Thanks for the timely response. Yes, Tomcat 6 is a must as it is the app server for Shibboleth, which is told to run most of its features on Tomcat 7, too, but not with much "official" support. The Fediz relying party I am attempting is actually a Shibboleh login handler.
I'll try some alternative, so freeze Fediz here. May be just redirecting to an ADFS claims based app that once authenticated sends back some claims to the login handler as a dirty proof of concept, before getting serious with Fediz. Thanks. -----Mensaje original----- De: Oliver Wulff [mailto:[email protected]] Enviado el: jueves, 18 de septiembre de 2014 12:06 Para: [email protected] Asunto: RE: Tomcat plugin with Tomcat 6.0? Hi there Based on community discussions, Fediz IDP works with ASP.NET RP and the other way around. Is Tomcat 6 a must? Tomcat 7 works fine. There are some changes required to get it working for Tomcat 6 but we never invested in building a plugin because it's quite old. Thanks ------ Oliver Wulff Blog: http://owulff.blogspot.com Solution Architect http://coders.talend.com Talend Application Integration Division http://www.talend.com ________________________________________ From: Domènec Sos i Vallès [[email protected]] Sent: 18 September 2014 11:57 To: [email protected] Subject: Tomcat plugin with Tomcat 6.0? Hello, first post here, thanks in advance for any feedback. I am evaluating Apache CXF Fediz as a way to create a Tomcat 6 relying party for ADFS 2.0. I did the configuration steps, built the simple web app (no spring) example and first tried to access the medata URL. Got a no such class exception when trying to get the servlet context. Then, I tried building the tomcat plugin and noticed it has a dependency on the Tomcat 7 API. So, the obvious questions is whether the plugin can be run on Tomcat 6. Can any previous experience be leveraged before I start tweaking a plugin version for Tomcat 6 API? Also, a rough sample of fediz_config.xml for ADFS would be highly appreciated. I have experience in configuring the ADFS and Shibboleth world, but a bit stuck in Fediz at the moment :) Regards, /Domenec PS: I know it may sound exotic, but the goal is to write a login handler for Shibboleth that uses an existing SSO session in ADFS. ADFS can proxy claims from Shibboleth to its MS relying parties, but not the opposite. Because of organizational decisions, ADFS must remain the login point (yes I know that letting users log in Shibboleth there would be no issues, I tested that). Inspiration comes from Shib wiki where login handlers using CAS are provided.
