Author: buildbot
Date: Fri Jun 8 20:47:47 2012
New Revision: 820876
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/main.pageCache
websites/production/cxf/content/fediz-idp.html
Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/fediz-idp.html
==============================================================================
--- websites/production/cxf/content/fediz-idp.html (original)
+++ websites/production/cxf/content/fediz-idp.html Fri Jun 8 20:47:47 2012
@@ -146,7 +146,7 @@ Apache CXF -- Fediz IDP
<p>The Fediz IDP has been tested with Tomcat 6 and 7 but should be able to
work with any commercial JEE application server.</p>
-<p>Deploy the WAR files to your Tomcat installation
(<catalina.home>/webapps).</p>
+<p>Deploy the WAR files to your Tomcat installation
(<catalina.home>/webapps). Once done, you should be able to see the
Fediz STS from a browser at <a shape="rect" class="external-link"
href="http://localhost:9080/fedizidpsts/STSService?wsdl";
rel="nofollow">http://localhost:9080/fedizidpsts/STSService?wsdl</a>, assuming
you're using port 9080 as listed below.</p>
<p>A Relying Party application trusts the IDP/STS component that the IDP
authenticated the browser user. The trust is established based on the
certificate/private key used by the STS to sign the SAML token. The signing
certificate is located in
<tt>webapps/fediz-idp-sts/WEB-INF/classes/stsstore.jks</tt>. You must copy this
keystore to a location where the Relying Party can reference it in its <a
shape="rect" href="fediz-configuration.html" title="Fediz Configuration">Fediz
Configuration</a> in the element <tt>certificateStores</tt>.</p>
@@ -159,7 +159,8 @@ Apache CXF -- Fediz IDP
<h5><a shape="rect" name="FedizIDP-HTTPSconfiguration"></a>HTTPS
configuration</h5>
-<p>It's recommended to set up a dedicated (separate) Tomcat instance for the
IDP. The Fediz examples use the following TCP ports to interact with the
IDP/STS:</p>
+<p>It's recommended to set up a dedicated (separate) Tomcat instance for the
IDP. Using one deployment of Tomcat with multiple CATALINA_BASE instances, as
described <a shape="rect" class="external-link"
href="http://www.shaunabram.com/multiple-tomcat-instances/";
rel="nofollow">here</a> is one option but note any libs in $CATALINA_HOME/lib
folder will be shared throughout each of the activated CATALINA_BASE instances.
Another probably simpler alternative is to copy your Tomcat folder into a
second location and edit its conf/server.xml file and change <a shape="rect"
class="external-link"
href="http://viralpatel.net/blogs/2009/08/running-multiple-instance-apache-tomcat-single-server.html";
rel="nofollow">these port values</a> so they don't conflict with the original
Tomcat installation. The Fediz examples use the following TCP ports to
interact with the IDP/STS:</p>
+
<ul><li>HTTP port: 9080 (used for Maven deployment, mvn
tomcat:redeploy)</li><li>HTTPS port: 9443 (where IDP and STS are
accessed)</li></ul>
@@ -180,6 +181,25 @@ Apache CXF -- Fediz IDP
<p><b>Production: It's highly recommended to deploy certificates signed by a
Certificate Authority</b></p>
+<p>To start and stop this second Tomcat instance, it is perhaps easiest to
create small startup.sh and shutdown.sh scripts that temporarily redefine
$CATALINA_HOME from the first to the second instance, for example:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
+<pre class="code-java">
+CATALINA_HOME=/path/to/second/tomcat
+$CATALINA_HOME/bin/startup.sh
+</pre>
+</div></div>
+
+<p>and</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
+<pre class="code-java">
+CATALINA_HOME=/path/to/second/tomcat
+$CATALINA_HOME/bin/shutdown.sh
+</pre>
+</div></div>
+
+<p>If you're using the one Tomcat with multiple instance option, it's
$CATALINA_BASE that will need to be redefined.</p>
<h5><a shape="rect" name="FedizIDP-Userandpassword"></a>User and password</h5>
