Hello
I am a newbie to both CXF and FEDIZ, I wanted to install and configure
the basic test case with one IDP, STS & one RP. here is what I have so far:
* The default IDP & STS wars deployed and configured in one tomcat
instance running on https/9443 for REALM A as explained in the config doc
* The FEDIZ HelloWorld RP deployed in a separate TOMCAT instance
available on https/8443
* The default trust keystores available to both the IDP/STS and RP instances
Here is the problem I am facing:
* Access the RP: https://localhost:8443/fedizhelloworld/secure/fedservlet
* Redirected to
https://localhost:9443/fediz-idp/?wa=wsignin1.0&wreply=https://localhost:8443/fedizhelloworld/secure/fedservlet&wtrealm=https://localhost:8443/fedizhelloworld/&wct=2014-09-15T17:25:48.112Z
** NOW The IDP does not redirect to Login, but instead just displays the
IDP index.html
Can you please guide me to the required config so as to get the basic
flow working. I am attaching the config files from the IDP side
Thanks In Advance
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:security="http://www.springframework.org/schema/security";
xmlns:context="http://www.springframework.org/schema/context";
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd";>
<context:property-placeholder location="classpath:realm.properties"/>
<context:component-scan base-package="org.apache.cxf.fediz.service.idp"/>
<!-- DIABLE in production as it might log confidential information about the user -->
<security:debug />
<!-- Configure Spring Security -->
<security:http auto-config="false" use-expressions="true">
<security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
<security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous() or isAuthenticated()" />
<!-- MUST be http-basic thus systests run fine -->
<!--<security:http-basic />-->
<security:form-login />
</security:http>
<security:authentication-manager>
<security:authentication-provider ref="stsAuthProvider" />
</security:authentication-manager>
<bean id="stsPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter" />
<bean id="stsAuthProvider" class="org.apache.cxf.fediz.service.idp.STSAuthenticationProvider">
<property name="wsdlLocation" value="https://localhost:9443/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportUT?wsdl"/>
<property name="wsdlEndpoint" value="TransportUT_Port"/>
<property name="wsdlService" value="SecurityTokenService"/>
<property name="appliesTo" value="urn:fediz:idp"/>
<property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
</bean>
</beans>
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:cxf="http://cxf.apache.org/core"; xmlns:jaxws="http://cxf.apache.org/jaxws";
xmlns:test="http://apache.org/hello_world_soap_http"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:util="http://www.springframework.org/schema/util"; xmlns:http="http://cxf.apache.org/transports/http/configuration";
xmlns:sec="http://cxf.apache.org/configuration/security";
xmlns:context="http://www.springframework.org/schema/context";
xsi:schemaLocation="
http://cxf.apache.org/core
http://cxf.apache.org/schemas/core.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-2.0.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd";>
<context:property-placeholder location="classpath:realm.properties"/>
<bean id="config" class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
<property name="idpConfigs">
<util:list>
<ref bean="idp-realmA" />
</util:list>
</property>
<property name="serviceConfigs">
<util:list>
<ref bean="srv-fedizhelloworld" />
</util:list>
</property>
</bean>
<bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.model.IDPConfig">
<property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
<property name="uri" value="realma" />
<!--<property name="hrds" value="" />--> <!-- TBD, not defined, provide list if enabled -->
<property name="provideIDPList" value="true" />
<property name="useCurrentIDP" value="true" />
<property name="certificate" value="stsKeystoreA.properties" />
<property name="certificatePassword" value="realma" />
<property name="stsUrl" value="https://localhost:9443/fediz-idp-sts/REALMA"; />
<property name="idpUrl" value="https://localhost:${realmA.port}/fediz-idp/federation"; />
<property name="supportedProtocols">
<util:list>
<value>http://docs.oasis-open.org/wsfed/federation/200706</value>
<value>http://docs.oasis-open.org/ws-sx/ws-trust/200512</value>
</util:list>
</property>
<property name="services">
<util:map>
<entry key="urn:org:apache:cxf:fediz:fedizhelloworld" value-ref="srv-fedizhelloworld" />
</util:map>
</property>
<property name="authenticationURIs">
<util:map>
<entry key="default" value="/login/default" />
</util:map>
</property>
<property name="trustedIDPs">
<util:map>
<entry key="urn:org:apache:cxf:fediz:idp:realm-B" value-ref="trusted-idp-realmB" />
</util:map>
</property>
<property name="serviceDisplayName" value="REALM A" />
<property name="serviceDescription" value="IDP of Realm A" />
</bean>
<bean id="trusted-idp-realmB" class="org.apache.cxf.fediz.service.idp.model.TrustedIDPConfig">
<property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
<property name="cacheTokens" value="true" />
<property name="url" value="https://localhost:${realmB.port}/fediz-idp-remote/federation"; />
<property name="certificate" value="realmb.cert" />
<property name="trustType" value="PEER_TRUST" /> <!-- Required for Fediz Core, Process SignInResponse -->
<property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"; />
<property name="federationType" value="FederateIdentity" /> <!-- Required for STS Relationship -->
<property name="name" value="REALM B" />
<property name="description" value="IDP of Realm B" />
</bean>
<bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.model.ServiceConfig">
<property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" />
<property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"; />
<property name="serviceDisplayName" value="Fedizhelloworld" />
<property name="serviceDescription" value="Web Application to illustrate WS-Federation" />
<property name="role" value="ApplicationServiceType" />
<property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; />
<property name="lifeTime" value="3600" />
<!-- <property name="encryptionCertificate" value="" /> -->
<property name="requestedClaims">
<util:list>
<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; />
<property name="optional" value="false" />
</bean>
<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; />
<property name="optional" value="false" />
</bean>
<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; />
<property name="optional" value="false" />
</bean>
<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; />
<property name="optional" value="true" />
</bean>
</util:list>
</property>
</bean>
</beans>
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:cxf="http://cxf.apache.org/core"; xmlns:jaxws="http://cxf.apache.org/jaxws";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:util="http://www.springframework.org/schema/util"; xmlns:http="http://cxf.apache.org/transports/http/configuration";
xmlns:sec="http://cxf.apache.org/configuration/security";
xmlns:context="http://www.springframework.org/schema/context";
xmlns:jaxrs="http://cxf.apache.org/jaxrs";
xsi:schemaLocation="
http://cxf.apache.org/core
http://cxf.apache.org/schemas/core.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-2.0.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/jaxrs
http://cxf.apache.org/schemas/jaxrs.xsd";>
<context:property-placeholder location="classpath:realm.properties"/>
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="security-config.xml" />
<import resource="idp-config-realma.xml" />
<cxf:bus>
<cxf:features>
<cxf:logging />
</cxf:features>
</cxf:bus>
<http:conduit name="*.http-conduit">
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
<sec:keyStore type="jks" password="ispass" resource="idp-ssl-trust.jks"/>
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
<jaxrs:server id="idpService" address="/rs">
<jaxrs:serviceBeans>
<ref bean="idpServiceImpl" />
</jaxrs:serviceBeans>
</jaxrs:server>
<bean id="idpServiceImpl" class="org.apache.cxf.fediz.service.idp.rest.IDPServices">
<property name="configService" ref="config" />
</bean>
</beans>
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- The contents of this file will be loaded for each web application -->
<Context>
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat restarts -->
<!--
<Manager pathname="" />
-->
<!-- Uncomment this to enable Comet connection tacking (provides events
on session expiration as well as webapp lifecycle) -->
<!--
<Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
-->
</Context>
