You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Gina Choi <gi...@gmail.com> on 2012/06/19 16:21:53 UTC

Path for fediz_config.xml

Currently fediz_config.xml configuration file is under conf directory of
the Tomcat. I don't know this is because
org.apache.cxf.fediz.tomcat.FederationAuthenticator loading the
configuration file.Content of this configuration file is application
specific(I am saysing that each application in Tomcat can have own
fediz_config.xml which points to different STSs). Personally, I think that
both fediz_config.xml and clientstore.jks should go somewhere under
\webapps\fedizhelloworld. If I put both file under WEB-INF, it looks like
that I need to use path for webapps\fedizhelloworld\WEB-INF. Is there
better way to do that?


Following is part of fediz_config.xml that I currently use.

<FedizConfig>
 <contextConfig name="/fedizhelloworld">
  <audienceUris>
   <audienceItem>https://wkengchoi.global.sdl.corp:9443/fedizhelloworld/
</audienceItem>
  </audienceUris>
  <certificateStores>
   <trustManager>
    <keyStore file="conf/clientstore.jks" password="cspass" type="JKS" />
   </trustManager>
  </certificateStores>

Thanks.

Gina

Re: Path for fediz_config.xml

Posted by Gina Choi <gi...@gmail.com>.

Hi Oliver,

Thanks for good tips.

<<<
You can configure one fediz configuration file per application and point to
it where the FederationAuthenticator is configured or you have one fediz
configuration file for the container with several "contextConfig" entries.
>>>
I didn't know that fediz configuration can hold more than one
"conextConfig" entries.
<<<<
I'd just recommend to not put the clientstore.jks into the WAR file for
production as the certificate has a different lifecycle than the
application itself. You shouldn't have to deploy a new application war just
because a new certificate has to be deployed
>>>>
I see problems with deploying war file. In my case, we use installer to
deploy application. So, I moved client keystore file to myApp/WEB-INF. I
use one clientstore.jks for both passive and active profile client.

Gina

RE: Path for fediz_config.xml

Posted by Oliver Wulff <ow...@talend.com>.

Hi Gina

>>>
I am saysing that each application in Tomcat can have own fediz_config.xml which points to different STSs).
>>>
This is really up to you. You can configure one fediz configuration file per application and point to it where the FederationAuthenticator is configured or you have one fediz configuration file for the container with several "contextConfig" entries.

>>>
Personally, I think that both fediz_config.xml and clientstore.jks should go somewhere under \webapps\fedizhelloworld
>>>
Whatever suits you. I'd just recommend to not put the clientstore.jks into the WAR file for production as the certificate has a different lifecycle than the application itself. You shouldn't have to deploy a new application war just because a new certificate has to be deployed.

HTH




------

Oliver Wulff

Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com

<http://coders.talend.com>Talend Application Integration Division http://www.talend.com

________________________________
From: Gina Choi [ginachoi88@gmail.com]
Sent: 19 June 2012 16:21
To: Oliver Wulff; users@cxf.apache.org
Subject: Path for fediz_config.xml

Currently fediz_config.xml configuration file is under conf directory of the Tomcat. I don't know this is because org.apache.cxf.fediz.tomcat.FederationAuthenticator loading the configuration file.Content of this configuration file is application specific(I am saysing that each application in Tomcat can have own fediz_config.xml which points to different STSs). Personally, I think that both fediz_config.xml and clientstore.jks should go somewhere under \webapps\fedizhelloworld. If I put both file under WEB-INF, it looks like that I need to use path for webapps\fedizhelloworld\WEB-INF. Is there better way to do that?


Following is part of fediz_config.xml that I currently use.

<FedizConfig>
 <contextConfig name="/fedizhelloworld">
  <audienceUris>
   <audienceItem>https://wkengchoi.global.sdl.corp:9443/fedizhelloworld/</audienceItem>
  </audienceUris>
  <certificateStores>
   <trustManager>
    <keyStore file="conf/clientstore.jks" password="cspass" type="JKS" />
   </trustManager>
  </certificateStores>

Thanks.

Gina