...
This page describes how to enable Federation in Tomcat. This Tomcat instance acts as the Relying Party which means it validates the incoming SignInResponse which has been created by the Identity Provider (IDP) server.
Installation
You can either build the plugin on your own or download the package here (tbd). If you have built the plugin on your own you'll find the required libraries in plugins/tomcat/target/...zip-with-dependencies.zip
- Create sub-directory
fediz
in${catalina.home}/lib
- Update calatina.properties in ${catalina.home}/conf
add the previously created directory to the common loader:
common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.home}/lib/fediz/*.jar
- Deploy the libraries to the directory created in (1)
Configuration
The current release of the federation plugin requires to configure the FederationAuthenticator of Fediz like any other Valve in Tomcat which is described here here.
...
You can either configure the context in the server.xml or in META-INF/context.xml as part of your WAR file.
META-INF/context.xml
Code Block | ||||
---|---|---|---|---|
|
...
<Context> <Valve className="org.apache.cxf.fediz.tomcat.FederationAuthenticator" |
...
configFile="conf/Fediz_config.xml" /> |
...
</Context> |
Host level in server.xml
...
Code Block | ||||
---|---|---|---|---|
| ||||
<Host name="localhost" appBase="webapps" |
...
unpackWARs="true" autoDeploy="true |
...
"> |
...
<Valve className="org.apache.cxf.fediz.tomcat.FederationAuthenticator" |
...
configFile="conf/Fediz_config.xml" /> |
...
</Host> |
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
...
Context level in server.xml
Code Block | ||
---|---|---|
|
...
| ||
<Context path="/fedizhelloworld" docBase="fedizhelloworld"> |
...
<Valve className="org.apache.cxf.fediz.tomcat.FederationAuthenticator" |
...
configFile="conf/Fediz_config.xml" /> |
...
</Context> |
The Fediz configuration file is container independent and described here
...