From 953bc97f43949f76029c9a69e92ce3caf837683b Mon Sep 17 00:00:00 2001
From: Maduranga <maduranga@wso2.com>
Date: Mon, 9 Sep 2024 19:02:08 +0530
Subject: [PATCH] Fix web finger test failure

---
 .../pom.xml                                   |   6 +-
 .../WebFingerOIDCResponseBuilderTest.java     |  18 +
 .../repository/conf/identity/identity.xml     | 527 ------------------
 3 files changed, 19 insertions(+), 532 deletions(-)
 delete mode 100644 components/org.wso2.carbon.identity.webfinger/src/test/resources/repository/conf/identity/identity.xml

diff --git a/components/org.wso2.carbon.identity.webfinger/pom.xml b/components/org.wso2.carbon.identity.webfinger/pom.xml
index 4b824ff0f88..51dba253f3c 100644
--- a/components/org.wso2.carbon.identity.webfinger/pom.xml
+++ b/components/org.wso2.carbon.identity.webfinger/pom.xml
@@ -55,6 +55,7 @@
         <dependency>
             <groupId>org.wso2.carbon.identity.framework</groupId>
             <artifactId>org.wso2.carbon.identity.testutil</artifactId>
+            <scope>test</scope>
         </dependency>
 
         <dependency>
@@ -83,11 +84,6 @@
             <artifactId>mockito-core</artifactId>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.wso2.carbon.identity.framework</groupId>
-            <artifactId>org.wso2.carbon.identity.testutil</artifactId>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-testng</artifactId>
diff --git a/components/org.wso2.carbon.identity.webfinger/src/test/java/org/wso2/carbon/identity/webfinger/builders/WebFingerOIDCResponseBuilderTest.java b/components/org.wso2.carbon.identity.webfinger/src/test/java/org/wso2/carbon/identity/webfinger/builders/WebFingerOIDCResponseBuilderTest.java
index cb3d2ebd7a5..c5c763bc452 100644
--- a/components/org.wso2.carbon.identity.webfinger/src/test/java/org/wso2/carbon/identity/webfinger/builders/WebFingerOIDCResponseBuilderTest.java
+++ b/components/org.wso2.carbon.identity.webfinger/src/test/java/org/wso2/carbon/identity/webfinger/builders/WebFingerOIDCResponseBuilderTest.java
@@ -23,11 +23,17 @@
 import org.testng.annotations.Test;
 import org.wso2.carbon.base.ServerConfigurationException;
 import org.wso2.carbon.identity.base.IdentityException;
+import org.wso2.carbon.identity.common.testng.WithCarbonHome;
+import org.wso2.carbon.identity.core.util.IdentityConfigParser;
 import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
 import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
 import org.wso2.carbon.identity.webfinger.WebFingerEndpointException;
 import org.wso2.carbon.identity.webfinger.WebFingerRequest;
 import org.wso2.carbon.identity.webfinger.WebFingerResponse;
+import org.wso2.carbon.utils.CarbonUtils;
+
+import java.io.File;
+import java.lang.reflect.Field;
 
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.Mockito.mockStatic;
@@ -36,6 +42,7 @@
 /**
  * Unit test coverage for WebFingerOIDCResponseBuilder class.
  */
+@WithCarbonHome
 public class WebFingerOIDCResponseBuilderTest {
 
     private WebFingerOIDCResponseBuilder webFingerOIDCResponseBuilder;
@@ -63,6 +70,9 @@ public void setUp() throws Exception {
         webFingerRequest.setRel(rel);
         webFingerRequest.setTenant(tenant);
 
+        setPrivateStaticField(IdentityConfigParser.class, "configFilePath", System.getProperty("carbon.home")
+                + File.separator + "repository" + File.separator + "conf" + File.separator + "identity"
+                + File.separator + "identity.xml");
         oAuth2Util = mockStatic(OAuth2Util.class);
     }
 
@@ -72,6 +82,14 @@ public void tearDown() {
         oAuth2Util.close();
     }
 
+    private void setPrivateStaticField(Class<?> clazz, String fieldName, Object newValue)
+            throws NoSuchFieldException, IllegalAccessException {
+
+        Field field = clazz.getDeclaredField(fieldName);
+        field.setAccessible(true);
+        field.set(null, newValue);
+    }
+
     @Test
     public void testBuildWebFingerResponse() throws Exception {
 
diff --git a/components/org.wso2.carbon.identity.webfinger/src/test/resources/repository/conf/identity/identity.xml b/components/org.wso2.carbon.identity.webfinger/src/test/resources/repository/conf/identity/identity.xml
deleted file mode 100644
index 4f56c693a4e..00000000000
--- a/components/org.wso2.carbon.identity.webfinger/src/test/resources/repository/conf/identity/identity.xml
+++ /dev/null
@@ -1,527 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!--
-~ Copyright (c) 2011, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
-~
-~ Licensed under the Apache License, Version 2.0 (the "License");
-~ you may not use this file except in compliance with the License.
-~ You may obtain a copy of the License at
-~
-~ http://www.apache.org/licenses/LICENSE-2.0
-~
-~ Unless required by applicable law or agreed to in writing, software
-~ distributed under the License is distributed on an "AS IS" BASIS,
-~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-~ See the License for the specific language governing permissions and
-~ limitations under the License.
- -->
-
-<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
-
-    <JDBCPersistenceManager>
-        <DataSource>
-            <!-- Include a data source name (jndiConfigName) from the set of data
-                sources defined in master-datasources.xml -->
-            <Name>jdbc/WSO2IdentityDB</Name>
-        </DataSource>
-        <!-- If the identity database is created from another place and if it is
-            required to skip schema initialization during the server start up, set the
-            following property to "true". -->
-        <!-- <SkipDBSchemaCreation>false</SkipDBSchemaCreation> -->
-        <SessionDataPersist>
-            <Enable>true</Enable>
-            <Temporary>true</Temporary>
-            <PoolSize>0</PoolSize>
-            <SessionDataCleanUp>
-                <Enable>true</Enable>
-                <CleanUpTimeout>20160</CleanUpTimeout>
-                <CleanUpPeriod>1140</CleanUpPeriod>
-            </SessionDataCleanUp>
-            <OperationDataCleanUp>
-                <Enable>true</Enable>
-                <CleanUpPeriod>720</CleanUpPeriod>
-            </OperationDataCleanUp>
-        </SessionDataPersist>
-    </JDBCPersistenceManager>
-
-    <!-- Time configurations are in minutes -->
-    <TimeConfig>
-        <SessionIdleTimeout>15</SessionIdleTimeout>
-        <RememberMeTimeout>20160</RememberMeTimeout>
-    </TimeConfig>
-
-    <!-- Security configurations -->
-    <Security>
-        <!-- The directory under which all other KeyStore files will be stored -->
-        <KeyStoresDir>${carbon.home}/conf/keystores</KeyStoresDir>
-        <KeyManagerType>SunX509</KeyManagerType>
-        <TrustManagerType>SunX509</TrustManagerType>
-    </Security>
-
-    <Identity>
-        <IssuerPolicy>SelfAndManaged</IssuerPolicy>
-        <TokenValidationPolicy>CertValidate</TokenValidationPolicy>
-        <BlackList></BlackList>
-        <WhiteList></WhiteList>
-        <System>
-            <KeyStore></KeyStore>
-            <StorePass></StorePass>
-        </System>
-    </Identity>
-
-    <OpenID>
-        <!--
-            Default values for OpenIDServerUrl and OpenIDUSerPattern are built in following format
-            https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/<context>
-            If above format doesn't satisfy uncomment the following configs and explicitly configure the values
-         -->
-        <OpenIDServerUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/openidserver</OpenIDServerUrl>
-        <OpenIDUserPattern>${carbon.protocol}://${carbon.host}:${carbon.management.port}/openid</OpenIDUserPattern>
-        <OpenIDLoginUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/openid_login.do</OpenIDLoginUrl>
-
-        <!-- If the users must be prompted for approval -->
-        <OpenIDSkipUserConsent>false</OpenIDSkipUserConsent>
-        <!-- Expiry time of the OpenID RememberMe token in minutes -->
-        <OpenIDRememberMeExpiry>7200</OpenIDRememberMeExpiry>
-        <!-- To enable or disable openid dumb mode -->
-        <DisableOpenIDDumbMode>false</DisableOpenIDDumbMode>
-
-        <!--
-               OpenID private association store is configurable from following configs.
-               It includes two new replication stores,
-                       i.   OpenIDServerAssociationStore (Default association store)
-                       ii.  PrivateAssociationCryptoStore
-                       iii. PrivateAssociationReplicationStore
-        -->
-
-        <!-- Specify full qualified class name of the class which going to use as private association store -->
-        <!-- 
-		<OpenIDPrivateAssociationStoreClass>org.wso2.carbon.identity.provider.openid.PrivateAssociationCryptoStore</OpenIDPrivateAssociationStoreClass>
-	-->
-
-        <!-- The expiration time (in minutes) for the OpenID association -->
-        <!--
-		<OpenIDAssociationExpiryTime>15</OpenIDAssociationExpiryTime>
-	-->
-
-        <!-- Configs specific to PrivateAssociationCryptoStore -->
-        <!-- Server secret. This value should be the same in all nodes in the cluster -->
-        <!--
-		<OpenIDPrivateAssociationServerKey>qewlj324lmasc</OpenIDPrivateAssociationServerKey>
-	-->
-
-        <!-- Configs specific to PrivateAssociationCryptoStore -->
-        <!-- This enable private association cleanup task which cleans expired private associations -->
-        <!--
-		<EnableOpenIDAssociationCleanupTask>true</EnableOpenIDAssociationCleanupTask>
-	-->
-        <!-- Time Period (in minutes) that cleanup task would run -->
-        <!--
-		<OpenIDAssociationCleanupPeriod>15</OpenIDAssociationCleanupPeriod>
-	-->
-    </OpenID>
-
-    <OAuth>
-        <!--
-            Default values for OAuth1RequestTokenUrl, OAuth1AccessTokenUrl, OAuth1AuthorizeUrl
-            OAuth2AuthzEPUrl, OAuth2TokenEPUrl and OAuth2UserInfoEPUrl are built in following format
-            https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/<context>/<path>
-            If above format doesn't satisfy uncomment the following configs and explicitly configure the values
-         -->
-        <OAuth1RequestTokenUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth/request-token</OAuth1RequestTokenUrl>
-        <OAuth1AuthorizeUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth/authorize-url</OAuth1AuthorizeUrl>
-        <OAuth1AccessTokenUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth/access-token</OAuth1AccessTokenUrl>
-        <OAuth2AuthzEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/authorize</OAuth2AuthzEPUrl>
-        <OAuth2ParEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/par</OAuth2ParEPUrl>
-        <OAuth2TokenEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</OAuth2TokenEPUrl>
-        <OAuth2RevokeEPUrll>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/revoke</OAuth2RevokeEPUrll>
-        <OAuth2IntrospectEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/introspect</OAuth2IntrospectEPUrl>
-        <OAuth2UserInfoEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/userinfo</OAuth2UserInfoEPUrl>
-        <OIDCCheckSessionEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oidc/checksession</OIDCCheckSessionEPUrl>
-        <OIDCLogoutEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oidc/logout</OIDCLogoutEPUrl>
-        <OAuth2ConsentPage>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/oauth2_authz.do</OAuth2ConsentPage>
-        <OAuth2ErrorPage>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/oauth2_error.do</OAuth2ErrorPage>
-        <OIDCConsentPage>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/oauth2_consent.do</OIDCConsentPage>
-        <OIDCLogoutConsentPage>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/oauth2_logout_consent.do</OIDCLogoutConsentPage>
-        <OIDCLogoutPage>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/oauth2_logout.do</OIDCLogoutPage>
-
-        <OIDCWebFingerEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/.well-known/webfinger</OIDCWebFingerEPUrl>
-
-        <!-- For tenants below urls will be modified as https://<hostname>:<port>/t/<tenant domain>/<path>-->
-        <OAuth2DCREPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/identity/connect/register</OAuth2DCREPUrl>
-        <OAuth2JWKSPage>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/jwks</OAuth2JWKSPage>
-        <OIDCDiscoveryEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/oidcdiscovery</OIDCDiscoveryEPUrl>
-
-        <!-- Default validity period for Authorization Code in seconds -->
-        <AuthorizationCodeDefaultValidityPeriod>300</AuthorizationCodeDefaultValidityPeriod>
-        <!-- Default validity period for application access tokens in seconds -->
-        <AccessTokenDefaultValidityPeriod>3600</AccessTokenDefaultValidityPeriod>
-        <!-- Default validity period for user access tokens in seconds -->
-        <UserAccessTokenDefaultValidityPeriod>3600</UserAccessTokenDefaultValidityPeriod>
-        <!-- Validity period for refresh token -->
-        <RefreshTokenValidityPeriod>84600</RefreshTokenValidityPeriod>
-        <!-- Timestamp skew in seconds -->
-        <TimestampSkew>300</TimestampSkew>
-        <!-- Enable OAuth caching -->
-        <EnableOAuthCache>false</EnableOAuthCache>
-        <!-- Enable renewal of refresh token for refresh_token grant -->
-        <RenewRefreshTokenForRefreshGrant>true</RenewRefreshTokenForRefreshGrant>
-        <!-- Process the token before storing it in database, e.g. encrypting -->
-        <TokenPersistenceProcessor>org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor</TokenPersistenceProcessor>
-        <!-- Supported Client Authentication Methods -->
-        <ClientAuthHandlers>
-            <ClientAuthHandler Class="org.wso2.carbon.identity.oauth2.token.handlers.clientauth.BasicAuthClientAuthHandler">
-                <Property Name="StrictClientCredentialValidation">false</Property>
-            </ClientAuthHandler>
-        </ClientAuthHandlers>
-        <!-- Supported Response Types -->
-        <SupportedResponseTypes>
-            <SupportedResponseType>
-                <ResponseTypeName>token</ResponseTypeName>
-                <ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler</ResponseTypeHandlerImplClass>
-            </SupportedResponseType>
-            <SupportedResponseType>
-                <ResponseTypeName>code</ResponseTypeName>
-                <ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.CodeResponseTypeHandler</ResponseTypeHandlerImplClass>
-            </SupportedResponseType>
-            <SupportedResponseType>
-                <ResponseTypeName>id_token</ResponseTypeName>
-                <ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler</ResponseTypeHandlerImplClass>
-            </SupportedResponseType>
-            <SupportedResponseType>
-                <ResponseTypeName>id_token token</ResponseTypeName>
-                <ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler</ResponseTypeHandlerImplClass>
-            </SupportedResponseType>
-        </SupportedResponseTypes>
-        <!-- Supported Grant Types -->
-        <SupportedGrantTypes>
-            <SupportedGrantType>
-                <GrantTypeName>authorization_code</GrantTypeName>
-                <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationCodeGrantHandler</GrantTypeHandlerImplClass>
-            </SupportedGrantType>
-            <SupportedGrantType>
-                <GrantTypeName>password</GrantTypeName>
-                <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler</GrantTypeHandlerImplClass>
-            </SupportedGrantType>
-            <SupportedGrantType>
-                <GrantTypeName>refresh_token</GrantTypeName>
-                <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler</GrantTypeHandlerImplClass>
-            </SupportedGrantType>
-            <SupportedGrantType>
-                <GrantTypeName>client_credentials</GrantTypeName>
-                <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.ClientCredentialsGrantHandler</GrantTypeHandlerImplClass>
-            </SupportedGrantType>
-            <SupportedGrantType>
-                <GrantTypeName>urn:ietf:params:oauth:grant-type:saml2-bearer</GrantTypeName>
-                <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandler</GrantTypeHandlerImplClass>
-            </SupportedGrantType>
-            <SupportedGrantType>
-                <GrantTypeName>iwa:ntlm</GrantTypeName>
-                <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.NTLMAuthenticationGrantHandler</GrantTypeHandlerImplClass>
-            </SupportedGrantType>
-        </SupportedGrantTypes>
-        <OAuthCallbackHandlers>
-            <OAuthCallbackHandler Class="org.wso2.carbon.identity.oauth.callback.DefaultCallbackHandler"/>
-        </OAuthCallbackHandlers>
-        <!--TokenValidators>
-            <TokenValidator type="bearer" class="org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator"/>
-        </TokenValidators-->
-        <!-- Assertions can be used to embedd parameters into access token. -->
-        <EnableAssertions>
-            <UserName>false</UserName>
-        </EnableAssertions>
-
-        <!-- This should be set to true when using multiple user stores and keys
-            should saved into different tables according to the user store. By default
-            all the application keys are saved in to the same table. UserName Assertion
-            should be 'true' to use this. -->
-        <EnableAccessTokenPartitioning>false</EnableAccessTokenPartitioning>
-        <!-- user store domain names and mapping to new table name. eg: if you
-            provide 'A:foo.com', foo.com should be the user store domain name and 'A'
-            represent the relavant mapping of token store table, i.e. tokens will be
-            added to a table called IDN_OAUTH2_ACCESS_TOKEN_A. -->
-        <AccessTokenPartitioningDomains><!-- A:foo.com, B:bar.com --></AccessTokenPartitioningDomains>
-        <AuthorizationContextTokenGeneration>
-            <Enabled>false</Enabled>
-            <TokenGeneratorImplClass>org.wso2.carbon.identity.oauth2.authcontext.JWTTokenGenerator</TokenGeneratorImplClass>
-            <ClaimsRetrieverImplClass>org.wso2.carbon.identity.oauth2.authcontext.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
-            <ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI>
-            <SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
-            <AuthorizationContextTTL>15</AuthorizationContextTTL>
-        </AuthorizationContextTokenGeneration>
-        <SAML2Grant>
-            <!--SAML2TokenHandler></SAML2TokenHandler-->
-        </SAML2Grant>
-        <OpenIDConnect>
-            <IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
-            <SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
-
-            <!-- Comment out to add Audience values to the JWT token (id_token)  -->
-            <!--Audiences>
-                   <Audience>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</Audience>
-            </Audiences -->
-
-            <!--
-                Default value for IDTokenIssuerID, is OAuth2TokenEPUrl.
-                If that doesn't satisfy uncomment the following config and explicitly configure the value
-            -->
-            <IDTokenIssuerID>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</IDTokenIssuerID>
-            <IDTokenCustomClaimsCallBackHandler>org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback</IDTokenCustomClaimsCallBackHandler>
-            <IDTokenExpiration>3600</IDTokenExpiration>
-            <UserInfoEndpointClaimRetriever>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever</UserInfoEndpointClaimRetriever>
-            <UserInfoEndpointRequestValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator</UserInfoEndpointRequestValidator>
-            <UserInfoEndpointAccessTokenValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator</UserInfoEndpointAccessTokenValidator>
-            <UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder</UserInfoEndpointResponseBuilder>
-            <SkipUserConsent>false</SkipUserConsent>
-        </OpenIDConnect>
-        <DeviceCodeGrant>
-            <KeyLength>6</KeyLength>
-            <ExpiryTime>600000</ExpiryTime>
-            <PollingInterval>5000</PollingInterval>
-            <KeySet>BCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz23456789</KeySet>
-        </DeviceCodeGrant>
-
-        <UseClientIdAsSubClaimForAppTokens>true</UseClientIdAsSubClaimForAppTokens>
-        <RemoveUsernameFromIntrospectionResponseForAppTokens>true</RemoveUsernameFromIntrospectionResponseForAppTokens>
-    </OAuth>
-
-    <MultifactorAuthentication>
-        <!--Enable>false</Enable-->
-        <XMPPSettings>
-            <XMPPConfig>
-                <XMPPProvider>gtalk</XMPPProvider>
-                <XMPPServer>talk.google.com</XMPPServer>
-                <XMPPPort>5222</XMPPPort>
-                <XMPPExt>gmail.com</XMPPExt>
-                <XMPPUserName>multifactor1@gmail.com</XMPPUserName>
-                <XMPPPassword>wso2carbon</XMPPPassword>
-            </XMPPConfig>
-        </XMPPSettings>
-    </MultifactorAuthentication>
-
-    <SSOService>
-        <EntityId>${carbon.host}</EntityId>
-        <!--
-            Default value for IdentityProviderURL is  built in following format
-            https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/samlsso
-            If that doesn't satisfy uncomment the following config and explicitly configure the value
-        -->
-        <IdentityProviderURL>${carbon.protocol}://${carbon.host}:${carbon.management.port}/samlsso</IdentityProviderURL>
-        <DefaultLogoutEndpoint>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/samlsso_logout.do</DefaultLogoutEndpoint>
-        <NotificationEndpoint>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/samlsso_notification.do</NotificationEndpoint>
-        <SingleLogoutRetryCount>5</SingleLogoutRetryCount>
-        <SingleLogoutRetryInterval>60000</SingleLogoutRetryInterval>
-        <!-- in milli seconds -->
-        <TenantPartitioningEnabled>false</TenantPartitioningEnabled>
-        <AttributesClaimDialect>http://wso2.org/claims</AttributesClaimDialect>
-        <!--<SAMLSSOAssertionBuilder>org.wso2.carbon.identity.sso.saml.builders.assertion.ExtendedDefaultAssertionBuilder</SAMLSSOAssertionBuilder>-->
-        <SAMLSSOAssertionBuilder>org.wso2.carbon.identity.sso.saml.builders.assertion.DefaultSAMLAssertionBuilder</SAMLSSOAssertionBuilder>
-        <SAMLSSOEncrypter>org.wso2.carbon.identity.sso.saml.builders.encryption.DefaultSSOEncrypter</SAMLSSOEncrypter>
-        <SAMLSSOSigner>org.wso2.carbon.identity.sso.saml.builders.signature.DefaultSSOSigner</SAMLSSOSigner>
-        <SAML2HTTPRedirectSignatureValidator>org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectDeflateSignatureValidator</SAML2HTTPRedirectSignatureValidator>
-        <!--SAMLSSOResponseBuilder>org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder</SAMLSSOResponseBuilder-->
-
-        <!-- SAML Token validity period in minutes -->
-        <SAMLResponseValidityPeriod>5</SAMLResponseValidityPeriod>
-        <UseAuthenticatedUserDomainCrypto>false</UseAuthenticatedUserDomainCrypto>
-        <SAMLDefaultSigningAlgorithmURI>http://www.w3.org/2000/09/xmldsig#rsa-sha1</SAMLDefaultSigningAlgorithmURI>
-        <SAMLDefaultDigestAlgorithmURI>http://www.w3.org/2000/09/xmldsig#sha1</SAMLDefaultDigestAlgorithmURI>
-        <SLOHostNameVerificationEnabled>true</SLOHostNameVerificationEnabled>
-    </SSOService>
-
-    <SecurityTokenService>
-        <!--
-            Default value for IdentityProviderURL is  built in following format
-            https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/services/wso2carbon-sts
-            If that doesn't satisfy uncomment the following config and explicitly configure the value
-        -->
-        <IdentityProviderURL>${carbon.protocol}://${carbon.host}:${carbon.management.port}/services/wso2carbon-sts</IdentityProviderURL>
-    </SecurityTokenService>
-
-    <PassiveSTS>
-        <!--
-            Default value for IdentityProviderURL is  built in following format
-            https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/passivests
-            If that doesn't satisfy uncomment the following config and explicitly configure the value
-        -->
-        <IdentityProviderURL>${carbon.protocol}://${carbon.host}:${carbon.management.port}/passivests</IdentityProviderURL>
-        <RetryURL>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/retry.do</RetryURL>
-        <TokenStoreClassName>org.wso2.carbon.identity.sts.passive.utils.NoPersistenceTokenStore</TokenStoreClassName>
-        <SLOHostNameVerificationEnabled>true</SLOHostNameVerificationEnabled>
-    </PassiveSTS>
-
-    <EntitlementSettings>
-        <ThirftBasedEntitlementConfig>
-            <EnableThriftService>false</EnableThriftService>
-            <ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
-            <ClientTimeout>10000</ClientTimeout>
-            <KeyStore>
-                <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
-                <Password>wso2carbon</Password>
-            </KeyStore>
-            <!-- Enable this element to mention the host-name of your IS machine -->
-            <ThriftHostName>${carbon.host}</ThriftHostName>
-        </ThirftBasedEntitlementConfig>
-    </EntitlementSettings>
-
-    <SCIM>
-        <!--
-            Default value for UserEPUrl and GroupEPUrl are built in following format
-            https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/<context>/<path>
-            If that doesn't satisfy uncomment the following config and explicitly configure the value
-        -->
-        <UserEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/wso2/scim/Users</UserEPUrl>
-        <GroupEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/wso2/scim/Groups</GroupEPUrl>
-        <SCIMAuthenticators>
-            <Authenticator class="org.wso2.carbon.identity.scim.provider.auth.BasicAuthHandler">
-                <Property name="Priority">5</Property>
-            </Authenticator>
-            <Authenticator class="org.wso2.carbon.identity.scim.provider.auth.OAuthHandler">
-                <Property name="Priority">10</Property>
-                <Property name="AuthorizationServer">local://services</Property>
-                <!--Property name="AuthorizationServer">${carbon.protocol}://${carbon.host}:${carbon.management.port}/services</Property>
-                <Property name="UserName">admin</Property>
-                <Property name="Password">admin</Property-->
-            </Authenticator>
-        </SCIMAuthenticators>
-    </SCIM>
-
-    <!--Recovery>
-        <Notification>
-            <Password>
-                <Enable>false</Enable>
-            </Password>
-            <Username>
-                <Enable>false</Enable>
-            </Username>
-            <InternallyManage>true</InternallyManage>
-        </Notification>
-        <Question>
-            <Password>
-                <Enable>false</Enable>
-                <NotifyStart>false</NotifyStart>
-                <Separator>!</Separator>
-                <MinAnswers>2</MinAnswers>
-                <ReCaptcha>
-                    <Enable>true</Enable>
-                    <MaxFailedAttempts>2</MaxFailedAttempts>
-                </ReCaptcha>
-            </Password>
-        </Question>
-        <ExpiryTime>3</ExpiryTime>
-        <NotifySuccess>false</NotifySuccess>
-        <AdminPasswordReset>
-            <Offline>false</Offline>
-            <OTP>false</OTP>
-            <RecoveryLink>false</RecoveryLink>
-        </AdminPasswordReset>
-    </Recovery>
-
-    <EmailVerification>
-        <Enable>false</Enable>
-        <LockOnCreation>true</LockOnCreation>
-        <Notification>
-            <InternallyManage>true</InternallyManage>
-        </Notification>
-    </EmailVerification>
-
-    <SelfRegistration>
-        <Enable>false</Enable>
-        <LockOnCreation>false</LockOnCreation>
-        <Notification>
-            <InternallyManage>true</InternallyManage>
-        </Notification>
-        <ReCaptcha>false</ReCaptcha>
-    </SelfRegistration-->
-
-    <EventListeners>
-        <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
-                       name="org.wso2.carbon.user.mgt.workflow.userstore.UserStoreActionListener"
-                       orderId="10" enable="true"/>
-        <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
-                       name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener"
-                       orderId="50" enable="false"/>
-        <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
-                       name="org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener"
-                       orderId="95" enable="true"/>
-        <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener"
-                       orderId="90" enable="true"/>
-        <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener"
-                       orderId="97" enable="true">
-        <Property name="Data.Store">org.wso2.carbon.identity.governance.store.JDBCIdentityDataStore</Property>
-        </EventListener>
-        <EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
-                       name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASLoginDataPublisherImpl"
-                       orderId="10" enable="true"/>
-        <EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
-                       name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASSessionDataPublisherImpl"
-                       orderId="11" enable="true"/>
-        <EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
-                       name="org.wso2.carbon.identity.data.publisher.application.authentication.AuthnDataPublisherProxy"
-                       orderId="11" enable="true"/>
-    </EventListeners>
-
-    <CacheConfig>
-        <CacheManager name="IdentityApplicationManagementCacheManager">
-            <Cache name="AppAuthFrameworkSessionContextCache" enable="false" timeout="1" capacity="5000" isDistributed="false"/>
-            <Cache name="AuthenticationContextCache" enable="false" timeout="1" capacity="5000" isDistributed="false"/>
-            <Cache name="AuthenticationRequestCache" enable="false" timeout="1" capacity="5000" isDistributed="false"/>
-            <Cache name="AuthenticationResultCache" enable="false" timeout="1" capacity="5000" isDistributed="false"/>
-            <Cache name="AppInfoCache" enable="true" timeout="1" capacity="5000" isDistributed="false"/>
-            <Cache name="AuthorizationGrantCache" enable="false" timeout="1" capacity="5000" isDistributed="false"/>
-            <Cache name="OAuthCache" enable="false" timeout="1" capacity="5000" isDistributed="false"/>
-            <Cache name="OAuthSessionDataCache" enable="false" timeout="1" capacity="5000" isDistributed="false"/>
-            <Cache name="SAMLSSOParticipantCache" enable="false" timeout="1" capacity="5000" isDistributed="false"/>
-            <Cache name="SAMLSSOSessionIndexCache" enable="false" timeout="1" capacity="5000" isDistributed="false"/>
-            <Cache name="SAMLSSOSessionDataCache" enable="false" timeout="1" capacity="5000" isDistributed="false"/>
-            <Cache name="ServiceProviderCache" enable="true" timeout="1" capacity="5000" isDistributed="false"/>
-            <Cache name="ProvisioningConnectorCache" enable="true" timeout="1" capacity="5000" isDistributed="false"/>
-            <Cache name="ProvisioningEntityCache" enable="false" timeout="1" capacity="5000" isDistributed="false"/>
-            <Cache name="ServiceProviderProvisioningConnectorCache" enable="true" timeout="1" capacity="5000" isDistributed="false"/>
-            <Cache name="IdPCacheByAuthProperty" enable="true" timeout="1" capacity="5000" isDistributed="false"/>
-            <Cache name="IdPCacheByHRI" enable="true" timeout="1" capacity="5000" isDistributed="false"/>
-            <Cache name="IdPCacheByName" enable="true" timeout="1" capacity="5000" isDistributed="false"/>
-        </CacheManager>
-    </CacheConfig>
-
-    <!--Cookies>
-        <Cookie name="commonAuthId" domain="localhost" httpOnly="true" secure="true" />
-    </Cookies-->
-
-
-    <ResourceAccessControl>
-        <Resource context="(.*)/api/identity/user/(.*)" secured="true" http-method="all"/>
-        <Resource context="(.*)/api/identity/recovery/(.*)" secured="true" http-method="all"/>
-        <Resource context="(.*)/.well-known(.*)" secured="true" http-method="all"/>
-        <Resource context="(.*)/identity/register(.*)" secured="true" http-method="all">
-            <Permissions>/permission/admin/manage/identity/applicationmgt/delete</Permissions>
-        </Resource>
-        <Resource context="(.*)/identity/connect/register(.*)" secured="true" http-method="all">
-            <Permissions>/permission/admin/manage/identity/applicationmgt/create</Permissions>
-        </Resource>
-        <Resource context="(.*)/oauth2/introspect(.*)" secured="true" http-method="all">
-            <Permissions>/permission/admin/manage/identity/applicationmgt/view</Permissions>
-        </Resource>
-        <Resource context="(.*)/api/identity/entitlement/(.*)" secured="true" http-method="all">
-            <Permissions>/permission/admin/manage/identity/pep</Permissions>
-        </Resource>
-    </ResourceAccessControl>
-
-    <ClientAppAuthentication>
-        <Application name="dashboard" hash="66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262"/>
-    </ClientAppAuthentication>
-
-    <TenantContextsToRewrite>
-        <WebApp>
-            <Context>/api/identity/user/v0.9</Context>
-            <Context>/api/identity/recovery/v0.9</Context>
-            <Context>/oauth2</Context>
-            <Context>/api/identity/entitlement</Context>
-        </WebApp>
-        <Servlet>
-            <Context>/identity/(.*)</Context>
-        </Servlet>
-    </TenantContextsToRewrite>
-
-    <!-- Server Synchronization Tolerance Configuration in seconds -->
-    <ClockSkew>300</ClockSkew>
-</Server>