Author: buildbot
Date: Wed Sep 24 14:46:51 2014
New Revision: 923402
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/main.pageCache
websites/production/cxf/content/fediz-tomcat.html
Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/fediz-tomcat.html
==============================================================================
--- websites/production/cxf/content/fediz-tomcat.html (original)
+++ websites/production/cxf/content/fediz-tomcat.html Wed Sep 24 14:46:51 2014
@@ -108,108 +108,35 @@ Apache CXF -- Fediz Tomcat
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="FedizTomcat-TomcatPlugin">Tomcat
Plugin</h1>
-<p>This page describes how to enable Federation for a Tomcat instance hosting
Relying Party (RP) applications. This configuration is not for a separate
Tomcat instance hosting the Fediz IDP and IDP STS WARs, or hosts for
third-party applications that use Fediz STS-generated SAML assertions for
authentication. After this configuration is done, the Tomcat-RP instance will
validate the incoming SignInResponse created by the IDP server.</p>
-
-<p>Prior to doing this configuration, make sure you've first deployed the
Fediz IDP and STS on the separate Tomcat IDP instance as discussed <a
shape="rect" href="fediz-idp.html">here</a>, and can view the STS WSDL at the
URL given on that page. That page also provides some tips for running multiple
Tomcat instances on your machine.</p>
-
-
-<h3 id="FedizTomcat-Installation">Installation</h3>
-
-<p>You can either build the Fediz plugin on your own or download the package
<a shape="rect" href="fediz-downloads.html">here</a>. If you have built the
plugin on your own you'll find the required libraries in
<code>plugins/tomcat/target/...zip-with-dependencies.zip</code></p>
-
-<ol><li>Create sub-directory <code>fediz</code> in
<code>${catalina.home}/lib</code></li><li>Update calatina.properties in
${catalina.home}/conf<br clear="none">
-add the previously created directory to the common loader:<br clear="none">
-<code>common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.home}/lib/fediz/*.jar</code></li><li>Deploy
the libraries to the directory created in (1)</li></ol>
-
-
-
-<h3 id="FedizTomcat-Configuration">Configuration</h3>
-
-<h5 id="FedizTomcat-HTTPSconfiguration">HTTPS configuration</h5>
-
-<p>It's recommended to set up a dedicated (separate) Tomcat instance for the
Relying Party. The Fediz RP web applications use the following TCP ports:</p>
-<ul><li>HTTP port: 8080 (used for Maven deployment, mvn
tomcat:redeploy)</li><li>HTTPS port: 8443 (where IDP and STS are
accessed)</li><li>Server port (for shutdown and other commands): 8005</li></ul>
-
-
-<p>These are the default ports for a standard Tomcat installation.</p>
-
-<p>The Relying Party must be accessed over HTTPS to protect the security
tokens issued by the IDP.</p>
-
-<p>The Tomcat HTTP(s) configuration is done in conf/server.xml.</p>
-
-<p>This is a sample snippet for an HTTPS configuration:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[
- <Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true"
+<div id="ConfluenceContent"><h1 id="FedizTomcat-TomcatPlugin">Tomcat
Plugin</h1><p>This page describes how to enable Federation for a Tomcat
instance hosting Relying Party (RP) applications. This configuration is not for
a separate Tomcat instance hosting the Fediz IDP and IDP STS WARs, or hosts for
third-party applications that use Fediz STS-generated SAML assertions for
authentication. After this configuration is done, the Tomcat-RP instance will
validate the incoming SignInResponse created by the IDP server.</p><p>Prior to
doing this configuration, make sure you've first deployed the Fediz IDP and STS
on the separate Tomcat IDP instance as discussed <a shape="rect"
href="fediz-idp.html">here</a>, and can view the STS WSDL at the URL given on
that page. That page also provides some tips for running multiple Tomcat
instances on your machine.</p><h3
id="FedizTomcat-Installation">Installation</h3><p>You can either build the
Fediz plugin on your own or download the package <a shape="r
ect" href="fediz-downloads.html">here</a>. If you have built the plugin on
your own you'll find the required libraries in
<code>plugins/tomcat/target/...zip-with-dependencies.zip</code></p><ol><li>Create
sub-directory <code>fediz</code> in
<code>${catalina.home}/lib</code></li><li>Update calatina.properties in
${catalina.home}/conf<br clear="none"> add the previously created directory to
the common loader:<br clear="none">
<code>common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.home}/lib/fediz/*.jar</code></li><li>Deploy
the libraries to the directory created in (1)</li></ol><h3
id="FedizTomcat-Configuration">Configuration</h3><h5
id="FedizTomcat-HTTPSconfiguration">HTTPS configuration</h5><p>It's recommended
to set up a dedicated (separate) Tomcat instance for the Relying Party. The
Fediz RP web applications use the following TCP ports:</p><ul><li>HTTP port:
8080 (used for Maven deployment, mvn tomcat:redeploy)<
/li><li>HTTPS port: 8443 (where IDP and STS are accessed)</li><li>Server port
(for shutdown and other commands): 8005</li></ul><p>These are the default ports
for a standard Tomcat installation.</p><p>The Relying Party must be accessed
over HTTPS to protect the security tokens issued by the IDP.</p><p>The Tomcat
HTTP(s) configuration is done in conf/server.xml.</p><p>This is a sample
snippet for an HTTPS configuration:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[ <Connector port="8443"
protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https"
secure="true"
- keystoreFile="tomcat-rp.jks"
+ keystoreFile="rp-ssl-server.jks"
keystorePass="tompass" sslProtocol="TLS"
/>
]]></script>
-</div></div>
-
-<p>The keystoreFile is relative to $CATALINA_HOME. See <a shape="rect"
class="external-link"
href="http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html";>here</a> for the
Tomcat 7 configuration reference. This page also describes how to create
certificates. Sample Tomcat keystores (not for production use, but useful for
demoing Fediz and running the sample applications) are provided in the
examples/samplekeys folder of the Fediz distribution. Note the Tomcat keystore
here is different from the one used to configure the Tomcat-IDP instance.</p>
-
-<p>To establish trust, there are significant keystore/truststore requirements
between the Tomcat instances and the various web applications (IDP, STS,
Relying party applications, third party web services, etc.) See <a
shape="rect" class="external-link"
href="http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html?view=co";>this
page</a> for more details, it lists the trust requirements as well as sample
scripts for creating your own (self-signed) keys.</p>
-
-<p><strong>Warning: All sample keystores provided with Fediz (including in
the WAR files for its services and examples) are for development/prototyping
use only. They'll need to be replaced for production use, at a minimum with
your own self-signed keys but strongly recommended to use third-party signed
keys.</strong></p>
-
-<p>If you are currently just trying to run the Fediz samples, the
configuration above is all you need (the below configuration is already
provided within the samples) so you can return now to the samples' READMEs for
the next steps in running them.</p>
-
-
-<h5 id="FedizTomcat-FedizPluginconfigurationforYourWebApplication">Fediz
Plugin configuration for Your Web Application</h5>
-
-<p>The Fediz related configuration is done in a Servlet Container independent
configuration file which is described <a shape="rect"
href="fediz-configuration.html">here</a>.</p>
-
-<p>The Fediz plugin requires configuring the FederationAuthenticator like any
other Valve in Tomcat. Detailed information about the Tomcat Valve concept is
available <a shape="rect" class="external-link"
href="http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html";>here</a>.</p>
-
-<p>A Valve can be configured on different levels like <em>Host</em> or
<em>Context</em>. The Fediz configuration file allows to configure all servlet
contexts in one file or choosing one file per Servlet Context. If you choose to
have one Fediz configuration file per Servlet Context then you must configure
the FederationAuthenticator on the <em>Context</em> level otherwise on the
<em>Host</em> level in the Tomcat configuration file <em>server.xml</em></p>
-
-<p>You can either configure the context in the server.xml or in
META-INF/context.xml as part of your WAR file.</p>
-
-<h6 id="FedizTomcat-META-INF/context.xml">META-INF/context.xml</h6>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+</div></div><p>The keystoreFile is relative to $CATALINA_HOME. See <a
shape="rect" class="external-link"
href="http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html";>here</a> for the
Tomcat 7 configuration reference. This page also describes how to create
certificates. Sample Tomcat keystores (not for production use, but useful for
demoing Fediz and running the sample applications) are provided in the
examples/samplekeys folder of the Fediz distribution. Note the Tomcat keystore
here is different from the one used to configure the Tomcat-IDP
instance.</p><p>To establish trust, there are significant keystore/truststore
requirements between the Tomcat instances and the various web applications
(IDP, STS, Relying party applications, third party web services, etc.) See <a
shape="rect" class="external-link"
href="http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html?view=co";>this
page</a> for more details, it lists the trust requirements as well a
s sample scripts for creating your own (self-signed)
keys.</p><p><strong>Warning: All sample keystores provided with Fediz
(including in the WAR files for its services and examples) are for
development/prototyping use only. They'll need to be replaced for production
use, at a minimum with your own self-signed keys but strongly recommended to
use third-party signed keys.</strong></p><p>If you are currently just trying to
run the Fediz samples, the configuration above is all you need (the below
configuration is already provided within the samples) so you can return now to
the samples' READMEs for the next steps in running them.</p><h5
id="FedizTomcat-FedizPluginconfigurationforYourWebApplication">Fediz Plugin
configuration for Your Web Application</h5><p>The Fediz related configuration
is done in a Servlet Container independent configuration file which is
described <a shape="rect" href="fediz-configuration.html">here</a>.</p><p>The
Fediz plugin requires configuring the FederationAuthe
nticator like any other Valve in Tomcat. Detailed information about the Tomcat
Valve concept is available <a shape="rect" class="external-link"
href="http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html";>here</a>.</p><p>A
Valve can be configured on different levels like <em>Host</em> or
<em>Context</em>. The Fediz configuration file allows to configure all servlet
contexts in one file or choosing one file per Servlet Context. If you choose to
have one Fediz configuration file per Servlet Context then you must configure
the FederationAuthenticator on the <em>Context</em> level otherwise on the
<em>Host</em> level in the Tomcat configuration file
<em>server.xml</em></p><p>You can either configure the context in the
server.xml or in META-INF/context.xml as part of your WAR file.</p><h6
id="FedizTomcat-META-INF/context.xml">META-INF/context.xml</h6><div class="code
panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[
<Context>
<Valve
className="org.apache.cxf.fediz.tomcat.FederationAuthenticator"
- configFile="conf/Fediz_config.xml" />
+ configFile="conf/fediz_config.xml" />
</Context>
]]></script>
-</div></div>
-
-<h6 id="FedizTomcat-Hostlevelinserver.xml">Host level in server.xml</h6>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+</div></div><h6 id="FedizTomcat-Hostlevelinserver.xml">Host level in
server.xml</h6><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[
- <Host name="localhost" appBase="webapps"
+ <Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve
className="org.apache.cxf.fediz.tomcat.FederationAuthenticator"
- configFile="conf/Fediz_config.xml" />
+ configFile="conf/fediz_config.xml" />
</Host>
]]></script>
-</div></div>
-
-<h6 id="FedizTomcat-Contextlevelinserver.xml">Context level in server.xml</h6>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+</div></div><h6 id="FedizTomcat-Contextlevelinserver.xml">Context level in
server.xml</h6><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[
<Context path="/fedizhelloworld"
docBase="fedizhelloworld">
<Valve
className="org.apache.cxf.fediz.tomcat.FederationAuthenticator"
- configFile="conf/Fediz_config.xml" />
+ configFile="conf/fediz_config.xml" />
</Context>
]]></script>
-</div></div>
-
-<p>The Fediz configuration file is a Servlet container independent
configuration file and described <a shape="rect"
href="fediz-configuration.html">here</a></p>
-
-<h3 id="FedizTomcat-WebApplicationdeployment">Web Application deployment</h3>
-
-<p>Deploy your Web Application to your Tomcat installation
(<catalina.home>/webapps). If you're running the Fediz examples, their
README files will have instructions on how to do this.</p>
-
-<h3 id="FedizTomcat-FederationMetadatadocument">Federation Metadata
document</h3>
-
-<p>The Tomcat Fediz plugin supports publishing the WS-Federation Metadata
document which is described <a shape="rect"
href="fediz-metadata.html">here</a>.</p>
-
-</div>
+</div></div><p>The Fediz configuration file is a Servlet container independent
configuration file and described <a shape="rect"
href="fediz-configuration.html">here</a></p><h3
id="FedizTomcat-WebApplicationdeployment">Web Application
deployment</h3><p>Deploy your Web Application to your Tomcat installation
(<catalina.home>/webapps). If you're running the Fediz examples, their
README files will have instructions on how to do this.</p><h3
id="FedizTomcat-FederationMetadatadocument">Federation Metadata
document</h3><p>The Tomcat Fediz plugin supports publishing the WS-Federation
Metadata document which is described <a shape="rect"
href="fediz-metadata.html">here</a>.</p></div>
</div>
<!-- Content -->
</td>
