Author: buildbot
Date: Mon Aug 27 16:57:38 2018
New Revision: 1034453
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/main.pageCache
websites/production/cxf/content/fediz-introduction.html
websites/production/cxf/content/fediz-jetty.html
Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/fediz-introduction.html
==============================================================================
--- websites/production/cxf/content/fediz-introduction.html (original)
+++ websites/production/cxf/content/fediz-introduction.html Mon Aug 27 16:57:38
2018
@@ -99,7 +99,7 @@ Apache CXF -- Fediz Introduction
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><h2
id="FedizIntroduction-Overview">Overview</h2><p>Apache CXF Fediz is a
subproject of CXF. Fediz helps you to secure your web applications and
delegates security enforcement to the underlying application server. With
Fediz, authentication is externalized from your web application to an identity
provider installed as a dedicated server component. Apache CXF Fediz supports
both <a shape="rect" class="external-link"
href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002";
rel="nofollow">WS-Federation Passive Requestor Profile</a> and the <a
shape="rect" class="external-link"
href="https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf";
rel="nofollow">SAML Web Browser SSO Profile</a>. Fediz supports <a shape="rect"
class="external-link" href="http://en.wikipedia.org/wiki/Claims-based_identity";
rel="nofollow">Claims Based Access Control</a> beyond Role Based Access Control
(RBAC).</p><h2 id="Fed
izIntroduction-Features">Features</h2><p>Here are some of the features
supported by Fediz:</p><ul><li>WS-Federation 1.0/1.1/1.2</li><li>SAML SSO (IdP
and the Apache Tomcat 8, Spring and Apache CXF plugins only thus
far)</li><li>Support for SAML 1.1/2.0 tokens, encrypted SAML Tokens,
Holder-Of-Key Subject Confirmation Method.</li><li>Custom token
Support</li><li>Support to publish WS-Federation and SAML SSO Metadata
documents</li><li>Support for Tomcat, Jetty, Websphere, Spring Security and CXF
plugins</li><li>A new REST API for the IdP (1.2)</li><li>Support for logout in
both the RP and IdP (1.2)</li><li>Support for logging on to the IdP via
Kerberos and TLS client authentication (1.2)</li><li>Support to use the IdP as
an identity broker with a remote IdP. SAML SSO, Open Id Connect, Facebook and
WS-Federation protocols supported.</li></ul><p><br
clear="none"></p><p>   </p></div>
+<div id="ConfluenceContent"><h2
id="FedizIntroduction-Overview">Overview</h2><p>Apache CXF Fediz is a
subproject of CXF. Fediz helps you to secure your web applications and
delegates security enforcement to the underlying application server. With
Fediz, authentication is externalized from your web application to an identity
provider installed as a dedicated server component. Apache CXF Fediz supports
both <a shape="rect" class="external-link"
href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002";
rel="nofollow">WS-Federation Passive Requestor Profile</a> and the <a
shape="rect" class="external-link"
href="https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf";
rel="nofollow">SAML Web Browser SSO Profile</a>. Fediz supports <a shape="rect"
class="external-link" href="http://en.wikipedia.org/wiki/Claims-based_identity";
rel="nofollow">Claims Based Access Control</a> beyond Role Based Access Control
(RBAC).</p><h2 id="Fed
izIntroduction-Features">Features</h2><p>Here are some of the features
supported by Fediz:</p><ul><li>WS-Federation 1.0/1.1/1.2</li><li>SAML SSO (IdP
and the all of the plugins apart from websphere from the 1.4.5
release)</li><li>Support for SAML 1.1/2.0 tokens, encrypted SAML Tokens,
Holder-Of-Key Subject Confirmation Method.</li><li>Custom token
Support</li><li>Support to publish WS-Federation and SAML SSO Metadata
documents</li><li>Support for Tomcat, Jetty, Websphere, Spring Security and CXF
plugins</li><li>A new REST API for the IdP (1.2)</li><li>Support for logout in
both the RP and IdP (1.2)</li><li>Support for logging on to the IdP via
Kerberos and TLS client authentication (1.2)</li><li>Support to use the IdP as
an identity broker with a remote IdP. SAML SSO, Open Id Connect, Facebook and
WS-Federation protocols supported.</li></ul><p><br
clear="none"></p><p>   </p></div>
</div>
<!-- Content -->
</td>
Modified: websites/production/cxf/content/fediz-jetty.html
==============================================================================
--- websites/production/cxf/content/fediz-jetty.html (original)
+++ websites/production/cxf/content/fediz-jetty.html Mon Aug 27 16:57:38 2018
@@ -110,7 +110,7 @@ Apache CXF -- Fediz Jetty
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="FedizJetty-JettyPlugin">Jetty
Plugin</h1><p>Apache CXF Fediz ships plugins for Jetty 8 and 9 instances.
Previous versions of Fediz shipped plugins for Jetty 7.</p><p>This page
describes how to enable Federation for a Jetty 7/8 instance hosting Relying
Party (RP) applications. This configuration is not for a separate Tomcat
instance hosting the Fediz IDP and IDP STS WARs, or hosts for third-party
applications that use Fediz STS-generated SAML assertions for authentication.
After this configuration is done, the Jetty-RP instance will validate the
incoming SignInResponse created by the IDP server.</p><p>Prior to doing this
configuration, make sure you've first deployed the Fediz IDP and STS on the
Tomcat IDP instance as discussed <a shape="rect"
href="fediz-idp-10.html">here</a>, and can view the STS WSDL at the URL given
on that page. That page also provides some tips for running multiple Tomcat
instances on your machine.</p><h3 id="FedizJetty-Insta
llation">Installation</h3><p>You can either build the Fediz plugin on your own
or download the package <a shape="rect" href="fediz-downloads.html">here</a>.
If you have built the plugin on your own you'll find the required libraries in
<code>plugins/jetty${version}/target/...zip-with-dependencies.zip</code></p><ol><li>Create
sub-directory <code>fediz</code> in
<code>${jetty.home}/lib/fediz</code></li><li><p>Update start.ini in
${jetty.home}/start.ini by adding <code>fediz</code> to the OPTIONS</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+<div id="ConfluenceContent"><h1 id="FedizJetty-JettyPlugin">Jetty
Plugin</h1><p>Apache CXF Fediz ships plugins for Jetty 8 and 9 instances.
Previous versions of Fediz shipped plugins for Jetty 7. From release 1.4.5, the
Jetty 8 and 9 plugins support both WS-Federation and SAML SSO.</p><p>This page
describes how to enable Federation for a Jetty 7/8 instance hosting Relying
Party (RP) applications. This configuration is not for a separate Tomcat
instance hosting the Fediz IDP and IDP STS WARs, or hosts for third-party
applications that use Fediz STS-generated SAML assertions for authentication.
After this configuration is done, the Jetty-RP instance will validate the
incoming SignInResponse created by the IDP server.</p><p>Prior to doing this
configuration, make sure you've first deployed the Fediz IDP and STS on the
Tomcat IDP instance as discussed <a shape="rect"
href="fediz-idp-10.html">here</a>, and can view the STS WSDL at the URL given
on that page. That page also provides some
tips for running multiple Tomcat instances on your machine.</p><h3
id="FedizJetty-Installation">Installation</h3><p>You can either build the Fediz
plugin on your own or download the package <a shape="rect"
href="fediz-downloads.html">here</a>. If you have built the plugin on your own
you'll find the required libraries in
<code>plugins/jetty${version}/target/...zip-with-dependencies.zip</code></p><ol><li>Create
sub-directory <code>fediz</code> in
<code>${jetty.home}/lib/fediz</code></li><li><p>Update start.ini in
${jetty.home}/start.ini by adding <code>fediz</code> to the OPTIONS</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default">OPTIONS=Server,fediz
</pre>
</div></div></li><li>Deploy the libraries to the directory created in
(1)</li></ol><h3 id="FedizJetty-Configuration">Configuration</h3><h5
id="FedizJetty-HTTPSconfiguration">HTTPS configuration</h5><p>It's recommended
to set up a dedicated (separate) Jetty instance for the Relying Party. The
Fediz RP web applications use the following TCP ports:</p><ul><li>HTTP port:
8080</li><li>HTTPS port: 8443 (where IDP and STS are
accessed)</li></ul><p>These are the default ports for a standard Jetty
installation.</p><p>The Relying Party must be accessed over HTTPS to protect
the security tokens issued by the IDP.</p><p>The Jetty HTTP(s) configuration is
done in etc/jetty-ssl.xml.</p><p>The configuration is described in detail <a
shape="rect" class="external-link"
href="http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html";
rel="nofollow">here</a></p><p>This page also describes how to create
certificates. Sample Jetty keystores (not for production use, but useful for
demoing F
ediz and running the sample applications) are provided in the
examples/samplekeys folder of the Fediz distribution. Note the Jetty keystore
here is different from the one used to configure the Tomcat-IDP
instance.</p><p>To establish trust, there are significant keystore/truststore
requirements between the Servlet Container instances and the various web
applications (IDP, STS, Relying party applications, third party web services,
etc.) See <a shape="rect" class="external-link"
href="https://htmlpreview.github.io/?https://raw.githubusercontent.com/apache/cxf-fediz/master/examples/samplekeys/HowToGenerateKeysREADME.html";
rel="nofollow">this page</a> for more details, it lists the trust requirements
as well as sample scripts for creating your own (self-signed)
keys.</p><p><strong>Warning: All sample keystores provided with Fediz
(including in the WAR files for its services and examples) are for
development/prototyping use only. They'll need to be replaced for production
use, at a minimu
m with your own self-signed keys but strongly recommended to use third-party
signed keys.</strong></p><p>If you are currently just trying to run the Fediz
samples, the configuration above is all you need (the below configuration is
already provided within the samples) so you can return now to the samples'
READMEs for the next steps in running them.</p><h5
id="FedizJetty-FedizPluginconfigurationforYourWebApplication">Fediz Plugin
configuration for Your Web Application</h5><p>The Fediz related configuration
is done in a Servlet Container independent configuration file which is
described <a shape="rect" href="fediz-configuration.html">here</a>.</p><p>The
Fediz plugin requires configuring the FederationAuthenticator like any other
authenticator in Jetty. Detailed information about the Authenticators and
SecurityHandler is available <a shape="rect" class="external-link"
href="http://wiki.eclipse.org/Jetty/Tutorial/Realms";
rel="nofollow">here</a>.</p><p>The Fediz configuration file allows
to configure all servlet contexts in one file or choosing one file per
Servlet Context.</p><p>You can configure the context in context configuration
file located in <jetty.home>/contexts.</p><h6
id="FedizJetty-fedizhelloworld.xml">fedizhelloworld.xml</h6><p>Hint: file name
must be equal to war file name</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
