Hi Glen Here is the authentication that sharepoint support: http://technet.microsoft.com/en-us/library/cc262350.aspx#section1
Regards, Hua JIe On Tue, Aug 14, 2012 at 9:51 AM, 杨华杰 <[email protected]> wrote: > Hi Glen > > Thanks for your follow up. I didn't do #1, I download the binary file > directly. > > I will download 1.0.1 and try again. By the way, did you try to make fediz > working with sharepoint authentication? Sharepoint support claimed > authentication, saml 1.x. I am appreciate if your time. Thank you again. > > Regards, > Hua JIe > > > On Tue, Aug 14, 2012 at 5:12 AM, Glen Mazza <[email protected]> wrote: > >> Hi Hua Jie, I think the samples hardcode specific port numbers (following >> the instructions), assuming the two or three Tomcat instance setup, so if >> you try to put all on one Tomcat alone, you might have to go through each >> of the apps to make sure all the port numbers were updated. (Also, I >> haven't tested yet, but the Fediz plugin that needs to be installed on >> Tomcat-RP might conflict with the Fediz IDP & STS if you put them on the >> same Tomcat instance.) >> >> I'm glad #2 works for you, but did you do #1 below? The keystores and >> example READMEs, again, have been *radically* improved in the trunk >> version. The sample keystores and trust relationships are not defined in >> 1.0 as they are in 1.0.1 (http://svn.apache.org/viewvc/** >> cxf/fediz/trunk/examples/**samplekeys/**HowToGenerateKeysREADME.html?** >> view=co<http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html?view=co>) >> <-- You see, much of the important information in the last two columns are >> lost when you try a one-Tomcat solution. >> >> Regards, >> Glen >> >> >> >> On 08/12/2012 11:19 PM, 杨华杰 wrote: >> >>> Hi Glen >>> >>> Why I insist to get a working copy of tomcat(maybe 2 tomcats) is: I will >>> learn more from the example if it is working. >>> >>> >>> I do see the wsdl from >>> http://localhost:8080/fediz-**idp-sts-1.0.0/STSService?wsdl<http://localhost:8080/fediz-idp-sts-1.0.0/STSService?wsdl> >>> >>> I don't know which step I did wrong. The only tip I have is the error >>> message from the page and log. >>> >>> >>> Regards, >>> Hua JIe >>> >>> On Mon, Aug 13, 2012 at 11:07 AM, 杨华杰 <[email protected]> wrote: >>> >>> Hi Glen >>>> >>>> I am beginner in this SAML settup, probabily also impatient. But I >>>> already >>>> tried to follow your document three times and I still didn't make it >>>> work. >>>> Could you help me of this? >>>> >>>> Regards, >>>> Hua JIe >>>> >>>> On Mon, Aug 13, 2012 at 10:46 AM, Glen Mazza <[email protected]> wrote: >>>> >>>> On 08/12/2012 09:42 PM, 杨华杰 wrote: >>>>> >>>>> Hi Glen >>>>>> >>>>>> Thanks for your patient. It's very details. But currently I don't know >>>>>> which step is wrong. >>>>>> >>>>>> The step where you're not using a different Tomcat instance to host >>>>> the >>>>> IDP compared to the one hosting the RP applications, as given in the >>>>> directions. Also, that you're not going sequentially as I recommended >>>>> below, and testing at each point before proceeding on to the next step. >>>>> Doing it all at once and saying "it doesn't work" doesn't help you >>>>> when >>>>> you need to retrace back to try to figure out what is going wrong. >>>>> (Why >>>>> deploy the RP apps if you haven't first checked the IDP STS works, for >>>>> example.) >>>>> >>>>> >>>>> I can access the web service through http and https. >>>>> >>>>>> That's why I want to ask a working tomcat, at least I can make it >>>>>> works. I >>>>>> also think one tomcat setup is also much easier for beginners. >>>>>> >>>>>> Well, maybe someone else can provide you a single Tomcat setup. >>>>> Sorry, I >>>>> see a single Tomcat setup as easier only for those beginners who don't >>>>> care >>>>> to learn anything (necessary keystore/truststore relationships between >>>>> apps >>>>> and between servlet containers, required setup of relying party Tomcat >>>>> instance, Tomcat IDP instance), and doing more harm than good in >>>>> learning a >>>>> distributed deployment and understanding the deployment requirements >>>>> for >>>>> each portion. >>>>> >>>>> >>>>> >>>>> >>>>> I have one question here, is the https mandatory, I don't need >>>>>> security >>>>>> like that. >>>>>> >>>>>> Yes, so the usernames and passwords sent are secure, possibly other >>>>> reasons as well. Even with HTTP alone, you will still need >>>>> message-layer >>>>> encryption for the SAML tokens being sent, requiring application >>>>> keystores >>>>> at least. >>>>> >>>>> >>>>> >>>>> I just want to make it work first. >>>>> Well, if you would just follow the instructions given below and on the >>>>> website, you'll get it to "work first" pretty rapidly (and learn a lot >>>>> in >>>>> the process.) >>>>> >>>>> Regards, >>>>> Glen >>>>> >>>>> >>>>> Thank you again for your >>>>> >>>>>> time, really appreciate. >>>>>> >>>>>> >>>>>> Regards, >>>>>> Hua Jie >>>>>> >>>>>> On Sun, Aug 12, 2012 at 11:25 PM, Glen Mazza <[email protected]> >>>>>> wrote: >>>>>> >>>>>> Hi Hua Jie, >>>>>> >>>>>>> I don't have a one-Tomcat solution, I'm not sure how useful such a >>>>>>> setup >>>>>>> would be. Our Fediz samples use a two-Tomcat setup (three for the >>>>>>> more >>>>>>> advanced wsClientWebapp sample) in order to try to mimic an actual >>>>>>> production environment. I'd recommend following the documentation >>>>>>> closely, >>>>>>> using the two or three Tomcat setup as it suggests, and make sure it >>>>>>> works, >>>>>>> then look at reducing the number of Tomcats if you wish. >>>>>>> >>>>>>> Sending you a working Tomcat is not going to help you, a web page >>>>>>> that >>>>>>> just says "Hello World!" is useless. Rather, it's working through >>>>>>> the >>>>>>> sample and getting it to work on your machine that is the important >>>>>>> point. >>>>>>> >>>>>>> I've requested Fediz 1.0.1--which has much better READMEs and clearer >>>>>>> keystore configuration rules--to be released. In the meantime, I'd >>>>>>> recommend: >>>>>>> >>>>>>> 1.) Downloading and building (mvn clean install) the trunk branch of >>>>>>> Fediz >>>>>>> instead of using the Fediz 1.0 distribution: >>>>>>> http://cxf.apache.org/fediz.* >>>>>>> *html#Fediz-Building <http://cxf.apache.org/fediz.*** >>>>>>> *html#Fediz-Building<http://cxf.apache.org/fediz.**html#Fediz-Building> >>>>>>> <http://**cxf.apache.org/fediz.html#**Fediz-Building<http://cxf.apache.org/fediz.html#Fediz-Building> >>>>>>> > >>>>>>> >>>>>>> . >>>>>>>> >>>>>>> Follow the READMEs in the trunk versions instead. >>>>>>> >>>>>>> 2.) First get the IDP / IDP STS instance working on Tomcat #1 using >>>>>>> these >>>>>>> instructions: >>>>>>> http://cxf.apache.org/fediz-******idp.html<http://cxf.apache.org/fediz-****idp.html> >>>>>>> <http://cxf.apache.**org/fediz-**idp.html<http://cxf.apache.org/fediz-**idp.html> >>>>>>> > >>>>>>> <http://cxf.apache.**org/**fediz-idp.html<http://cxf.** >>>>>>> apache.org/fediz-idp.html <http://cxf.apache.org/fediz-idp.html>> >>>>>>> >>>>>>> . >>>>>>>> >>>>>>> Don't do anything else until you can view the STS WSDL at >>>>>>> http://localhost:9080/******fedizidpsts/STSService?wsdl<http://localhost:9080/****fedizidpsts/STSService?wsdl> >>>>>>> <ht**tp://localhost:9080/****fedizidpsts/STSService?wsdl<http://localhost:9080/**fedizidpsts/STSService?wsdl> >>>>>>> > >>>>>>> <ht**tp://localhost:9080/****fedizidpsts/STSService?wsdl<ht** >>>>>>> tp://localhost:9080/**fedizidpsts/STSService?wsdl<http://localhost:9080/fedizidpsts/STSService?wsdl> >>>>>>> >>**as >>>>>>> >>>>>>> stated on that page. If you can't view the WSDL, nothing else will >>>>>>> work. >>>>>>> >>>>>>> >>>>>>> 3.) Next, configure Tomcat #2 as the Relying Party instance: >>>>>>> http://cxf.apache.org/fediz-******tomcat.html<http://cxf.apache.org/fediz-****tomcat.html> >>>>>>> <http://cxf.**apache.org/fediz-**tomcat.html<http://cxf.apache.org/fediz-**tomcat.html> >>>>>>> **> >>>>>>> <http://cxf.apache.**org/**fediz-tomcat.html<http://cxf.** >>>>>>> apache.org/fediz-tomcat.html<http://cxf.apache.org/fediz-tomcat.html> >>>>>>> > >>>>>>> >>>>>>> . >>>>>>>> >>>>>>> For running the samples, all you need to do are the Installation >>>>>>> and >>>>>>> HTTPS >>>>>>> Configuration parts at the top. >>>>>>> >>>>>>> 4.) Next, deploy the simpleWebapp sample on Tomcat #2 and make sure >>>>>>> the >>>>>>> sample works--follow that sample's README. >>>>>>> >>>>>>> 5.) Next, run the wsclientWebapp sample--you'll need to create a >>>>>>> third >>>>>>> Tomcat instance to run the web service provider--follow the >>>>>>> wsclientWebapp >>>>>>> sample README for full instructions. >>>>>>> >>>>>>> If you can get to step #5, you're in good shape with Fediz (just make >>>>>>> sure >>>>>>> for production you use your own keystores and not the sample ones >>>>>>> provided.) >>>>>>> >>>>>>> Regards, >>>>>>> Glen >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 08/12/2012 03:40 AM, 杨华杰 wrote: >>>>>>> >>>>>>> Hi >>>>>>> >>>>>>>> Anyone have a idea about this >>>>>>>> >>>>>>>> Regards, >>>>>>>> Hua JIe >>>>>>>> >>>>>>>> On Tue, Aug 7, 2012 at 10:56 AM, 杨华杰 <[email protected]> wrote: >>>>>>>> >>>>>>>> Hi >>>>>>>> >>>>>>>> I followed the readme to configure the example.(but I configure the >>>>>>>>> example and the IDP in the same tomcat) >>>>>>>>> >>>>>>>>> I am able to view the web service. >>>>>>>>> >>>>>>>>> But when I access the link >>>>>>>>> https://localhost:8443/******fedizhelloworld/secure/****** >>>>>>>>> fedservlet<https://localhost:8443/****fedizhelloworld/secure/****fedservlet> >>>>>>>>> <https://localhost:**8443/**fedizhelloworld/secure/****fedservlet<https://localhost:8443/**fedizhelloworld/secure/**fedservlet> >>>>>>>>> > >>>>>>>>> <https://localhost:**8443/**fedizhelloworld/secure/****fedservlet< >>>>>>>>> https://localhost:**8443/fedizhelloworld/secure/**fedservlet<https://localhost:8443/fedizhelloworld/secure/fedservlet> >>>>>>>>> > >>>>>>>>> >>>>>>>>> >>>>>>>>> I always get this error >>>>>>>>> >>>>>>>>> WARNING: Unexpected error forwarding to login page >>>>>>>>> java.lang.NullPointerException >>>>>>>>> at >>>>>>>>> org.apache.catalina.******authenticator.******FormAuthenticator.** >>>>>>>>> forwardToLoginPage(******FormAuthenticator.java:322) >>>>>>>>> at >>>>>>>>> org.apache.catalina.******authenticator.****** >>>>>>>>> FormAuthenticator.**** >>>>>>>>> authenticate(* >>>>>>>>> *FormAuthenticator.java:245) >>>>>>>>> at >>>>>>>>> org.apache.catalina.******authenticator.****** >>>>>>>>> AuthenticatorBase.invoke(** >>>>>>>>> AuthenticatorBase.java:528) >>>>>>>>> at >>>>>>>>> org.apache.cxf.fediz.tomcat.******FederationAuthenticator.****** >>>>>>>>> invoke(** >>>>>>>>> FederationAuthenticator.java:******180) >>>>>>>>> at >>>>>>>>> org.apache.catalina.core.******StandardHostValve.invoke(** >>>>>>>>> StandardHostValve.java:127) >>>>>>>>> at >>>>>>>>> org.apache.catalina.valves.******ErrorReportValve.invoke(** >>>>>>>>> ErrorReportValve.java:102) >>>>>>>>> at >>>>>>>>> org.apache.catalina.core.******StandardEngineValve.invoke(** >>>>>>>>> StandardEngineValve.java:109) >>>>>>>>> at >>>>>>>>> org.apache.catalina.connector.******CoyoteAdapter.service(** >>>>>>>>> CoyoteAdapter.java:291) >>>>>>>>> at >>>>>>>>> org.apache.coyote.http11.******Http11Processor.process(** >>>>>>>>> Http11Processor.java:859) >>>>>>>>> at >>>>>>>>> org.apache.coyote.http11.******Http11Protocol$**** >>>>>>>>> Http11ConnectionHandler.** >>>>>>>>> process(Http11Protocol.java:******602) >>>>>>>>> at org.apache.tomcat.util.net.******JIoEndpoint$Worker.run(** >>>>>>>>> JIoEndpoint.java:489) >>>>>>>>> at java.lang.Thread.run(Thread.******java:662) >>>>>>>>> >>>>>>>>> >>>>>>>>> Aug 6, 2012 10:01:37 PM >>>>>>>>> org.apache.catalina.******authenticator.******FormAuthenticator >>>>>>>>> >>>>>>>>> >>>>>>>>> forwardToLoginPage >>>>>>>>> WARNING: Unexpected error forwarding to login page >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Can someone send me a working tomcat and send it to me? It will be >>>>>>>>> much >>>>>>>>> easier to explore the example. >>>>>>>>> >>>>>>>>> This is the first time to post questions on the mail list. >>>>>>>>> Yesterday I >>>>>>>>> file a bug to the jira >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Prince >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >> >
