Author: buildbot
Date: Wed Jun 27 10:57:33 2018
New Revision: 1031794
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/main.pageCache
websites/production/cxf/content/fediz-metadata.html
Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/fediz-metadata.html
==============================================================================
--- websites/production/cxf/content/fediz-metadata.html (original)
+++ websites/production/cxf/content/fediz-metadata.html Wed Jun 27 10:57:33 2018
@@ -109,25 +109,24 @@ Apache CXF -- Fediz Metadata
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="FedizMetadata-FedizMetadata">Fediz
Metadata</h1>
-<p>Both the Relying Party (RP) and IDP/STS (Security Token Service) can
publish its Federation information in the standardized federation metadata
document as defined <a shape="rect" class="external-link"
href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223174943";
rel="nofollow">here</a>.</p>
-
-<h3 id="FedizMetadata-Introduction">Introduction</h3>
-<p>This specification defines concrete service roles. The
<strong>ApplicationServiceType</strong> describes the capabilities of the
Relying Party whereas the <strong>SecurityTokenServiceType</strong> describes
the capabilities of the IDP/STS.</p>
-
-<p>The following xml snippets are copied from the spec to illustrate the
structure:</p>
-
-<ul><li><strong>Relying Party</strong></li></ul>
-
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">
-<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+<div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
+div.rbtoc1530097015176 {padding: 0px;}
+div.rbtoc1530097015176 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1530097015176 li {margin-left: 0px;padding-left: 0px;}
+
+/*]]>*/</style></p><div class="toc-macro rbtoc1530097015176">
+<ul class="toc-indentation"><li><a shape="rect"
href="#FedizMetadata-Introduction">Introduction</a></li><li><a shape="rect"
href="#FedizMetadata-IDP/STS">IDP/STS</a>
+<ul class="toc-indentation"><li><a shape="rect"
href="#FedizMetadata-WS-Federation">WS-Federation</a></li><li><a shape="rect"
href="#FedizMetadata-SAMLSSO">SAML SSO</a></li></ul>
+</li><li><a shape="rect" href="#FedizMetadata-RP">RP</a>
+<ul class="toc-indentation"><li><a shape="rect"
href="#FedizMetadata-WS-Federation.1">WS-Federation</a></li><li><a shape="rect"
href="#FedizMetadata-SAMLSSO.1">SAML SSO</a></li><li><a shape="rect"
href="#FedizMetadata-ExampleRPMetadataDocument">Example RP Metadata
Document</a></li></ul>
+</li></ul>
+</div><h1 id="FedizMetadata-Introduction">Introduction</h1><p>Both the Relying
Party (RP) and IDP/STS (Security Token Service) support publishing metadata
information in a standardized metadata document, for both the WS-Federation and
SAML SSO protocols. The metadata document provides an easier way to configure
the RP in the IDP/STS or to configure the IDP/STS in the RP.</p><p>If
WS-Federation is configured then the Federation Metadata document is created as
defined <a shape="rect" class="external-link"
href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223174943";
rel="nofollow">here</a>. If SAML-SSO is configured, then the document that is
published is defined in the following <a shape="rect" class="external-link"
href="https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf";
rel="nofollow">spec</a>.</p><h1 id="FedizMetadata-IDP/STS">IDP/STS</h1><p>The
metadata document of the IDP/STS can be used to resolve IDP/STS configura
tion information at runtime or during deployment time.</p><p><em>Example:</em>
The Microsoft tool FedUtil allows to establish the trust in the RP application
to an already existing IDP/STS. You configure the URL of the published metadata
document and it generates the federation related configuration in the
application configuration file <code>web.config</code> thus you don't have to
configure it manually.</p><p>Fediz doesn't provide such kind of tool to
generate the IDP/STS related configuration in the <a shape="rect"
href="fediz-configuration.html">Fediz configuration</a> file right now.</p><h2
id="FedizMetadata-WS-Federation">WS-Federation</h2><p>The metadata for the
IdP/STS for WS-Federation is published automatically in both of the following
URLs</p><p><strong><code>https://<host>:<port>/<context>/FederationMetadata/2007-06/FederationMetadata.xml</code></strong></p><p><strong><strong><code>https://<host>:<port>/<context>/metadata</code><br
cle
ar="none"></strong><br clear="none"></strong>For example:</p><p><br
clear="none"><strong><span
class="nolink">https://localhost:9443/fediz-idp/FederationMetadata/2007-06/FederationMetadata.xml</span></strong></p><p><strong><br
clear="none"></strong>The WS-Federation metadata document defines the
<strong>SecurityTokenServiceType</strong> describes the capabilities of the
IDP/STS:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default"><EntityDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
entityID="...">
<ds:Signature>...</ds:Signature>
- <RoleDescriptor xsi:type="fed:ApplicationServiceType"
+ <RoleDescriptor xsi:type="fed:SecurityTokenServiceType"
protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706";
"http://docs.oasis-open.org/ws-sx/ws-trust/200512">
...
@@ -135,20 +134,26 @@ Apache CXF -- Fediz Metadata
...
</EntityDescriptor>
</pre>
-</div></div>
-
-
-<ul><li><strong>IDP / STS</strong></li></ul>
-
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">
+</div></div><h2 id="FedizMetadata-SAMLSSO">SAML SSO</h2><p>The metadata for
the IdP/STS for SAML-SSO is published automatically at the
URL:</p><p><strong><strong><code>https://<host>:<port>/<context>/metadata</code>?protocol=saml<br
clear="none"></strong><br clear="none"></strong>For example:</p><p><br
clear="none"><strong><span class="nolink"><span
class="nolink">https://localhost:9443/fediz-idp/metadata?protocol=saml</span><a
shape="rect" class="external-link"
href="https://localhost:9443/fediz-idp/FederationMetadata/2007-06/FederationMetadata.xml";
rel="nofollow"><br clear="none"></a></span></strong></p><p><br
clear="none">The SAML SSO metadata document defines
the <strong>IDPSSODescriptor</strong> describes the capabilities of the
IDP/STS:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default"><EntityDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
+ entityID="...">
+ <ds:Signature>...</ds:Signature>
+ <IDPSSODescriptor WantAuthnRequestsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ ...
+ </IDPSSODescriptor>
+ ...
+</EntityDescriptor>
+</pre>
+</div></div><h1 id="FedizMetadata-RP">RP</h1><p>The metadata document of the
RP can be used within the IDP/STS to resolve configuration information at
runtime. This is pretty useful as it allows to tell the IDP/STS what claims are
required by the application. If the application requires additional claims it
can be configured on the application side.</p><p>Fediz supports publishing the
Metadata document on the RP side. This document is built at runtime based on
the <a shape="rect" href="fediz-configuration.html">Fediz
configuration</a>.</p><h2
id="FedizMetadata-WS-Federation.1">WS-Federation</h2><p>It is possible to
configure the metadata URL for a WS-Federation relying part application by
specifying the 'metadataURI' configuration option. By default, the metadata for
the Relying Party for WS-Federation is published at the following
URL</p><p><strong><code>https://<host>:<port>/<context>/FederationMetadata/2007-06/FederationMetadata.xml</code><strong><br
clear="none
"></strong><br clear="none"></strong>For example:</p><p><br
clear="none"><strong><span class="nolink"><span
class="nolink">https://localhost:9443/fedizhelloworld/FederationMetadata/2007-06/FederationMetadata.xml</span></span></strong></p><p><br
clear="none">The WS-Federation metadata document defines
the <strong>ApplicationServiceType</strong> describes the capabilities of
the Relying Party:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default">
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
entityID="...">
<ds:Signature>...</ds:Signature>
- <RoleDescriptor xsi:type="fed:SecurityTokenServiceType"
+ <RoleDescriptor xsi:type="fed:ApplicationServiceType"
protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706";
"http://docs.oasis-open.org/ws-sx/ws-trust/200512">
...
@@ -156,36 +161,20 @@ Apache CXF -- Fediz Metadata
...
</EntityDescriptor>
</pre>
-</div></div>
-
-<h3 id="FedizMetadata-Usage">Usage</h3>
-
-<p>The Federation metadata document is an easier way to configure the RP in
the IDP/STS or to configure the IDP/STS in the RP. The following two sections
describe the usage of each case.</p>
-
-<h5 id="FedizMetadata-MetadatadocumentofIDP/STS">Metadata document of
IDP/STS</h5>
-
-<p>The federation metadata document of the IDP/STS can be used to resolve
IDP/STS configuration information at runtime or during deployment time.</p>
-
-<p><em>Example:</em> The Microsoft tool FedUtil allows to establish the trust
in the RP application to an already existing IDP/STS. You configure the URL of
the published metadata document and it generates the federation related
configuration in the application configuration file <code>web.config</code>
thus you don't have to configure it manually.</p>
-
-<p>Fediz doesn't provide such kind of tool to generate the IDP/STS related
configuration in the <a shape="rect" href="fediz-configuration.html">Fediz
configuration</a> file right now.</p>
-
-<h5 id="FedizMetadata-MetadatadocumentofRP">Metadata document of RP</h5>
-
-<p>The federation metadata document of the RP can be used within the IDP/STS
to resolve configuration information at runtime. This is pretty useful as it
allows to tell the IDP/STS what claims are required by the application. If the
application requires additional claims it can be configured on the application
side.</p>
-
-<p>Fediz supports publishing the Metadata document on the RP side. This
document is built at runtime based on the <a shape="rect"
href="fediz-configuration.html">Fediz configuration</a>.</p>
-
-<p>The syntax of the url is:</p>
-
-<p><strong><code>https://<host>:<port>/<context>/FederationMetadata/2007-06/FederationMetadata.xml</code></strong></p>
-
-<p>The Fediz example applications have got the context
<code>fedizhelloworld</code>.</p>
-
-<p>This is an example metadata document:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">
+</div></div><h2 id="FedizMetadata-SAMLSSO.1">SAML SSO</h2><p>It is possible to
configure the metadata URL for a SAML SSO relying party application by
specifying the 'metadataURI' configuration option. By default, the metadata for
the Relying Party for SAML SSO is published at the following
URL</p><p><strong><code>https://<host>:<port>/<context>/SAML/Metadata.xml</code><strong><br
clear="none"></strong><br clear="none"></strong>For example:</p><p><br
clear="none"><strong><span class="nolink"><span
class="nolink">https://localhost:9443/fedizhelloworld/<strong><code>SAML/Metadata.xml</code></strong></span></span></strong></p><p><strong><span
class="nolink"><span class="nolink"><strong><br
clear="none"></strong></span></span></strong><span class="nolink"><span
class="nolink">The SAML SSO metadata document defines
the <strong>SPSSODescriptor</strong> describes the capabilities of the
Relying Party:</span></span></p><div class="code panel pdl"
style="border-width: 1
px;"><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default"><EntityDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
+ entityID="...">
+ <ds:Signature>...</ds:Signature>
+ <SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ ...
+ </SPSSODescriptor>
+ ...
+</EntityDescriptor>
+</pre>
+</div></div><h2 id="FedizMetadata-ExampleRPMetadataDocument">Example RP
Metadata Document</h2><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default">
<EntityDescriptor ID="_36BF9BFBF49BA48A2D13395075556522"
entityID="https://localhost:8443/fedizhelloworld/";
xmlns:auth="http://docs.oasis-open.org/wsfed/federation/200706";
xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706";
@@ -234,10 +223,7 @@ Apache CXF -- Fediz Metadata
</fed:RoleDescriptor>
</EntityDescriptor>
</pre>
-</div></div>
-
-
-</div>
+</div></div><p><br clear="none"></p></div>
</div>
<!-- Content -->
</td>
