Yes, all these extensions go into the STS. If you configure your web application - which is protected with Web SSO and SAML - you must ensure that the realm parameter in the fediz_config.xml matches with the list of realms in RPClaims.xml. This is the trigger for the IDP to know which app requires which claims and requests that from the STS.
HTH ------ Oliver Wulff Blog: http://owulff.blogspot.com Solution Architect http://coders.talend.com Talend Application Integration Division http://www.talend.com ________________________________________ From: Alrick Telfer [[email protected]] Sent: 10 January 2013 20:42 To: [email protected] Subject: Re: Changing the user/role data source for Fediz IdP running on Tomcat 7 to a dynamic source Thanks Oliver. Just to confirm one more thing, because the application doesn't seem to be picking up the Realm I specified in the Context file. All changes that you stated earlier go into the STS app, correct? Getting my head wrapped around this thing is pretty difficult, because it seems there's always something that is unaccounted for. Thanks much, On Mon, Jan 7, 2013 at 3:59 PM, Oliver Wulff <[email protected]> wrote: > Hi there > > Currently Fediz IDP/STS supports files and ldap. It is documented here > (section "configure ldap directory) what to do to configure an LDAP > directory: > http://cxf.apache.org/fediz-idp.html > > Two classes were required to add LDAP support and similar implementations > you need for a datasource backend: > - JAAS LoginModule for the database (which does the authentication piece) > - ClaimsHandler for the database (which provides the role and other claims > information) > > Then you have to configure the JAAS login module similar to the > LdapLoginModule: > mysource { > com.sun.security.auth.module.LdapLoginModule REQUIRED > userProvider=ldap://ldap.mycompany.org:389/OU=Users,DC=mycompany,DC=org"; > authIdentity="cn={USERNAME},OU=Users,DC=mycompany,DC=org" > useSSL=false > debug=true; > }; > > And configure the datasource claims handler implementation: > <bean id="dsClaimsHandler" > class="MyDatasourceClaimsHandler"> > <property name="whatever" > value="value" /> > </bean> > > That's all. HTH > > ------ > > Oliver Wulff > > Blog: http://owulff.blogspot.com > Solution Architect > http://coders.talend.com > > Talend Application Integration Division http://www.talend.com > > ________________________________________ > From: Alrick Telfer [[email protected]] > Sent: 07 January 2013 17:57 > To: [email protected] > Subject: Changing the user/role data source for Fediz IdP running on > Tomcat 7 to a dynamic source > > Hey guys, > > CXF version: 2.7.1 > Fediz version: 1.0.2 > > I'm relatively new to CXF and Fediz, so please bare with me and my > ignorance. > > I'm trying to set up the Fediz IdP server to use a custom class or database > as it's source of identity and role info. Right now you guys have a few xml > files that provide that data, but we need the data to be dynamic. Can you > guys lead me in the right direction to setting this up correctly? Remember, > I'm pretty new, so please give me as much info as you are able to give. > > Thanks much! > > -- > *Alrick Telfer*
