Versions Compared

Old Version 1

changes.mady.by.user Oliver Wulff

Saved on

compared with

New Version Current

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Jetty Plugin

...

Apache CXF Fediz ships plugins for Jetty 8 and 9 instances. Previous versions of Fediz shipped plugins for Jetty 7. From release 1.4.5, the Jetty 8 and 9 plugins support both WS-Federation and SAML SSO.

This page describes how to enable Federation for a Jetty 7/8 instance hosting Relying Party (RP) applications. This configuration is not for a separate Tomcat instance hosting the Fediz IDP and IDP STS WARs, or hosts for third-party applications that use Fediz STS-generated SAML assertions for authentication. After this configuration is done, the Jetty-RP instance will validate the incoming SignInResponse created by the IDP server.

Prior to doing this configuration, make sure you've first deployed the Fediz IDP and STS on the Tomcat IDP instance as discussed here, and can view the STS WSDL at the URL given on that page. That page also provides some tips for running multiple Tomcat instances on your machine.

...

You can either build the Fediz plugin on your own or download the package here. If you have built the plugin on your own you'll find the required libraries in plugins/jettyjetty${version}/target/...zip-with-dependencies.zip

  1. Create sub-directory fediz in ${jetty.home}/lib/fediz

  2. Update start.ini in ${jetty.home}/start.ini by adding fediz to the OPTIONS

    Code Block
    
OPTIONS=Server,fediz


  3. Deploy the libraries to the directory created in (1)

...

The configuration is described in detail here

This page also describes how to create certificates. Sample Jetty keystores (not for production use, but useful for demoing Fediz and running the sample applications) are provided in the examples/samplekeys folder of the Fediz distribution. Note the Jetty keystore here is different from the one used to configure the Tomcat-IDP instance.

To establish trust, there are significant keystore/truststore requirements between the Servlet Container instances and the various web applications (IDP, STS, Relying party applications, third party web services, etc.) See this page for more details, it lists the trust requirements as well as sample scripts for creating your own (self-signed) keys.

...