Versions Compared

Old Version 1

changes.mady.by.user Oliver Wulff

Saved on

compared with

New Version 2

changes.mady.by.user Oliver Wulff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This page describes the Fediz configuration file which is referenced by the security interceptor (eg. authenticator in Tomcat/Jetty).

Example

The following example describes the minimum configuration for Fediz.

Code Block
xml
xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<FedizConfig>
    <contextConfig name="/fedizhelloworld">
        <audienceUris>
            <audienceItem>https://localhost:8443/fedizhelloworld</audienceItem>
        </audienceUris>
        <certificateStore>
            <keyStore file="/projects/fediz/tomcat-rp2/conf/stsstore.jks" password="stsspass" type="JKS" />
        </certificateStore>
        <trustedIssuers>
            <issuer name="issuer 1" certificateValidation="ChainTrust" subject=".*CN=www.sts.com.*" />
        </trustedIssuers>
        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="federationProtocolType" version="1.2">
            <issuer>https://localhost:9443/fedizidp/</issuer>
        </protocol>
    </contextConfig>
</FedizConfig>

This example describes the minimum configuration. The element protocol defines that you use the WS-Federation protocol. The issuer says to which URL authenticated requests will be redirected with the SignIn request.
The IDP issues a SAML token which must be validated by the plugin. The validation requires the certificate store of the Certificate Authority(ies) of the certificate which signed the SAML token. This is defined in certificateStore. The signing certificate itself is not required because certificateValidation is set to ChainTrust. The subject defines the trusted signing certificate using the subject as a regular expression.
Finally, the audience URI is validated against the audience restriction in the SAML token.

...