cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r820540 - in /websites/production/cxf/content: cache/main.pageCache fediz-configuration.html fediz-extensions.html fediz-idp.html fediz-tomcat.html
Date Wed, 06 Jun 2012 19:48:37 GMT
Author: buildbot
Date: Wed Jun  6 19:48:37 2012
New Revision: 820540

Log:
Production update by buildbot for cxf

Added:
    websites/production/cxf/content/fediz-extensions.html
Modified:
    websites/production/cxf/content/cache/main.pageCache
    websites/production/cxf/content/fediz-configuration.html
    websites/production/cxf/content/fediz-idp.html
    websites/production/cxf/content/fediz-tomcat.html

Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/fediz-configuration.html
==============================================================================
--- websites/production/cxf/content/fediz-configuration.html (original)
+++ websites/production/cxf/content/fediz-configuration.html Wed Jun  6 19:48:37 2012
@@ -136,9 +136,7 @@ Apache CXF -- Fediz Configuration
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
-<div id="ConfluenceContent"><p><img align="middle" class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"
height="16" width="16" alt="" border="0"> Under construction</p>
-
-<h1><a shape="rect" name="FedizConfiguration-FedizPluginconfiguration"></a>Fediz
Plugin configuration</h1>
+<div id="ConfluenceContent"><h1><a shape="rect" name="FedizConfiguration-FedizPluginconfiguration"></a>Fediz
Plugin configuration</h1>
 <p>This page describes the Fediz configuration file referenced by the security interceptor
(eg. authenticator in Tomcat/Jetty).</p>
 
 <h3><a shape="rect" name="FedizConfiguration-Example"></a>Example</h3>
@@ -188,13 +186,16 @@ Default 5 seconds. </td></tr></tbody></t
 <div class="table-wrap">
 <table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh">XML element </th><th colspan="1" rowspan="1" class="confluenceTh">Name
</th><th colspan="1" rowspan="1" class="confluenceTh">Use </th><th colspan="1"
rowspan="1" class="confluenceTh">Description</th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> issuer </td><td colspan="1" rowspan="1" class="confluenceTd">
Issuer URL </td><td colspan="1" rowspan="1" class="confluenceTd"> Required </td><td
colspan="1" rowspan="1" class="confluenceTd">This URL defines the location of the IDP to
whom unauthenticated requests are redirected </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> realm </td><td colspan="1" rowspan="1" class="confluenceTd">
Realm </td><td colspan="1" rowspan="1" class="confluenceTd"> Optional </td><td
colspan="1" rowspan="1" class="confluenceTd"> Security realm of the Relying Party / Application.
This value is part of the SignIn request as the <tt>wtrealm
 </tt> parameter.<br clear="none">
 Default: URL including the Servlet Context </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> authenticationType </td><td colspan="1" rowspan="1"
class="confluenceTd"> Authentication Type </td><td colspan="1" rowspan="1" class="confluenceTd">
Optional </td><td colspan="1" rowspan="1" class="confluenceTd"> The authentication
type defines what kind of authentication is required. This information is provided in the
SignInRequest to the IDP (parameter <tt>wauth</tt>)<br clear="none">
-The WS-Federation standard defines a list of predefined URIs for wauth <a shape="rect"
class="external-link" href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223174997"
rel="nofollow">here</a>.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> roleURI </td><td colspan="1" rowspan="1" class="confluenceTd">
Role Claim URI </td><td colspan="1" rowspan="1" class="confluenceTd"> Optional
</td><td colspan="1" rowspan="1" class="confluenceTd"> Defines the attribute name
of the SAML token which contains the roles </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> roleDelimiter </td><td colspan="1" rowspan="1"
class="confluenceTd"> Role Value Delimiter </td><td colspan="1" rowspan="1" class="confluenceTd">
Optional </td><td colspan="1" rowspan="1" class="confluenceTd"> There are different
ways to encode multi value attributes in SAML.
+The WS-Federation standard defines a list of predefined URIs for wauth <a shape="rect"
class="external-link" href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223174997"
rel="nofollow">here</a>.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> roleURI </td><td colspan="1" rowspan="1" class="confluenceTd">
Role Claim URI </td><td colspan="1" rowspan="1" class="confluenceTd"> Optional
</td><td colspan="1" rowspan="1" class="confluenceTd"> Defines the attribute name
of the SAML token which contains the roles.<br clear="none">
+Required for Role Based Access Control. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> roleDelimiter </td><td colspan="1" rowspan="1"
class="confluenceTd"> Role Value Delimiter </td><td colspan="1" rowspan="1" class="confluenceTd">
Optional </td><td colspan="1" rowspan="1" class="confluenceTd"> There are different
ways to encode multi value attributes in SAML.
 <ul><li>Single attribute with multiple values</li><li>Several attributes
with the same name but only one value</li><li>Single attribute with single value.
Roles are delimited by <tt>roleDelimiter</tt></li></ul>
-</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> claimTypesRequested
</td><td colspan="1" rowspan="1" class="confluenceTd"> Requested claims </td><td
colspan="1" rowspan="1" class="confluenceTd"> Optional </td><td colspan="1" rowspan="1"
class="confluenceTd"> The claims required by the Relying Party are listed here. Claims
can be optional. If a mandatory claim can't be provided by the IDP the issuance of the token
should fail </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
homeRealm </td><td colspan="1" rowspan="1" class="confluenceTd"> Home Realm </td><td
colspan="1" rowspan="1" class="confluenceTd"> Optional </td><td colspan="1" rowspan="1"
class="confluenceTd"> Indicates the Resource IDP the home realm of the requestor. This
may be an URL or an identifier like urn: or uuid: and depends on the Resource IDP implementation.
This value is part of the SignIn request as the <tt>whr</tt> parameter </td></tr></tbody></table>
+</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> claimTypesRequested
</td><td colspan="1" rowspan="1" class="confluenceTd"> Requested claims </td><td
colspan="1" rowspan="1" class="confluenceTd"> Optional </td><td colspan="1" rowspan="1"
class="confluenceTd"> The claims required by the Relying Party are listed here. Claims
can be optional. If a mandatory claim can't be provided by the IDP the issuance of the token
should fail </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
homeRealm </td><td colspan="1" rowspan="1" class="confluenceTd"> Home Realm </td><td
colspan="1" rowspan="1" class="confluenceTd"> Optional </td><td colspan="1" rowspan="1"
class="confluenceTd"> Indicates the Resource IDP the home realm of the requestor. This
may be an URL or an identifier like urn: or uuid: and depends on the Resource IDP implementation.
This value is part of the SignIn request as the <tt>whr</tt> parameter </td></tr><tr><td
colspan="1" rowspan="1" class="co
 nfluenceTd"> tokenValidators </td><td colspan="1" rowspan="1" class="confluenceTd">
TokenValidators </td><td colspan="1" rowspan="1" class="confluenceTd"> Optional
</td><td colspan="1" rowspan="1" class="confluenceTd"> Custom Token validator
classes can be configured here. The SAML Token validator is enabled by default.<br clear="none">
+See example <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/CustomValidator.java">here</a></td></tr></tbody></table>
 </div>
 
 
 
+
 <h5><a shape="rect" name="FedizConfiguration-Attributesresolvedatruntime"></a>Attributes
resolved at runtime</h5>
 
 <p>The following attributes can be either configured statically at deployment time
or dynamically when the initial request is received:</p>
@@ -233,6 +234,9 @@ The WS-Federation standard defines a lis
             <span class="code-tag">&lt;/claimTypesRequested&gt;</span>
             <span class="code-tag">&lt;authenticationType type=<span class="code-quote">"String"</span>
value=<span class="code-quote">"http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/smartcard"</span>
/&gt;</span>
             <span class="code-tag">&lt;homeRealm type=<span class="code-quote">"Class"</span>
value=<span class="code-quote">"example.HomeRealmCallbackHandler"</span> /&gt;</span>
+            <span class="code-tag">&lt;tokenValidators&gt;</span>
+                <span class="code-tag">&lt;validator&gt;</span>org.apache.cxf.fediz.core.CustomValidator<span
class="code-tag">&lt;/validator&gt;</span>
+            <span class="code-tag">&lt;/tokenValidators&gt;</span>
         <span class="code-tag">&lt;/protocol&gt;</span>
     <span class="code-tag">&lt;/contextConfig&gt;</span>
 <span class="code-tag">&lt;/FedizConfig&gt;</span>

Added: websites/production/cxf/content/fediz-extensions.html
==============================================================================
--- websites/production/cxf/content/fediz-extensions.html (added)
+++ websites/production/cxf/content/fediz-extensions.html Wed Jun  6 19:48:37 2012
@@ -0,0 +1,192 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<html>
+  <head>
+    <link type="text/css" rel="stylesheet" href="http://cxf.apache.org/resources/site.css">
+    <script src="http://cxf.apache.org/resources/space.js" type="text/javascript"></script>
+    
+<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+<meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture,
web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support,
integration standards, application integration, middleware, software, solutions, services,
CXF, open source">
+<meta name="description" content="Apache CXF, Services Framework - Fediz Extensions">
+    <title>
+Apache CXF -- Fediz Extensions
+    </title>
+  </head>
+<body onload="init()">
+
+
+<table width="100%" cellpadding="0" cellspacing="0">
+  <tr>
+    <td id="cell-0-0" colspan="2">&nbsp;</td>
+    <td id="cell-0-1">&nbsp;</td>
+    <td id="cell-0-2" colspan="2">&nbsp;</td>
+  </tr>
+  <tr>
+    <td id="cell-1-0">&nbsp;</td>
+    <td id="cell-1-1">&nbsp;</td>
+    <td id="cell-1-2">
+      <div style="padding: 5px;">
+        <div id="banner">
+          <!-- Banner -->
+<div id="banner-content">
+<table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left"
colspan="1" nowrap>
+<a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight:
bold; font-size: 170%; color: white">Apache CXF</span></a>
+</td><td align="right" colspan="1" nowrap>
+<a shape="rect" href="http://www.apache.org/" title="The Apache Software Foundation"><img
border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
+</td></tr></table>
+</div>
+          <!-- Banner -->
+        </div>
+      </div>
+      <div id="top-menu">
+        <table border="0" cellpadding="1" cellspacing="0" width="100%">
+          <tr>
+            <td>
+              <div align="left">
+                <!-- Breadcrumbs -->
+<a href="index.html">Index</a>&nbsp;&gt;&nbsp;<a href="fediz.html">Fediz</a>&nbsp;&gt;&nbsp;<a
href="fediz-extensions.html">Fediz Extensions</a>
+                <!-- Breadcrumbs -->
+              </div>
+            </td>
+            <td>
+              <div align="right">
+                <!-- Quicklinks -->
+<div id="quicklinks"><p><a shape="rect" href="download.html" title="Download">Download</a>
| <a shape="rect" href="http://cxf.apache.org/docs/index.html">Documentation</a></p></div>
+                <!-- Quicklinks -->
+              </div>
+            </td>
+          </tr>
+        </table>
+      </div>
+    </td>
+    <td id="cell-1-3">&nbsp;</td>
+    <td id="cell-1-4">&nbsp;</td>
+  </tr>
+  <tr>
+    <td id="cell-2-0" colspan="2">&nbsp;</td>
+    <td id="cell-2-1">
+      <table>
+        <tr valign="top">
+          <td height="100%">
+            <div id="wrapper-menu-page-right">
+              <div id="wrapper-menu-page-top">
+                <div id="wrapper-menu-page-bottom">
+                  <div id="menu-page">
+                    <!-- NavigationBar -->
+<div id="navigation"><h3><a shape="rect" name="Navigation-ApacheCXFIndex"></a><a
shape="rect" href="index.html" title="Index">Apache CXF</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="index.html"
title="Index">Home</a></li><li><a shape="rect" href="download.html"
title="Download">Download</a></li><li><a shape="rect" href="people.html"
title="People">People</a></li><li><a shape="rect" href="project-status.html"
title="Project Status">Project Status</a></li><li><a shape="rect"
href="roadmap.html" title="Roadmap">Roadmap</a></li><li><a shape="rect"
href="mailing-lists.html" title="Mailing Lists">Mailing Lists</a></li><li><a
shape="rect" class="external-link" href="http://issues.apache.org/jira/browse/CXF">Issue
Reporting</a></li><li><a shape="rect" href="special-thanks.html" title="Special
Thanks">Special Thanks</a></li><li><a shape="rect" class="external-link"
href="http://www.apache.org/licenses/">License</a></li><li><a shape="rect"
href="security-advisories.html" title="Security Advisories">Security Advisories</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Users"></a>Users</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="http://cxf.apache.org/docs/index.html">User's
Guide</a></li><li><a shape="rect" href="support.html" title="Support">Support</a></li><li><a
shape="rect" href="faq.html" title="FAQ">FAQ</a></li><li><a shape="rect"
href="resources-and-articles.html" title="Resources and Articles">Resources and Articles</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Search"></a>Search</h3>
+
+<form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
+  <div>
+    <input type="hidden" name="cx" value="002890367768291051730:o99qiwa09y4">
+    <input type="hidden" name="ie" value="UTF-8">
+    <input type="text" name="q" size="21">
+    <input type="submit" name="sa" value="Search">
+  </div>
+</form>
+<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en"></script>
+
+
+<h3><a shape="rect" name="Navigation-Developers"></a>Developers</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="http://cxf.apache.org/docs/cxf-architecture.html">Architecture
Guide</a></li><li><a shape="rect" href="source-repository.html" title="Source
Repository">Source Repository</a></li><li><a shape="rect" href="building.html"
title="Building">Building</a></li><li><a shape="rect" href="automated-builds.html"
title="Automated Builds">Automated Builds</a></li><li><a shape="rect"
href="testing-debugging.html" title="Testing-Debugging">Testing-Debugging</a></li><li><a
shape="rect" href="coding-guidelines.html" title="Coding Guidelines">Coding Guidelines</a></li><li><a
shape="rect" href="getting-involved.html" title="Getting Involved">Getting Involved</a></li><li><a
shape="rect" href="release-management.html" title="Release Management">Release Management</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Subprojects"></a>Subprojects</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="distributed-osgi.html"
title="Distributed OSGi">Distributed OSGi</a></li><li><a shape="rect"
href="xjc-utils.html" title="XJC Utils">XJC Utils</a></li><li><a shape="rect"
href="build-utils.html" title="Build Utils">Build Utils</a></li><li><a
shape="rect" href="fediz.html" title="Fediz">Fediz</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-ASF"></a><a shape="rect" class="external-link"
href="http://www.apache.org">ASF</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" class="external-link"
href="http://www.apache.org/foundation/how-it-works.html">How Apache Works</a></li><li><a
shape="rect" class="external-link" href="http://www.apache.org/foundation/">Foundation</a></li><li><a
shape="rect" class="external-link" href="http://www.apache.org/foundation/sponsorship.html">Sponsor
Apache</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/thanks.html">Thanks</a></li><li><a
shape="rect" class="external-link" href="http://www.apache.org/security/">Security</a></li></ul>
+</div>
+                    <!-- NavigationBar -->
+                  </div>
+              </div>
+            </div>
+          </div>
+         </td>
+         <td height="100%">
+           <!-- Content -->
+           <div class="wiki-content">
+<div id="ConfluenceContent"><h1><a shape="rect" name="FedizExtensions-FedizExtensions"></a>Fediz
Extensions</h1>
+<p>This page describes the extension points in Fediz to enrich its functionality further.</p>
+
+<h3><a shape="rect" name="FedizExtensions-CallbackHandler"></a>Callback
Handler</h3>
+
+<h3><a shape="rect" name="FedizExtensions-CustomTokenValidator"></a>Custom
Token Validator</h3>
+</div>
+           </div>
+           <!-- Content -->
+         </td>
+        </tr>
+      </table>
+   </td>
+   <td id="cell-2-2" colspan="2">&nbsp;</td>
+  </tr>
+  <tr>
+   <td id="cell-3-0">&nbsp;</td>
+   <td id="cell-3-1">&nbsp;</td>
+   <td id="cell-3-2">
+     <div id="footer">
+       <!-- Footer -->
+       <div id="site-footer">
+         <a href="http://cxf.apache.org/privacy-policy.html">Privacy Policy</a>
- 
+         (<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=27848884">edit
page</a>) 
+	 (<a href="https://cwiki.apache.org/confluence/display/CXF/Fediz+Extensions?showComments=true&amp;showCommentArea=true#addcomment">add
comment</a>)<br>
+	Apache CXF, CXF, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
+        All other marks mentioned may be trademarks or registered trademarks of their respective
owners.
+       </div>
+       <!-- Footer -->
+     </div>
+   </td>
+   <td id="cell-3-3">&nbsp;</td>
+   <td id="cell-3-4">&nbsp;</td>
+  </tr>
+  <tr>
+    <td id="cell-4-0" colspan="2">&nbsp;</td>
+    <td id="cell-4-1">&nbsp;</td>
+    <td id="cell-4-2" colspan="2">&nbsp;</td>
+  </tr>
+</table>
+
+<script type="text/javascript">
+var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
+document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
+</script>
+<script type="text/javascript">
+try {
+var pageTracker = _gat._getTracker("UA-4458903-1");
+pageTracker._trackPageview();
+} catch(err) {}</script>
+
+</body>
+</html>
+

Modified: websites/production/cxf/content/fediz-idp.html
==============================================================================
--- websites/production/cxf/content/fediz-idp.html (original)
+++ websites/production/cxf/content/fediz-idp.html Wed Jun  6 19:48:37 2012
@@ -146,6 +146,19 @@ Apache CXF -- Fediz IDP
 
 <p>The Fediz IDP has been tested with Tomcat 6 and 7 but should be able to work with
any commercial JEE application server.</p>
 
+<p>Deploy the WAR files to your Tomcat installation (&lt;catalina.home&gt;/webapps).</p>
+
+<p>A Relying Party application trusts the IDP/STS component that the IDP authenticated
the browser user. The trust is established based on the certificate/private key used by the
STS to sign the SAML token. The signing certificate is located in <tt>webapps/fediz-idp-sts/WEB-INF/classes/stsstore.jks</tt>.
You must copy this keystore to a location where the Relying Party can reference it in its
<a shape="rect" href="fediz-configuration.html" title="Fediz Configuration">Fediz Configuration</a>
in the element <tt>certificateStores</tt>.</p>
+
+<p><b>This keystore contains the private key as well. In a production environment,
you must not deploy the private key of the STS to the Relying Party</b></p>
+
+
+<h3><a shape="rect" name="FedizIDP-Configuration"></a>Configuration</h3>
+
+<p>You can manage the users, their claims and the claims per application in the IDP.</p>
+
+<h5><a shape="rect" name="FedizIDP-HTTPSconfiguration"></a>HTTPS configuration</h5>
+
 <p>It's recommended to set up a dedicated (separate) Tomcat instance for the IDP. The
Fediz examples use the following TCP ports to interact with the IDP/STS:</p>
 <ul><li>HTTP port: 9080 (used for Maven deployment, mvn tomcat:redeploy)</li><li>HTTPS
port: 9443 (where IDP and STS are accessed)</li></ul>
 
@@ -167,16 +180,6 @@ Apache CXF -- Fediz IDP
 
 <p><b>Production: It's highly recommended to deploy certificates signed by a
Certificate Authority</b></p>
 
-<p>Deploy the WAR files to your Tomcat installation (&lt;catalina.home&gt;/webapps)
and ensure that Tomcat is started thus the WAR files get deployed.</p>
-
-<p>A Relying Party application trusts the IDP/STS component that the IDP authenticated
the browser user. The trust is established based on the certificate/private key used by the
STS to sign the SAML token. The signing certificate is located in <tt>webapps/fediz-idp-sts/WEB-INF/classes/stsstore.jks</tt>.
You must copy this keystore to a location where the Relying Party can reference it in its
<a shape="rect" href="fediz-configuration.html" title="Fediz Configuration">Fediz Configuration</a>
in the element <tt>certificateStores</tt>.</p>
-
-<p><b>This keystore contains the private key as well. In a production environment,
you must not deploy the private key of the STS to the Relying Party</b></p>
-
-
-<h3><a shape="rect" name="FedizIDP-Configuration"></a>Configuration</h3>
-
-<p>You can manage the users, their claims and the claims per application in the IDP.</p>
 
 <h5><a shape="rect" name="FedizIDP-Userandpassword"></a>User and password</h5>
 

Modified: websites/production/cxf/content/fediz-tomcat.html
==============================================================================
--- websites/production/cxf/content/fediz-tomcat.html (original)
+++ websites/production/cxf/content/fediz-tomcat.html Wed Jun  6 19:48:37 2012
@@ -136,15 +136,12 @@ Apache CXF -- Fediz Tomcat
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
-<div id="ConfluenceContent"><p><img align="middle" class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"
height="16" width="16" alt="" border="0"> Under construction</p>
-
-<h1><a shape="rect" name="FedizTomcat-TomcatPlugin"></a>Tomcat Plugin</h1>
+<div id="ConfluenceContent"><h1><a shape="rect" name="FedizTomcat-TomcatPlugin"></a>Tomcat
Plugin</h1>
 <p>This page describes how to enable Federation in Tomcat. This Tomcat instance acts
as the Relying Party which means it validates the incoming SignInResponse which has been created
by the Identity Provider (IDP) server.</p>
 
 <h3><a shape="rect" name="FedizTomcat-Installation"></a>Installation</h3>
 
-<p>You can either build the plugin on your own or download the package here (tbd).
If you have built the plugin on your own you'll find the required libraries in plugins/tomcat/target/...zip-with-dependencies.zip</p>
-
+<p>You can either build the Fediz plugin on your own or download the package <a
shape="rect" href="fediz-downloads.html" title="Fediz Downloads">here</a>. If you
have built the plugin on your own you'll find the required libraries in <tt>plugins/tomcat/target/...zip-with-dependencies.zip</tt></p>
 
 <ol><li>Create sub-directory <tt>fediz</tt> in <tt>${catalina.home}/lib</tt></li><li>Update
calatina.properties in ${catalina.home}/conf<br clear="none">
 add the previously created directory to the common loader:<br clear="none">
@@ -154,16 +151,45 @@ add the previously created directory to 
 
 <h3><a shape="rect" name="FedizTomcat-Configuration"></a>Configuration</h3>
 
+<h5><a shape="rect" name="FedizTomcat-HTTPSconfiguration"></a>HTTPS configuration</h5>
+
+<p>It's recommended to set up a dedicated (separate) Tomcat instance for the Relying
Party. The Fediz examples requires configuring the following TCP ports:</p>
+<ul><li>HTTP port: 8080 (used for Maven deployment, mvn tomcat:redeploy)</li><li>HTTPS
port: 8443 (where IDP and STS are accessed)</li></ul>
+
+
+<p>The Relying Party must be accessed over HTTPS to protect the security tokens issued
by the IDP.</p>
+
+<p>The Tomcat HTTP(s) configuration is done in conf/server.xml.</p>
+
+<p>This is a sample snippet for an HTTPS configuration:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+    &lt;Connector port=<span class="code-quote">"8443"</span> protocol=<span
class="code-quote">"HTTP/1.1"</span> SSLEnabled=<span class="code-quote">"true"</span>
+               maxThreads=<span class="code-quote">"150"</span> scheme=<span
class="code-quote">"https"</span> secure=<span class="code-quote">"true"</span>
+               keystoreFile=<span class="code-quote">"tomcatKeystore.jks"</span>
+               keystorePass=<span class="code-quote">"tompass"</span> sslProtocol=<span
class="code-quote">"TLS"</span> /&gt;
+</pre>
+</div></div>
+
+<p>The <tt>keystoreFile</tt> is relative to $CATALINA_HOME. See <a shape="rect"
class="external-link" href="http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html">here</a>
for the Tomcat 7 configuration reference. This page also describes how to create certificates.</p>
+
+<p><b>Production: It's highly recommended to deploy certificates signed by a
Certificate Authority</b></p>
+
+
+
+<h5><a shape="rect" name="FedizTomcat-Fedizconfiguration"></a>Fediz configuration</h5>
+
 <p>The Fediz related configuration is done in a Servlet Container independent configuration
file which is described <a shape="rect" href="fediz-configuration.html" title="Fediz Configuration">here</a>.</p>
 
 <p>The Fediz plugin requires configuring the FederationAuthenticator like any other
Valve in Tomcat. Detailed information about the Tomcat Valve concept is available <a shape="rect"
class="external-link" href="http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html">here</a>.</p>
 
-<p>A valve can be configured on different levels like <em>Host</em> or
<em>Context</em>. The Fediz configuration file allows to configure all servlet
contexts in one file or choosing one file per Servlet Context. If you choose to have one Fediz
configuration file per Servlet Context then you must configure the FederationAuthenticator
on the <em>Context</em> level otherwise on the <em>Host</em> level
in the Tomcat configuration file <em>server.xml</em></p>
+<p>A Valve can be configured on different levels like <em>Host</em> or
<em>Context</em>. The Fediz configuration file allows to configure all servlet
contexts in one file or choosing one file per Servlet Context. If you choose to have one Fediz
configuration file per Servlet Context then you must configure the FederationAuthenticator
on the <em>Context</em> level otherwise on the <em>Host</em> level
in the Tomcat configuration file <em>server.xml</em></p>
 
 
 <p>You can either configure the context in the server.xml or in META-INF/context.xml
as part of your WAR file.</p>
 
-<h5><a shape="rect" name="FedizTomcat-METAINF%2Fcontext.xml"></a>META-INF/context.xml</h5>
+<h6><a shape="rect" name="FedizTomcat-METAINF%2Fcontext.xml"></a>META-INF/context.xml</h6>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
 <pre class="code-xml"> 
   <span class="code-tag">&lt;Context&gt;</span> 
@@ -173,7 +199,7 @@ add the previously created directory to 
 </pre>
 </div></div>
 
-<h5><a shape="rect" name="FedizTomcat-Hostlevelinserver.xml"></a>Host level
in server.xml</h5>
+<h6><a shape="rect" name="FedizTomcat-Hostlevelinserver.xml"></a>Host level
in server.xml</h6>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
 <pre class="code-xml"> 
   &lt;Host name=<span class="code-quote">"localhost"</span>  appBase=<span
class="code-quote">"webapps"</span>
@@ -184,7 +210,7 @@ add the previously created directory to 
 </pre>
 </div></div> 
 
-<h5><a shape="rect" name="FedizTomcat-Contextlevelinserver.xml"></a>Context
level in server.xml</h5>
+<h6><a shape="rect" name="FedizTomcat-Contextlevelinserver.xml"></a>Context
level in server.xml</h6>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
 <pre class="code-xml"> 
   <span class="code-tag">&lt;Context path=<span class="code-quote">"/fedizhelloworld"</span>
docBase=<span class="code-quote">"fedizhelloworld"</span>&gt;</span>
@@ -194,7 +220,12 @@ add the previously created directory to 
 </pre>
 </div></div>
 
-<p>The Fediz configuration file is container independent and described here.</p>
+<p>The Fediz configuration file is a Servlet container independent configuration file
and described <a shape="rect" href="fediz-configuration.html" title="Fediz Configuration">here</a></p>
+
+<h3><a shape="rect" name="FedizTomcat-WebApplicationdeployment"></a>Web
Application deployment</h3>
+
+<p>Deploy your Web Application to your Tomcat installation (&lt;catalina.home&gt;/webapps).</p>
+
 
 </div>
            </div>



Mime
View raw message