Hi Gina >>> I am saysing that each application in Tomcat can have own fediz_config.xml which points to different STSs). >>> This is really up to you. You can configure one fediz configuration file per application and point to it where the FederationAuthenticator is configured or you have one fediz configuration file for the container with several "contextConfig" entries.
>>> Personally, I think that both fediz_config.xml and clientstore.jks should go somewhere under \webapps\fedizhelloworld >>> Whatever suits you. I'd just recommend to not put the clientstore.jks into the WAR file for production as the certificate has a different lifecycle than the application itself. You shouldn't have to deploy a new application war just because a new certificate has to be deployed. HTH ------ Oliver Wulff Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/> Solution Architect http://coders.talend.com <http://coders.talend.com>Talend Application Integration Division http://www.talend.com ________________________________ From: Gina Choi [[email protected]] Sent: 19 June 2012 16:21 To: Oliver Wulff; [email protected] Subject: Path for fediz_config.xml Currently fediz_config.xml configuration file is under conf directory of the Tomcat. I don't know this is because org.apache.cxf.fediz.tomcat.FederationAuthenticator loading the configuration file.Content of this configuration file is application specific(I am saysing that each application in Tomcat can have own fediz_config.xml which points to different STSs). Personally, I think that both fediz_config.xml and clientstore.jks should go somewhere under \webapps\fedizhelloworld. If I put both file under WEB-INF, it looks like that I need to use path for webapps\fedizhelloworld\WEB-INF. Is there better way to do that? Following is part of fediz_config.xml that I currently use. <FedizConfig> <contextConfig name="/fedizhelloworld"> <audienceUris> <audienceItem>https://wkengchoi.global.sdl.corp:9443/fedizhelloworld/</audienceItem> </audienceUris> <certificateStores> <trustManager> <keyStore file="conf/clientstore.jks" password="cspass" type="JKS" /> </trustManager> </certificateStores> Thanks. Gina
