it under the terms of the GNU Lesser General Public
+#   License as published by the Free Software Foundation; version 2.1
+#   of the License.
+# 
+#   This library is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#   Library Lesser General Public License for more details.
+# 
+#   You should have received a copy of the GNU Lesser General Public
+#   License along with this library; if not, Novell, Inc.
+#  
+#   To contact Novell about this file by physical or electronic mail, 
+#   you may find current contact information at www.novell.com.
+#  
+#   Author: Juan Carlos Luciani <jluciani@novell.com>
+#   
+########################################################################
+
+########################################################################
+#
+# Script for editing identoken.settings files
+#
+########################################################################
+
+# Source our environment variables file
+. /etc/CASA/authtoken/svc/envvars
+
+# Perform the operation requested
 $JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.jar $*
 

CASA-auth-token/java/server/Svc/linux/CasaSvcSettingsEditor.sh

@@ -1,3 +1,37 @@
 #!/bin/sh
+########################################################################
+# 
+#   Copyright (C) 2006 Novell, Inc. All Rights Reserved.
+# 
+#   This library is free software; you can redistribute it and/or
+#   modify it under the terms of the GNU Lesser General Public
+#   License as published by the Free Software Foundation; version 2.1
+#   of the License.
+# 
+#   This library is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#   Library Lesser General Public License for more details.
+# 
+#   You should have received a copy of the GNU Lesser General Public
+#   License along with this library; if not, Novell, Inc.
+#  
+#   To contact Novell about this file by physical or electronic mail, 
+#   you may find current contact information at www.novell.com.
+#  
+#   Author: Juan Carlos Luciani <jluciani@novell.com>
+#   
+########################################################################
+
+########################################################################
+#
+# Script for editing svc.settings files
+#
+########################################################################
+
+# Source our environment variables file
+. /etc/CASA/authtoken/svc/envvars
+
+# Perform the operation requested
 $JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.jar $*
 

CASA-auth-token/java/server/Svc/linux/Makefile.am

@@ -30,7 +30,7 @@ EXTRA_DIST = CasaAuthtokenSvcD \
 		envvars \
 		server_keystore_setup.sh \
 		crypto.properties \
-		svc.settings \
+		CasaBasicATSSetup.sh \
 		CasaAuthPolicyEditor.sh \
 		CasaAuthTokenSettingsEditor.sh \
 		CasaIdenTokenSettingsEditor.sh \

CASA-auth-token/java/server/Svc/linux/server_keystore_setup.sh

@@ -23,20 +23,26 @@
 #   
 ########################################################################
 
-#############################################################
-#                                                           #
-# CASA ATS Keystore Setup Script.                           #
-#                                                           #
-# An ATS signs tokens and communicates with clients over    #
-# SSL. This scrip sets up the necessary key-pairs and       #
-# certificates for the ATS to perform these functions.      #
-#                                                           #
-# For token signing purposes, this scrip creates a self signed certificate that it then #
-# exports. At this time it is sufficient to utilize self    #
-# signed certificates because they are meant to be consumed #
-# by entities of the local box.                             # 
-#                                                           # 
-#############################################################
+########################################################################
+#
+# CASA ATS Keystore Setup Script.
+#
+# An ATS signs tokens and communicates with clients over
+# SSL. This scrip sets up the necessary key-pairs and
+# certificates for the ATS to perform these functions.
+#
+# For token signing purposes, this scrip creates a self
+# signed certificate that it then exports. At this time it
+# is sufficient to utilize self signed certificates because
+# they are meant to be consumed by entities of the local
+# box.
+#
+########################################################################
+
+# Source our environment variables file
+. /etc/CASA/authtoken/svc/envvars
+
+# Perform the operation requested
 
 # Do not do anything if the server keystore has already been created
 if [ -f /etc/CASA/authtoken/keys/server/jks-store ]; then
@@ -46,7 +52,7 @@ if [ -f /etc/CASA/authtoken/keys/server/jks-store ]; then
 else
 	echo "Setting up the server's keystore"
 
-        KEYTOOL_PATH=/usr/lib/jvm/java-1.5.0-ibm/bin/keytool
+   KEYTOOL_PATH=$JAVA_HOME/bin/keytool
 
 	# Create the server keystore with the key that will be used for signing tokens
 	host=`hostname -f`

CASA-auth-token/java/server/Svc/linux/svc.settings

@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<settings>
-	<IAConfigFile>/etc/CASA/authtoken/svc/iaRealms.xml</IAConfigFile>
-</settings>

CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthPolicyEditor.java

@@ -44,7 +44,7 @@ import java.util.Formatter;
 public class AuthPolicyEditor
 {
    private static final String usage =
-      "java auth_policy_editor -op [-entry realm:mechanismName[:mechanismInfo]] [-refentry realm:mechanismName] -file policyFilePath\n\n" +
+      "usage: AuthPolicyEditor -op [-entry realm:mechanismName[:mechanismInfo]] [-refentry realm:mechanismName] -file policyFilePath\n\n" +
       "   where:\n" +
       "      -op - Corresponds to one of the following operations:\n" +
       "         -create  - Create new auth policy file\n" +

CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthTokenSettingsEditor.java

@@ -32,7 +32,7 @@ package com.novell.casa.authtoksvc;
 public class AuthTokenSettingsEditor implements IVerifySetting
 {
    private static final String usage =
-      "java authtoken_settings_editor -op [settingName [settingValue]] -file settingsFilePath\n\n" +
+      "usage: AuthTokenSettingsEditor -op [settingName [settingValue]] -file settingsFilePath\n\n" +
       "   where:\n" +
       "      -op - Corresponds to one of the following operations:\n" +
       "         -create - Create new authtoken settings file\n" +

CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/IdenTokenSettingsEditor.java

@@ -32,7 +32,7 @@ package com.novell.casa.authtoksvc;
 public class IdenTokenSettingsEditor implements IVerifySetting
 {
    private static final String usage =
-      "java identoken_settings_editor -op [settingName [settingValue]] -file settingsFilePath\n\n" +
+      "usage: IdenTokenSettingsEditor -op [settingName [settingValue]] -file settingsFilePath\n\n" +
       "   where:\n" +
       "      -op - Corresponds to one of the following operations:\n" +
       "         -create - Create new identoken settings file\n" +

CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/SvcSettingsEditor.java

@@ -34,7 +34,7 @@ import java.io.File;
 public class SvcSettingsEditor implements IVerifySetting
 {
    private static final String usage =
-      "java svc_settings_editor -op [settingName [settingValue]] -file settingsFilePath\n\n" +
+      "usage: SvcSettingsEditor -op [settingName [settingValue]] -file settingsFilePath\n\n" +
       "   where:\n" +
       "      -op - Corresponds to one of the following operations:\n" +
       "         -create - Create new svc settings file\n" +

CASA-auth-token/java/server/Svc/templates/Makefile.am

@@ -0,0 +1,41 @@
+#######################################################################
+#
+#  Copyright (C) 2006 Novell, Inc.
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU General Public
+#  License as published by the Free Software Foundation; either
+#  version 2 of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public
+#  License along with this program; if not, write to the Free
+#  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+#  Author: Juan Carlos Luciani <jluciani@novell.com>
+#
+#######################################################################
+
+SUBDIRS =
+
+DIST_SUBDIRS =
+
+CFILES =
+
+EXTRA_DIST = auth.policy \
+		authtoken.settings \
+		iaRealms.xml \
+		identoken.settings \
+		svc.settings
+
+.PHONY: package package-clean package-install package-uninstall
+package package-clean package-install package-uninstall:
+	$(MAKE) -C $(TARGET_OS) $@
+
+maintainer-clean-local:
+	rm -f Makefile.in
+

CASA-auth-token/java/server/Svc/templates/auth.policy

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<auth_policy>
+<auth_source>
+<realm>REALM</realm>
+<mechanism>Krb5Authenticate</mechanism>
+</auth_source>
+<auth_source>
+<realm>REALM</realm>
+<mechanism>PwdAuthenticate</mechanism>
+</auth_source>
+</auth_policy>

CASA-auth-token/java/server/Svc/templates/authtoken.settings

@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<settings>
+</settings>

CASA-auth-token/java/server/Svc/templates/iaRealms.xml

@@ -0,0 +1,22 @@
+<bci:realms
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:bci="http://www.bandit-project.org/commonidentity"
+	xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+	xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os:access_control-xacml-2.0-policy-schema-os.xsd">
+	<bci:realm
+		desc="Directory"
+		connectorType="org.bandit.ia.connectors.LDAPConnectorInitialCtxFactory"	id="REALM">
+		<bci:env prop="java.naming.ldap.attributes.binary" value="guid"/>
+		<bci:env prop="java.naming.security.authentication" value="simple"/>
+		<bci:env prop="java.naming.security.principal" value="PROXY_USER_NAME"/>
+		<bci:env prop="java.naming.security.credentials" value="PROXY_USER_PW"/>
+		<bci:connection xsi:type="bci:LDAPConnector">
+			<bci:address>ldap://LDAP_HOST_NAME:LDAP_LISTEN_PORT</bci:address>
+		</bci:connection>
+	</bci:realm>
+	<bci:realm desc="Realm Join Definition" id="E263CCC1-8F9D-4551-B786-068AA84E8564">
+		<bci:connection xsi:type="bci:JoinConnector">
+			<bci:realmID>REALM</bci:realmID>
+		</bci:connection>
+	</bci:realm>
+</bci:realms>

CASA-auth-token/java/server/Svc/templates/identoken.settings

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<settings>
+	<Attributes>sn</Attributes>
+</settings>
+

CASA-auth-token/java/server/Svc/templates/svc.settings

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<settings>
+	<IAConfigFile>IAREALMS_FILE_PATH</IAConfigFile>
+</settings>