Author: prabath
Date: Fri Apr 4 10:33:48 2008
New Revision: 15581
Log:
documentation update
Added:
trunk/solutions/identity/modules/documentation/src/site/xdoc/oprp_developer_guide.xml
Modified:
trunk/solutions/identity/modules/documentation/src/site/resources/images/idp_userguide01.jpg
trunk/solutions/identity/modules/documentation/src/site/resources/images/idp_userguide04.jpg
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide02.jpg
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide03.jpg
trunk/solutions/identity/modules/documentation/src/site/site.xml
trunk/solutions/identity/modules/documentation/src/site/xdoc/index.xml
trunk/solutions/identity/modules/documentation/src/site/xdoc/release-notes.xml
trunk/solutions/identity/modules/documentation/src/site/xdoc/rp_developer_guide.xml
Modified:
trunk/solutions/identity/modules/documentation/src/site/resources/images/idp_userguide01.jpg
==============================================================================
Binary files. No diff available.
Modified:
trunk/solutions/identity/modules/documentation/src/site/resources/images/idp_userguide04.jpg
==============================================================================
Binary files. No diff available.
Modified:
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide02.jpg
==============================================================================
Binary files. No diff available.
Modified:
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide03.jpg
==============================================================================
Binary files. No diff available.
Modified: trunk/solutions/identity/modules/documentation/src/site/site.xml
==============================================================================
--- trunk/solutions/identity/modules/documentation/src/site/site.xml
(original)
+++ trunk/solutions/identity/modules/documentation/src/site/site.xml Fri Apr
4 10:33:48 2008
@@ -31,7 +31,8 @@
<item name="OpenID Provider Adminstrator Guide"
href="op_administratorguide.html"/>
<item name="Identity Solution in Production Environment"
href="idp_production.html"/>
<item name="mod_cspace Configuration Guide"
href="mod_cspace_config.html"/>
- <item name="Relying Party Developer Guide"
href="rp_developer_guide.html"/>
+ <item name="Relying Party Developer Guide - I"
href="rp_developer_guide.html"/>
+ <item name="Relying Party Developer Guide - II"
href="oprp_developer_guide.html"/>
<item name="Idp User Guide" href="idp_userguide.html"/>
<item name="OpenID User Guide" href="op_userguide.html"/>
</menu>
Modified: trunk/solutions/identity/modules/documentation/src/site/xdoc/index.xml
==============================================================================
--- trunk/solutions/identity/modules/documentation/src/site/xdoc/index.xml
(original)
+++ trunk/solutions/identity/modules/documentation/src/site/xdoc/index.xml
Fri Apr 4 10:33:48 2008
@@ -19,14 +19,14 @@
<body>
<h1>Welcome to WSO2 Identity Solution, [EMAIL PROTECTED]@</h1>
-<h2>October 03rd, 2007 - WSO2 Identity Solution , [EMAIL PROTECTED]@
Released!</h2>
+<h2>April 07th, 2008 - WSO2 Identity Solution , [EMAIL PROTECTED]@
Released!</h2>
<p>[<a
href="http://dist.wso2.org/products/solutions/identity/@wso2is_version@";>Download</a>]
| [<a href="index_docs.html">Documentation Home</a>] | [<a
href="release-notes.html">Release Note</a>]</p>
-<p>WSO2 Identity Solution provides following components to enable CardSpace
authentication for web applications.
+<p>WSO2 Identity Solution provides following components to enable CardSpace
and OpenID authentication for web applications.
</p>
<ul>
@@ -42,6 +42,8 @@
a security token service. Security token service can be deployed to issue
tokens
to trusted users. An identity selector will obtain tokens from the Identity
Provider and authenticate the users to a Web applications with those tokens.
+
+Indentity Provider also being added the OpenID support, where it can act as an
OpenID Provider.
</ul>
<h2>Key Features in this Release</h2>
@@ -49,12 +51,14 @@
<li>Identity provider
<ul>
<li>Supports connecting to a JDBC or an LDAP user store</li>
- <li>Issues information cards based on username-token credential and
+ <li>Issues information cards based on username-token credential
and
self issued credential</li>
<li>Allows adding custom claims and mapping them to user
attributes in
the user store</li>
<li>Revocation of issued information cards</li>
<li>Manage trusted relying parties</li>
+ <li>OpenID Provider support</li>
+ <li>OpenID information card support</li>
</ul>
</li>
<li>Apache HTTPD relying party module - mod_cspace</li>
@@ -76,6 +80,7 @@
<li>Apache Derby (Database)</li>
<li>Hibernate (Persistence)</li>
<li>Embedded Apache Tomcat</li>
+ <li>OpenID4Java</li>
</ul>
<h2>WSO2 Identity Solution , Documentation</h2>
Added:
trunk/solutions/identity/modules/documentation/src/site/xdoc/oprp_developer_guide.xml
==============================================================================
--- (empty file)
+++
trunk/solutions/identity/modules/documentation/src/site/xdoc/oprp_developer_guide.xml
Fri Apr 4 10:33:48 2008
@@ -0,0 +1,362 @@
+<!--
+ ~ Copyright 2005-2007 WSO2, Inc. (http://wso2.com)
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+<head>
+</head>
+<body>
+<h1>WSO2 Identity Solution, [EMAIL PROTECTED]@ : Java Servlet Filter Developer
Guide : Part II</h1>
+
+<h2>Introduction</h2>
+This servlet filter
org.wso2.solutions.identity.relyingparty.servletfilter.RelyingPartyFilter
+can be used with a servlet based web application to provide information card
and OpenID
+login to that application.The Part II of this guide explains how you can add
OpenID and OpenID Information Card support to
+a relying party web application. The developer should follow the steps
described below
+in intgrating this servlet filter:
+
+<h2>Adding OpenID Information Card Support</h2>
+
+<p></p>
+<h3>Step 1 : Add the servlet filter to your application</h3>
+
+<p>Include the following entry in the web.xml file of the application:</p>
+
+<pre><![CDATA[
+
+ <filter>
+ <filter-name>TokenValidator</filter-name>
+
<filter-class>org.wso2.solutions.identity.relyingparty.servletfilter.RelyingPartyFilter</filter-class>
+ <init-param>
+ <param-name> ................ </param-name>
+ <param-value> ............... </param-value>
+ </init-param>
+ <init-param>
+ ......................
+ </init-param>
+ ......................
+ ......................
+ </filter>
+
+ <filter-mapping>
+ <filter-name>TokenValidator</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+]]></pre>
+<br/>
+<br/>
+Add the following as init-params to the web.xml
+<br/>
+<br/>
+<table>
+ <tr>
+ <th>ParameterName</th>
+ <th>Required</th>
+ <th>Description</th>
+ </tr>
+ <tr>
+ <td>Keystore</td>
+ <td>Yes</td>
+ <td>Relative path to the keystore holding private key</td>
+ </tr>
+ <tr>
+ <td>StorePass</td>
+ <td>Yes</td>
+ <td>Password to the keystore holding private key</td>
+ </tr>
+ <tr>
+ <td>KeyAlias</td>
+ <td>Yes</td>
+ <td>Private key alias</td>
+ </tr>
+ <tr>
+ <td>KeyPass</td>
+ <td>Yes</td>
+ <td>Private key pass</td>
+ </tr>
+ <tr>
+ <td>StoreType</td>
+ <td>Yes</td>
+ <td>Store type of the keystore holding private key - e.g.
JDK</td>
+ </tr>
+ <tr>
+ <td>TrustedIdP.KeyStore</td>
+ <td></td>
+ <td>Relative path to the trusted keystore</td>
+ </tr>
+ <tr>
+ <td>TrustedIdP.StorePass</td>
+ <td>If TokenValidationPolicy is NOT Promiscuous</td>
+ <td>Trust store password</td>
+ </tr>
+ <tr>
+ <td>TrustedIdP.StoreType</td>
+ <td>If TokenValidationPolicy is NOT Promiscuous</td>
+ <td>Trust store type</td>
+ </tr>
+ <tr>
+ <td>MultiValueClaimsPolicy</td>
+ <td>No - default applied</td>
+ <td>Must be either MultiValueClaimsAllowed or
MultiValueClaimsNotAllowed. Default is MultiValueClaimsNotAllowed</td>
+ </tr>
+ <tr>
+ <td>IssuerPolicy</td>
+ <td>No - default applied</td>
+ <td>Must be one of SelfAndManaged, Self, Managed. Default is
self and managed</td>
+ </tr>
+ <tr>
+ <td>TokenValidationPolicy</td>
+ <td>No - default applied</td>
+ <td>Must be one of Promiscuous, WhiteList, BlackList,
CertValidate. Default is CertValidate. Please read more about this below.</td>
+ </tr>
+ <tr>
+ <td>WhiteList</td>
+ <td>Yes, if TokenValidationPolicy is WhiteList</td>
+ <td>This is required to indicate the list of allowed DNs. If
not specified in WhiteList mode none of the users can login</td>
+ </tr>
+ <tr>
+ <td>BlackList</td>
+ <td>Yes, if TokenValidationPolicy is BlackList</td>
+ <td>This is required to indicate the list of rejected DNs. If
not specified in BlackList mode all users who pass CertValidity can login</td>
+ </tr>
+</table>
+
+<br/>
+<br/>
+<strong>TokenValidationPolicy</strong>
+<p>There are 4 modes of token validations.</p>
+<ul>
+ <li>Promiscuous - In this mode, all tokens that has a valid signature
are allowed</li>
+ <li>CertValidate - In this mode, all tokens that has a valid signarue
by an IDP who has a trusted certificate are allowed</li>
+ <li>WhiteList - First CertValidity checked and after that if the issuer
DN is in the white list, the token is allowed</li>
+ <li>BlackList - First CertValidity checked and after that if the issuer
DN is not listed in the BlackList, the token is allowed</li>
+</ul>
+<br/>
+<h3>Step 2 : Add the OpenID Information Card login page</h3>
+<br/>
+The user loging page must contain a form with an <strong>object</strong> tag
as shown below:
+
+<pre><![CDATA[
+
+ <form name="frm" id="frm" method="post"
action="openidinfocardloggedin.jsp">
+ <input type="hidden" name="InfoCardSignin" value="Log in"
/><br/>
+
+ <OBJECT type="application/x-informationCard" name="xmlToken">
+ <PARAM Name="tokenType"
Value="http://specs.openid.net/auth/2.0";>
+ <PARAM Name="requiredClaims"
Value="http://schema.openid.net/2007/05/claims/identifier";>
+ <PARAM name="optionalClaims"
Value="http://axschema.org/contact/email http://axschema.org/namePerson/first
http://axschema.org/namePerson/last http://axschema.org/contact/phone/default
http://axschema.org/contact/postalAddress/home
http://axschema.org/contact/city/home
http://axschema.org/contact/postalCode/home
http://axschema.org/contact/country/home http://axschema.org/contact/web/blog";>
+ </OBJECT>
+
+ </form>
+
+]]></pre>
+
+<p>The <strong>object</strong> tag here is the standard information card
object as
+defined <a
href="http://www.identityblog.com/wp-content/resources/profile/InfoCard-Profile-v1-Web-Integration.pdf";>
+here</a>.</p>
+
+<p><i>It is important that you include the hidden field called
"InfoCardSignin" with
+the value "Log in". The filter will process the HTTP POST request to extract
+the token sent when this request parameter is available.</i></p>
+
+<br/>
+<br/>
+<h3>Step 3 : Add the following jars to your classpath</h3>
+<ul>
+<li>axiom-api-1.2.4.jar</li>
+<li>axiom-dom-1.2.4.jar</li>
+<li>axiom-impl-1.2.4.jar</li>
+<li>wstx-asl-3.2.1.jar</li>
+<li>bcprov-jdk15-132.jar</li>
+<li>core-3.1.1.jar</li>
+<li>dom4j-1.6.1.jar</li>
+<li>opensaml-1.1.406.jar</li>
+<li>stax-api-1.0.1.jar</li>
+<li>wss4j-SNAPSHOT.jar</li>
+<li>xmlsec-534045-patched.jar</li>
+<li>wso2is-token-verifier-core-1.0.jar</li>
+<li>wso2is-base-1.0.jar</li>
+<li>openid4java-nodeps-0.9.3.1.jar</li>
+</ul>
+<br/>
+<h3>Step 4 : Obtain the information in the verified token and process</h3>
+
+<p>The results of token processing will be available as attributes in the
+ServletRequest object.</p>
+
+<p>To indicate whether token verification was successful or not there will be
an
+attribute by the name "<strong>org.wso2.solutions.identity.rp.State</strong>".
+On successful verification value of this attribute will be
+"<strong>success</strong>". Otherwise it will be
"<strong>failure</strong>".</p>
+
+<p>The ServletRequest will also contain a set of attrbites by the names of
+the claims (the part of claim URI after the final "/")</p> with their values.
+
+<p>These values can be used by the developer to initiate a user session in a
web
+application.</p>
+
+<h2>Adding OpenID Support</h2>
+
+<p></p>
+<h3>Step 1 : Add the servlet filter to your application</h3>
+
+<p>Include the following entry in the web.xml file of the application:</p>
+
+<pre><![CDATA[
+
+ <filter>
+ <filter-name>TokenValidator</filter-name>
+
<filter-class>org.wso2.solutions.identity.relyingparty.servletfilter.RelyingPartyFilter</filter-class>
+ <init-param>
+ <param-name> ................ </param-name>
+ <param-value> ............... </param-value>
+ </init-param>
+ <init-param>
+ ......................
+ </init-param>
+ ......................
+ ......................
+ </filter>
+
+ <filter-mapping>
+ <filter-name>TokenValidator</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+]]></pre>
+<br/>
+
+<h3>Step 2 : Add signin page</h3>
+
+<pre><![CDATA[
+<form name="openidsignin" id="openidsignin" method="post"
action="openidsubmit.jsp">
+ Enter Your OpenID Url:<input type="text" name="openIdUrl"/>
+ <input type="submit" name="submit" value="Login" />
+</form>
+]]></pre>
+<br/>
+
+<p>As per above scenario <b>openidsubmit.jsp</b> page will accept the OpenID
url and will do authentication using Identity Solution's
+relying parting components.</p>
+
+<h3>Step 3 : Create OpenID authentication request[openidsubmit.jsp]</h3>
+<pre><![CDATA[
+// imports
+<[EMAIL PROTECTED]
import="org.wso2.solutions.identity.openid.relyingparty.OpenIDAuthenticationRequest"%>
+<[EMAIL PROTECTED]
import="org.wso2.solutions.identity.openid.relyingparty.OpenIDConsumer"%>
+
+<%
+
+try
+{
+ OpenIDAuthenticationRequest openIDAuthRequest = null;
+
+ openIDAuthRequest = new OpenIDAuthenticationRequest(request,response);
+
+ openIDAuthRequest.setOpenIDUrl((String)request.getParameter("openIdUrl"));
+
+ // you need to set an absolute url as the return url.
+ // once the user authenticated successfully or failed at the OpenID
+ // Provider, the browser will be redirected to this url
+
+ openIDAuthRequest.setReturnUrl("http://myapp.com/openidcallback.jsp";);
+
+ // Use Simple Attribute Registration 1.1
+ openIDAuthRequest.addRequestType(OpenIDRequestType.SIMPLE_REGISTRATION);
+
+ // Set the required claims - I need these claims from the OpenID
+ // Provider.
+
openIDAuthRequest.addRequiredClaims(IdentityConstants.OpenId.SimpleRegAttributes.NICK_NAME);
+
openIDAuthRequest.addRequiredClaims(IdentityConstants.OpenId.SimpleRegAttributes.FULL_NAME);
+
openIDAuthRequest.addRequiredClaims(IdentityConstants.OpenId.SimpleRegAttributes.EMAIL);
+
openIDAuthRequest.addRequiredClaims(IdentityConstants.OpenId.SimpleRegAttributes.DOB);
+
openIDAuthRequest.addRequiredClaims(IdentityConstants.OpenId.SimpleRegAttributes.GENDER);
+
openIDAuthRequest.addRequiredClaims(IdentityConstants.OpenId.SimpleRegAttributes.POSTAL_CODE);
+
openIDAuthRequest.addRequiredClaims(IdentityConstants.OpenId.SimpleRegAttributes.COUNTRY);
+
openIDAuthRequest.addRequiredClaims(IdentityConstants.OpenId.SimpleRegAttributes.LANGUAGE);
+
openIDAuthRequest.addRequiredClaims(IdentityConstants.OpenId.SimpleRegAttributes.TIMEZONE);
+
+ // Performs authentication : this will redirect you to OpenID Provider for
authentication
+ OpenIDConsumer.getInstance().doOpenIDAuthentication(openIDAuthRequest);
+
+}
+catch(RelyingPartyException e)
+{
+ // handle exceptions
+ out.println(e.getMessage());
+}
+
+%>
+]]></pre>
+<br/>
+
+<h3>Step 4 : Add OpenID callback page[openidcallback.jsp]</h3>
+
+<p>After being authenticated at the OpenID Provider, user will be redirected
to this page.</p>
+<pre><![CDATA[
+// imports
+<[EMAIL PROTECTED] import="org.wso2.solutions.identity.IdentityConstants"%>
+<[EMAIL PROTECTED]
import="org.wso2.solutions.identity.openid.relyingparty.OpenIDConsumer "%>
+
+<%
+
+String nickname = null;
+String auth =
(String)request.getAttribute(TokenVerifierConstants.SERVLET_ATTR_STATE);
+
+ if(auth != null && TokenVerifierConstants.STATE_SUCCESS.equals(auth)) {
+
+ //user authenticated successfully at his OpenID Provider
+ //let me get his nick name - which I requested.
+
+ if
(request.getAttribute(IdentityConstants.OpenId.SimpleRegAttributes.NICK_NAME)
!= null)
+ {
+ nickname =
request.getAttribute(IdentityConstants.OpenId.SimpleRegAttributes.NICK_NAME);
+
+ }else {
+
+ // there can be OpenID Providers, who do not maintain a list of user
+ // attributes. In such case you won't receive any value here -
+ // though you requested.
+ }
+ }
+ else
+ {
+ //user authentication failed at his OpenID Provider
+ }
+%>
+]]></pre>
+<br/>
+
+<h3>Step 5 : Add the following jars to your classpath</h3>
+<ul>
+<li>axiom-api-1.2.4.jar</li>
+<li>axiom-dom-1.2.4.jar</li>
+<li>axiom-impl-1.2.4.jar</li>
+<li>wstx-asl-3.2.1.jar</li>
+<li>bcprov-jdk15-132.jar</li>
+<li>core-3.1.1.jar</li>
+<li>dom4j-1.6.1.jar</li>
+<li>opensaml-1.1.406.jar</li>
+<li>stax-api-1.0.1.jar</li>
+<li>wss4j-SNAPSHOT.jar</li>
+<li>xmlsec-534045-patched.jar</li>
+<li>wso2is-token-verifier-core-1.5.jar</li>
+<li>wso2is-base-1.5.jar</li>
+<li>openid4java-nodeps-0.9.3.1.jar</li>
+</ul>
+
+
+</body>
+</html>
Modified:
trunk/solutions/identity/modules/documentation/src/site/xdoc/release-notes.xml
==============================================================================
---
trunk/solutions/identity/modules/documentation/src/site/xdoc/release-notes.xml
(original)
+++
trunk/solutions/identity/modules/documentation/src/site/xdoc/release-notes.xml
Fri Apr 4 10:33:48 2008
@@ -29,7 +29,7 @@
<body>
<h1>WSO2 Identity Solution @wso2is_version@ Release Notes</h1>
-<h3>11 December, 2007</h3>
+<h3>07 April, 2008</h3>
<p>The WSO2 Identity Solution enables LAMP and Java websites to provide strong
authentication
based on the new interoperable Microsoft CardSpace technology, which is built
@@ -59,7 +59,10 @@
<li>Statistics/reporting/audit trail</li>
<li>Ability to revoke information cards</li>
<li>Issues information cards based on username-token
credential and
- self issued credential</li>
+ self issued credential</li>
+ <li>Issues OpenID information cards based on username-token
credential and
+ self issued credential</li>
+ <li>Issues OpenID</li>
</ul>
</li>
<li>Apache HTTPD relying party module - mod_cspace</li>
@@ -76,6 +79,8 @@
enable CardSpace authentication</li>
<li>Supports multi-valued claims</li>
<li>Supports a set of simple operation modes</li>
+ <li>Supports for OpenID</li>
+ <li>Supports for OpenID Information Cards</li>
</ul>
</ul>
@@ -108,6 +113,6 @@
<strong><em>-The WSO2 Identity Solution Development Team</em></strong>
<hr />
-<p>Copyright 2007 WSO2 Inc.</p>
+<p>Copyright 2008 WSO2 Inc.</p>
</body>
</html>
Modified:
trunk/solutions/identity/modules/documentation/src/site/xdoc/rp_developer_guide.xml
==============================================================================
---
trunk/solutions/identity/modules/documentation/src/site/xdoc/rp_developer_guide.xml
(original)
+++
trunk/solutions/identity/modules/documentation/src/site/xdoc/rp_developer_guide.xml
Fri Apr 4 10:33:48 2008
@@ -19,18 +19,19 @@
<head>
</head>
<body>
-<h1>WSO2 Identity Solution, [EMAIL PROTECTED]@ : Java Servlet Filter Developer
Guide</h1>
+<h1>WSO2 Identity Solution, [EMAIL PROTECTED]@ : Java Servlet Filter Developer
Guide : Part I</h1>
<h2>Introduction</h2>
This servlet filter
org.wso2.solutions.identity.relyingparty.servletfilter.RelyingPartyFilter
can be used with a servlet based web application to provide information card
and OpenID
-login to that application. The developer should follow the steps described
below
+login to that application.The Part I of this guide explains how you can add
Information Card support to
+a relying party web application. The developer should follow the steps
described below
in intgrating this servlet filter:
<h2>Configuration Steps</h2>
<p></p>
-<h3>Step 1 : Add the servlet filter to you application</h3>
+<h3>Step 1 : Add the servlet filter to your application</h3>
<p>Include the following entry in the web.xml file of the application:</p>
@@ -146,7 +147,7 @@
<br/>
<h3>Step 2 : Add the information card login page</h3>
<br/>
-The user loing page must contain a form with an <strong>object</strong> tag as
shown below:
+The user loging page must contain a form with an <strong>object</strong> tag
as shown below:
<pre><![CDATA[
<form name="frm" id="frm" method="post" action="InfoCardLogin.action">
@@ -186,7 +187,6 @@
<li>xmlsec-534045-patched.jar</li>
<li>wso2is-token-verifier-core-1.0.jar</li>
<li>wso2is-base-1.0.jar</li>
-<li>openid4java-nodeps-0.9.3.1.jar</li>
</ul>
<br/>
<h3>Step 4 : Obtain the information in the verified token and process</h3>
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
