Author: buildbot
Date: Wed Jun 6 19:48:37 2012
New Revision: 820540
Log:
Production update by buildbot for cxf
Added:
websites/production/cxf/content/fediz-extensions.html
Modified:
websites/production/cxf/content/cache/main.pageCache
websites/production/cxf/content/fediz-configuration.html
websites/production/cxf/content/fediz-idp.html
websites/production/cxf/content/fediz-tomcat.html
Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/fediz-configuration.html
==============================================================================
--- websites/production/cxf/content/fediz-configuration.html (original)
+++ websites/production/cxf/content/fediz-configuration.html Wed Jun 6
19:48:37 2012
@@ -136,9 +136,7 @@ Apache CXF -- Fediz Configuration
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><p><img align="middle" class="emoticon"
src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif";
height="16" width="16" alt="" border="0"> Under construction</p>
-
-<h1><a shape="rect"
name="FedizConfiguration-FedizPluginconfiguration"></a>Fediz Plugin
configuration</h1>
+<div id="ConfluenceContent"><h1><a shape="rect"
name="FedizConfiguration-FedizPluginconfiguration"></a>Fediz Plugin
configuration</h1>
<p>This page describes the Fediz configuration file referenced by the security
interceptor (eg. authenticator in Tomcat/Jetty).</p>
<h3><a shape="rect" name="FedizConfiguration-Example"></a>Example</h3>
@@ -188,13 +186,16 @@ Default 5 seconds. </td></tr></tbody></t
<div class="table-wrap">
<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh">XML element </th><th colspan="1" rowspan="1"
class="confluenceTh">Name </th><th colspan="1" rowspan="1"
class="confluenceTh">Use </th><th colspan="1" rowspan="1"
class="confluenceTh">Description</th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> issuer </td><td colspan="1" rowspan="1"
class="confluenceTd"> Issuer URL </td><td colspan="1" rowspan="1"
class="confluenceTd"> Required </td><td colspan="1" rowspan="1"
class="confluenceTd">This URL defines the location of the IDP to whom
unauthenticated requests are redirected </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> realm </td><td colspan="1" rowspan="1"
class="confluenceTd"> Realm </td><td colspan="1" rowspan="1"
class="confluenceTd"> Optional </td><td colspan="1" rowspan="1"
class="confluenceTd"> Security realm of the Relying Party / Application. This
value is part of the SignIn request as the <tt>wtrealm
</tt> parameter.<br clear="none">
Default: URL including the Servlet Context </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> authenticationType </td><td colspan="1"
rowspan="1" class="confluenceTd"> Authentication Type </td><td colspan="1"
rowspan="1" class="confluenceTd"> Optional </td><td colspan="1" rowspan="1"
class="confluenceTd"> The authentication type defines what kind of
authentication is required. This information is provided in the SignInRequest
to the IDP (parameter <tt>wauth</tt>)<br clear="none">
-The WS-Federation standard defines a list of predefined URIs for wauth <a
shape="rect" class="external-link"
href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223174997";
rel="nofollow">here</a>.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> roleURI </td><td colspan="1" rowspan="1"
class="confluenceTd"> Role Claim URI </td><td colspan="1" rowspan="1"
class="confluenceTd"> Optional </td><td colspan="1" rowspan="1"
class="confluenceTd"> Defines the attribute name of the SAML token which
contains the roles </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> roleDelimiter </td><td colspan="1" rowspan="1"
class="confluenceTd"> Role Value Delimiter </td><td colspan="1" rowspan="1"
class="confluenceTd"> Optional </td><td colspan="1" rowspan="1"
class="confluenceTd"> There are different ways to encode multi value attributes
in SAML.
+The WS-Federation standard defines a list of predefined URIs for wauth <a
shape="rect" class="external-link"
href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223174997";
rel="nofollow">here</a>.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> roleURI </td><td colspan="1" rowspan="1"
class="confluenceTd"> Role Claim URI </td><td colspan="1" rowspan="1"
class="confluenceTd"> Optional </td><td colspan="1" rowspan="1"
class="confluenceTd"> Defines the attribute name of the SAML token which
contains the roles.<br clear="none">
+Required for Role Based Access Control. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> roleDelimiter </td><td colspan="1"
rowspan="1" class="confluenceTd"> Role Value Delimiter </td><td colspan="1"
rowspan="1" class="confluenceTd"> Optional </td><td colspan="1" rowspan="1"
class="confluenceTd"> There are different ways to encode multi value attributes
in SAML.
<ul><li>Single attribute with multiple values</li><li>Several attributes with
the same name but only one value</li><li>Single attribute with single value.
Roles are delimited by <tt>roleDelimiter</tt></li></ul>
-</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
claimTypesRequested </td><td colspan="1" rowspan="1" class="confluenceTd">
Requested claims </td><td colspan="1" rowspan="1" class="confluenceTd">
Optional </td><td colspan="1" rowspan="1" class="confluenceTd"> The claims
required by the Relying Party are listed here. Claims can be optional. If a
mandatory claim can't be provided by the IDP the issuance of the token should
fail </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> homeRealm
</td><td colspan="1" rowspan="1" class="confluenceTd"> Home Realm </td><td
colspan="1" rowspan="1" class="confluenceTd"> Optional </td><td colspan="1"
rowspan="1" class="confluenceTd"> Indicates the Resource IDP the home realm of
the requestor. This may be an URL or an identifier like urn: or uuid: and
depends on the Resource IDP implementation. This value is part of the SignIn
request as the <tt>whr</tt> parameter </td></tr></tbody></table>
+</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
claimTypesRequested </td><td colspan="1" rowspan="1" class="confluenceTd">
Requested claims </td><td colspan="1" rowspan="1" class="confluenceTd">
Optional </td><td colspan="1" rowspan="1" class="confluenceTd"> The claims
required by the Relying Party are listed here. Claims can be optional. If a
mandatory claim can't be provided by the IDP the issuance of the token should
fail </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> homeRealm
</td><td colspan="1" rowspan="1" class="confluenceTd"> Home Realm </td><td
colspan="1" rowspan="1" class="confluenceTd"> Optional </td><td colspan="1"
rowspan="1" class="confluenceTd"> Indicates the Resource IDP the home realm of
the requestor. This may be an URL or an identifier like urn: or uuid: and
depends on the Resource IDP implementation. This value is part of the SignIn
request as the <tt>whr</tt> parameter </td></tr><tr><td colspan="1" rowspan="1"
class="co
nfluenceTd"> tokenValidators </td><td colspan="1" rowspan="1"
class="confluenceTd"> TokenValidators </td><td colspan="1" rowspan="1"
class="confluenceTd"> Optional </td><td colspan="1" rowspan="1"
class="confluenceTd"> Custom Token validator classes can be configured here.
The SAML Token validator is enabled by default.<br clear="none">
+See example <a shape="rect" class="external-link"
href="http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/CustomValidator.java";>here</a></td></tr></tbody></table>
</div>
+
<h5><a shape="rect"
name="FedizConfiguration-Attributesresolvedatruntime"></a>Attributes resolved
at runtime</h5>
<p>The following attributes can be either configured statically at deployment
time or dynamically when the initial request is received:</p>
@@ -233,6 +234,9 @@ The WS-Federation standard defines a lis
<span class="code-tag"></claimTypesRequested></span>
<span class="code-tag"><authenticationType type=<span
class="code-quote">"String"</span> value=<span
class="code-quote">"http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/smartcard";</span>
/></span>
<span class="code-tag"><homeRealm type=<span
class="code-quote">"Class"</span> value=<span
class="code-quote">"example.HomeRealmCallbackHandler"</span> /></span>
+ <span class="code-tag"><tokenValidators></span>
+ <span
class="code-tag"><validator></span>org.apache.cxf.fediz.core.CustomValidator<span
class="code-tag"></validator></span>
+ <span class="code-tag"></tokenValidators></span>
<span class="code-tag"></protocol></span>
<span class="code-tag"></contextConfig></span>
<span class="code-tag"></FedizConfig></span>
Added: websites/production/cxf/content/fediz-extensions.html
==============================================================================
--- websites/production/cxf/content/fediz-extensions.html (added)
+++ websites/production/cxf/content/fediz-extensions.html Wed Jun 6 19:48:37
2012
@@ -0,0 +1,192 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+ <head>
+ <link type="text/css" rel="stylesheet"
href="http://cxf.apache.org/resources/site.css";>
+ <script src="http://cxf.apache.org/resources/space.js";
type="text/javascript"></script>
+
+<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+<meta name="keywords" content="business integration, EAI, SOA, Service
Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic
Data Interchange, standards support, integration standards, application
integration, middleware, software, solutions, services, CXF, open source">
+<meta name="description" content="Apache CXF, Services Framework - Fediz
Extensions">
+ <title>
+Apache CXF -- Fediz Extensions
+ </title>
+ </head>
+<body onload="init()">
+
+
+<table width="100%" cellpadding="0" cellspacing="0">
+ <tr>
+ <td id="cell-0-0" colspan="2"> </td>
+ <td id="cell-0-1"> </td>
+ <td id="cell-0-2" colspan="2"> </td>
+ </tr>
+ <tr>
+ <td id="cell-1-0"> </td>
+ <td id="cell-1-1"> </td>
+ <td id="cell-1-2">
+ <div style="padding: 5px;">
+ <div id="banner">
+ <!-- Banner -->
+<div id="banner-content">
+<table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td
align="left" colspan="1" nowrap>
+<a shape="rect" href="http://cxf.apache.org/"; title="Apache CXF"><span
style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
+</td><td align="right" colspan="1" nowrap>
+<a shape="rect" href="http://www.apache.org/"; title="The Apache Software
Foundation"><img border="0" alt="ASF Logo"
src="http://cxf.apache.org/images/asf-logo.png";></a>
+</td></tr></table>
+</div>
+ <!-- Banner -->
+ </div>
+ </div>
+ <div id="top-menu">
+ <table border="0" cellpadding="1" cellspacing="0" width="100%">
+ <tr>
+ <td>
+ <div align="left">
+ <!-- Breadcrumbs -->
+<a href="index.html">Index</a> > <a
href="fediz.html">Fediz</a> > <a
href="fediz-extensions.html">Fediz Extensions</a>
+ <!-- Breadcrumbs -->
+ </div>
+ </td>
+ <td>
+ <div align="right">
+ <!-- Quicklinks -->
+<div id="quicklinks"><p><a shape="rect" href="download.html"
title="Download">Download</a> | <a shape="rect"
href="http://cxf.apache.org/docs/index.html";>Documentation</a></p></div>
+ <!-- Quicklinks -->
+ </div>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ <td id="cell-1-3"> </td>
+ <td id="cell-1-4"> </td>
+ </tr>
+ <tr>
+ <td id="cell-2-0" colspan="2"> </td>
+ <td id="cell-2-1">
+ <table>
+ <tr valign="top">
+ <td height="100%">
+ <div id="wrapper-menu-page-right">
+ <div id="wrapper-menu-page-top">
+ <div id="wrapper-menu-page-bottom">
+ <div id="menu-page">
+ <!-- NavigationBar -->
+<div id="navigation"><h3><a shape="rect"
name="Navigation-ApacheCXFIndex"></a><a shape="rect" href="index.html"
title="Index">Apache CXF</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="index.html"
title="Index">Home</a></li><li><a shape="rect" href="download.html"
title="Download">Download</a></li><li><a shape="rect" href="people.html"
title="People">People</a></li><li><a shape="rect" href="project-status.html"
title="Project Status">Project Status</a></li><li><a shape="rect"
href="roadmap.html" title="Roadmap">Roadmap</a></li><li><a shape="rect"
href="mailing-lists.html" title="Mailing Lists">Mailing Lists</a></li><li><a
shape="rect" class="external-link"
href="http://issues.apache.org/jira/browse/CXF";>Issue Reporting</a></li><li><a
shape="rect" href="special-thanks.html" title="Special Thanks">Special
Thanks</a></li><li><a shape="rect" class="external-link"
href="http://www.apache.org/licenses/";>License</a></li><li><a shape="rect"
href="security-advisories.html" title="Security Advisories">Security
Advisories</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Users"></a>Users</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect"
href="http://cxf.apache.org/docs/index.html";>User's Guide</a></li><li><a
shape="rect" href="support.html" title="Support">Support</a></li><li><a
shape="rect" href="faq.html" title="FAQ">FAQ</a></li><li><a shape="rect"
href="resources-and-articles.html" title="Resources and Articles">Resources and
Articles</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Search"></a>Search</h3>
+
+<form enctype="application/x-www-form-urlencoded" method="get"
id="cse-search-box" action="http://www.google.com/cse";>
+ <div>
+ <input type="hidden" name="cx" value="002890367768291051730:o99qiwa09y4">
+ <input type="hidden" name="ie" value="UTF-8">
+ <input type="text" name="q" size="21">
+ <input type="submit" name="sa" value="Search">
+ </div>
+</form>
+<script type="text/javascript"
src="http://www.google.com/cse/brand?form=cse-search-box&lang=en";></script>
+
+
+<h3><a shape="rect" name="Navigation-Developers"></a>Developers</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect"
href="http://cxf.apache.org/docs/cxf-architecture.html";>Architecture
Guide</a></li><li><a shape="rect" href="source-repository.html" title="Source
Repository">Source Repository</a></li><li><a shape="rect" href="building.html"
title="Building">Building</a></li><li><a shape="rect"
href="automated-builds.html" title="Automated Builds">Automated
Builds</a></li><li><a shape="rect" href="testing-debugging.html"
title="Testing-Debugging">Testing-Debugging</a></li><li><a shape="rect"
href="coding-guidelines.html" title="Coding Guidelines">Coding
Guidelines</a></li><li><a shape="rect" href="getting-involved.html"
title="Getting Involved">Getting Involved</a></li><li><a shape="rect"
href="release-management.html" title="Release Management">Release
Management</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Subprojects"></a>Subprojects</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect"
href="distributed-osgi.html" title="Distributed OSGi">Distributed
OSGi</a></li><li><a shape="rect" href="xjc-utils.html" title="XJC Utils">XJC
Utils</a></li><li><a shape="rect" href="build-utils.html" title="Build
Utils">Build Utils</a></li><li><a shape="rect" href="fediz.html"
title="Fediz">Fediz</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-ASF"></a><a shape="rect"
class="external-link" href="http://www.apache.org";>ASF</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" class="external-link"
href="http://www.apache.org/foundation/how-it-works.html";>How Apache
Works</a></li><li><a shape="rect" class="external-link"
href="http://www.apache.org/foundation/";>Foundation</a></li><li><a shape="rect"
class="external-link"
href="http://www.apache.org/foundation/sponsorship.html";>Sponsor
Apache</a></li><li><a shape="rect" class="external-link"
href="http://www.apache.org/foundation/thanks.html";>Thanks</a></li><li><a
shape="rect" class="external-link"
href="http://www.apache.org/security/";>Security</a></li></ul>
+</div>
+ <!-- NavigationBar -->
+ </div>
+ </div>
+ </div>
+ </div>
+ </td>
+ <td height="100%">
+ <!-- Content -->
+ <div class="wiki-content">
+<div id="ConfluenceContent"><h1><a shape="rect"
name="FedizExtensions-FedizExtensions"></a>Fediz Extensions</h1>
+<p>This page describes the extension points in Fediz to enrich its
functionality further.</p>
+
+<h3><a shape="rect" name="FedizExtensions-CallbackHandler"></a>Callback
Handler</h3>
+
+<h3><a shape="rect" name="FedizExtensions-CustomTokenValidator"></a>Custom
Token Validator</h3>
+</div>
+ </div>
+ <!-- Content -->
+ </td>
+ </tr>
+ </table>
+ </td>
+ <td id="cell-2-2" colspan="2"> </td>
+ </tr>
+ <tr>
+ <td id="cell-3-0"> </td>
+ <td id="cell-3-1"> </td>
+ <td id="cell-3-2">
+ <div id="footer">
+ <!-- Footer -->
+ <div id="site-footer">
+ <a href="http://cxf.apache.org/privacy-policy.html";>Privacy
Policy</a> -
+ (<a
href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=27848884";>edit
page</a>)
+ (<a
href="https://cwiki.apache.org/confluence/display/CXF/Fediz+Extensions?showComments=true&showCommentArea=true#addcomment";>add
comment</a>)<br>
+ Apache CXF, CXF, Apache, the Apache feather logo are trademarks of The
Apache Software Foundation.<br>
+ All other marks mentioned may be trademarks or registered trademarks
of their respective owners.
+ </div>
+ <!-- Footer -->
+ </div>
+ </td>
+ <td id="cell-3-3"> </td>
+ <td id="cell-3-4"> </td>
+ </tr>
+ <tr>
+ <td id="cell-4-0" colspan="2"> </td>
+ <td id="cell-4-1"> </td>
+ <td id="cell-4-2" colspan="2"> </td>
+ </tr>
+</table>
+
+<script type="text/javascript">
+var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl."; :
"http://www.";);
+document.write(unescape("%3Cscript src='" + gaJsHost +
"google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
+</script>
+<script type="text/javascript">
+try {
+var pageTracker = _gat._getTracker("UA-4458903-1");
+pageTracker._trackPageview();
+} catch(err) {}</script>
+
+</body>
+</html>
+
Modified: websites/production/cxf/content/fediz-idp.html
==============================================================================
--- websites/production/cxf/content/fediz-idp.html (original)
+++ websites/production/cxf/content/fediz-idp.html Wed Jun 6 19:48:37 2012
@@ -146,6 +146,19 @@ Apache CXF -- Fediz IDP
<p>The Fediz IDP has been tested with Tomcat 6 and 7 but should be able to
work with any commercial JEE application server.</p>
+<p>Deploy the WAR files to your Tomcat installation
(<catalina.home>/webapps).</p>
+
+<p>A Relying Party application trusts the IDP/STS component that the IDP
authenticated the browser user. The trust is established based on the
certificate/private key used by the STS to sign the SAML token. The signing
certificate is located in
<tt>webapps/fediz-idp-sts/WEB-INF/classes/stsstore.jks</tt>. You must copy this
keystore to a location where the Relying Party can reference it in its <a
shape="rect" href="fediz-configuration.html" title="Fediz Configuration">Fediz
Configuration</a> in the element <tt>certificateStores</tt>.</p>
+
+<p><b>This keystore contains the private key as well. In a production
environment, you must not deploy the private key of the STS to the Relying
Party</b></p>
+
+
+<h3><a shape="rect" name="FedizIDP-Configuration"></a>Configuration</h3>
+
+<p>You can manage the users, their claims and the claims per application in
the IDP.</p>
+
+<h5><a shape="rect" name="FedizIDP-HTTPSconfiguration"></a>HTTPS
configuration</h5>
+
<p>It's recommended to set up a dedicated (separate) Tomcat instance for the
IDP. The Fediz examples use the following TCP ports to interact with the
IDP/STS:</p>
<ul><li>HTTP port: 9080 (used for Maven deployment, mvn
tomcat:redeploy)</li><li>HTTPS port: 9443 (where IDP and STS are
accessed)</li></ul>
@@ -167,16 +180,6 @@ Apache CXF -- Fediz IDP
<p><b>Production: It's highly recommended to deploy certificates signed by a
Certificate Authority</b></p>
-<p>Deploy the WAR files to your Tomcat installation
(<catalina.home>/webapps) and ensure that Tomcat is started thus the WAR
files get deployed.</p>
-
-<p>A Relying Party application trusts the IDP/STS component that the IDP
authenticated the browser user. The trust is established based on the
certificate/private key used by the STS to sign the SAML token. The signing
certificate is located in
<tt>webapps/fediz-idp-sts/WEB-INF/classes/stsstore.jks</tt>. You must copy this
keystore to a location where the Relying Party can reference it in its <a
shape="rect" href="fediz-configuration.html" title="Fediz Configuration">Fediz
Configuration</a> in the element <tt>certificateStores</tt>.</p>
-
-<p><b>This keystore contains the private key as well. In a production
environment, you must not deploy the private key of the STS to the Relying
Party</b></p>
-
-
-<h3><a shape="rect" name="FedizIDP-Configuration"></a>Configuration</h3>
-
-<p>You can manage the users, their claims and the claims per application in
the IDP.</p>
<h5><a shape="rect" name="FedizIDP-Userandpassword"></a>User and password</h5>
Modified: websites/production/cxf/content/fediz-tomcat.html
==============================================================================
--- websites/production/cxf/content/fediz-tomcat.html (original)
+++ websites/production/cxf/content/fediz-tomcat.html Wed Jun 6 19:48:37 2012
@@ -136,15 +136,12 @@ Apache CXF -- Fediz Tomcat
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><p><img align="middle" class="emoticon"
src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif";
height="16" width="16" alt="" border="0"> Under construction</p>
-
-<h1><a shape="rect" name="FedizTomcat-TomcatPlugin"></a>Tomcat Plugin</h1>
+<div id="ConfluenceContent"><h1><a shape="rect"
name="FedizTomcat-TomcatPlugin"></a>Tomcat Plugin</h1>
<p>This page describes how to enable Federation in Tomcat. This Tomcat
instance acts as the Relying Party which means it validates the incoming
SignInResponse which has been created by the Identity Provider (IDP) server.</p>
<h3><a shape="rect" name="FedizTomcat-Installation"></a>Installation</h3>
-<p>You can either build the plugin on your own or download the package here
(tbd). If you have built the plugin on your own you'll find the required
libraries in plugins/tomcat/target/...zip-with-dependencies.zip</p>
-
+<p>You can either build the Fediz plugin on your own or download the package
<a shape="rect" href="fediz-downloads.html" title="Fediz Downloads">here</a>.
If you have built the plugin on your own you'll find the required libraries in
<tt>plugins/tomcat/target/...zip-with-dependencies.zip</tt></p>
<ol><li>Create sub-directory <tt>fediz</tt> in
<tt>${catalina.home}/lib</tt></li><li>Update calatina.properties in
${catalina.home}/conf<br clear="none">
add the previously created directory to the common loader:<br clear="none">
@@ -154,16 +151,45 @@ add the previously created directory to
<h3><a shape="rect" name="FedizTomcat-Configuration"></a>Configuration</h3>
+<h5><a shape="rect" name="FedizTomcat-HTTPSconfiguration"></a>HTTPS
configuration</h5>
+
+<p>It's recommended to set up a dedicated (separate) Tomcat instance for the
Relying Party. The Fediz examples requires configuring the following TCP
ports:</p>
+<ul><li>HTTP port: 8080 (used for Maven deployment, mvn
tomcat:redeploy)</li><li>HTTPS port: 8443 (where IDP and STS are
accessed)</li></ul>
+
+
+<p>The Relying Party must be accessed over HTTPS to protect the security
tokens issued by the IDP.</p>
+
+<p>The Tomcat HTTP(s) configuration is done in conf/server.xml.</p>
+
+<p>This is a sample snippet for an HTTPS configuration:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
+<pre class="code-xml">
+ <Connector port=<span class="code-quote">"8443"</span> protocol=<span
class="code-quote">"HTTP/1.1"</span> SSLEnabled=<span
class="code-quote">"true"</span>
+ maxThreads=<span class="code-quote">"150"</span> scheme=<span
class="code-quote">"https"</span> secure=<span class="code-quote">"true"</span>
+ keystoreFile=<span
class="code-quote">"tomcatKeystore.jks"</span>
+ keystorePass=<span class="code-quote">"tompass"</span>
sslProtocol=<span class="code-quote">"TLS"</span> />
+</pre>
+</div></div>
+
+<p>The <tt>keystoreFile</tt> is relative to $CATALINA_HOME. See <a
shape="rect" class="external-link"
href="http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html";>here</a> for the
Tomcat 7 configuration reference. This page also describes how to create
certificates.</p>
+
+<p><b>Production: It's highly recommended to deploy certificates signed by a
Certificate Authority</b></p>
+
+
+
+<h5><a shape="rect" name="FedizTomcat-Fedizconfiguration"></a>Fediz
configuration</h5>
+
<p>The Fediz related configuration is done in a Servlet Container independent
configuration file which is described <a shape="rect"
href="fediz-configuration.html" title="Fediz Configuration">here</a>.</p>
<p>The Fediz plugin requires configuring the FederationAuthenticator like any
other Valve in Tomcat. Detailed information about the Tomcat Valve concept is
available <a shape="rect" class="external-link"
href="http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html";>here</a>.</p>
-<p>A valve can be configured on different levels like <em>Host</em> or
<em>Context</em>. The Fediz configuration file allows to configure all servlet
contexts in one file or choosing one file per Servlet Context. If you choose to
have one Fediz configuration file per Servlet Context then you must configure
the FederationAuthenticator on the <em>Context</em> level otherwise on the
<em>Host</em> level in the Tomcat configuration file <em>server.xml</em></p>
+<p>A Valve can be configured on different levels like <em>Host</em> or
<em>Context</em>. The Fediz configuration file allows to configure all servlet
contexts in one file or choosing one file per Servlet Context. If you choose to
have one Fediz configuration file per Servlet Context then you must configure
the FederationAuthenticator on the <em>Context</em> level otherwise on the
<em>Host</em> level in the Tomcat configuration file <em>server.xml</em></p>
<p>You can either configure the context in the server.xml or in
META-INF/context.xml as part of your WAR file.</p>
-<h5><a shape="rect"
name="FedizTomcat-METAINF%2Fcontext.xml"></a>META-INF/context.xml</h5>
+<h6><a shape="rect"
name="FedizTomcat-METAINF%2Fcontext.xml"></a>META-INF/context.xml</h6>
<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
<pre class="code-xml">
<span class="code-tag"><Context></span>
@@ -173,7 +199,7 @@ add the previously created directory to
</pre>
</div></div>
-<h5><a shape="rect" name="FedizTomcat-Hostlevelinserver.xml"></a>Host level in
server.xml</h5>
+<h6><a shape="rect" name="FedizTomcat-Hostlevelinserver.xml"></a>Host level in
server.xml</h6>
<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
<pre class="code-xml">
<Host name=<span class="code-quote">"localhost"</span> appBase=<span
class="code-quote">"webapps"</span>
@@ -184,7 +210,7 @@ add the previously created directory to
</pre>
</div></div>
-<h5><a shape="rect" name="FedizTomcat-Contextlevelinserver.xml"></a>Context
level in server.xml</h5>
+<h6><a shape="rect" name="FedizTomcat-Contextlevelinserver.xml"></a>Context
level in server.xml</h6>
<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
<pre class="code-xml">
<span class="code-tag"><Context path=<span
class="code-quote">"/fedizhelloworld"</span> docBase=<span
class="code-quote">"fedizhelloworld"</span>></span>
@@ -194,7 +220,12 @@ add the previously created directory to
</pre>
</div></div>
-<p>The Fediz configuration file is container independent and described
here.</p>
+<p>The Fediz configuration file is a Servlet container independent
configuration file and described <a shape="rect"
href="fediz-configuration.html" title="Fediz Configuration">here</a></p>
+
+<h3><a shape="rect" name="FedizTomcat-WebApplicationdeployment"></a>Web
Application deployment</h3>
+
+<p>Deploy your Web Application to your Tomcat installation
(<catalina.home>/webapps).</p>
+
</div>
</div>
![https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"](https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"){kind=link}
![http://cxf.apache.org/images/asf-logo.png"](http://cxf.apache.org/images/asf-logo.png"){kind=link}