Versions Compared

Old Version 9

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version Current

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note: Fediz IDP 1.0 is described here .

The Release 1.1 introduces the following new feature:

...

The Fediz STS is based on a customized CXF STS configured to support standard Federation use cases demonstrated by the examples. The Fediz STS has been enhanced to support two realms *Realm-A* and *Realm-B* with the following set of users:

User

Password

Realm A

 


alice

ecila

bob

bob

ted

det

Realm B

 


ALICE

ECILA

BOB

BOB

TED

DET

The Fediz IDP doesn't support several realms within one WAR which requires to build a Fediz IDP WAR for Realm A (default, shipped with Fediz Distribution) and Realm B. See below how to build a Fediz IDP WAR for a specific realm.

...

Code Block
xml
xml
<Server port="9005" shutdown="SHUTDOWN">
...

   <!-- http configuration -->
   <Connector port="9080" protocol="HTTP/1.1"
        connectionTimeout="20000"
        redirectPort="9443" />

   ...

   <!-- https configuration -->
   <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
        maxThreads="150" scheme="https" secure="true"
        clientAuth="want" sslProtocol="TLS"
        keystoreFile="idp-ssl-serverkey.jks" keystorePass="tompass" 
        keystorePasstruststoreFile="tompassidp-ssl-trust.jks" sslProtocoltruststorePass="TLSispass" />
   ...

   <Connector port="9009" protocol="AJP/1.3" redirectPort="9443" />

...
</Server>

...

To establish trust, there are significant keystore/truststore requirements between the Tomcat instances and the various web applications (IDP, STS, Relying party applications, third party web services, etc.) See this page for more details, it lists the trust requirements as well as sample scripts for creating your own (self-signed) keys.

...

Once you deploy the IDP WAR files to your Tomcat installation (<catalina.home>/webapps), you should be able to see the Fediz STS from a browser. Assuming port 9080 as listed above, the STS WSDL is available at:

VersionSTS WSDL location
Fediz 1.0.xhttp://localhost:9080/fediz-idp-sts/STSService?wsdl
Fediz 1.1.xhttp://localhost:9080/fediz-idp-sts/REALMA/STSServiceTransport?wsdl

Configuration

You can manage the users, their claims and the claims per application in the IDP.

...

The users and passwords are configured in a Spring configuration file in webapps/fediz-idp-sts/WEB-INF/data/passwords.xml. The following users are already configured for the Realm A and can easily be extended.

...

The claims of each user are configured in a spring configuration file webapps/fediz-idp-sts/WEB-INF/data/userClaims.xml. The following claims are already configured:

...