You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by John Cleber Jaraceski <jo...@gmail.com> on 2015/03/13 13:47:35 UTC
Connect Fediz to my database of users
Hello.
I would like to connect Fediz IDP to my database of users. But I really don't know how to begin.
Can somebody help me, please.
John
AW: Connect Fediz to my database of users
Posted by Jan Bernhardt <jb...@talend.com>.
You need to replace the import statement in application.xml from file.xml to ldap.xml. Otherwise the ldap.xml file will not be initialized.
Kind regards
Jan
Jan Bernhardt, M.Sc.
PROFESSIONAL SERVICES CONSULTANT
jbernhardt@talend.com | www.talend.com
Talend Germany GmbH | Servatiusstrasse 53 - 53175 Bonn - Germany
Visit my blog at https://janbernhardt.blogspot.de
> -----Ursprüngliche Nachricht-----
> Von: John Jaraceski [mailto:john.jaraceski@gmail.com]
> Gesendet: Montag, 16. März 2015 19:41
> An: users@cxf.apache.org
> Betreff: Re: Connect Fediz to my database of users
>
> Jan,
>
> I've tried to use LDAP example, but it isn't working. Do you have some tips to give
> me?
>
> I've followed the LDAP's example from from Apache Fediz site. But, the
> credentials are validated with realm's files (bob, alice, ted) and not against my
> LDAP local server.
>
> Thanks,
>
> John
>
>
> 2015-03-13 11:59 GMT-03:00 Jan Bernhardt <jb...@talend.com>:
>
> > Hi John,
> >
> > this would not be a good idea ;-)
> >
> > You will need the transport endpoint for the IDP to issue SAML tokens
> > based on the cached SAML token at the IDP. The IDP needs to cache a
> > SAML token for the user, because otherwise you could not provide
> > single sign on and the user would have to enter his password each time.
> >
> > The applicationContext.xml includes a file.xml by default and you also
> > find samples for Kerberos and LDAP. That is the kind of file you need
> > to provide for your use case. Take a look at the ldap.xml to find a
> > JAAS Example for the UTTransport of the STS.
> >
> > Kind regards
> > Jan
> >
> > Jan Bernhardt, M.Sc.
> > PROFESSIONAL SERVICES CONSULTANT
> > jbernhardt@talend.com | www.talend.com Talend Germany GmbH |
> > Servatiusstrasse 53 - 53175 Bonn - Germany
> >
> > > -----Ursprüngliche Nachricht-----
> > > Von: John Jaraceski [mailto:john.jaraceski@gmail.com]
> > > Gesendet: Freitag, 13. März 2015 15:43
> > > An: users@cxf.apache.org
> > > Betreff: Re: Connect Fediz to my database of users
> > >
> > > Jan,
> > >
> > > In this case I'll change the cxf-transport.xml : remove the two
> > endpoints to
> > > "realmA" and "realmB", add the referente to my new endpoint.
> > >
> > > <jaxws:endpoint id="transportSTSUT"
> > > endpointName="ns1:TransportUT_Port"
> > > serviceName="ns1:SecurityTokenService"
> > > xmlns:ns1=http://docs.oasis-open.org/ws-sx/ws-trust/200512/
> > > wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
> > > address="/STSServiceTransportUT"
> > > implementor="#transportSTSProviderBean">
> > >
> > > <jaxws:properties>
> > > <entry key="ws-security.ut.validator"
> > > value-ref="jaasUTValidator"/>
> > > </jaxws:properties>
> > > </jaxws:endpoint>
> > >
> > > Is that?
> > >
> > > Thanks,
> > >
> > > John
> > >
> > >
> > > 2015-03-13 10:12 GMT-03:00 Jan Bernhardt <jb...@talend.com>:
> > >
> > > > Hi John,
> > > >
> > > > you need to update the authentication validator at the STS. You
> > > > can either use a JAAS DB module, or write your own validator.
> > > >
> > > > Best regards
> > > > Jan
> > > >
> > > >
> > > > > -----Ursprüngliche Nachricht-----
> > > > > Von: John Cleber Jaraceski [mailto:john.jaraceski@gmail.com]
> > > > > Gesendet: Freitag, 13. März 2015 13:48
> > > > > An: users@cxf.apache.org
> > > > > Betreff: Connect Fediz to my database of users
> > > > >
> > > > > Hello.
> > > > >
> > > > > I would like to connect Fediz IDP to my database of users. But I
> > > > > really
> > > > don't know
> > > > > how to begin.
> > > > >
> > > > > Can somebody help me, please.
> > > > >
> > > > > John
> > > >
> >
Re: Connect Fediz to my database of users
Posted by John Jaraceski <jo...@gmail.com>.
Jan,
I've tried to use LDAP example, but it isn't working. Do you have some tips
to give me?
I've followed the LDAP's example from from Apache Fediz site. But, the
credentials are validated with realm's files (bob, alice, ted) and not
against my LDAP local server.
Thanks,
John
2015-03-13 11:59 GMT-03:00 Jan Bernhardt <jb...@talend.com>:
> Hi John,
>
> this would not be a good idea ;-)
>
> You will need the transport endpoint for the IDP to issue SAML tokens
> based on the cached SAML token at the IDP. The IDP needs to cache a SAML
> token for the user, because otherwise you could not provide single sign on
> and the user would have to enter his password each time.
>
> The applicationContext.xml includes a file.xml by default and you also
> find samples for Kerberos and LDAP. That is the kind of file you need to
> provide for your use case. Take a look at the ldap.xml to find a JAAS
> Example for the UTTransport of the STS.
>
> Kind regards
> Jan
>
> Jan Bernhardt, M.Sc.
> PROFESSIONAL SERVICES CONSULTANT
> jbernhardt@talend.com | www.talend.com
> Talend Germany GmbH | Servatiusstrasse 53 - 53175 Bonn - Germany
>
> > -----Ursprüngliche Nachricht-----
> > Von: John Jaraceski [mailto:john.jaraceski@gmail.com]
> > Gesendet: Freitag, 13. März 2015 15:43
> > An: users@cxf.apache.org
> > Betreff: Re: Connect Fediz to my database of users
> >
> > Jan,
> >
> > In this case I'll change the cxf-transport.xml : remove the two
> endpoints to
> > "realmA" and "realmB", add the referente to my new endpoint.
> >
> > <jaxws:endpoint id="transportSTSUT"
> > endpointName="ns1:TransportUT_Port"
> > serviceName="ns1:SecurityTokenService"
> > xmlns:ns1=http://docs.oasis-open.org/ws-sx/ws-trust/200512/
> > wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
> > address="/STSServiceTransportUT"
> > implementor="#transportSTSProviderBean">
> >
> > <jaxws:properties>
> > <entry key="ws-security.ut.validator"
> > value-ref="jaasUTValidator"/>
> > </jaxws:properties>
> > </jaxws:endpoint>
> >
> > Is that?
> >
> > Thanks,
> >
> > John
> >
> >
> > 2015-03-13 10:12 GMT-03:00 Jan Bernhardt <jb...@talend.com>:
> >
> > > Hi John,
> > >
> > > you need to update the authentication validator at the STS. You can
> > > either use a JAAS DB module, or write your own validator.
> > >
> > > Best regards
> > > Jan
> > >
> > >
> > > > -----Ursprüngliche Nachricht-----
> > > > Von: John Cleber Jaraceski [mailto:john.jaraceski@gmail.com]
> > > > Gesendet: Freitag, 13. März 2015 13:48
> > > > An: users@cxf.apache.org
> > > > Betreff: Connect Fediz to my database of users
> > > >
> > > > Hello.
> > > >
> > > > I would like to connect Fediz IDP to my database of users. But I
> > > > really
> > > don't know
> > > > how to begin.
> > > >
> > > > Can somebody help me, please.
> > > >
> > > > John
> > >
>
AW: Connect Fediz to my database of users
Posted by Jan Bernhardt <jb...@talend.com>.
Hi John,
this would not be a good idea ;-)
You will need the transport endpoint for the IDP to issue SAML tokens based on the cached SAML token at the IDP. The IDP needs to cache a SAML token for the user, because otherwise you could not provide single sign on and the user would have to enter his password each time.
The applicationContext.xml includes a file.xml by default and you also find samples for Kerberos and LDAP. That is the kind of file you need to provide for your use case. Take a look at the ldap.xml to find a JAAS Example for the UTTransport of the STS.
Kind regards
Jan
Jan Bernhardt, M.Sc.
PROFESSIONAL SERVICES CONSULTANT
jbernhardt@talend.com | www.talend.com
Talend Germany GmbH | Servatiusstrasse 53 - 53175 Bonn - Germany
> -----Ursprüngliche Nachricht-----
> Von: John Jaraceski [mailto:john.jaraceski@gmail.com]
> Gesendet: Freitag, 13. März 2015 15:43
> An: users@cxf.apache.org
> Betreff: Re: Connect Fediz to my database of users
>
> Jan,
>
> In this case I'll change the cxf-transport.xml : remove the two endpoints to
> "realmA" and "realmB", add the referente to my new endpoint.
>
> <jaxws:endpoint id="transportSTSUT"
> endpointName="ns1:TransportUT_Port"
> serviceName="ns1:SecurityTokenService"
> xmlns:ns1=http://docs.oasis-open.org/ws-sx/ws-trust/200512/
> wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
> address="/STSServiceTransportUT"
> implementor="#transportSTSProviderBean">
>
> <jaxws:properties>
> <entry key="ws-security.ut.validator"
> value-ref="jaasUTValidator"/>
> </jaxws:properties>
> </jaxws:endpoint>
>
> Is that?
>
> Thanks,
>
> John
>
>
> 2015-03-13 10:12 GMT-03:00 Jan Bernhardt <jb...@talend.com>:
>
> > Hi John,
> >
> > you need to update the authentication validator at the STS. You can
> > either use a JAAS DB module, or write your own validator.
> >
> > Best regards
> > Jan
> >
> >
> > > -----Ursprüngliche Nachricht-----
> > > Von: John Cleber Jaraceski [mailto:john.jaraceski@gmail.com]
> > > Gesendet: Freitag, 13. März 2015 13:48
> > > An: users@cxf.apache.org
> > > Betreff: Connect Fediz to my database of users
> > >
> > > Hello.
> > >
> > > I would like to connect Fediz IDP to my database of users. But I
> > > really
> > don't know
> > > how to begin.
> > >
> > > Can somebody help me, please.
> > >
> > > John
> >
Re: Connect Fediz to my database of users
Posted by John Jaraceski <jo...@gmail.com>.
Jan,
In this case I'll change the cxf-transport.xml : remove the two endpoints
to "realmA" and "realmB", add the referente to my new endpoint.
<jaxws:endpoint id="transportSTSUT"
endpointName="ns1:TransportUT_Port"
serviceName="ns1:SecurityTokenService"
xmlns:ns1=http://docs.oasis-open.org/ws-sx/ws-trust/200512/
wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
address="/STSServiceTransportUT"
implementor="#transportSTSProviderBean">
<jaxws:properties>
<entry key="ws-security.ut.validator"
value-ref="jaasUTValidator"/>
</jaxws:properties>
</jaxws:endpoint>
Is that?
Thanks,
John
2015-03-13 10:12 GMT-03:00 Jan Bernhardt <jb...@talend.com>:
> Hi John,
>
> you need to update the authentication validator at the STS. You can either
> use a JAAS DB module, or write your own validator.
>
> Best regards
> Jan
>
>
> > -----Ursprüngliche Nachricht-----
> > Von: John Cleber Jaraceski [mailto:john.jaraceski@gmail.com]
> > Gesendet: Freitag, 13. März 2015 13:48
> > An: users@cxf.apache.org
> > Betreff: Connect Fediz to my database of users
> >
> > Hello.
> >
> > I would like to connect Fediz IDP to my database of users. But I really
> don't know
> > how to begin.
> >
> > Can somebody help me, please.
> >
> > John
>
AW: Connect Fediz to my database of users
Posted by Jan Bernhardt <jb...@talend.com>.
Hi John,
you need to update the authentication validator at the STS. You can either use a JAAS DB module, or write your own validator.
Best regards
Jan
> -----Ursprüngliche Nachricht-----
> Von: John Cleber Jaraceski [mailto:john.jaraceski@gmail.com]
> Gesendet: Freitag, 13. März 2015 13:48
> An: users@cxf.apache.org
> Betreff: Connect Fediz to my database of users
>
> Hello.
>
> I would like to connect Fediz IDP to my database of users. But I really don't know
> how to begin.
>
> Can somebody help me, please.
>
> John