cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r820533 - in /websites/production/cxf/content: cache/main.pageCache fediz-idp.html fediz-tomcat.html fediz.html
Date Wed, 06 Jun 2012 18:48:43 GMT
Author: buildbot
Date: Wed Jun  6 18:48:42 2012
New Revision: 820533

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/main.pageCache
    websites/production/cxf/content/fediz-idp.html
    websites/production/cxf/content/fediz-tomcat.html
    websites/production/cxf/content/fediz.html

Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/fediz-idp.html
==============================================================================
--- websites/production/cxf/content/fediz-idp.html (original)
+++ websites/production/cxf/content/fediz-idp.html Wed Jun  6 18:48:42 2012
@@ -136,9 +136,7 @@ Apache CXF -- Fediz IDP
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
-<div id="ConfluenceContent"><p><img align="middle" class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"
height="16" width="16" alt="" border="0"> Under construction</p>
-
-<h1><a shape="rect" name="FedizIDP-FedizIDP"></a>Fediz IDP</h1>
+<div id="ConfluenceContent"><h1><a shape="rect" name="FedizIDP-FedizIDP"></a>Fediz
IDP</h1>
 
 <p>The Fediz Identity Provider (IDP) consists of two WAR files. One is the Security
Token Service (STS) component which is responsible for validating credentials, getting the
requested claims data and issuing a SAML token. There is no easy way for Web browsers to issue
SOAP requests to the STS directly, necessitating the second component, an IDP WAR which allows
browser-based applications to interact with the STS. The communication between the browser
and the IDP must be performed within the confines of the base HTTP 1.1 functionality and conform
as closely as possible to the WS-Trust protocols semantic.</p>
 
@@ -171,6 +169,11 @@ Apache CXF -- Fediz IDP
 
 <p>Deploy the WAR files to your Tomcat installation (&lt;catalina.home&gt;/webapps)
and ensure that Tomcat is started thus the WAR files get deployed.</p>
 
+<p>A Relying Party application trusts the IDP/STS component that the IDP authenticated
the browser user. The trust is established based on the certificate/private key used by the
STS to sign the SAML token. The signing certificate is located in <tt>webapps/fediz-idp-sts/WEB-INF/classes/stsstore.jks</tt>.
You must copy this keystore to a location where the Relying Party can reference it in its
<a shape="rect" href="fediz-configuration.html" title="Fediz Configuration">Fediz Configuration</a>
in the element <tt>certificateStores</tt>.</p>
+
+<p><b>This keystore contains the private key as well. In a production environment,
you must not deploy the private key of the STS to the Relying Party</b></p>
+
+
 <h3><a shape="rect" name="FedizIDP-Configuration"></a>Configuration</h3>
 
 <p>You can manage the users, their claims and the claims per application in the IDP.</p>

Modified: websites/production/cxf/content/fediz-tomcat.html
==============================================================================
--- websites/production/cxf/content/fediz-tomcat.html (original)
+++ websites/production/cxf/content/fediz-tomcat.html Wed Jun  6 18:48:42 2012
@@ -154,9 +154,9 @@ add the previously created directory to 
 
 <h3><a shape="rect" name="FedizTomcat-Configuration"></a>Configuration</h3>
 
-<p>The Fediz related configuration is Container independent and described <a shape="rect"
href="fediz-configuration.html" title="Fediz Configuration">here</a>.</p>
+<p>The Fediz related configuration is done in a Servlet Container independent configuration
file which is described <a shape="rect" href="fediz-configuration.html" title="Fediz Configuration">here</a>.</p>
 
-<p>The Fediz plugin requires configuring the FederationAuthenticator like any other
Valve in Tomcat which is described here <a shape="rect" class="external-link" href="http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html">here</a>.</p>
+<p>The Fediz plugin requires configuring the FederationAuthenticator like any other
Valve in Tomcat. Detailed information about the Tomcat Valve concept is available <a shape="rect"
class="external-link" href="http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html">here</a>.</p>
 
 <p>A valve can be configured on different levels like <em>Host</em> or
<em>Context</em>. The Fediz configuration file allows to configure all servlet
contexts in one file or choosing one file per Servlet Context. If you choose to have one Fediz
configuration file per Servlet Context then you must configure the FederationAuthenticator
on the <em>Context</em> level otherwise on the <em>Host</em> level
in the Tomcat configuration file <em>server.xml</em></p>
 

Modified: websites/production/cxf/content/fediz.html
==============================================================================
--- websites/production/cxf/content/fediz.html (original)
+++ websites/production/cxf/content/fediz.html Wed Jun  6 18:48:42 2012
@@ -174,7 +174,7 @@ The RP is a web application that needs t
 
 <h3><a shape="rect" name="Fediz-SetuptheRelyingPartyContainer"></a>Set
up the Relying Party Container</h3>
 
-<p>The Fediz plugin needs to be deployed into the Relying Party (RP) container. The
security mechanism is not specified by JEE. Even though it is very similar in each servlet
container there are some differences which require a dedicated Fediz plugin for each servlet
container implementation. Most of the configuration is container independent and described
<a shape="rect" href="fediz-configuration.html" title="Fediz Configuration">here</a></p>
+<p>The Fediz plugin needs to be deployed into the Relying Party (RP) container. The
security mechanism is not specified by JEE. Even though it is very similar in each servlet
container there are some differences which require a dedicated Fediz plugin for each servlet
container implementation. Most of the configuration goes into a Servlet container independent
configuration file which is described <a shape="rect" href="fediz-configuration.html" title="Fediz
Configuration">here</a></p>
 
 <p>The following lists shows the supported containers and the location of the installation
and configuration page.</p>
 <ul><li><a shape="rect" href="fediz-tomcat.html" title="Fediz Tomcat">Tomcat
7 </a></li></ul>



Mime
View raw message