Author: buildbot
Date: Wed Jun 6 18:48:42 2012
New Revision: 820533
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/main.pageCache
websites/production/cxf/content/fediz-idp.html
websites/production/cxf/content/fediz-tomcat.html
websites/production/cxf/content/fediz.html
Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/fediz-idp.html
==============================================================================
--- websites/production/cxf/content/fediz-idp.html (original)
+++ websites/production/cxf/content/fediz-idp.html Wed Jun 6 18:48:42 2012
@@ -136,9 +136,7 @@ Apache CXF -- Fediz IDP
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><p><img align="middle" class="emoticon"
src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif";
height="16" width="16" alt="" border="0"> Under construction</p>
-
-<h1><a shape="rect" name="FedizIDP-FedizIDP"></a>Fediz IDP</h1>
+<div id="ConfluenceContent"><h1><a shape="rect"
name="FedizIDP-FedizIDP"></a>Fediz IDP</h1>
<p>The Fediz Identity Provider (IDP) consists of two WAR files. One is the
Security Token Service (STS) component which is responsible for validating
credentials, getting the requested claims data and issuing a SAML token. There
is no easy way for Web browsers to issue SOAP requests to the STS directly,
necessitating the second component, an IDP WAR which allows browser-based
applications to interact with the STS. The communication between the browser
and the IDP must be performed within the confines of the base HTTP 1.1
functionality and conform as closely as possible to the WS-Trust protocols
semantic.</p>
@@ -171,6 +169,11 @@ Apache CXF -- Fediz IDP
<p>Deploy the WAR files to your Tomcat installation
(<catalina.home>/webapps) and ensure that Tomcat is started thus the WAR
files get deployed.</p>
+<p>A Relying Party application trusts the IDP/STS component that the IDP
authenticated the browser user. The trust is established based on the
certificate/private key used by the STS to sign the SAML token. The signing
certificate is located in
<tt>webapps/fediz-idp-sts/WEB-INF/classes/stsstore.jks</tt>. You must copy this
keystore to a location where the Relying Party can reference it in its <a
shape="rect" href="fediz-configuration.html" title="Fediz Configuration">Fediz
Configuration</a> in the element <tt>certificateStores</tt>.</p>
+
+<p><b>This keystore contains the private key as well. In a production
environment, you must not deploy the private key of the STS to the Relying
Party</b></p>
+
+
<h3><a shape="rect" name="FedizIDP-Configuration"></a>Configuration</h3>
<p>You can manage the users, their claims and the claims per application in
the IDP.</p>
Modified: websites/production/cxf/content/fediz-tomcat.html
==============================================================================
--- websites/production/cxf/content/fediz-tomcat.html (original)
+++ websites/production/cxf/content/fediz-tomcat.html Wed Jun 6 18:48:42 2012
@@ -154,9 +154,9 @@ add the previously created directory to
<h3><a shape="rect" name="FedizTomcat-Configuration"></a>Configuration</h3>
-<p>The Fediz related configuration is Container independent and described <a
shape="rect" href="fediz-configuration.html" title="Fediz
Configuration">here</a>.</p>
+<p>The Fediz related configuration is done in a Servlet Container independent
configuration file which is described <a shape="rect"
href="fediz-configuration.html" title="Fediz Configuration">here</a>.</p>
-<p>The Fediz plugin requires configuring the FederationAuthenticator like any
other Valve in Tomcat which is described here <a shape="rect"
class="external-link"
href="http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html";>here</a>.</p>
+<p>The Fediz plugin requires configuring the FederationAuthenticator like any
other Valve in Tomcat. Detailed information about the Tomcat Valve concept is
available <a shape="rect" class="external-link"
href="http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html";>here</a>.</p>
<p>A valve can be configured on different levels like <em>Host</em> or
<em>Context</em>. The Fediz configuration file allows to configure all servlet
contexts in one file or choosing one file per Servlet Context. If you choose to
have one Fediz configuration file per Servlet Context then you must configure
the FederationAuthenticator on the <em>Context</em> level otherwise on the
<em>Host</em> level in the Tomcat configuration file <em>server.xml</em></p>
Modified: websites/production/cxf/content/fediz.html
==============================================================================
--- websites/production/cxf/content/fediz.html (original)
+++ websites/production/cxf/content/fediz.html Wed Jun 6 18:48:42 2012
@@ -174,7 +174,7 @@ The RP is a web application that needs t
<h3><a shape="rect" name="Fediz-SetuptheRelyingPartyContainer"></a>Set up the
Relying Party Container</h3>
-<p>The Fediz plugin needs to be deployed into the Relying Party (RP)
container. The security mechanism is not specified by JEE. Even though it is
very similar in each servlet container there are some differences which require
a dedicated Fediz plugin for each servlet container implementation. Most of the
configuration is container independent and described <a shape="rect"
href="fediz-configuration.html" title="Fediz Configuration">here</a></p>
+<p>The Fediz plugin needs to be deployed into the Relying Party (RP)
container. The security mechanism is not specified by JEE. Even though it is
very similar in each servlet container there are some differences which require
a dedicated Fediz plugin for each servlet container implementation. Most of the
configuration goes into a Servlet container independent configuration file
which is described <a shape="rect" href="fediz-configuration.html" title="Fediz
Configuration">here</a></p>
<p>The following lists shows the supported containers and the location of the
installation and configuration page.</p>
<ul><li><a shape="rect" href="fediz-tomcat.html" title="Fediz Tomcat">Tomcat 7
</a></li></ul>
![https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"](https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"){kind=link}