You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Abba Yadav <AP...@usp.org> on 2013/03/19 15:16:06 UTC
Fediz Tomcat plug-in and Shibboleth IdP
I am trying to integrate Fediz Tomcat plug-in to talk to our Shibboleth IdP. The Fediz tomcat plug-in on the Service Provider talks SAML 1.0.
Sample Fediz configuration file looks like this:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file.
Keystore referenced below must have IDP STS' public cert included in it. This example re-uses the Tomcat SSL
keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead.
-->
<FedizConfig>
<contextConfig name="/fedizhelloworld">
<audienceUris>
<audienceItem>https://localhost:8443/fedizhelloworld/</audienceItem<https://localhost:8443/fedizhelloworld/%3C/audienceItem>>
</audienceUris>
<certificateStores>
<trustManager>
<keyStore file="tomcat-rp.jks" password="tompass" type="JKS" />
</trustManager>
</certificateStores>
<trustedIssuers>
<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
name="DoubleItSTSIssuer" />
</trustedIssuers>
<maximumClockSkew>1000</maximumClockSkew>
<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"<http://www.w3.org/2001/XMLSchema-instance%22>
xsi:type="federationProtocolType" version="1.0.0">
<!--<realm>target realm</realm>-->
<issuer>https://localhost:9443/fedizidp/</issuer<https://localhost:9443/fedizidp/%3C/issuer>>
<roleDelimiter>,</roleDelimiter>
<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role%3C/roleURI>>
<!--<authenticationType type="String">some auth type</authenticationType>-->
<!--<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm</homeRealm>-->
<!--<freshness>0</freshness>-->
<!--<reply>reply value</reply>-->
<!--<request>REQUEST</request>-->
<claimTypesRequested>
<claimType type="a particular claim type" optional="true" />
</claimTypesRequested>
</protocol>
</contextConfig>
</FedizConfig>
I am trying to map the different values required by fediz plugin to talk to our Shibboleth IdP. Any help is much appreciated.
Thanks,
Abba
Re: Fediz Tomcat plug-in and Shibboleth IdP
Posted by Colm O hEigeartaigh <co...@apache.org>.
I am trying to map the different values required by fediz plugin to talk to
> our Shibboleth IdP. Any help is much appreciated.
What kind of help are you looking for? Is the Fediz plugin making an
invocation on the Shibboleth IdP that is rejected? If so please post the
exception and we might be able to help.
Colm.
On Tue, Mar 19, 2013 at 2:16 PM, Abba Yadav <AP...@usp.org> wrote:
>
>
> I am trying to integrate Fediz Tomcat plug-in to talk to our Shibboleth
> IdP. The Fediz tomcat plug-in on the Service Provider talks SAML 1.0.
>
>
>
> Sample Fediz configuration file looks like this:
>
>
>
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
>
> <!-- Place in Tomcat conf folder or other location as designated in this
> sample's webapp/META-INF/context.xml file.
>
> Keystore referenced below must have IDP STS' public cert included in
> it. This example re-uses the Tomcat SSL
>
> keystore (tomcat-rp.jks) for this task; alternatively you may wish to
> use a Fediz-specific keystore instead.
>
> -->
>
> <FedizConfig>
>
> <contextConfig name="/fedizhelloworld">
>
> <audienceUris>
>
> <audienceItem>
> https://localhost:8443/fedizhelloworld/</audienceItem<
> https://localhost:8443/fedizhelloworld/%3C/audienceItem>>
>
> </audienceUris>
>
> <certificateStores>
>
> <trustManager>
>
> <keyStore
> file="tomcat-rp.jks" password="tompass" type="JKS" />
>
> </trustManager>
>
> </certificateStores>
>
> <trustedIssuers>
>
> <issuer
> subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
>
>
> name="DoubleItSTSIssuer" />
>
> </trustedIssuers>
>
> <maximumClockSkew>1000</maximumClockSkew>
>
> <protocol xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance"<
> http://www.w3.org/2001/XMLSchema-instance%22>
>
>
> xsi:type="federationProtocolType" version="1.0.0">
>
> <!--<realm>target
> realm</realm>-->
>
> <issuer>
> https://localhost:9443/fedizidp/</issuer<
> https://localhost:9443/fedizidp/%3C/issuer>>
>
>
> <roleDelimiter>,</roleDelimiter>
>
> <roleURI>
> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI<
> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role%3C/roleURI>>
>
> <!--<authenticationType
> type="String">some auth type</authenticationType>-->
>
> <!--<homeRealm
> type="Class">org.apache.fediz.realm.MyHomeRealm</homeRealm>-->
>
>
> <!--<freshness>0</freshness>-->
>
> <!--<reply>reply
> value</reply>-->
>
>
> <!--<request>REQUEST</request>-->
>
> <claimTypesRequested>
>
> <claimType
> type="a particular claim type" optional="true" />
>
> </claimTypesRequested>
>
> </protocol>
>
> </contextConfig>
>
> </FedizConfig>
>
>
>
>
>
> I am trying to map the different values required by fediz plugin to talk
> to our Shibboleth IdP. Any help is much appreciated.
>
>
>
> Thanks,
>
> Abba
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com