Versions Compared

Old Version 5

changes.mady.by.user Oliver Wulff

Saved on

compared with

New Version 6

changes.mady.by.user Oliver Wulff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Fediz IDP has been tested with Tomcat 6 and 7 but should be able to work with any commercial JEE application server.

Deploy the WAR files to your Tomcat installation (<catalina.home>/webapps).

A Relying Party application trusts the IDP/STS component that the IDP authenticated the browser user. The trust is established based on the certificate/private key used by the STS to sign the SAML token. The signing certificate is located in webapps/fediz-idp-sts/WEB-INF/classes/stsstore.jks. You must copy this keystore to a location where the Relying Party can reference it in its Fediz Configuration in the element certificateStores.

This keystore contains the private key as well. In a production environment, you must not deploy the private key of the STS to the Relying Party

Configuration

You can manage the users, their claims and the claims per application in the IDP.

HTTPS configuration

It's recommended to set up a dedicated (separate) Tomcat instance for the IDP. The Fediz examples use the following TCP ports to interact with the IDP/STS:

...

Production: It's highly recommended to deploy certificates signed by a Certificate Authority

Deploy the WAR files to your Tomcat installation (<catalina.home>/webapps) and ensure that Tomcat is started thus the WAR files get deployed.

A Relying Party application trusts the IDP/STS component that the IDP authenticated the browser user. The trust is established based on the certificate/private key used by the STS to sign the SAML token. The signing certificate is located in webapps/fediz-idp-sts/WEB-INF/classes/stsstore.jks. You must copy this keystore to a location where the Relying Party can reference it in its Fediz Configuration in the element certificateStores.

This keystore contains the private key as well. In a production environment, you must not deploy the private key of the STS to the Relying Party

Configuration

You can manage the users, their claims and the claims per application in the IDP.

User and password

The users and passwords are configured in a Spring configuration file in webapps/fediz-idp-sts/WEB-INF/passwords.xml. The following users are already configured and can easily be extended.

...