...
Code Block | ||||
---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <FedizConfig> <contextConfig name="/fedizhelloworld"> <audienceUris> <audienceItem>https://localhost:8443/fedizhelloworld</audienceItem> </audienceUris> <certificateStore><certificateStores> <trustManager> <keyStore file="conf/stsstore.jks" password="stsspass" type="JKS" /> </trustManager> </certificateStore>certificateStores> <trustedIssuers> <issuer name="issuer 1" certificateValidation="ChainTrust" subject=".*CN=www.sts.com.*" /> </trustedIssuers> <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="federationProtocolType" version="1.2"> <issuer>https://localhost:9443/fedizidp/</issuer> </protocol> </contextConfig> </FedizConfig> |
...
XML element | Name | Use | Description |
---|---|---|---|
audienceUris | Audience URI | Required | The values of the list of audience URIs are verified against the element |
certificateStore certificateStores | Trusted certificate store | Required | The list of keystores (JKS, PEM) includes at least the certificate of the Certificate Authorities (CA) which signed the certificate which is used to sign the SAML token. |
trustedIssuers | Trusted Issuers | Required | There are two ways to configure a trusted issuer (IDP). Either you configure the subject name and the CA(s) who signed the certificate of the IDP ( |
maximumClockSkew | Maximum Clock Skew | Optional | Maximum allowable time difference between the system clocks of the IDP and RP. |
...
Code Block | ||||
---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <FedizConfig> <contextConfig name="/fedizhelloworld"> <audienceUris> <audienceItem>https://localhost:8443/fedizhelloworld</audienceItem> </audienceUris> <certificateStore><certificateStores> <keyStore file="/projects/fediz/tomcat-rp2/conf/stsstore.jks" password="stsspass" type="file" /> </certificateStore>certificateStores> <maximumClockSkew>10</maximumClockSkew> <trustedIssuers> <issuer name="issuer 1" certificateValidation="ChainTrust" subject=".*CN=www.sts.com.*" /> </trustedIssuers> <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="federationProtocolType" version="1.2"> <issuer>https://localhost:9443/fedizidp/</issuer> <roleDelimiter>,</roleDelimiter> <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> <claimTypesRequested> <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" optional="true" /> </claimTypesRequested> <authenticationType type="String" value="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/smartcard" /> <homeRealm type="Class" value="example.HomeRealmCallbackHandler" /> </protocol> </contextConfig> </FedizConfig> |