Page History

...

This page describes how to enable Federation in Tomcat. This Tomcat instance acts as the Relying Party which means it validates the incoming SignInResponse which has been created by the Identity Provider (IDP) server.

Installation

You can either build the plugin on your own or download the package here (tbd). If you have built the plugin on your own you'll find the required libraries in plugins/tomcat/target/...zip-with-dependencies.zip

1. Create sub-directory fediz in ${catalina.home}/lib
2. Update calatina.properties in ${catalina.home}/conf
   add the previously created directory to the common loader:
   common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.home}/lib/fediz/*.jar
3. Deploy the libraries to the directory created in (1)

Configuration

The current release of the federation plugin requires to configure the FederationAuthenticator of Fediz like any other Valve in Tomcat which is described here here.

...

You can either configure the context in the server.xml or in META-INF/context.xml as part of your WAR file.

META-INF/context.xml

...

 
  <Context> 
    <Valve className="org.apache.cxf.fediz.tomcat.FederationAuthenticator"

...

      configFile="conf/Fediz_config.xml" />

...

  </Context> 

Host level in server.xml

...

 
  <Host name="localhost"  appBase="webapps"

...

        unpackWARs="true" autoDeploy="true

...

">

...

    <Valve className="org.apache.cxf.fediz.tomcat.FederationAuthenticator"

...

           configFile="conf/Fediz_config.xml" />

...

  </Host>

<Host name="localhost" appBase="webapps"

unpackWARs="true" autoDeploy="true">
...

Context level in server.xml

...

 
  <Context path="/fedizhelloworld" docBase="fedizhelloworld">

...

    <Valve className="org.apache.cxf.fediz.tomcat.FederationAuthenticator"

...

      configFile="conf/Fediz_config.xml" />

...

  </Context>

The Fediz configuration file is container independent and described here
...