Author: prabath Date: Fri Apr 4 01:03:05 2008 New Revision: 15547 Log:
documentation changes for the release 1.5 Added: trunk/solutions/identity/modules/documentation/src/site/xdoc/op_administratorguide.xml Modified: trunk/solutions/identity/modules/documentation/src/site/site.xml trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_administratorguide.xml trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_production.xml Modified: trunk/solutions/identity/modules/documentation/src/site/site.xml ============================================================================== --- trunk/solutions/identity/modules/documentation/src/site/site.xml (original) +++ trunk/solutions/identity/modules/documentation/src/site/site.xml Fri Apr 4 01:03:05 2008 @@ -1,59 +1,60 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<project name="WSO2 Identity Solution"> - <!-- TODO deal with banners--> - <!--<bannerLeft> - <name>Apache Axis2</name> - <src>http://www.apache.org/images/asf_logo_wide.png</src> - <href>http://ws.apache.org/axis2/</href> - </bannerLeft> - <bannerRight> - <src>http://ws.apache.org/axis2/images/axis.jpg</src> - </bannerRight>--> - <body> - <links> - <item name="Apache Rampart/Java" href="http://ws.apache.org/rampart"; /> - <item name="WSO2 WSAS" href="http://www.wso2.org/projects/wsas/java"; /> - <item name="Apache WS" href="http://ws.apache.org"; /> - <item name="Apache" href="http://www.apache.org"; /> - </links> - - <menu name="WSO2 Identity Solution"> - <item name="Content" href="index_docs.html"/> - <item name="Home" href="index.html"/> - </menu> - <menu name="Downloads"> - <item name="Releases" - href="http://dist.wso2.org/products/solutions/identity/@wso2is_version@"/> - </menu> - <menu name="Documentation" href="index_docs.html"> - <item name="Adminstrator Guide" href="idp_administratorguide.html"/> - <item name="Installation Guide" href="installation_guide.html"/> - <item name="Identity Provider in Production Environment" href="idp_production.html"/> - <item name="mod_cspace Configuration Guide" href="mod_cspace_config.html"/> - <item name="Relying Party Developer Guide" href="rp_developer_guide.html"/> - <item name="Idp User Guide" href="idp_userguide.html"/> - </menu> - - <menu name="Samples"> - <item name="Identity Provider" href="idp_sample.html"/> - <item name="PHP Relying Party" href="php.html"/> - <item name="Java Relying Party" href="rp_sample.html"/> - <item name="Access Control" href="ac_sample.html"/> - </menu> - - <menu name="API Documentation"> - <item name="Java Docs" href="apidocs/index.html"/> - </menu> - - <menu name="Get Involved" href="overview.html"> - <item name="Mailing Lists" href="mail-lists.html"/> - </menu> - <menu name="Project Information"> - <item name="Project Team" href="team-list.html"/> - <item name="Issue Tracking" href="issue-tracking.html"/> - <item name="License" - href="http://www.apache.org/licenses/LICENSE-2.0.html"/> - </menu> - - </body> -</project> +<?xml version="1.0" encoding="ISO-8859-1"?> +<project name="WSO2 Identity Solution"> + <!-- TODO deal with banners--> + <!--<bannerLeft> + <name>Apache Axis2</name> + <src>http://www.apache.org/images/asf_logo_wide.png</src> + <href>http://ws.apache.org/axis2/</href> + </bannerLeft> + <bannerRight> + <src>http://ws.apache.org/axis2/images/axis.jpg</src> + </bannerRight>--> + <body> + <links> + <item name="Apache Rampart/Java" href="http://ws.apache.org/rampart"; /> + <item name="WSO2 WSAS" href="http://www.wso2.org/projects/wsas/java"; /> + <item name="Apache WS" href="http://ws.apache.org"; /> + <item name="Apache" href="http://www.apache.org"; /> + </links> + + <menu name="WSO2 Identity Solution"> + <item name="Content" href="index_docs.html"/> + <item name="Home" href="index.html"/> + </menu> + <menu name="Downloads"> + <item name="Releases" + href="http://dist.wso2.org/products/solutions/identity/@wso2is_version@"/> + </menu> + <menu name="Documentation" href="index_docs.html"> + <item name="Idnetity Provider Adminstrator Guide" href="idp_administratorguide.html"/> + <item name="OpenID Provider Adminstrator Guide" href="op_administratorguide.html"/> + <item name="Installation Guide" href="installation_guide.html"/> + <item name="Idetity Solution in Production Environment" href="idp_production.html"/> + <item name="mod_cspace Configuration Guide" href="mod_cspace_config.html"/> + <item name="Relying Party Developer Guide" href="rp_developer_guide.html"/> + <item name="Idp User Guide" href="idp_userguide.html"/> + </menu> + + <menu name="Samples"> + <item name="Identity Provider" href="idp_sample.html"/> + <item name="PHP Relying Party" href="php.html"/> + <item name="Java Relying Party" href="rp_sample.html"/> + <item name="Access Control" href="ac_sample.html"/> + </menu> + + <menu name="API Documentation"> + <item name="Java Docs" href="apidocs/index.html"/> + </menu> + + <menu name="Get Involved" href="overview.html"> + <item name="Mailing Lists" href="mail-lists.html"/> + </menu> + <menu name="Project Information"> + <item name="Project Team" href="team-list.html"/> + <item name="Issue Tracking" href="issue-tracking.html"/> + <item name="License" + href="http://www.apache.org/licenses/LICENSE-2.0.html"/> + </menu> + + </body> +</project> Modified: trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_administratorguide.xml ============================================================================== --- trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_administratorguide.xml (original) +++ trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_administratorguide.xml Fri Apr 4 01:03:05 2008 @@ -1,151 +1,156 @@ -<!-- - ~ Copyright 2005-2007 WSO2, Inc. (http://wso2.com) - ~ - ~ Licensed under the Apache License, Version 2.0 (the "License"); - ~ you may not use this file except in compliance with the License. - ~ You may obtain a copy of the License at - ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 - ~ - ~ Unless required by applicable law or agreed to in writing, software - ~ distributed under the License is distributed on an "AS IS" BASIS, - ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ~ See the License for the specific language governing permissions and - ~ limitations under the License. - --> - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" - "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd";> -<html xmlns="http://www.w3.org/1999/xhtml";> -<body> -<p>[<a -href="http://dist.wso2.org/products/solutions/identity/@wso2is_version@";>Download</a>] -| [<a href="index_docs.html">Documentation Index</a>] | [<a -href="release-notes.html">Release Note</a>]</p> - -<h1>WSO2 Identity Solution, [EMAIL PROTECTED]@-Administrator's Guide</h1> - -<p>This document provides information and instructions on the functionality -of the Management Console of WSO2 Identity Solution .</p> - -<p>Your feedback on WSO2 Identity Solution is most appreciated. Please send them to our <a -href="index.html#mail">mailing lists</a>.</p> - -<h2>Content</h2> - -<div class="toc"> -<ul> - <li><a href="#start">Loging to Admin Console</a></li> - <li><a href="#configure">Intial Configuration</a></li> - <ul> - <li><a href="#userstore">User Stores</a></li> - <li><a href="#claims">Defining Claims</a></li> - <li><a href="#claim_mapping">Mapping Claims</a></li> - </ul> - <li><a href="#manage">Manage IdP</a></li> - <ul> - <li><a href="#users">Manage Users</a></li> - <li><a href="#relying_parties">Trusted Relying Parties</a></li> - <li><a href="#issued_cards">Issued Cards</a></li> - </ul> - <li><a href="#stats">Statics</a></li> -</ul> -</div> - -<h2 id="start">Loging to Admin Console</h2> -<p>Download and install Identity Provider as in -<a href="installation_guide.html">here</a>.</p> -<br/> - -<p>Point your browser to https://host:port/admin. If you haven't changed -the default settings then you should be able to login to -https://localhost:12443/admin/ using username "admin" and passowrd "admin".</p> - -<h2 id="configure">Configure Identity Provider</h2> -<h3><a name="userstore"></a>User Stores</h3> -<p>WSO2 Identity Solution can access users from existing user stores. Identity Provider will -issue Managed Cards and Tokens for the users in configured user store. You can have several user -stores but only one can be active at a time. User store can be an LDAP or JDBC.</p> -<br/> -<strong>LDAP - org.wso2.usermanager.custom.ldap.LDAPRealm</strong> -<table> - <tr><td>Parameter Name</td><td>Description</td></tr> - <tr><td>ConnectionUrl</td><td>LDAP connection url - e.g. ldap://localhost:389</td></tr> - <tr><td>ConnectionName</td><td>LDAP connection username. This must be a root user who can read attribute IDs</td></tr> - <tr><td>ConnectionPass</td><td>LDAP connection password.</td></tr> - <tr><td>UserPattern</td><td>User search pattern must be given - e.g. uid={0},ou=People,dc=wso2,dc=com </td></tr> - <tr><td>UserContextName</td><td>Name of the context, where user objects are stored</td></tr> - <tr><td>AttributeIds</td><td>User Attribute IDs that will be read by the IdP. - Column names must be comma seperated - e.g. email_address, telephone. These attributes - will be included in the issued SAML tokens. </td></tr> -</table> - -<strong>JDBC - org.wso2.usermanager.custom.jdbc.JDBCRealm</strong> -<table> - <tr><td>Parameter Name</td><td>Description</td></tr> - <tr><td>DriverName</td><td>JDBC Driver's class name. It must be present in the classpath - e.g. org.apache.derby.jdbc.EmbeddedDriver</td></tr> - <tr><td>ConnectionURL</td><td>Connection URL to the database - e.g. jdbc:derby:home/identity/database/SAMPLE_DB</td></tr> - <tr><td>ConnectionUserName</td><td>Connection username to the database</td></tr> - <tr><td>ConnectionPassword</td><td>Connection password of the username</td></tr> - <tr><td>UserTable</td><td>User table name in the database.</td></tr> - <tr><td>UserNameColumn</td><td>User name column in the User table</td></tr> - <tr><td>UserCredentialColumn</td><td>User credential column in the User table</td></tr> - <tr><td>ColumnNames</td><td>Column names of the user table from where the user properties will be read. - Column names must be comma seperated - e.g. email_address, telephone. These attributes - will be included in the issued SAML tokens. - </td></tr> -</table> - -<h3><a name="claims"></a>Defining Claims</h3> - -<p>The standard set of claims of the http://schemas.xmlsoap.org/ws/2005/05/identity -dialect and another set of sample claims are available in this view. Use -the "add new dialect" option and "add new claim" option to add diatects and -claims. -</p> - -<p>Click the "switch" icon in the claim detail section of each claim to enable/disable -a claim.</p> - -<h3><a name="claim_mapping"></a>Mapping Claims</h3> - -<p>This view allows mapping a claim to a user attribute in the user store. The -available attibute identifiers will be shown in the claim edit view, when the -display name of a claim is selected.</p> - -<h2 id="manage">Manage Identity Provider</h2> - -<h3><a name="users"></a>Manage Users</h3> - -<p>The user management currectly allows the administrator to view the -list of users who can use the identity provider.</p> - -<h3><a name="relying_parties"></a>Trusted Relying Parties</h3> - -<p>Administrator can specify a list of relying parties trusted globally by the -identity provider. To add a new relying party to this list, click on the -"Add new trusted relying party" link and provide the certificate of the -relying party. This certificate must be in DER format (When you export a -cerificate using java keytool the certificate will be in DER format). -The "Common Name" (CN) of this certificate will be used to identify -the host name of the trusted relying party.</p> - -<h3><a name="issued_cards"></a>Issued Cards</h3> - -<p>Administator can view issued and revoked information cards using this view. -A card can be revoked using the "Revoke Card" option.</p> - -<h2 id="stats">Statistics</h2> -<p>Statistics provides information on user behavior, card downloads and token issuance. These are the reports that it generates.</p> -<ul> -<li>View All users</li> -<li>User Behavior Report</li> -<li>Failed Card Issuences</li> -<li>Failed Token Issuences</li> -<li>Tokens by User - Clicking on details will give you a descriptive view of the summery</li> -<li>Tokens by Card - Clicking on details will give you a descriptive view of the summery</li> -<li>Tokens by User and Card - Clicking on details will give you a descriptive view of the summery</li> -<li>Info Cards by User - Clicking on details will give you a descriptive view of the summery</li> -</ul> -</body> -</html> +<!-- + ~ Copyright 2005-2007 WSO2, Inc. (http://wso2.com) + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> + +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" + "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd";> +<html xmlns="http://www.w3.org/1999/xhtml";> +<body> +<p>[<a +href="http://dist.wso2.org/products/solutions/identity/@wso2is_version@";>Download</a>] +| [<a href="index_docs.html">Documentation Index</a>] | [<a +href="release-notes.html">Release Note</a>]</p> + +<h1>WSO2 Identity Solution, [EMAIL PROTECTED]@-Identity Provider Administrator's Guide</h1> + +<p>This document provides information and instructions on the functionality +of the Management Console of WSO2 Identity Solution .</p> + +<p>Your feedback on WSO2 Identity Solution is most appreciated. Please send them to our <a +href="index.html#mail">mailing lists</a>.</p> + +<h2>Content</h2> + +<div class="toc"> +<ul> + <li><a href="#start">Loging to Admin Console</a></li> + <li><a href="#configure">Intial Configuration</a></li> + <ul> + <li><a href="#userstore">User Stores</a></li> + <li><a href="#claims">Defining Claims</a></li> + <li><a href="#claim_mapping">Mapping Claims</a></li> + </ul> + <li><a href="#manage">Manage IdP</a></li> + <ul> + <li><a href="#users">Manage Users</a></li> + <li><a href="#relying_parties">Trusted Relying Parties</a></li> + <li><a href="#issued_cards">Issued Cards</a></li> + </ul> + <li><a href="#stats">Statics</a></li> +</ul> +</div> + +<h2 id="start">Loging to Admin Console</h2> +<p>Download and install Identity Provider as in +<a href="installation_guide.html">here</a>.</p> +<br/> + +<p>Point your browser to https://host:port/admin. If you haven't changed +the default settings then you should be able to login to +https://localhost:12443/admin/ using username "admin" and passowrd "admin".</p> + +<h2 id="configure">Configure Identity Provider</h2> +<h3><a name="userstore"></a>User Stores</h3> +<p>WSO2 Identity Solution can access users from existing user stores. Identity Provider will +issue Managed Cards and Tokens for the users in configured user store. You can have several user +stores but only one can be active at a time. User store can be an LDAP or JDBC.</p> +<br/> +<strong>LDAP - org.wso2.usermanager.custom.ldap.LDAPRealm</strong> +<table> + <tr><td>Parameter Name</td><td>Description</td></tr> + <tr><td>ConnectionUrl</td><td>LDAP connection url - e.g. ldap://localhost:389</td></tr> + <tr><td>ConnectionName</td><td>LDAP connection username. This must be a root user who can read attribute IDs</td></tr> + <tr><td>ConnectionPass</td><td>LDAP connection password.</td></tr> + <tr><td>UserPattern</td><td>User search pattern must be given - e.g. uid={0},ou=People,dc=wso2,dc=com </td></tr> + <tr><td>UserContextName</td><td>Name of the context, where user objects are stored</td></tr> + <tr><td>AttributeIds</td><td>User Attribute IDs that will be read by the IdP. + Column names must be comma seperated - e.g. email_address, telephone. These attributes + will be included in the issued SAML tokens. </td></tr> +</table> + +<strong>JDBC - org.wso2.usermanager.custom.jdbc.JDBCRealm</strong> +<table> + <tr><td>Parameter Name</td><td>Description</td></tr> + <tr><td>DriverName</td><td>JDBC Driver's class name. It must be present in the classpath - e.g. org.apache.derby.jdbc.EmbeddedDriver</td></tr> + <tr><td>ConnectionURL</td><td>Connection URL to the database - e.g. jdbc:derby:home/identity/database/SAMPLE_DB</td></tr> + <tr><td>ConnectionUserName</td><td>Connection username to the database</td></tr> + <tr><td>ConnectionPassword</td><td>Connection password of the username</td></tr> + <tr><td>UserTable</td><td>User table name in the database.</td></tr> + <tr><td>UserNameColumn</td><td>User name column in the User table</td></tr> + <tr><td>UserCredentialColumn</td><td>User credential column in the User table</td></tr> + <tr><td>ColumnNames</td><td>Column names of the user table from where the user properties will be read. + Column names must be comma seperated - e.g. email_address, telephone. These attributes + will be included in the issued SAML tokens. + </td></tr> +</table> + +<h3><a name="claims"></a>Defining Claims</h3> + +<p>The standard set of claims of the http://schemas.xmlsoap.org/ws/2005/05/identity +dialect and another set of sample claims are available in this view. Use +the "add new dialect" option and "add new claim" option to add diatects and +claims. +</p> + +<p>Click the "switch" icon in the claim detail section of each claim to enable/disable +a claim.</p> + +<br/> + +<p>A detailed guide on defining claims realted to OpenID is available <a href="op_administratorguide.xml">here</a>.</p> + +<h3><a name="claim_mapping"></a>Mapping Claims</h3> + +<p>This view allows mapping a claim to a user attribute in the user store. The +available attibute identifiers will be shown in the claim edit view, when the +display name of a claim is selected.</p> + +<h2 id="manage">Manage Identity Provider</h2> + +<h3><a name="users"></a>Manage Users</h3> + +<p>The user management currectly allows the administrator to view the +list of users who can use the identity provider.</p> + +<h3><a name="relying_parties"></a>Trusted Relying Parties</h3> + +<p>Administrator can specify a list of relying parties trusted globally by the +identity provider. To add a new relying party to this list, click on the +"Add new trusted relying party" link and provide the certificate of the +relying party. This certificate must be in DER format (When you export a +cerificate using java keytool the certificate will be in DER format). +The "Common Name" (CN) of this certificate will be used to identify +the host name of the trusted relying party.</p> + +<h3><a name="issued_cards"></a>Issued Cards</h3> + +<p>Administator can view issued and revoked information cards using this view. +A card can be revoked using the "Revoke Card" option.</p> + +<h2 id="stats">Statistics</h2> +<p>Statistics provides information on user behavior, card downloads and token issuance. These are the reports that it generates.</p> +<ul> +<li>View All users</li> +<li>User Behavior Report</li> +<li>Failed Card Issuences</li> +<li>Failed Token Issuences</li> +<li>Tokens by User - Clicking on details will give you a descriptive view of the summary</li> +<li>Tokens by Card - Clicking on details will give you a descriptive view of the summary</li> +<li>Tokens by User and Card - Clicking on details will give you a descriptive view of the summary</li> +<li>Info Cards by User - Clicking on details will give you a descriptive view of the summary</li> +<li>OpenIDs by User</li> +</ul> +</body> +</html> Modified: trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_production.xml ============================================================================== --- trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_production.xml (original) +++ trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_production.xml Fri Apr 4 01:03:05 2008 @@ -1,135 +1,145 @@ -<!-- - ~ Copyright 2005-2007 WSO2, Inc. (http://wso2.com) - ~ - ~ Licensed under the Apache License, Version 2.0 (the "License"); - ~ you may not use this file except in compliance with the License. - ~ You may obtain a copy of the License at - ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 - ~ - ~ Unless required by applicable law or agreed to in writing, software - ~ distributed under the License is distributed on an "AS IS" BASIS, - ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ~ See the License for the specific language governing permissions and - ~ limitations under the License. - --> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" - "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd";> -<html xmlns="http://www.w3.org/1999/xhtml";> -<body> -<h1>WSO2 Identity Solution, [EMAIL PROTECTED]@ : Deploying Identity Provider in Production</h1> - -<p>The identity provider by default comes configured with a simple sample and -can be used in the localhost to try all the samples. There are a set of -configuration changes that one has to follow in deploying the Identity Provider -application in production.</p> -<p>These changes should be applied on a fresh identity provider instance. (i.e. -Do not start the identity provider until the configurations are finalized)</p> - - -<h2>Step 1: Edit server configuration file</h2> - -<p>Open [EMAIL PROTECTED]@/conf/server.xml file</p> - -<p> This private key is used for the HTTPS channel and for the token issuer to -sign the issued tokens. This information has to be changed in two files. -</p> - -<p>Following section of the server.xml should be updated to match your privete key -information. The private key must be available in a keystore of type -"JKS" or "PKCS12". For more information on keystores please see -<a href="http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html";>here -</a>.</p> -<pre><![CDATA[ - - <!-- - Security configurations - --> - <Security> - <!-- - KeyStore which will be used for encrypting/decrypting passwords - and other sensitive information. - --> - <KeyStore> - <!-- Keystore file location--> - <Location>${wso2wsas.home}/conf/wso2is.jks</Location> - <!-- Keystore type (JKS/PKCS12 etc.)--> - <Type>JKS</Type> - <!-- Keystore password--> - <Password>wso2is</Password> - <!-- Private Key alias--> - <KeyAlias>localhost</KeyAlias> - <!-- Private Key password--> - <KeyPassword>wso2is</KeyPassword> - </KeyStore> - - -]]></pre> - -<p>Also note that the host name of the Identity Provider must be changed to match -the "Common Name" of the certificate of the private key.</p> - -<pre><![CDATA[ - - <!-- - Host name of the machine hosting this server - e.g. www.wso2.org - --> - - <HostName>www.foo.com</HostName> - - -]]></pre> - -<p>The HTTP and HTTPS port also can be changed by chnaging the following -configuration elements.</p> - -<pre><![CDATA[ - - <Ports> - <HTTP>12080</HTTP> - <HTTPS>12443</HTTPS> - </Ports> - -]]></pre> - -<h2>Step 2 : [EMAIL PROTECTED]@/conf/axis2.xml file</h2> - -<p>The "transportReceiver" configurations of axis2.xml will have to be updated -to match the keystore and ports setting changes.</p> - - -<pre><![CDATA[ - - <transportReceiver name="http" - class="org.wso2.wsas.transport.http.HttpTransportListener"> - <parameter name="port">12080</parameter> - </transportReceiver> - - <transportReceiver name="https" - class="org.wso2.wsas.transport.http.HttpsTransportListener"> - <parameter name="port">12443</parameter> - <parameter name="sslProtocol">TLS</parameter> - <parameter name="maxHttpHeaderSize">8192</parameter> - <parameter name="maxThreads">150</parameter> - <parameter name="minSpareThreads">25</parameter> - <parameter name="maxSpareThreads">75</parameter> - <parameter name="enableLookups">false</parameter> - <parameter name="disableUploadTimeout">false</parameter> - <parameter name="clientAuth">false</parameter> - <parameter name="acceptCount">100</parameter> - <parameter name="keystore"> - <wso2wsas:KeyStore xmlns:wso2wsas="http://www.wso2.org/products/wsas";> - <!-- Keystore file location--> - <wso2wsas:Location>conf/wso2is.jks</wso2wsas:Location> - <!-- Keystore type (JKS/PKCS12 etc.)--> - <wso2wsas:Type>JKS</wso2wsas:Type> - <!-- Keystore password--> - <wso2wsas:Password>wso2is</wso2wsas:Password> - </wso2wsas:KeyStore> - </parameter> - </transportReceiver> -]]></pre> - -</body> +<!-- + ~ Copyright 2005-2007 WSO2, Inc. (http://wso2.com) + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" + "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd";> +<html xmlns="http://www.w3.org/1999/xhtml";> +<body> +<h1>WSO2 Identity Solution, [EMAIL PROTECTED]@ : Deploying Identity Provider in Production</h1> + +<p>The identity provider by default comes configured with a simple sample and +can be used in the localhost to try all the samples. There are a set of +configuration changes that one has to follow in deploying the Identity Provider +application in production.</p> +<p>These changes should be applied on a fresh identity provider instance. (i.e. +Do not start the identity provider until the configurations are finalized)</p> + + +<h2>Step 1: Edit server configuration file</h2> + +<p>Open [EMAIL PROTECTED]@/conf/server.xml file</p> + +<p> This private key is used for the HTTPS channel and for the token issuer to +sign the issued tokens. This information has to be changed in two files. +</p> + +<p>Following section of the server.xml should be updated to match your privete key +information. The private key must be available in a keystore of type +"JKS" or "PKCS12". For more information on keystores please see +<a href="http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html";>here +</a>.</p> +<pre><![CDATA[ + + <!-- + Security configurations + --> + <Security> + <!-- + KeyStore which will be used for encrypting/decrypting passwords + and other sensitive information. + --> + <KeyStore> + <!-- Keystore file location--> + <Location>${wso2wsas.home}/conf/wso2is.jks</Location> + <!-- Keystore type (JKS/PKCS12 etc.)--> + <Type>JKS</Type> + <!-- Keystore password--> + <Password>wso2is</Password> + <!-- Private Key alias--> + <KeyAlias>localhost</KeyAlias> + <!-- Private Key password--> + <KeyPassword>wso2is</KeyPassword> + </KeyStore> + + +]]></pre> + +<p>Also note that the host name of the Identity Provider must be changed to match +the "Common Name" of the certificate of the private key.</p> + +<pre><![CDATA[ + + <!-- + Host name of the machine hosting this server + e.g. www.wso2.org + --> + + <HostName>www.foo.com</HostName> + + +]]></pre> + +<p>The HTTP and HTTPS port also can be changed by chnaging the following +configuration elements.</p> + +<pre><![CDATA[ + + <Ports> + <HTTP>12080</HTTP> + <HTTPS>12443</HTTPS> + </Ports> + +]]></pre> + +<p>OpenID provider server url can be changed by changing the following +configuration element.Once this is set, OpenIDs will be generated in the +following format [OpenIDServerUrl]/user/[User Name].</p> +<p>e.g: http://localhost:12080/user/bob</p> +<pre><![CDATA[ + + <OpenIDServerUrl>http://localhost:12080</OpenIDServerUrl> + +]]></pre> + +<h2>Step 2 : [EMAIL PROTECTED]@/conf/axis2.xml file</h2> + +<p>The "transportReceiver" configurations of axis2.xml will have to be updated +to match the keystore and ports setting changes.</p> + + +<pre><![CDATA[ + + <transportReceiver name="http" + class="org.wso2.wsas.transport.http.HttpTransportListener"> + <parameter name="port">12080</parameter> + </transportReceiver> + + <transportReceiver name="https" + class="org.wso2.wsas.transport.http.HttpsTransportListener"> + <parameter name="port">12443</parameter> + <parameter name="sslProtocol">TLS</parameter> + <parameter name="maxHttpHeaderSize">8192</parameter> + <parameter name="maxThreads">150</parameter> + <parameter name="minSpareThreads">25</parameter> + <parameter name="maxSpareThreads">75</parameter> + <parameter name="enableLookups">false</parameter> + <parameter name="disableUploadTimeout">false</parameter> + <parameter name="clientAuth">false</parameter> + <parameter name="acceptCount">100</parameter> + <parameter name="keystore"> + <wso2wsas:KeyStore xmlns:wso2wsas="http://www.wso2.org/products/wsas";> + <!-- Keystore file location--> + <wso2wsas:Location>conf/wso2is.jks</wso2wsas:Location> + <!-- Keystore type (JKS/PKCS12 etc.)--> + <wso2wsas:Type>JKS</wso2wsas:Type> + <!-- Keystore password--> + <wso2wsas:Password>wso2is</wso2wsas:Password> + </wso2wsas:KeyStore> + </parameter> + </transportReceiver> +]]></pre> + +</body> </html> \ No newline at end of file Added: trunk/solutions/identity/modules/documentation/src/site/xdoc/op_administratorguide.xml ============================================================================== --- (empty file) +++ trunk/solutions/identity/modules/documentation/src/site/xdoc/op_administratorguide.xml Fri Apr 4 01:03:05 2008 @@ -0,0 +1,136 @@ +<!-- + ~ Copyright 2005-2007 WSO2, Inc. (http://wso2.com) + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> + +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" + "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd";> +<html xmlns="http://www.w3.org/1999/xhtml";> +<body> +<p>[<a +href="http://dist.wso2.org/products/solutions/identity/@wso2is_version@";>Download</a>] +| [<a href="index_docs.html">Documentation Index</a>] | [<a +href="release-notes.html">Release Note</a>]</p> + +<h1>WSO2 Identity Solution, [EMAIL PROTECTED]@-OpenID Provider Administrator's Guide</h1> + +<p>This document provides information and instructions on the functionality +of the Management Console of WSO2 Identity Solution related to OpenID Provider.</p> + +<p>Your feedback on WSO2 Identity Solution is most appreciated. Please send them to our <a +href="index.html#mail">mailing lists</a>.</p> + +<h2>Content</h2> + +<div class="toc"> +<ul> + <li><a href="#start">Configuring WSO2 Identity Provider</a></li> + <li><a href="#configure">Initial OpenID Provider Configurations</a></li> + <ul> + <li><a href="#enableOpenID">Enable OpenID Registration</a></li> + <li><a href="#claims">Defining Claims</a></li> + <li><a href="#claim_mapping">Mapping Claims</a></li> + </ul> +</ul> +</div> + +<h2 id="start">Configuring WSO2 Identity Provider</h2> +<p>Please configure WSO2 Identity Provider as in +<a href="idp_administratorguide.html">here</a>.</p> +<br/> + +<p>Point your browser to https://host:port/admin. If you haven't changed +the default settings then you should be able to login to +https://localhost:12443/admin/ using username "admin" and passowrd "admin".</p> + +<h2 id="configure">Initial OpenID Provider Configurations</h2> + +<p>WSO2 OpenID Provider supports following OpenID related specifications</p> + +<ul> +<li>OpenID Simple Registration Extension 1.1</li> +<li>OpenID Attribute Exchange 1.0</li> +<li>OpenID Provider Authentication Policy Extension 1.0, draft 1</li> +<li>OpenID Information Cards 1.0 - Draft 01</li> +</ul> + +<p>Please refer <a href="idp_production.html">this</a> for configuring WSO2 OpenID Provider in a production environment</p> + + +<h3><a name="enableOpenID"></a>Enable OpenID Registration</h3> +<p>By default OpenID registration is enabled in WSO2 Identity Solution. To change the setting, switch off the "Enable OpenID Registration" +check box under "User Management" [Manage --> Users]. +</p> + +<h3><a name="claims"></a>Defining Claims</h3> + +<p>By default claims related to OpenID are defined under two dialects.</p> + +<ul> +<li>OpenID Simple Registration 1.1: http://schema.openid.net/2007/05/claims</li> +<li>OpenID Attribute Exchange 1.0: http://axschema.org</li> +</ul> + +<p>Click the "switch" icon in the claim detail section of each claim to enable/disable +a claim.</p> +<br/> +<p>The same claim is identified by different namespaces under different contexts. For example,email address is identified by +<b>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</b> for Information Cards and for OpenID Simple Registration by +<b>http://schema.openid.net/2007/05/claims/email</b> and <b>http://axschema.org/contact/email</b> is used by OpenID Attribute Exchange. +Even under OpenID Attribute Exchange, there can be different namespaces - another widely used one is <b>http://schema.openid.net/contact/email</b>. +</p> +<br/> +<p> +If you want to suppport all of these. simply we have +to enable all these claiims as supported claims - but this will give a bad user experince since he has to enter his email 4 time at the time of registration. +To avoid this we use an internal claim mapper - which can map one namespace under one context to another namespace under a different context, using an XML configuration +file [EMAIL PROTECTED]@/conf/openid-claim-mapper.xml file].</p> + +<br/> +<p>To add a new claim as an OpenID claim, make sure you set a non-empty value for the OpenID Tag field. You can't set the same OpenID Tag for two supported claims +at the same time</p> + +<br/> +<p>With default installation WSO2 OpenID Provider supports following claims under OpenID Attribute Exchange 1.0 and all are mapped to the respective +OpenID Simple Registration claims</p> + +<ul> +<li>http://schema.openid.net/namePerson/friendly</li> +<li>http://schema.openid.net/contact/email</li> +<li>http://schema.openid.net/namePerson</li> +<li>http://schema.openid.net/birthDate</li> +<li>http://schema.openid.net/person/gender</li> +<li>http://schema.openid.net/contact/postalCode/home</li> +<li>http://schema.openid.net/contact/country/home</li> +<li>http://schema.openid.net/pref/language</li> +<li>http://schema.openid.net/pref/timezone</li> +<li>http://axschema.org/namePerson/friendly</li> +<li>http://axschema.org/contact/email</li> +<li>http://axschema.org/namePerson</li> +<li>http://axschema.org/birthDate</li> +<li>http://axschema.org/person/gender</li> +<li>http://axschema.org/contact/postalCode/home</li> +<li>http://axschema.org/contact/country/home</li> +<li>http://axschema.org/pref/language</li> +<li>http://axschema.org/pref/timezone</li> +</ul> + +<h3><a name="claim_mapping"></a>Mapping Claims</h3> + +<p>This view allows mapping a claim to a user attribute in the user store. The +available attibute identifiers will be shown in the claim edit view, when the +display name of a claim is selected.</p> + +</body> +</html> _______________________________________________ Identity-dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
