[CONF] Apache CXF > Fediz Tomcat

confluence Wed, 06 Jun 2012 12:05:23 -0700

     Fediz Tomcat
    Page edited by             Oliver Wulff
    
        

                         Changes (9)
                                 
    

                    
    
            (!) Under construction 
 

            h1. Tomcat Plugin 
This page describes how to enable Federation in Tomcat. This Tomcat instance acts as the Relying Party which means it validates the incoming SignInResponse which has been created by the Identity Provider (IDP) server. 

            ...

            h3. Installation 
 

            You can either build the Fediz plugin on your own or download the package here (tbd). [here|Fediz Downloads]. If you have built the plugin on your own you'll find the required libraries in {{plugins/tomcat/target/...zip-with-dependencies.zip}} 

             

            # Create sub-directory {{fediz}} in {{$\{catalina.home\}/lib}} 
# Update calatina.properties in $\{catalina.home\}/conf 

            ...

            h3. Configuration 
 

            h5. HTTPS configuration 
 
It's recommended to set up a dedicated (separate) Tomcat instance for the Relying Party. The Fediz examples requires configuring the following TCP ports: 
* HTTP port: 8080 (used for Maven deployment, mvn tomcat:redeploy) 
* HTTPS port: 8443 (where IDP and STS are accessed) 
 
The Relying Party must be accessed over HTTPS to protect the security tokens issued by the IDP. 
 
The Tomcat HTTP(s) configuration is done in conf/server.xml. 
 
This is a sample snippet for an HTTPS configuration: 
 
{code:xml} 
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" 
               maxThreads="150" scheme="https" secure="true" 
               keystoreFile="tomcatKeystore.jks" 
               keystorePass="tompass" sslProtocol="TLS" /> 
{code} 
 
The {{keystoreFile}} is relative to $CATALINA_HOME. See [here|http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html] for the Tomcat 7 configuration reference. This page also describes how to create certificates. 
 
*Production: It's highly recommended to deploy certificates signed by a Certificate Authority* 
 
 
 
h5. Fediz configuration 
 

            The Fediz related configuration is done in a Servlet Container independent configuration file which is described [here|Fediz Configuration]. 
 
The Fediz plugin requires configuring the FederationAuthenticator like any other Valve in Tomcat. Detailed information about the Tomcat Valve concept is available [here|http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html]. 
 

            A vValve can be configured on different levels like _Host_ or _Context_. The Fediz configuration file allows to configure all servlet contexts in one file or choosing one file per Servlet Context. If you choose to have one Fediz configuration file per Servlet Context then you must configure the FederationAuthenticator on the _Context_ level otherwise on the _Host_ level in the Tomcat configuration file _server.xml_ 

             
 
You can either configure the context in the server.xml or in META-INF/context.xml as part of your WAR file. 
 

            h56. META-INF/context.xml 

            {code:xml}  
  <Context>  

            ...

            {code} 
 

            h56. Host level in server.xml 

            {code:xml}  
  <Host name="localhost"  appBase="webapps" 

            ...

            {code}  
 

            h56. Context level in server.xml 

            {code:xml}  
  <Context path="/fedizhelloworld" docBase="fedizhelloworld"> 

            ...

            {code} 
 

            The Fediz configuration file is container independent and described here. 

            The Fediz configuration file is a Servlet container independent configuration file and described [here|Fediz Configuration] 
 
h3. Web Application deployment 
 
Deploy your Web Application to your Tomcat installation (<catalina.home>/webapps). 

    
            
    
                            Full Content
                    
        Tomcat Plugin
This page describes how to enable Federation in Tomcat. This Tomcat instance acts as the Relying Party which means it validates the incoming SignInResponse which has been created by the Identity Provider (IDP) server.

Installation

You can either build the Fediz plugin on your own or download the package here. If you have built the plugin on your own you'll find the required libraries in plugins/tomcat/target/...zip-with-dependencies.zip


	Create sub-directory fediz in ${catalina.home}/lib
	Update calatina.properties in ${catalina.home}/conf

add the previously created directory to the common loader:

common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.home}/lib/fediz/*.jar
	Deploy the libraries to the directory created in (1)




Configuration

HTTPS configuration

It's recommended to set up a dedicated (separate) Tomcat instance for the Relying Party. The Fediz examples requires configuring the following TCP ports:

	HTTP port: 8080 (used for Maven deployment, mvn tomcat:redeploy)
	HTTPS port: 8443 (where IDP and STS are accessed)



The Relying Party must be accessed over HTTPS to protect the security tokens issued by the IDP.

The Tomcat HTTP(s) configuration is done in conf/server.xml.

This is a sample snippet for an HTTPS configuration:


    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               keystoreFile="tomcatKeystore.jks"
               keystorePass="tompass" sslProtocol="TLS" />


The keystoreFile is relative to $CATALINA_HOME. See here for the Tomcat 7 configuration reference. This page also describes how to create certificates.

Production: It's highly recommended to deploy certificates signed by a Certificate Authority



Fediz configuration

The Fediz related configuration is done in a Servlet Container independent configuration file which is described here.

The Fediz plugin requires configuring the FederationAuthenticator like any other Valve in Tomcat. Detailed information about the Tomcat Valve concept is available here.

A Valve can be configured on different levels like Host or Context. The Fediz configuration file allows to configure all servlet contexts in one file or choosing one file per Servlet Context. If you choose to have one Fediz configuration file per Servlet Context then you must configure the FederationAuthenticator on the Context level otherwise on the Host level in the Tomcat configuration file server.xml


You can either configure the context in the server.xml or in META-INF/context.xml as part of your WAR file.

META-INF/context.xml

 
  <Context> 
    <Valve className="org.apache.cxf.fediz.tomcat.FederationAuthenticator"
      configFile="conf/Fediz_config.xml" />
  </Context> 



Host level in server.xml

 
  <Host name="localhost"  appBase="webapps"
        unpackWARs="true" autoDeploy="true">
    <Valve className="org.apache.cxf.fediz.tomcat.FederationAuthenticator"
           configFile="conf/Fediz_config.xml" />
  </Host>

 

Context level in server.xml

 
  <Context path="/fedizhelloworld" docBase="fedizhelloworld">
    <Valve className="org.apache.cxf.fediz.tomcat.FederationAuthenticator"
      configFile="conf/Fediz_config.xml" />
  </Context>



The Fediz configuration file is a Servlet container independent configuration file and described here

Web Application deployment

Deploy your Web Application to your Tomcat installation (<catalina.home>/webapps).



    
        
        
            Change Notification Preferences
        
        View Online
        |
        View Changes
                |
        Add Comment
-(!) Under construction
 h1. Tomcat Plugin 
This page describes how to enable Federation in Tomcat. This Tomcat instance acts as the Relying Party which means it validates the incoming SignInResponse which has been created by the Identity Provider (IDP) server.
 ...
 h3. Installation
 You can either build the Fediz plugin on your own or download the package here (tbd). [here|Fediz Downloads]. If you have built the plugin on your own you'll find the required libraries in {{plugins/tomcat/target/...zip-with-dependencies.zip}}
 # Create sub-directory {{fediz}} in {{$\{catalina.home\}/lib}} 
# Update calatina.properties in $\{catalina.home\}/conf
 ...
 h3. Configuration
+h5. HTTPS configuration 
 
It's recommended to set up a dedicated (separate) Tomcat instance for the Relying Party. The Fediz examples requires configuring the following TCP ports: 
* HTTP port: 8080 (used for Maven deployment, mvn tomcat:redeploy) 
* HTTPS port: 8443 (where IDP and STS are accessed) 
 
The Relying Party must be accessed over HTTPS to protect the security tokens issued by the IDP. 
 
The Tomcat HTTP(s) configuration is done in conf/server.xml. 
 
This is a sample snippet for an HTTPS configuration: 
 
{code:xml} 
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" 
               maxThreads="150" scheme="https" secure="true" 
               keystoreFile="tomcatKeystore.jks" 
               keystorePass="tompass" sslProtocol="TLS" /> 
{code} 
 
The {{keystoreFile}} is relative to $CATALINA_HOME. See [here|http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html] for the Tomcat 7 configuration reference. This page also describes how to create certificates. 
 
*Production: It's highly recommended to deploy certificates signed by a Certificate Authority* 
 
 
 
h5. Fediz configuration
 The Fediz related configuration is done in a Servlet Container independent configuration file which is described [here|Fediz Configuration]. 
 
The Fediz plugin requires configuring the FederationAuthenticator like any other Valve in Tomcat. Detailed information about the Tomcat Valve concept is available [here|http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html].
 A vValve can be configured on different levels like _Host_ or _Context_. The Fediz configuration file allows to configure all servlet contexts in one file or choosing one file per Servlet Context. If you choose to have one Fediz configuration file per Servlet Context then you must configure the FederationAuthenticator on the _Context_ level otherwise on the _Host_ level in the Tomcat configuration file _server.xml_
 You can either configure the context in the server.xml or in META-INF/context.xml as part of your WAR file.
 h56. META-INF/context.xml
 {code:xml}  
  <Context>
 ...
 {code}
 h56. Host level in server.xml
 {code:xml}  
  <Host name="localhost"  appBase="webapps"
 ...
 {code}
 h56. Context level in server.xml
 {code:xml}  
  <Context path="/fedizhelloworld" docBase="fedizhelloworld">
 ...
 {code}
-The Fediz configuration file is container independent and described here.
+The Fediz configuration file is a Servlet container independent configuration file and described [here|Fediz Configuration] 
 
h3. Web Application deployment 
 
Deploy your Web Application to your Tomcat installation (<catalina.home>/webapps).

[CONF] Apache CXF > Fediz Tomcat

Fediz Tomcat

Page edited by Oliver Wulff

Changes (9)

Full Content

Tomcat Plugin

Installation

Configuration

HTTPS configuration

Fediz configuration

META-INF/context.xml

Host level in server.xml

Context level in server.xml

Web Application deployment

Reply via email to