You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2019/05/22 15:56:47 UTC
svn commit: r1045325 - in /websites/production/cxf/content:
cache/main.pageCache fediz-tomcat.html
Author: buildbot
Date: Wed May 22 15:56:46 2019
New Revision: 1045325
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/main.pageCache
websites/production/cxf/content/fediz-tomcat.html
Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/fediz-tomcat.html
==============================================================================
--- websites/production/cxf/content/fediz-tomcat.html (original)
+++ websites/production/cxf/content/fediz-tomcat.html Wed May 22 15:56:46 2019
@@ -110,7 +110,7 @@ Apache CXF -- Fediz Tomcat
<!-- Content -->
<div class="wiki-content">
<div id="ConfluenceContent"><h1 id="FedizTomcat-ApacheTomcatPlugin">Apache Tomcat Plugin</h1><p>This page describes how to enable WS-Federation for an Apache Tomcat instance hosting Relying Party (RP) applications. Also note that from the 1.4.4 release, the Apache Tomcat Fediz plugin also supports SAML SSO. Recent version of Apache CXF Fediz ship two Tomcat plugins, one for Apache Tomcat 7 and one for Apache Tomcat 8.</p><p>This configuration is not for a separate Tomcat instance hosting the Fediz IDP and IDP STS WARs, or hosts for third-party applications that use Fediz STS-generated SAML assertions for authentication. After this configuration is done, the Tomcat-RP instance will validate the incoming SignInResponse created by the IDP server.</p><p>Prior to doing this configuration, make sure you've first deployed the Fediz IDP and STS on the separate Tomcat IDP instance as discussed <a shape="rect" href="fediz-idp-10.html">here</a>, and can view the STS WSDL at the URL given on th
at page. That page also provides some tips for running multiple Tomcat instances on your machine.</p><h3 id="FedizTomcat-Installation">Installation</h3><p>You can either build the Fediz plugin on your own or download the package <a shape="rect" href="fediz-downloads.html">here</a>. If you have built the plugin on your own you'll find the required libraries in <code>plugins/tomcat-${version}/target/...zip-with-dependencies.zip</code></p><ol><li>Create sub-directory <code>fediz</code> in <code>${catalina.home}/lib</code></li><li>Update catalina.properties in ${catalina.home}/conf<br clear="none">add the previously created directory to the common loader:<br clear="none"><code>common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.home}/lib/fediz/*.jar</code></li><li>Deploy the libraries to the directory created in (1)</li></ol><h3 id="FedizTomcat-Configuration">Configuration</h3><h5 id="FedizTomcat-HTTPSconfiguration">HT
TPS configuration</h5><p>It's recommended to set up a dedicated (separate) Tomcat instance for the Relying Party. The Fediz RP web applications use the following TCP ports:</p><ul><li>HTTP port: 8080 (used for Maven deployment, mvn tomcat:redeploy)</li><li>HTTPS port: 8443 (where IDP and STS are accessed)</li><li>Server port (for shutdown and other commands): 8005</li></ul><p>These are the default ports for a standard Tomcat installation.</p><p>The Relying Party must be accessed over HTTPS to protect the security tokens issued by the IDP.</p><p>The Tomcat HTTP(s) configuration is done in conf/server.xml.</p><p>This is a sample snippet for an HTTPS configuration:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"> <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
+<pre class="brush: java; gutter: false; theme: Default"> <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="rp-ssl-key.jks" keyPass="tompass"
keystorePass="tompass" sslProtocol="TLS" />