andrewferrier/gist:4aa16a18639628f054a8

## gistfile1.txt
<?xml version="1.0" encoding="UTF-8"?><tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <!-- Licensed Materials - Property of IBM 5725-G92 (C) Copyright IBM Corp.
		2006, 2013. All Rights Reserved. US Government Users Restricted Rights -
		Use, duplication or disclosure restricted by GSA ADP Schedule Contract with
		IBM Corp. -->
    <staticResources>
        <resource id="receiveSMS" securityTest="SubscribeServlet">
            <urlPatterns>/receiveSMS*</urlPatterns>
        </resource>
    </staticResources>
    <securityTests>
        <customSecurityTest name="SubscribeServlet">
            <test realm="wl_directUpdateRealm" step="1"/>
            <test isInternalUserID="true" realm="SubscribeServlet"/>
        </customSecurityTest>
        <webSecurityTest name="ISAMforMobileFirst-web-securityTest">
            <testUser realm="HeaderAuthRealm"/>
        </webSecurityTest>
        <mobileSecurityTest name="ISAMforMobileFirst-mobile-securityTest">
        	<testAppAuthenticity/>
            <testUser realm="HeaderAuthRealm"/>
            <testDeviceId provisioningType="none"/>
        </mobileSecurityTest>
        <customSecurityTest name="ISAMforMobileFirst-Step-up-securityTest">
            <test realm="wl_directUpdateRealm" step="1"/>
            <test isInternalDeviceID="false" isInternalUserID="true" realm="ISAMStepupRealm"/>
        </customSecurityTest>
        <customSecurityTest name="OAuthSecurityTest">
            <test realm="wl_directUpdateRealm" step="1"/>
            <test isInternalDeviceID="false" isInternalUserID="true" realm="OAuthRealm"/>
        </customSecurityTest>

		<!--For User Certificate Authentication -->
		<customSecurityTest name="ISAMforMobileFirst-certificateTest">
		   <test realm="wl_antiXSRFRealm" step="1"/>
		   <test realm="wl_authenticityRealm" step="1"/>
		   <test realm="wl_directUpdateRealm" mode="perSession" step="1"/>
		   <test realm="wl_userCertificateAuthRealm" isInternalUserID="true" step="1"/>
		   <test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
		</customSecurityTest>

    </securityTests>
    <realms>
        <realm loginModule="rejectAll" name="SubscribeServlet">
            <className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
        </realm>
        <realm loginModule="HeaderAuthModule" name="HeaderAuthRealm">
            <className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
        </realm>
        <realm loginModule="HeaderAuthModule" name="ISAMStepupRealm">
            <className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
        </realm>
        <realm loginModule="HeaderAuthModule" name="OAuthRealm">
            <className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
        </realm>
        <!-- Realm for User Certificate Authentication -->
		<realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
      		<className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
      		<parameter name="dependent-user-auth-realm" value="HeaderAuthRealm" />
            <parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
            <parameter name="embedded-pki-bridge-ca-p12-file-path" value="<file-path>"/>
            <parameter name="embedded-pki-bridge-ca-p12-password" value="passSigningP12" />
    	</realm>
    	<realm name="WASLTPARealm" loginModule="WASLTPAModule">
			<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
			<parameter name="login-page" value="/login.html"/>
			<parameter name="error-page" value="/loginError.html"/>
		</realm>
    </realms>
    <loginModules>
        <loginModule name="rejectAll">
            <className>com.worklight.core.auth.ext.RejectingLoginModule</className>
        </loginModule>
        <loginModule name="HeaderAuthModule">
            <className>com.worklight.core.auth.ext.HeaderLoginModule</className>
            <parameter name="user-name-header" value="iv-user"/>
            <parameter name="display-name-header" value="iv-user"/>
        </loginModule>

        <!-- Login Module for User Certificate Authentication -->
		<loginModule name="WLUserCertificateLoginModule">
		   <className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
		</loginModule>
		<loginModule name="WASLTPAModule">
    <className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
  </loginModule>

    </loginModules>
</tns:loginConfiguration>
	<?xml version="1.0" encoding="UTF-8"?><tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
	<!-- Licensed Materials - Property of IBM 5725-G92 (C) Copyright IBM Corp.
	2006, 2013. All Rights Reserved. US Government Users Restricted Rights -
	Use, duplication or disclosure restricted by GSA ADP Schedule Contract with
	IBM Corp. -->
	<staticResources>
	<resource id="receiveSMS" securityTest="SubscribeServlet">
	<urlPatterns>/receiveSMS*</urlPatterns>
	</resource>
	</staticResources>
	<securityTests>
	<customSecurityTest name="SubscribeServlet">
	<test realm="wl_directUpdateRealm" step="1"/>
	<test isInternalUserID="true" realm="SubscribeServlet"/>
	</customSecurityTest>
	<webSecurityTest name="ISAMforMobileFirst-web-securityTest">
	<testUser realm="HeaderAuthRealm"/>
	</webSecurityTest>
	<mobileSecurityTest name="ISAMforMobileFirst-mobile-securityTest">
	<testAppAuthenticity/>
	<testUser realm="HeaderAuthRealm"/>
	<testDeviceId provisioningType="none"/>
	</mobileSecurityTest>
	<customSecurityTest name="ISAMforMobileFirst-Step-up-securityTest">
	<test realm="wl_directUpdateRealm" step="1"/>
	<test isInternalDeviceID="false" isInternalUserID="true" realm="ISAMStepupRealm"/>
	</customSecurityTest>
	<customSecurityTest name="OAuthSecurityTest">
	<test realm="wl_directUpdateRealm" step="1"/>
	<test isInternalDeviceID="false" isInternalUserID="true" realm="OAuthRealm"/>
	</customSecurityTest>

	<!--For User Certificate Authentication -->
	<customSecurityTest name="ISAMforMobileFirst-certificateTest">
	<test realm="wl_antiXSRFRealm" step="1"/>
	<test realm="wl_authenticityRealm" step="1"/>
	<test realm="wl_directUpdateRealm" mode="perSession" step="1"/>
	<test realm="wl_userCertificateAuthRealm" isInternalUserID="true" step="1"/>
	<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
	</customSecurityTest>

	</securityTests>
	<realms>
	<realm loginModule="rejectAll" name="SubscribeServlet">
	<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
	</realm>
	<realm loginModule="HeaderAuthModule" name="HeaderAuthRealm">
	<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
	</realm>
	<realm loginModule="HeaderAuthModule" name="ISAMStepupRealm">
	<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
	</realm>
	<realm loginModule="HeaderAuthModule" name="OAuthRealm">
	<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
	</realm>
	<!-- Realm for User Certificate Authentication -->
	<realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
	<className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
	<parameter name="dependent-user-auth-realm" value="HeaderAuthRealm" />
	<parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
	<parameter name="embedded-pki-bridge-ca-p12-file-path" value="<file-path>"/>
	<parameter name="embedded-pki-bridge-ca-p12-password" value="passSigningP12" />
	</realm>
	<realm name="WASLTPARealm" loginModule="WASLTPAModule">
	<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
	<parameter name="login-page" value="/login.html"/>
	<parameter name="error-page" value="/loginError.html"/>
	</realm>
	</realms>
	<loginModules>
	<loginModule name="rejectAll">
	<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
	</loginModule>
	<loginModule name="HeaderAuthModule">
	<className>com.worklight.core.auth.ext.HeaderLoginModule</className>
	<parameter name="user-name-header" value="iv-user"/>
	<parameter name="display-name-header" value="iv-user"/>
	</loginModule>

	<!-- Login Module for User Certificate Authentication -->
	<loginModule name="WLUserCertificateLoginModule">
	<className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
	</loginModule>
	<loginModule name="WASLTPAModule">
	<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
	</loginModule>

	</loginModules>
	</tns:loginConfiguration>