You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2012/05/15 17:48:04 UTC
svn commit: r817725 - in /websites/production/cxf/content:
cache/main.pageCache fediz-configuration.html fediz.html tomcat.html
Author: buildbot
Date: Tue May 15 15:48:04 2012
New Revision: 817725
Log:
Production update by buildbot for cxf
Added:
websites/production/cxf/content/fediz-configuration.html
Modified:
websites/production/cxf/content/cache/main.pageCache
websites/production/cxf/content/fediz.html
websites/production/cxf/content/tomcat.html
Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Added: websites/production/cxf/content/fediz-configuration.html
==============================================================================
--- websites/production/cxf/content/fediz-configuration.html (added)
+++ websites/production/cxf/content/fediz-configuration.html Tue May 15 15:48:04 2012
@@ -0,0 +1,276 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+ <head>
+ <link type="text/css" rel="stylesheet" href="http://cxf.apache.org/resources/site.css">
+ <script src="http://cxf.apache.org/resources/space.js" type="text/javascript"></script>
+
+<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+<meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
+<meta name="description" content="Apache CXF, Services Framework - Fediz Configuration">
+ <title>
+Apache CXF -- Fediz Configuration
+ </title>
+ </head>
+<body onload="init()">
+
+
+<table width="100%" cellpadding="0" cellspacing="0">
+ <tr>
+ <td id="cell-0-0" colspan="2"> </td>
+ <td id="cell-0-1"> </td>
+ <td id="cell-0-2" colspan="2"> </td>
+ </tr>
+ <tr>
+ <td id="cell-1-0"> </td>
+ <td id="cell-1-1"> </td>
+ <td id="cell-1-2">
+ <div style="padding: 5px;">
+ <div id="banner">
+ <!-- Banner -->
+<div id="banner-content">
+<table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
+<a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
+</td><td align="right" colspan="1" nowrap>
+<a shape="rect" href="http://www.apache.org/" title="The Apache Software Foundation"><img border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
+</td></tr></table>
+</div>
+ <!-- Banner -->
+ </div>
+ </div>
+ <div id="top-menu">
+ <table border="0" cellpadding="1" cellspacing="0" width="100%">
+ <tr>
+ <td>
+ <div align="left">
+ <!-- Breadcrumbs -->
+<a href="index.html">Index</a> > <a href="fediz.html">Fediz</a> > <a href="fediz-configuration.html">Fediz Configuration</a>
+ <!-- Breadcrumbs -->
+ </div>
+ </td>
+ <td>
+ <div align="right">
+ <!-- Quicklinks -->
+<div id="quicklinks"><p><a shape="rect" href="download.html" title="Download">Download</a> | <a shape="rect" href="http://cxf.apache.org/docs/index.html">Documentation</a></p></div>
+ <!-- Quicklinks -->
+ </div>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ <td id="cell-1-3"> </td>
+ <td id="cell-1-4"> </td>
+ </tr>
+ <tr>
+ <td id="cell-2-0" colspan="2"> </td>
+ <td id="cell-2-1">
+ <table>
+ <tr valign="top">
+ <td height="100%">
+ <div id="wrapper-menu-page-right">
+ <div id="wrapper-menu-page-top">
+ <div id="wrapper-menu-page-bottom">
+ <div id="menu-page">
+ <!-- NavigationBar -->
+<div id="navigation"><h3><a shape="rect" name="Navigation-ApacheCXFIndex"></a><a shape="rect" href="index.html" title="Index">Apache CXF</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="index.html" title="Index">Home</a></li><li><a shape="rect" href="download.html" title="Download">Download</a></li><li><a shape="rect" href="people.html" title="People">People</a></li><li><a shape="rect" href="project-status.html" title="Project Status">Project Status</a></li><li><a shape="rect" href="roadmap.html" title="Roadmap">Roadmap</a></li><li><a shape="rect" href="mailing-lists.html" title="Mailing Lists">Mailing Lists</a></li><li><a shape="rect" class="external-link" href="http://issues.apache.org/jira/browse/CXF">Issue Reporting</a></li><li><a shape="rect" href="special-thanks.html" title="Special Thanks">Special Thanks</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/licenses/">License</a></li><li><a shape="rect" href="security-advisories.html" title="Security Advisories">Security Advisories</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Users"></a>Users</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="http://cxf.apache.org/docs/index.html">User's Guide</a></li><li><a shape="rect" href="support.html" title="Support">Support</a></li><li><a shape="rect" href="faq.html" title="FAQ">FAQ</a></li><li><a shape="rect" href="resources-and-articles.html" title="Resources and Articles">Resources and Articles</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Search"></a>Search</h3>
+
+<form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
+ <div>
+ <input type="hidden" name="cx" value="002890367768291051730:o99qiwa09y4">
+ <input type="hidden" name="ie" value="UTF-8">
+ <input type="text" name="q" size="21">
+ <input type="submit" name="sa" value="Search">
+ </div>
+</form>
+<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
+
+
+<h3><a shape="rect" name="Navigation-Developers"></a>Developers</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="http://cxf.apache.org/docs/cxf-architecture.html">Architecture Guide</a></li><li><a shape="rect" href="source-repository.html" title="Source Repository">Source Repository</a></li><li><a shape="rect" href="building.html" title="Building">Building</a></li><li><a shape="rect" href="automated-builds.html" title="Automated Builds">Automated Builds</a></li><li><a shape="rect" href="testing-debugging.html" title="Testing-Debugging">Testing-Debugging</a></li><li><a shape="rect" href="coding-guidelines.html" title="Coding Guidelines">Coding Guidelines</a></li><li><a shape="rect" href="getting-involved.html" title="Getting Involved">Getting Involved</a></li><li><a shape="rect" href="release-management.html" title="Release Management">Release Management</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Subprojects"></a>Subprojects</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="distributed-osgi.html" title="Distributed OSGi">Distributed OSGi</a></li><li><a shape="rect" href="xjc-utils.html" title="XJC Utils">XJC Utils</a></li><li><a shape="rect" href="build-utils.html" title="Build Utils">Build Utils</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-ASF"></a><a shape="rect" class="external-link" href="http://www.apache.org">ASF</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/how-it-works.html">How Apache Works</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/">Foundation</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/sponsorship.html">Sponsor Apache</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/thanks.html">Thanks</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/security/">Security</a></li></ul>
+</div>
+ <!-- NavigationBar -->
+ </div>
+ </div>
+ </div>
+ </div>
+ </td>
+ <td height="100%">
+ <!-- Content -->
+ <div class="wiki-content">
+<div id="ConfluenceContent"><p><img align="middle" class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif" height="16" width="16" alt="" border="0"> Under construction</p>
+
+<h1><a shape="rect" name="FedizConfiguration-FedizPluginconfiguration"></a>Fediz Plugin configuration</h1>
+<p>This page describes the Fediz configuration file which is referenced by the security interceptor (eg. authenticator in Tomcat/Jetty).</p>
+
+<h3><a shape="rect" name="FedizConfiguration-Example"></a>Example</h3>
+<p>The following example describes the minimum configuration for Fediz.</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<span class="code-tag"><?xml version=<span class="code-quote">"1.0"</span> encoding=<span class="code-quote">"UTF-8"</span> standalone=<span class="code-quote">"yes"</span>?></span>
+<span class="code-tag"><FedizConfig></span>
+ <span class="code-tag"><contextConfig name=<span class="code-quote">"/fedizhelloworld"</span>></span>
+ <span class="code-tag"><audienceUris></span>
+ <span class="code-tag"><audienceItem></span>https://localhost:8443/fedizhelloworld<span class="code-tag"></audienceItem></span>
+ <span class="code-tag"></audienceUris></span>
+ <span class="code-tag"><certificateStore></span>
+ <span class="code-tag"><trustManager></span>
+ <span class="code-tag"><keyStore file=<span class="code-quote">"/projects/fediz/tomcat-rp2/conf/stsstore.jks"</span> password=<span class="code-quote">"stsspass"</span> type=<span class="code-quote">"JKS"</span> /></span>
+ <span class="code-tag"></trustManager></span>
+ <span class="code-tag"></certificateStore></span>
+ <span class="code-tag"><trustedIssuers></span>
+ <span class="code-tag"><issuer name=<span class="code-quote">"issuer 1"</span> certificateValidation=<span class="code-quote">"ChainTrust"</span> subject=<span class="code-quote">".*CN=www.sts.com.*"</span> /></span>
+ <span class="code-tag"></trustedIssuers></span>
+ <span class="code-tag"><protocol <span class="code-keyword">xmlns:xsi</span>=<span class="code-quote">"http://www.w3.org/2001/XMLSchema-instance"</span> xsi:type=<span class="code-quote">"federationProtocolType"</span> version=<span class="code-quote">"1.2"</span>></span>
+ <span class="code-tag"><issuer></span>https://localhost:9443/fedizidp/<span class="code-tag"></issuer></span>
+ <span class="code-tag"></protocol></span>
+ <span class="code-tag"></contextConfig></span>
+<span class="code-tag"></FedizConfig></span>
+</pre>
+</div></div>
+
+<p>The element protocol defines that you use the WS-Federation protocol. The issuer says to which URL authenticated requests will be redirected with the SignIn request.<br clear="none">
+The IDP issues a SAML token which must be validated by the plugin. The validation requires the certificate store of the Certificate Authority(ies) of the certificate which signed the SAML token. This is defined in <tt>certificateStore</tt>. The signing certificate itself is not required because <tt>certificateValidation</tt> is set to <tt>ChainTrust</tt>. The <tt>subject</tt> defines the trusted signing certificate using the subject as a regular expression.<br clear="none">
+Finally, the audience URI is validated against the audience restriction in the SAML token.</p>
+
+
+<h3><a shape="rect" name="FedizConfiguration-Configurationreference"></a>Configuration reference</h3>
+
+<div class="table-wrap">
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh">XML element </th><th colspan="1" rowspan="1" class="confluenceTh">Name </th><th colspan="1" rowspan="1" class="confluenceTh">Use </th><th colspan="1" rowspan="1" class="confluenceTh">Description</th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> audienceUris </td><td colspan="1" rowspan="1" class="confluenceTd"> Audience URI </td><td colspan="1" rowspan="1" class="confluenceTd"> Required </td><td colspan="1" rowspan="1" class="confluenceTd"> The values of the list of audience URIs are verified against the element <tt>AudienceRestriction</tt> in the SAML token </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> certificateStore </td><td colspan="1" rowspan="1" class="confluenceTd"> Trusted certificate store </td><td colspan="1" rowspan="1" class="confluenceTd"> Required </td><td colspan="1" rowspan="1" class="confluenceTd"> The list of keystores (JKS, PEM) includ
es at least the certificate of the Certificate Authorities (CA) which signed the certificate which is used to sign the SAML token </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> trustedIssuers </td><td colspan="1" rowspan="1" class="confluenceTd"> Trusted Issuers </td><td colspan="1" rowspan="1" class="confluenceTd"> Required </td><td colspan="1" rowspan="1" class="confluenceTd"> There are two ways to configure a trusted issuer (IDP). Either you configure the subject name and the CA(s) who signed the certificate of the IDP (<tt>certificateValidation=ChainTrust</tt>) or you configure the certificate of the IDP and the CA(s) who signed it (<tt>certificateValidation=PeerTrust</tt>)</td></tr></tbody></table>
+</div>
+
+
+
+<h5><a shape="rect" name="FedizConfiguration-WSFederationprotocolconfigurationreference"></a>WS-Federation protocol configuration reference </h5>
+
+<div class="table-wrap">
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh">XML element </th><th colspan="1" rowspan="1" class="confluenceTh">Name </th><th colspan="1" rowspan="1" class="confluenceTh">Use </th><th colspan="1" rowspan="1" class="confluenceTh">Description</th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> issuer </td><td colspan="1" rowspan="1" class="confluenceTd"> Issuer URL </td><td colspan="1" rowspan="1" class="confluenceTd"> Required </td><td colspan="1" rowspan="1" class="confluenceTd">This URL defines the location of the IDP to whom unauthenticated requests are redirected </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> authenticationType </td><td colspan="1" rowspan="1" class="confluenceTd"> Authentication Type </td><td colspan="1" rowspan="1" class="confluenceTd"> Optional </td><td colspan="1" rowspan="1" class="confluenceTd"> The authentication type defines what kind of authentication is required. This infor
mation is provided in the SignInRequest to the IDP (parameter <tt>wauth</tt>)<br clear="none">
+The WS-Federation standard defines a list of predefined URIs for wauth <a shape="rect" class="external-link" href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223174997" rel="nofollow">here</a>.</td></tr></tbody></table>
+</div>
+
+
+
+
+<h3><a shape="rect" name="FedizConfiguration-Advancedexample"></a>Advanced example</h3>
+
+<p>The following example defines the required claims and configure custom callback handler to define some configuration values at runtime.</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<span class="code-tag"><?xml version=<span class="code-quote">"1.0"</span> encoding=<span class="code-quote">"UTF-8"</span> standalone=<span class="code-quote">"yes"</span>?></span>
+<span class="code-tag"><FedizConfig></span>
+ <span class="code-tag"><contextConfig name=<span class="code-quote">"/fedizhelloworld"</span>></span>
+ <span class="code-tag"><audienceUris></span>
+ <span class="code-tag"><audienceItem></span>https://localhost:8443/fedizhelloworld<span class="code-tag"></audienceItem></span>
+ <span class="code-tag"></audienceUris></span>
+ <span class="code-tag"><certificateStore></span>
+ <span class="code-tag"><keyStore file=<span class="code-quote">"/projects/fediz/tomcat-rp2/conf/stsstore.jks"</span> password=<span class="code-quote">"stsspass"</span> type=<span class="code-quote">"file"</span> /></span>
+ <span class="code-tag"></certificateStore></span>
+ <span class="code-tag"><trustedIssuers></span>
+ <span class="code-tag"><issuer name=<span class="code-quote">"issuer 1"</span> certificateValidation=<span class="code-quote">"ChainTrust"</span> subject=<span class="code-quote">".*CN=www.sts.com.*"</span> /></span>
+ <span class="code-tag"></trustedIssuers></span>
+ <span class="code-tag"><protocol <span class="code-keyword">xmlns:xsi</span>=<span class="code-quote">"http://www.w3.org/2001/XMLSchema-instance"</span> xsi:type=<span class="code-quote">"federationProtocolType"</span> version=<span class="code-quote">"1.0.0"</span>></span>
+ <span class="code-tag"><issuer></span>https://localhost:9443/fedizidp/<span class="code-tag"></issuer></span>
+ <span class="code-tag"><roleDelimiter></span>,<span class="code-tag"></roleDelimiter></span>
+ <span class="code-tag"><roleURI></span>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role<span class="code-tag"></roleURI></span>
+ <span class="code-tag"><claimTypesRequested></span>
+ <span class="code-tag"><claimType type=<span class="code-quote">"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"</span> optional=<span class="code-quote">"true"</span> /></span>
+ <span class="code-tag"></claimTypesRequested></span>
+ <span class="code-tag"><authenticationType type=<span class="code-quote">"String"</span> value=<span class="code-quote">"http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/smartcard"</span> /></span>
+ <span class="code-tag"><homeRealm type=<span class="code-quote">"Class"</span> value=<span class="code-quote">"example.HomeRealmCallbackHandler.class"</span> /></span>
+ <span class="code-tag"></protocol></span>
+ <span class="code-tag"></contextConfig></span>
+<span class="code-tag"></FedizConfig></span>
+</pre>
+</div></div>
+
+<p><a shape="rect" class="external-link" href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223174997" rel="nofollow">http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223174997</a></p>
+
+
+</div>
+ </div>
+ <!-- Content -->
+ </td>
+ </tr>
+ </table>
+ </td>
+ <td id="cell-2-2" colspan="2"> </td>
+ </tr>
+ <tr>
+ <td id="cell-3-0"> </td>
+ <td id="cell-3-1"> </td>
+ <td id="cell-3-2">
+ <div id="footer">
+ <!-- Footer -->
+ <div id="site-footer">
+ <a href="http://cxf.apache.org/privacy-policy.html">Privacy Policy</a> -
+ (<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=27846708">edit page</a>)
+ (<a href="https://cwiki.apache.org/confluence/display/CXF/Fediz+Configuration?showComments=true&showCommentArea=true#addcomment">add comment</a>)<br>
+ Apache CXF, CXF, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
+ All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+ </div>
+ <!-- Footer -->
+ </div>
+ </td>
+ <td id="cell-3-3"> </td>
+ <td id="cell-3-4"> </td>
+ </tr>
+ <tr>
+ <td id="cell-4-0" colspan="2"> </td>
+ <td id="cell-4-1"> </td>
+ <td id="cell-4-2" colspan="2"> </td>
+ </tr>
+</table>
+
+<script type="text/javascript">
+var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
+document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
+</script>
+<script type="text/javascript">
+try {
+var pageTracker = _gat._getTracker("UA-4458903-1");
+pageTracker._trackPageview();
+} catch(err) {}</script>
+
+</body>
+</html>
+
Modified: websites/production/cxf/content/fediz.html
==============================================================================
--- websites/production/cxf/content/fediz.html (original)
+++ websites/production/cxf/content/fediz.html Tue May 15 15:48:04 2012
@@ -180,7 +180,7 @@ The RP is the web application which shou
<h3><a shape="rect" name="Fediz-SetuptheRelyingPartyContainer"></a>Set up the Relying Party Container</h3>
-<p>The Fediz plugin is deployed into the Relying Party (RP) container. The security mechanism is not specified by JEE. Even it is very similar in each Servlet Container there are some differences which requires dedicated Fediz plugins for each Servlet Container implementation. Most of the configuration is container independent and described <a shape="rect" href="configuration.html" title="Configuration">here</a></p>
+<p>The Fediz plugin is deployed into the Relying Party (RP) container. The security mechanism is not specified by JEE. Even it is very similar in each Servlet Container there are some differences which requires dedicated Fediz plugins for each Servlet Container implementation. Most of the configuration is container independent and described <a shape="rect" href="fediz-configuration.html" title="Fediz Configuration">here</a></p>
<p>The following lists shows the supported containers and the location of the installation and configuration page.</p>
<ul><li><a shape="rect" href="tomcat.html" title="Tomcat">Tomcat 7 </a></li></ul>
Modified: websites/production/cxf/content/tomcat.html
==============================================================================
--- websites/production/cxf/content/tomcat.html (original)
+++ websites/production/cxf/content/tomcat.html Tue May 15 15:48:04 2012
@@ -154,7 +154,7 @@ add the previously created directory to
<h3><a shape="rect" name="Tomcat-Configuration"></a>Configuration</h3>
-<p>The Fediz related configuration is Container independent and described <a shape="rect" href="configuration.html" title="Configuration">here</a>.</p>
+<p>The Fediz related configuration is Container independent and described <a shape="rect" href="fediz-configuration.html" title="Fediz Configuration">here</a>.</p>
<p>The Fediz plugin requires to configure the FederationAuthenticator like any other Valve in Tomcat which is described here <a shape="rect" class="external-link" href="http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html">here</a>.</p>