I’m trying to use Fediz to tie into my organization’s ADFS environment. I have successfully setup my app as a RP to the sample Fediz IDP/STS. However, when I try and switch the fediz_config to use the ADFS STS, I get the following error.
2015-08-17 11:28:52,951 [http-bio-8443-exec-4] WARN org.apache.cxf.fediz.core.s aml.SAMLTokenValidator - Issuer 'http://dev.login.mayo.edu/adfs/services/trust' not trusted 2015-08-17 11:28:52,954 [http-bio-8443-exec-4] ERROR org.apache.cxf.fediz.spring .authentication.FederationAuthenticationProvider - Failed to validate SignIn re quest org.apache.cxf.fediz.core.exception.ProcessingException: Security token issuer n ot trusted I have extracted the signing key from the ADFS Federation Metadata and added it to my ststrust.jks keystore. I have also modified the fediz_config as follows. <trustedIssuers> <issuer subject=".*CN=MFAD ADFS Token Signing Certificate - dev.login.mayo.edu.*" certificateValidation="ChainTrust" name=" MFAD ADFS Token Signing Certificate - dev.login.mayo.edu" /> </trustedIssuers> I have tried both ChainTrust and PeerTrust and receive the error under both. I wasn’t sure what the Name attribute was supposed to contain, but I’ve tried various strings to no avail. Any guidance on this config would be much appreciated. I’d love to get my Tomcat environment participating in our ADFS federation environment. Thanks, Jason Betz -- View this message in context: http://cxf.547215.n5.nabble.com/CXF-Fediz-and-ADFS-Configuration-Help-tp5760244.html Sent from the cxf-user mailing list archive at Nabble.com.
