cxf-fediz git commit: Fix wsclientWebapp by configuring client auth against STS. Thanks to Andreas Vallen for the patch. This closes #4

Mon, 23 Feb 2015 13:17:33 -0800 

Repository: cxf-fediz
Updated Branches:
  refs/heads/1.1.x-fixes 355395768 -> 612dd077d


Fix wsclientWebapp by configuring client auth against STS. Thanks to Andreas 
Vallen for the patch.  This closes #4

Conflicts:
        
examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/612dd077
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/612dd077
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/612dd077

Branch: refs/heads/1.1.x-fixes
Commit: 612dd077d2180da143d4923e004e69710baeccaa
Parents: 3553957
Author: Colm O hEigeartaigh <[email protected]>
Authored: Mon Feb 23 21:07:09 2015 +0000
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Mon Feb 23 21:15:38 2015 +0000

----------------------------------------------------------------------
 examples/samplekeys/HowToGenerateKeysREADME.html |  16 +++++++++-------
 examples/samplekeys/ststrust.jks                 | Bin 2561 -> 3241 bytes
 .../webapp/src/main/resources/rp-ssl-key.jks     | Bin 0 -> 1124 bytes
 .../main/webapp/WEB-INF/applicationContext.xml   |   5 +++++
 services/sts/src/main/resources/ststrust.jks     | Bin 2561 -> 3241 bytes
 5 files changed, 14 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/612dd077/examples/samplekeys/HowToGenerateKeysREADME.html
----------------------------------------------------------------------
diff --git a/examples/samplekeys/HowToGenerateKeysREADME.html 
b/examples/samplekeys/HowToGenerateKeysREADME.html
index 6eb2957..5b020c9 100644
--- a/examples/samplekeys/HowToGenerateKeysREADME.html
+++ b/examples/samplekeys/HowToGenerateKeysREADME.html
@@ -1,3 +1,4 @@
+
 <html>
 <head/>
 <body>
@@ -14,8 +15,8 @@ is recommended.</p>
     <td><code>keytool -genkeypair -validity 730 -alias mytomidpkey -keystore 
idp-ssl-server.jks -dname "cn=localhost" -keypass tompass -storepass 
tompass</code><br/><br/><code>keytool -keystore idp-ssl-server.jks -storepass 
tompass -export -alias mytomidpkey -file MyTCIDP.cer</code></td>
     <td>Nobody</td><td>Fediz IDP module<br/><br/>wsclientWebapp's webapp 
module<br/><br/>Browser</td></tr> 
 <tr><td>rp-ssl-server.jks (tompass)</td><td>mytomrpkey (tompass)</td><td>base 
folder of Tomcat instance holding the relying party applications for both 
samples (simpleWebapp and wsclientWebapp); STS public cert NOT imported anymore 
- instead use ststrust.jks</td>
-    <td><code>keytool -genkeypair -validity 730 -alias mytomrpkey -keystore 
rp-ssl-server.jks -dname "cn=localhost" -keypass tompass -storepass 
tompass</code></td>
-    <td>Nobody</td><td>Browser</td></tr> 
+    <td><code>keytool -genkeypair -validity 730 -alias mytomrpkey -keystore 
rp-ssl-server.jks -dname "cn=localhost" -keypass tompass -storepass 
tompass</code><br/><br/><code>keytool -keystore rp-ssl-server.jks -storepass 
tompass -export -alias mytomrpkey -file MyTCRP.cer</code></td>
+    <td>Nobody</td><td>Browser<br/><br/>IDP STS</td></tr> 
 <tr><td>wsp-ssl-server.jks (tompass)</td><td>mytomwspkey 
(tompass)</td><td>base folder of Tomcat instance holding the web service 
provider in the second (wsClientWebapp) sample</td>
     <td><code>keytool -genkeypair -validity 730 -alias mytomwspkey -keystore 
wsp-ssl-server.jks -dname "cn=localhost" -keypass tompass -storepass 
tompass</code><br/><br/><code>keytool -keystore wsp-ssl-server.jks -storepass 
tompass -export -alias mytomwspkey -file MyTCWSP.cer</code></td>
     <td>Nobody</td><td>wsclientWebapp's webapp module</td></tr> 
@@ -23,24 +24,25 @@ is recommended.</p>
 <tr><td>idp-ssl-trust.jks (ispass)</td><td>myidpkey 
(ikpass)</td><td>services/idp/src/main/resources/idp-ssl-trust.jks</td>
     <td><code>keytool -import -trustcacerts -keystore idp-ssl-trust.jks 
-storepass ispass -alias mytomidpkey -file MyTCIDP.cer -noprompt</code></td>
     <td>mytomidpkey (because of SSL call to IDP STS)</td><td>IDP STS</td></tr> 
-<tr><td>stsrealm_a.jks (storepass)</td><td>realma 
(realma)</td><td>services/sts/src/realms/resources/stsrealm_a.jks</td>
+<tr><td>stsrealm_a.jks (storepass)</td><td>realma 
(realma)</td><td>services/sts/src/main/resources/stsrealm_a.jks</td>
     <td><code>
 keytool -genkeypair -keyalg RSA -validity 3600 -alias realma -keystore 
stsrealm_a.jks -dname "cn=REALMA" -keypass realma -storepass storepass<br/><br/>
 keytool -export -rfc -keystore stsrealm_a.jks -storepass storepass -alias 
realma -file realma.cert
 </code>
-</td>
+</td>√
     <td>Nobody</td><td>By Relying Party (ststrust.jks)</td></tr>
-<tr><td>stsrealm_b.jks (storepass)</td><td>realmb 
(realmb)</td><td>services/sts/src/realms/resources/stsrealm_b.jks</td>
+<tr><td>stsrealm_b.jks (storepass)</td><td>realmb 
(realmb)</td><td>services/sts/src/main/resources/stsrealm_b.jks</td>
     <td><code>
 keytool -genkeypair -keyalg RSA -validity 3600 -alias realma -keystore 
stsrealm_b.jks -dname "cn=REALMB" -keypass realmb -storepass storepass<br/><br/>
 keytool -export -rfc -keystore stsrealm_b.jks -storepass storepass -alias 
realmb -file realmb.cert
 </code>
 </td>
     <td>Nobody</td><td>By Relying Party (ststrust.jks)</td></tr>
-<tr><td>ststrust.jks (storepass)</td><td>N/A (no key, just a 
truststore)</td><td>examples/samplekeys/ststrust.jks<br/><br/>services/sts/src/realms/resources/ststrust.jks</td>
+<tr><td>ststrust.jks (storepass)</td><td>N/A (no key, just a 
truststore)</td><td>examples/samplekeys/ststrust.jks<br/><br/>services/sts/src/main/resources/ststrust.jks</td>
     <td><code>
 keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass 
-alias realma -file realma.cert -noprompt<br/><br/>
-keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass 
-alias realmb -file realmb.cert -noprompt
+keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass 
-alias realmb -file realmb.cert -noprompt<br/><br/>
+keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass 
-alias rpcert -file MyTCRP.cer -noprompt
 </code>
 </td>
     <td>Nobody</td><td>By Relying Party (Fediz configuration file)</td></tr>   
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/612dd077/examples/samplekeys/ststrust.jks
----------------------------------------------------------------------
diff --git a/examples/samplekeys/ststrust.jks b/examples/samplekeys/ststrust.jks
index 911945c..bad73f4 100644
Binary files a/examples/samplekeys/ststrust.jks and 
b/examples/samplekeys/ststrust.jks differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/612dd077/examples/wsclientWebapp/webapp/src/main/resources/rp-ssl-key.jks
----------------------------------------------------------------------
diff --git a/examples/wsclientWebapp/webapp/src/main/resources/rp-ssl-key.jks 
b/examples/wsclientWebapp/webapp/src/main/resources/rp-ssl-key.jks
new file mode 100644
index 0000000..c37cbbf
Binary files /dev/null and 
b/examples/wsclientWebapp/webapp/src/main/resources/rp-ssl-key.jks differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/612dd077/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git 
a/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml 
b/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
index d5defb2..eea1ab2 100644
--- 
a/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
+++ 
b/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
@@ -62,6 +62,11 @@
                        <sec:trustManagers>
                                <sec:keyStore type="jks" password="waspass" 
resource="webappKeystore.jks" />
                        </sec:trustManagers>
+                        <!-- new keyManager is needed for client cert 
authentication against STS Transport_Port,
+                             rp-ssl-key.jks is a copy of the keystore 
rp-ssl-server.jks that is used for SSL by the webapp. -->
+                        <sec:keyManagers keyPassword="tompass">
+                                <sec:keyStore type="jks" password="tompass" 
resource="rp-ssl-key.jks"/>
+                       </sec:keyManagers>
                </http:tlsClientParameters>
        </http:conduit>
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/612dd077/services/sts/src/main/resources/ststrust.jks
----------------------------------------------------------------------
diff --git a/services/sts/src/main/resources/ststrust.jks 
b/services/sts/src/main/resources/ststrust.jks
index 911945c..3a408ae 100644
Binary files a/services/sts/src/main/resources/ststrust.jks and 
b/services/sts/src/main/resources/ststrust.jks differ

Reply via email to