You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/02/23 22:08:29 UTC

cxf-fediz git commit: Fix wsclientWebapp by configuring client auth against STS. Thanks to Andreas Vallen for the patch. This closes #4

Repository: cxf-fediz
Updated Branches:
  refs/heads/master f1a9c0048 -> e434cfaa7


Fix wsclientWebapp by configuring client auth against STS. Thanks to Andreas Vallen for the patch.  This closes #4


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e434cfaa
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e434cfaa
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e434cfaa

Branch: refs/heads/master
Commit: e434cfaa72fc7b618e263a5a8b6a498181895d88
Parents: f1a9c00
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Feb 23 21:07:09 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 23 21:07:09 2015 +0000

----------------------------------------------------------------------
 examples/samplekeys/HowToGenerateKeysREADME.html |  16 +++++++++-------
 examples/samplekeys/ststrust.jks                 | Bin 2561 -> 3241 bytes
 .../webapp/src/main/resources/rp-ssl-key.jks     | Bin 0 -> 1124 bytes
 .../main/webapp/WEB-INF/applicationContext.xml   |   5 +++++
 services/sts/src/main/resources/ststrust.jks     | Bin 2561 -> 3241 bytes
 5 files changed, 14 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e434cfaa/examples/samplekeys/HowToGenerateKeysREADME.html
----------------------------------------------------------------------
diff --git a/examples/samplekeys/HowToGenerateKeysREADME.html b/examples/samplekeys/HowToGenerateKeysREADME.html
index 6eb2957..5b020c9 100644
--- a/examples/samplekeys/HowToGenerateKeysREADME.html
+++ b/examples/samplekeys/HowToGenerateKeysREADME.html
@@ -1,3 +1,4 @@
+
 <html>
 <head/>
 <body>
@@ -14,8 +15,8 @@ is recommended.</p>
     <td><code>keytool -genkeypair -validity 730 -alias mytomidpkey -keystore idp-ssl-server.jks -dname "cn=localhost" -keypass tompass -storepass tompass</code><br/><br/><code>keytool -keystore idp-ssl-server.jks -storepass tompass -export -alias mytomidpkey -file MyTCIDP.cer</code></td>
     <td>Nobody</td><td>Fediz IDP module<br/><br/>wsclientWebapp's webapp module<br/><br/>Browser</td></tr> 
 <tr><td>rp-ssl-server.jks (tompass)</td><td>mytomrpkey (tompass)</td><td>base folder of Tomcat instance holding the relying party applications for both samples (simpleWebapp and wsclientWebapp); STS public cert NOT imported anymore - instead use ststrust.jks</td>
-    <td><code>keytool -genkeypair -validity 730 -alias mytomrpkey -keystore rp-ssl-server.jks -dname "cn=localhost" -keypass tompass -storepass tompass</code></td>
-    <td>Nobody</td><td>Browser</td></tr> 
+    <td><code>keytool -genkeypair -validity 730 -alias mytomrpkey -keystore rp-ssl-server.jks -dname "cn=localhost" -keypass tompass -storepass tompass</code><br/><br/><code>keytool -keystore rp-ssl-server.jks -storepass tompass -export -alias mytomrpkey -file MyTCRP.cer</code></td>
+    <td>Nobody</td><td>Browser<br/><br/>IDP STS</td></tr> 
 <tr><td>wsp-ssl-server.jks (tompass)</td><td>mytomwspkey (tompass)</td><td>base folder of Tomcat instance holding the web service provider in the second (wsClientWebapp) sample</td>
     <td><code>keytool -genkeypair -validity 730 -alias mytomwspkey -keystore wsp-ssl-server.jks -dname "cn=localhost" -keypass tompass -storepass tompass</code><br/><br/><code>keytool -keystore wsp-ssl-server.jks -storepass tompass -export -alias mytomwspkey -file MyTCWSP.cer</code></td>
     <td>Nobody</td><td>wsclientWebapp's webapp module</td></tr> 
@@ -23,24 +24,25 @@ is recommended.</p>
 <tr><td>idp-ssl-trust.jks (ispass)</td><td>myidpkey (ikpass)</td><td>services/idp/src/main/resources/idp-ssl-trust.jks</td>
     <td><code>keytool -import -trustcacerts -keystore idp-ssl-trust.jks -storepass ispass -alias mytomidpkey -file MyTCIDP.cer -noprompt</code></td>
     <td>mytomidpkey (because of SSL call to IDP STS)</td><td>IDP STS</td></tr> 
-<tr><td>stsrealm_a.jks (storepass)</td><td>realma (realma)</td><td>services/sts/src/realms/resources/stsrealm_a.jks</td>
+<tr><td>stsrealm_a.jks (storepass)</td><td>realma (realma)</td><td>services/sts/src/main/resources/stsrealm_a.jks</td>
     <td><code>
 keytool -genkeypair -keyalg RSA -validity 3600 -alias realma -keystore stsrealm_a.jks -dname "cn=REALMA" -keypass realma -storepass storepass<br/><br/>
 keytool -export -rfc -keystore stsrealm_a.jks -storepass storepass -alias realma -file realma.cert
 </code>
-</td>
+</td>√
     <td>Nobody</td><td>By Relying Party (ststrust.jks)</td></tr>
-<tr><td>stsrealm_b.jks (storepass)</td><td>realmb (realmb)</td><td>services/sts/src/realms/resources/stsrealm_b.jks</td>
+<tr><td>stsrealm_b.jks (storepass)</td><td>realmb (realmb)</td><td>services/sts/src/main/resources/stsrealm_b.jks</td>
     <td><code>
 keytool -genkeypair -keyalg RSA -validity 3600 -alias realma -keystore stsrealm_b.jks -dname "cn=REALMB" -keypass realmb -storepass storepass<br/><br/>
 keytool -export -rfc -keystore stsrealm_b.jks -storepass storepass -alias realmb -file realmb.cert
 </code>
 </td>
     <td>Nobody</td><td>By Relying Party (ststrust.jks)</td></tr>
-<tr><td>ststrust.jks (storepass)</td><td>N/A (no key, just a truststore)</td><td>examples/samplekeys/ststrust.jks<br/><br/>services/sts/src/realms/resources/ststrust.jks</td>
+<tr><td>ststrust.jks (storepass)</td><td>N/A (no key, just a truststore)</td><td>examples/samplekeys/ststrust.jks<br/><br/>services/sts/src/main/resources/ststrust.jks</td>
     <td><code>
 keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias realma -file realma.cert -noprompt<br/><br/>
-keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias realmb -file realmb.cert -noprompt
+keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias realmb -file realmb.cert -noprompt<br/><br/>
+keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias rpcert -file MyTCRP.cer -noprompt
 </code>
 </td>
     <td>Nobody</td><td>By Relying Party (Fediz configuration file)</td></tr>    

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e434cfaa/examples/samplekeys/ststrust.jks
----------------------------------------------------------------------
diff --git a/examples/samplekeys/ststrust.jks b/examples/samplekeys/ststrust.jks
index 911945c..bad73f4 100644
Binary files a/examples/samplekeys/ststrust.jks and b/examples/samplekeys/ststrust.jks differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e434cfaa/examples/wsclientWebapp/webapp/src/main/resources/rp-ssl-key.jks
----------------------------------------------------------------------
diff --git a/examples/wsclientWebapp/webapp/src/main/resources/rp-ssl-key.jks b/examples/wsclientWebapp/webapp/src/main/resources/rp-ssl-key.jks
new file mode 100644
index 0000000..c37cbbf
Binary files /dev/null and b/examples/wsclientWebapp/webapp/src/main/resources/rp-ssl-key.jks differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e434cfaa/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml b/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
index 0268075..284a944 100644
--- a/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
@@ -75,6 +75,11 @@
                 <sec:keyStore type="jks" password="waspass"
                     resource="webappKeystore.jks" />
             </sec:trustManagers>
+            <!-- new keyManager is needed for client cert authentication against STS Transport_Port,
+                 rp-ssl-key.jks is a copy of the keystore rp-ssl-server.jks that is used for SSL by the webapp. -->
+            <sec:keyManagers keyPassword="tompass">
+                <sec:keyStore type="jks" password="tompass" resource="rp-ssl-key.jks"/>
+            </sec:keyManagers>
         </http:tlsClientParameters>
     </http:conduit>
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e434cfaa/services/sts/src/main/resources/ststrust.jks
----------------------------------------------------------------------
diff --git a/services/sts/src/main/resources/ststrust.jks b/services/sts/src/main/resources/ststrust.jks
index 911945c..3a408ae 100644
Binary files a/services/sts/src/main/resources/ststrust.jks and b/services/sts/src/main/resources/ststrust.jks differ