...
The Fediz STS is based on a customized CXF STS configured to support standard Federation use cases demonstrated by the examples. The Fediz STS has been enhanced to support two realms *Realm-A* and *Realm-B* with the following set of users:
User | Password |
---|---|
Realm A |
alice | ecila |
bob | bob |
ted | det |
Realm B |
ALICE | ECILA |
BOB | BOB |
TED | DET |
The Fediz IDP doesn't support several realms within one WAR which requires to build a Fediz IDP WAR for Realm A (default, shipped with Fediz Distribution) and Realm B. See below how to build a Fediz IDP WAR for a specific realm.
...
Code Block | ||||
---|---|---|---|---|
| ||||
<Server port="9005" shutdown="SHUTDOWN"> ... <!-- http configuration --> <Connector port="9080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="9443" /> ... <!-- https configuration --> <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="want" sslProtocol="TLS" keystoreFile="idp-ssl-serverkey.jks" keystorePass="tompass" keystorePasstruststoreFile="tompassidp-ssl-trust.jks" sslProtocoltruststorePass="TLSispass" /> ... <Connector port="9009" protocol="AJP/1.3" redirectPort="9443" /> ... </Server> |
...
Once you deploy the IDP WAR files to your Tomcat installation (<catalina.home>/webapps), you should be able to see the Fediz STS from a browser. Assuming port 9080 as listed above, the STS WSDL is available at:
Version | STS WSDL location |
---|---|
Fediz 1.0.x | http://localhost:9080/fediz-idp-sts/STSService?wsdl |
Fediz 1.1.x | http://localhost:9080/fediz-idp-sts/REALMA/STSServiceTransport?wsdl |
Configuration
You can manage the users, their claims and the claims per application in the IDP.
...
The users and passwords are configured in a Spring configuration file in webapps/fediz-idp-sts/WEB-INF/data/passwords.xml
. The following users are already configured for the Realm A and can easily be extended.
...
The claims of each user are configured in a spring configuration file webapps/fediz-idp-sts/WEB-INF/data/userClaims.xml
. The following claims are already configured:
...