Versions Compared

Old Version 7

changes.mady.by.user Oliver Wulff

Saved on

compared with

New Version 8

changes.mady.by.user Oliver Wulff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
xml
xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<FedizConfig>
    <contextConfig name="/fedizhelloworld">
        <audienceUris>
            <audienceItem>https://localhost:8443/fedizhelloworld</audienceItem>
        </audienceUris>
        <certificateStore><certificateStores>
            <trustManager>
                <keyStore file="conf/stsstore.jks" password="stsspass" type="JKS" />
            </trustManager>
        </certificateStore>certificateStores>
        <trustedIssuers>
            <issuer name="issuer 1" certificateValidation="ChainTrust" subject=".*CN=www.sts.com.*" />
        </trustedIssuers>
        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="federationProtocolType" version="1.2">
            <issuer>https://localhost:9443/fedizidp/</issuer>
        </protocol>
    </contextConfig>
</FedizConfig>

...

XML element

Name

Use

Description

audienceUris

Audience URI

Required

The values of the list of audience URIs are verified against the element AudienceRestriction in the SAML token

certificateStore certificateStores

Trusted certificate store

Required

The list of keystores (JKS, PEM) includes at least the certificate of the Certificate Authorities (CA) which signed the certificate which is used to sign the SAML token.
If the file location is not fully qualified it's relative to the Container home directory

trustedIssuers

Trusted Issuers

Required

There are two ways to configure a trusted issuer (IDP). Either you configure the subject name and the CA(s) who signed the certificate of the IDP (certificateValidation=ChainTrust) or you configure the certificate of the IDP and the CA(s) who signed it (certificateValidation=PeerTrust)

maximumClockSkew

Maximum Clock Skew

Optional

Maximum allowable time difference between the system clocks of the IDP and RP.
Default 5 seconds.

...

Code Block
xml
xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<FedizConfig>
    <contextConfig name="/fedizhelloworld">
        <audienceUris>
            <audienceItem>https://localhost:8443/fedizhelloworld</audienceItem>
        </audienceUris>
        <certificateStore><certificateStores>
            <keyStore file="/projects/fediz/tomcat-rp2/conf/stsstore.jks" password="stsspass" type="file" />
        </certificateStore>certificateStores>
        <maximumClockSkew>10</maximumClockSkew>
        <trustedIssuers>
            <issuer name="issuer 1" certificateValidation="ChainTrust" subject=".*CN=www.sts.com.*" />
        </trustedIssuers>
        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="federationProtocolType" version="1.2">
            <issuer>https://localhost:9443/fedizidp/</issuer>
            <roleDelimiter>,</roleDelimiter>
            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
            <claimTypesRequested>
                <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" optional="true" />
            </claimTypesRequested>
            <authenticationType type="String" value="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/smartcard" />
            <homeRealm type="Class" value="example.HomeRealmCallbackHandler" />
        </protocol>
    </contextConfig>
</FedizConfig>