Thank you Glen, it's good to hear that. I will try again of the configuration this weekend.
On Wed, Aug 15, 2012 at 12:10 AM, Glen Mazza <[email protected]> wrote: > Gina, another CXF user, said she was able to get Fediz to work with ADFS ( > http://cxf.547215.n5.nabble.**com/template/NamlServlet.jtp?** > macro=search_page&node=547215&**query=gina+fediz+adfs&days=0<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=search_page&node=547215&query=gina+fediz+adfs&days=0>), > but I have not tested this myself. > > Glen > > > On 08/13/2012 11:38 PM, 杨华杰 wrote: > >> Hi Glen >> >> Here is the authentication that sharepoint support: >> http://technet.microsoft.com/**en-us/library/cc262350.aspx#**section1<http://technet.microsoft.com/en-us/library/cc262350.aspx#section1> >> >> >> Regards, >> Hua JIe >> On Tue, Aug 14, 2012 at 9:51 AM, 杨华杰 <[email protected]> wrote: >> >> Hi Glen >>> >>> Thanks for your follow up. I didn't do #1, I download the binary file >>> directly. >>> >>> I will download 1.0.1 and try again. By the way, did you try to make >>> fediz >>> working with sharepoint authentication? Sharepoint support claimed >>> authentication, saml 1.x. I am appreciate if your time. Thank you >>> again. >>> >>> Regards, >>> Hua JIe >>> >>> >>> On Tue, Aug 14, 2012 at 5:12 AM, Glen Mazza <[email protected]> wrote: >>> >>> Hi Hua Jie, I think the samples hardcode specific port numbers >>>> (following >>>> the instructions), assuming the two or three Tomcat instance setup, so >>>> if >>>> you try to put all on one Tomcat alone, you might have to go through >>>> each >>>> of the apps to make sure all the port numbers were updated. (Also, I >>>> haven't tested yet, but the Fediz plugin that needs to be installed on >>>> Tomcat-RP might conflict with the Fediz IDP & STS if you put them on the >>>> same Tomcat instance.) >>>> >>>> I'm glad #2 works for you, but did you do #1 below? The keystores and >>>> example READMEs, again, have been *radically* improved in the trunk >>>> version. The sample keystores and trust relationships are not defined >>>> in >>>> 1.0 as they are in 1.0.1 >>>> (http://svn.apache.org/viewvc/****<http://svn.apache.org/viewvc/**> >>>> cxf/fediz/trunk/examples/****samplekeys/**** >>>> HowToGenerateKeysREADME.html?**** >>>> view=co<http://svn.apache.org/**viewvc/cxf/fediz/trunk/** >>>> examples/samplekeys/**HowToGenerateKeysREADME.html?**view=co<http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html?view=co> >>>> >) >>>> >>>> <-- You see, much of the important information in the last two columns >>>> are >>>> lost when you try a one-Tomcat solution. >>>> >>>> Regards, >>>> Glen >>>> >>>> >>>> >>>> On 08/12/2012 11:19 PM, 杨华杰 wrote: >>>> >>>> Hi Glen >>>>> >>>>> Why I insist to get a working copy of tomcat(maybe 2 tomcats) is: I >>>>> will >>>>> learn more from the example if it is working. >>>>> >>>>> >>>>> I do see the wsdl from >>>>> http://localhost:8080/fediz-****idp-sts-1.0.0/STSService?wsdl<http://localhost:8080/fediz-**idp-sts-1.0.0/STSService?wsdl> >>>>> <**http://localhost:8080/fediz-**idp-sts-1.0.0/STSService?wsdl<http://localhost:8080/fediz-idp-sts-1.0.0/STSService?wsdl> >>>>> > >>>>> >>>>> >>>>> I don't know which step I did wrong. The only tip I have is the error >>>>> message from the page and log. >>>>> >>>>> >>>>> Regards, >>>>> Hua JIe >>>>> >>>>> On Mon, Aug 13, 2012 at 11:07 AM, 杨华杰 <[email protected]> wrote: >>>>> >>>>> Hi Glen >>>>> >>>>>> I am beginner in this SAML settup, probabily also impatient. But I >>>>>> already >>>>>> tried to follow your document three times and I still didn't make it >>>>>> work. >>>>>> Could you help me of this? >>>>>> >>>>>> Regards, >>>>>> Hua JIe >>>>>> >>>>>> On Mon, Aug 13, 2012 at 10:46 AM, Glen Mazza <[email protected]> >>>>>> wrote: >>>>>> >>>>>> On 08/12/2012 09:42 PM, 杨华杰 wrote: >>>>>> >>>>>>> Hi Glen >>>>>>> >>>>>>>> Thanks for your patient. It's very details. But currently I don't >>>>>>>> know >>>>>>>> which step is wrong. >>>>>>>> >>>>>>>> The step where you're not using a different Tomcat instance to >>>>>>>> host >>>>>>>> >>>>>>> the >>>>>>> IDP compared to the one hosting the RP applications, as given in the >>>>>>> directions. Also, that you're not going sequentially as I >>>>>>> recommended >>>>>>> below, and testing at each point before proceeding on to the next >>>>>>> step. >>>>>>> Doing it all at once and saying "it doesn't work" doesn't help you >>>>>>> when >>>>>>> you need to retrace back to try to figure out what is going wrong. >>>>>>> (Why >>>>>>> deploy the RP apps if you haven't first checked the IDP STS works, >>>>>>> for >>>>>>> example.) >>>>>>> >>>>>>> >>>>>>> I can access the web service through http and https. >>>>>>> >>>>>>> That's why I want to ask a working tomcat, at least I can make >>>>>>>> it >>>>>>>> works. I >>>>>>>> also think one tomcat setup is also much easier for beginners. >>>>>>>> >>>>>>>> Well, maybe someone else can provide you a single Tomcat setup. >>>>>>>> >>>>>>> Sorry, I >>>>>>> see a single Tomcat setup as easier only for those beginners who >>>>>>> don't >>>>>>> care >>>>>>> to learn anything (necessary keystore/truststore relationships >>>>>>> between >>>>>>> apps >>>>>>> and between servlet containers, required setup of relying party >>>>>>> Tomcat >>>>>>> instance, Tomcat IDP instance), and doing more harm than good in >>>>>>> learning a >>>>>>> distributed deployment and understanding the deployment requirements >>>>>>> for >>>>>>> each portion. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> I have one question here, is the https mandatory, I don't need >>>>>>> >>>>>>>> security >>>>>>>> like that. >>>>>>>> >>>>>>>> Yes, so the usernames and passwords sent are secure, possibly >>>>>>>> other >>>>>>>> >>>>>>> reasons as well. Even with HTTP alone, you will still need >>>>>>> message-layer >>>>>>> encryption for the SAML tokens being sent, requiring application >>>>>>> keystores >>>>>>> at least. >>>>>>> >>>>>>> >>>>>>> >>>>>>> I just want to make it work first. >>>>>>> Well, if you would just follow the instructions given below and on >>>>>>> the >>>>>>> website, you'll get it to "work first" pretty rapidly (and learn a >>>>>>> lot >>>>>>> in >>>>>>> the process.) >>>>>>> >>>>>>> Regards, >>>>>>> Glen >>>>>>> >>>>>>> >>>>>>> Thank you again for your >>>>>>> >>>>>>> time, really appreciate. >>>>>>>> >>>>>>>> >>>>>>>> Regards, >>>>>>>> Hua Jie >>>>>>>> >>>>>>>> On Sun, Aug 12, 2012 at 11:25 PM, Glen Mazza <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>> Hi Hua Jie, >>>>>>>> >>>>>>>> I don't have a one-Tomcat solution, I'm not sure how useful such a >>>>>>>>> setup >>>>>>>>> would be. Our Fediz samples use a two-Tomcat setup (three for the >>>>>>>>> more >>>>>>>>> advanced wsClientWebapp sample) in order to try to mimic an actual >>>>>>>>> production environment. I'd recommend following the documentation >>>>>>>>> closely, >>>>>>>>> using the two or three Tomcat setup as it suggests, and make sure >>>>>>>>> it >>>>>>>>> works, >>>>>>>>> then look at reducing the number of Tomcats if you wish. >>>>>>>>> >>>>>>>>> Sending you a working Tomcat is not going to help you, a web page >>>>>>>>> that >>>>>>>>> just says "Hello World!" is useless. Rather, it's working through >>>>>>>>> the >>>>>>>>> sample and getting it to work on your machine that is the important >>>>>>>>> point. >>>>>>>>> >>>>>>>>> I've requested Fediz 1.0.1--which has much better READMEs and >>>>>>>>> clearer >>>>>>>>> keystore configuration rules--to be released. In the meantime, I'd >>>>>>>>> recommend: >>>>>>>>> >>>>>>>>> 1.) Downloading and building (mvn clean install) the trunk branch >>>>>>>>> of >>>>>>>>> Fediz >>>>>>>>> instead of using the Fediz 1.0 distribution: >>>>>>>>> http://cxf.apache.org/fediz.* >>>>>>>>> *html#Fediz-Building >>>>>>>>> <http://cxf.apache.org/fediz.*****<http://cxf.apache.org/fediz.***> >>>>>>>>> *html#Fediz-Building<http://**cxf.apache.org/fediz.**html#** >>>>>>>>> Fediz-Building <http://cxf.apache.org/fediz.**html#Fediz-Building> >>>>>>>>> > >>>>>>>>> <http://**cxf.apache.org/**fediz.html#**Fediz-Building<http://cxf.apache.org/fediz.html#**Fediz-Building> >>>>>>>>> <ht**tp://cxf.apache.org/fediz.**html#Fediz-Building<http://cxf.apache.org/fediz.html#Fediz-Building> >>>>>>>>> > >>>>>>>>> >>>>>>>>> . >>>>>>>>> Follow the READMEs in the trunk versions instead. >>>>>>>>> >>>>>>>>> 2.) First get the IDP / IDP STS instance working on Tomcat #1 using >>>>>>>>> these >>>>>>>>> instructions: >>>>>>>>> http://cxf.apache.org/fediz-********idp.html<http://cxf.apache.org/fediz-******idp.html> >>>>>>>>> <http://cxf.**apache.org/fediz-****idp.html<http://cxf.apache.org/fediz-****idp.html> >>>>>>>>> > >>>>>>>>> <http://cxf.apache.**org/**fediz-**idp.html<http://cxf.** >>>>>>>>> apache.org/fediz-**idp.html<http://cxf.apache.org/fediz-**idp.html> >>>>>>>>> > >>>>>>>>> <http://cxf.apache.**org/****fediz-idp.html<http://cxf.** >>>>>>>>> apache.org/fediz-idp.html >>>>>>>>> <http://cxf.apache.org/fediz-**idp.html<http://cxf.apache.org/fediz-idp.html> >>>>>>>>> >> >>>>>>>>> >>>>>>>>> >>>>>>>>> . >>>>>>>>> Don't do anything else until you can view the STS WSDL at >>>>>>>>> http://localhost:9080/********fedizidpsts/STSService?wsdl<http://localhost:9080/******fedizidpsts/STSService?wsdl> >>>>>>>>> <ht**tp://localhost:9080/******fedizidpsts/STSService?wsdl<http://localhost:9080/****fedizidpsts/STSService?wsdl> >>>>>>>>> > >>>>>>>>> <ht**tp://localhost:9080/******fedizidpsts/STSService?wsdl<ht** >>>>>>>>> tp://localhost:9080/****fedizidpsts/STSService?wsdl<http://localhost:9080/**fedizidpsts/STSService?wsdl> >>>>>>>>> > >>>>>>>>> <ht**tp://localhost:9080/******fedizidpsts/STSService?wsdl<** >>>>>>>>> ht** >>>>>>>>> >>>>>>>>> tp://localhost:9080/****fedizidpsts/STSService?wsdl<ht** >>>>>>>>> tp://localhost:9080/**fedizidpsts/STSService?wsdl<http://localhost:9080/fedizidpsts/STSService?wsdl> >>>>>>>>> > >>>>>>>>> >>>>>>>>>> **as >>>>>>>>>>> >>>>>>>>>> stated on that page. If you can't view the WSDL, nothing else >>>>>>>>> will >>>>>>>>> work. >>>>>>>>> >>>>>>>>> >>>>>>>>> 3.) Next, configure Tomcat #2 as the Relying Party instance: >>>>>>>>> http://cxf.apache.org/fediz-********tomcat.html<http://cxf.apache.org/fediz-******tomcat.html> >>>>>>>>> <http://cxf.**apache.org/fediz-****tomcat.**html<http://cxf.apache.org/fediz-****tomcat.html> >>>>>>>>> > >>>>>>>>> <http://cxf.**apache.org/**fediz-**tomcat.html<http://apache.org/fediz-**tomcat.html> >>>>>>>>> <http://**cxf.apache.org/fediz-**tomcat.**html<http://cxf.apache.org/fediz-**tomcat.html> >>>>>>>>> > >>>>>>>>> **> >>>>>>>>> <http://cxf.apache.**org/****fediz-tomcat.html<http://cxf.**** >>>>>>>>> apache.org/fediz-tomcat.html<h**ttp://cxf.apache.org/fediz-** >>>>>>>>> tomcat.html <http://cxf.apache.org/fediz-tomcat.html>> >>>>>>>>> >>>>>>>>> . >>>>>>>>> For running the samples, all you need to do are the >>>>>>>>> Installation >>>>>>>>> and >>>>>>>>> HTTPS >>>>>>>>> Configuration parts at the top. >>>>>>>>> >>>>>>>>> 4.) Next, deploy the simpleWebapp sample on Tomcat #2 and make sure >>>>>>>>> the >>>>>>>>> sample works--follow that sample's README. >>>>>>>>> >>>>>>>>> 5.) Next, run the wsclientWebapp sample--you'll need to create a >>>>>>>>> third >>>>>>>>> Tomcat instance to run the web service provider--follow the >>>>>>>>> wsclientWebapp >>>>>>>>> sample README for full instructions. >>>>>>>>> >>>>>>>>> If you can get to step #5, you're in good shape with Fediz (just >>>>>>>>> make >>>>>>>>> sure >>>>>>>>> for production you use your own keystores and not the sample ones >>>>>>>>> provided.) >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Glen >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On 08/12/2012 03:40 AM, 杨华杰 wrote: >>>>>>>>> >>>>>>>>> Hi >>>>>>>>> >>>>>>>>> Anyone have a idea about this >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> Hua JIe >>>>>>>>>> >>>>>>>>>> On Tue, Aug 7, 2012 at 10:56 AM, 杨华杰 <[email protected]> wrote: >>>>>>>>>> >>>>>>>>>> Hi >>>>>>>>>> >>>>>>>>>> I followed the readme to configure the example.(but I configure >>>>>>>>>> the >>>>>>>>>> >>>>>>>>>>> example and the IDP in the same tomcat) >>>>>>>>>>> >>>>>>>>>>> I am able to view the web service. >>>>>>>>>>> >>>>>>>>>>> But when I access the link >>>>>>>>>>> https://localhost:8443/********fedizhelloworld/secure/******<https://localhost:8443/******fedizhelloworld/secure/******> >>>>>>>>>>> fedservlet<https://localhost:**8443/****fedizhelloworld/** >>>>>>>>>>> secure/****fedservlet<https://localhost:8443/****fedizhelloworld/secure/****fedservlet> >>>>>>>>>>> > >>>>>>>>>>> <https://localhost:**8443/****fedizhelloworld/secure/****** >>>>>>>>>>> fedservlet<https://localhost:**8443/**fedizhelloworld/secure/** >>>>>>>>>>> **fedservlet<https://localhost:8443/**fedizhelloworld/secure/**fedservlet> >>>>>>>>>>> > >>>>>>>>>>> <https://localhost:**8443/****fedizhelloworld/secure/****** >>>>>>>>>>> fedservlet< >>>>>>>>>>> >>>>>>>>>>> https://localhost:**8443/**fedizhelloworld/secure/**** >>>>>>>>>>> fedservlet<https://localhost:**8443/fedizhelloworld/secure/** >>>>>>>>>>> fedservlet<https://localhost:8443/fedizhelloworld/secure/fedservlet> >>>>>>>>>>> > >>>>>>>>>>> >>>>>>>>>>> I always get this error >>>>>>>>>>> >>>>>>>>>>> WARNING: Unexpected error forwarding to login page >>>>>>>>>>> java.lang.NullPointerException >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.********authenticator.******** >>>>>>>>>>> FormAuthenticator.** >>>>>>>>>>> forwardToLoginPage(********FormAuthenticator.java:322) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.********authenticator.****** >>>>>>>>>>> FormAuthenticator.**** >>>>>>>>>>> authenticate(* >>>>>>>>>>> *FormAuthenticator.java:245) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.********authenticator.****** >>>>>>>>>>> AuthenticatorBase.invoke(** >>>>>>>>>>> AuthenticatorBase.java:528) >>>>>>>>>>> at >>>>>>>>>>> org.apache.cxf.fediz.tomcat.********FederationAuthenticator.**** >>>>>>>>>>> **** >>>>>>>>>>> invoke(** >>>>>>>>>>> FederationAuthenticator.java:********180) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.core.********StandardHostValve.invoke(** >>>>>>>>>>> StandardHostValve.java:127) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.valves.********ErrorReportValve.invoke(** >>>>>>>>>>> ErrorReportValve.java:102) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.core.********StandardEngineValve.invoke(** >>>>>>>>>>> StandardEngineValve.java:109) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.connector.********CoyoteAdapter.service(** >>>>>>>>>>> CoyoteAdapter.java:291) >>>>>>>>>>> at >>>>>>>>>>> org.apache.coyote.http11.********Http11Processor.process(** >>>>>>>>>>> Http11Processor.java:859) >>>>>>>>>>> at >>>>>>>>>>> org.apache.coyote.http11.********Http11Protocol$**** >>>>>>>>>>> Http11ConnectionHandler.** >>>>>>>>>>> process(Http11Protocol.java:********602) >>>>>>>>>>> at org.apache.tomcat.util.net.********JIoEndpoint$Worker.run(** >>>>>>>>>>> JIoEndpoint.java:489) >>>>>>>>>>> at java.lang.Thread.run(Thread.********java:662) >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Aug 6, 2012 10:01:37 PM >>>>>>>>>>> org.apache.catalina.********authenticator.******** >>>>>>>>>>> FormAuthenticator >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> forwardToLoginPage >>>>>>>>>>> WARNING: Unexpected error forwarding to login page >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Can someone send me a working tomcat and send it to me? It will >>>>>>>>>>> be >>>>>>>>>>> much >>>>>>>>>>> easier to explore the example. >>>>>>>>>>> >>>>>>>>>>> This is the first time to post questions on the mail list. >>>>>>>>>>> Yesterday I >>>>>>>>>>> file a bug to the jira >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Regards, >>>>>>>>>>> Prince >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >
