You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Rajeev Parekh <rp...@indigoconsulting.com> on 2014/09/15 20:00:52 UTC

Configuration Issue with FEDIZ

Hello

I am a newbie to both CXF and FEDIZ, I wanted to install and configure 
the basic test case with one IDP, STS & one RP. here is what I have so far:

* The default IDP & STS wars deployed and configured in one tomcat 
instance running on https/9443 for REALM A as explained in the config doc
* The FEDIZ HelloWorld RP deployed in a separate TOMCAT instance 
available on https/8443
* The default trust keystores available to both the IDP/STS and RP instances

Here is the problem I am facing:
* Access the RP: https://localhost:8443/fedizhelloworld/secure/fedservlet
* Redirected to 
https://localhost:9443/fediz-idp/?wa=wsignin1.0&wreply=https://localhost:8443/fedizhelloworld/secure/fedservlet&wtrealm=https://localhost:8443/fedizhelloworld/&wct=2014-09-15T17:25:48.112Z

** NOW The IDP does not redirect to Login, but instead just displays the 
IDP index.html

Can you please guide me to the required config so as to get the basic 
flow working. I am attaching the config files from the IDP side

Thanks In Advance

RE: Configuration Issue with FEDIZ

Posted by Oliver Wulff <ow...@talend.com>.

Hi

Documentation is updated. Thanks for spotting this.

Oli

------

Oliver Wulff

Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com

Talend Application Integration Division http://www.talend.com

________________________________________
From: Rajeev Parekh [rparekh@indigoconsulting.com]
Sent: 17 September 2014 18:37
To: users@cxf.apache.org
Subject: Re: Configuration Issue with FEDIZ

Colm:

Thank you for the tip, that was the problem, Ioannis had suggested the
same to me. I think the basic configuration listed on
http://cxf.apache.org/fediz-configuration.html
is misleading (wrong issuer and no realm) and should be updated, it
currently reads:

|<?||xml| |version="1.0" encoding="UTF-8" standalone="yes"?>|
|<||FedizConfig||>|
|||<||contextConfig| |name="/fedizhelloworld">|
|        ..|
|||<||protocol| |xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
<http://www.w3.org/2001/XMLSchema-instance%22>
xsi:type="federationProtocolType" version="1.2">|
|||<||issuer||>https://localhost:9443/fediz-idp/</||issuer||>|
|||</||protocol||>|
|||</||contextConfig||>|
|</||FedizConfig||>

should be

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<FedizConfig>
     <contextConfig name="/fedizhelloworld">
         ..
         <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="federationProtocolType" version="1.2">
<issuer>https://localhost:9443/fediz-idp/federation</issuer>
  <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
         </protocol>
     </contextConfig>
</FedizConfig>
|

Many Thanks

On 9/17/2014 9:27 AM, Colm O hEigeartaigh wrote:
> Hi,
>
> The problem appears to be that the IdP URL is misconfigured - the value for
> the "issuer" URL in the "fediz_config.xml" you are using should be "
> https://localhost:9443/fediz-idp/federation" and not "
> https://localhost:9443/fediz-idp".
>
> Colm.
>
> On Mon, Sep 15, 2014 at 7:00 PM, Rajeev Parekh <rparekh@indigoconsulting.com
>> wrote:
>> Hello
>>
>> I am a newbie to both CXF and FEDIZ, I wanted to install and configure the
>> basic test case with one IDP, STS & one RP. here is what I have so far:
>>
>> * The default IDP & STS wars deployed and configured in one tomcat
>> instance running on https/9443 for REALM A as explained in the config doc
>> * The FEDIZ HelloWorld RP deployed in a separate TOMCAT instance available
>> on https/8443
>> * The default trust keystores available to both the IDP/STS and RP
>> instances
>>
>> Here is the problem I am facing:
>> * Access the RP: https://localhost:8443/fedizhelloworld/secure/fedservlet
>> * Redirected to https://localhost:9443/fediz-idp/?wa=wsignin1.0&wreply=
>> https://localhost:8443/fedizhelloworld/secure/fedservlet&wtrealm=https://
>> localhost:8443/fedizhelloworld/&wct=2014-09-15T17:25:48.112Z
>>
>> ** NOW The IDP does not redirect to Login, but instead just displays the
>> IDP index.html
>>
>> Can you please guide me to the required config so as to get the basic flow
>> working. I am attaching the config files from the IDP side
>>
>> Thanks In Advance
>>
>>
>>
>>
>>
>>
>>
>

Re: Configuration Issue with FEDIZ

Posted by Rajeev Parekh <rp...@indigoconsulting.com>.

Colm:

Thank you for the tip, that was the problem, Ioannis had suggested the 
same to me. I think the basic configuration listed on
http://cxf.apache.org/fediz-configuration.html
is misleading (wrong issuer and no realm) and should be updated, it 
currently reads:

|<?||xml| |version="1.0" encoding="UTF-8" standalone="yes"?>|
|<||FedizConfig||>|
|||<||contextConfig| |name="/fedizhelloworld">|
|        ..|
|||<||protocol| |xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
<http://www.w3.org/2001/XMLSchema-instance%22> 
xsi:type="federationProtocolType" version="1.2">|
|||<||issuer||>https://localhost:9443/fediz-idp/</||issuer||>|
|||</||protocol||>|
|||</||contextConfig||>|
|</||FedizConfig||>

should be

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<FedizConfig>
     <contextConfig name="/fedizhelloworld">
         ..
         <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:type="federationProtocolType" version="1.2">
<issuer>https://localhost:9443/fediz-idp/federation</issuer>
  <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
         </protocol>
     </contextConfig>
</FedizConfig>
|

Many Thanks

On 9/17/2014 9:27 AM, Colm O hEigeartaigh wrote:
> Hi,
>
> The problem appears to be that the IdP URL is misconfigured - the value for
> the "issuer" URL in the "fediz_config.xml" you are using should be "
> https://localhost:9443/fediz-idp/federation" and not "
> https://localhost:9443/fediz-idp".
>
> Colm.
>
> On Mon, Sep 15, 2014 at 7:00 PM, Rajeev Parekh <rparekh@indigoconsulting.com
>> wrote:
>> Hello
>>
>> I am a newbie to both CXF and FEDIZ, I wanted to install and configure the
>> basic test case with one IDP, STS & one RP. here is what I have so far:
>>
>> * The default IDP & STS wars deployed and configured in one tomcat
>> instance running on https/9443 for REALM A as explained in the config doc
>> * The FEDIZ HelloWorld RP deployed in a separate TOMCAT instance available
>> on https/8443
>> * The default trust keystores available to both the IDP/STS and RP
>> instances
>>
>> Here is the problem I am facing:
>> * Access the RP: https://localhost:8443/fedizhelloworld/secure/fedservlet
>> * Redirected to https://localhost:9443/fediz-idp/?wa=wsignin1.0&wreply=
>> https://localhost:8443/fedizhelloworld/secure/fedservlet&wtrealm=https://
>> localhost:8443/fedizhelloworld/&wct=2014-09-15T17:25:48.112Z
>>
>> ** NOW The IDP does not redirect to Login, but instead just displays the
>> IDP index.html
>>
>> Can you please guide me to the required config so as to get the basic flow
>> working. I am attaching the config files from the IDP side
>>
>> Thanks In Advance
>>
>>
>>
>>
>>
>>
>>
>

Re: Configuration Issue with FEDIZ

Posted by Colm O hEigeartaigh <co...@apache.org>.

Hi,

The problem appears to be that the IdP URL is misconfigured - the value for
the "issuer" URL in the "fediz_config.xml" you are using should be "
https://localhost:9443/fediz-idp/federation" and not "
https://localhost:9443/fediz-idp".

Colm.

On Mon, Sep 15, 2014 at 7:00 PM, Rajeev Parekh <rparekh@indigoconsulting.com
> wrote:

> Hello
>
> I am a newbie to both CXF and FEDIZ, I wanted to install and configure the
> basic test case with one IDP, STS & one RP. here is what I have so far:
>
> * The default IDP & STS wars deployed and configured in one tomcat
> instance running on https/9443 for REALM A as explained in the config doc
> * The FEDIZ HelloWorld RP deployed in a separate TOMCAT instance available
> on https/8443
> * The default trust keystores available to both the IDP/STS and RP
> instances
>
> Here is the problem I am facing:
> * Access the RP: https://localhost:8443/fedizhelloworld/secure/fedservlet
> * Redirected to https://localhost:9443/fediz-idp/?wa=wsignin1.0&wreply=
> https://localhost:8443/fedizhelloworld/secure/fedservlet&wtrealm=https://
> localhost:8443/fedizhelloworld/&wct=2014-09-15T17:25:48.112Z
>
> ** NOW The IDP does not redirect to Login, but instead just displays the
> IDP index.html
>
> Can you please guide me to the required config so as to get the basic flow
> working. I am attaching the config files from the IDP side
>
> Thanks In Advance
>
>
>
>
>
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com