cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r828833 - in /websites/production/cxf/content: cache/main.pageCache fediz-tomcat.html
Date Mon, 13 Aug 2012 21:47:24 GMT
Author: buildbot
Date: Mon Aug 13 21:47:23 2012
New Revision: 828833

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/main.pageCache
    websites/production/cxf/content/fediz-tomcat.html

Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/fediz-tomcat.html
==============================================================================
--- websites/production/cxf/content/fediz-tomcat.html (original)
+++ websites/production/cxf/content/fediz-tomcat.html Mon Aug 13 21:47:23 2012
@@ -137,7 +137,10 @@ Apache CXF -- Fediz Tomcat
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><h1><a shape="rect" name="FedizTomcat-TomcatPlugin"></a>Tomcat
Plugin</h1>
-<p>This page describes how to enable Federation in Tomcat. The configuration below
is specifically for Tomcat instances hosting Relying Party (RP) applications, not instances
just hosting the Fediz Identity Provider (IDP) and STS or third-party services authenticating
a RP application based on SAML tokens provided by the IDP STS.  A Tomcat instance holdign
RP webapps will validate the incoming SignInResponse created by the IDP server.</p>
+<p>This page describes how to enable Federation for a Tomcat instance hosting Relying
Party (RP) applications.  This configuration is not for a separate Tomcat instance hosting
the Fediz IDP and IDP STS WARs, or hosts for third-party applications that use Fediz STS-generated
SAML assertions for authentication.  After this configuration is done, the Tomcat-RP instance
will validate the incoming SignInResponse created by the IDP server.</p>
+
+<p>Prior to doing this configuration, make sure you've first deployed the Fediz IDP
and STS on the separate Tomcat IDP instance as discussed <a shape="rect" href="fediz-idp.html"
title="Fediz IDP">here</a>, and can view the STS WSDL at the URL given on that page.
 That page also provides some tips for running multiple Tomcat instances on your machine.</p>
+
 
 <h3><a shape="rect" name="FedizTomcat-Installation"></a>Installation</h3>
 
@@ -153,10 +156,12 @@ add the previously created directory to 
 
 <h5><a shape="rect" name="FedizTomcat-HTTPSconfiguration"></a>HTTPS configuration</h5>
 
-<p>It's recommended to set up a dedicated (separate) Tomcat instance for the Relying
Party. The Fediz examples requires configuring the following TCP ports:</p>
-<ul><li>HTTP port: 8080 (used for Maven deployment, mvn tomcat:redeploy)</li><li>HTTPS
port: 8443 (where IDP and STS are accessed)</li></ul>
+<p>It's recommended to set up a dedicated (separate) Tomcat instance for the Relying
Party. The Fediz RP web applications use the following TCP ports:</p>
+<ul><li>HTTP port: 8080 (used for Maven deployment, mvn tomcat:redeploy)</li><li>HTTPS
port: 8443 (where IDP and STS are accessed)</li><li>Server port (for shutdown
and other commands): 8005</li></ul>
 
 
+<p>These are the default ports for a standard Tomcat installation.</p>
+
 <p>The Relying Party must be accessed over HTTPS to protect the security tokens issued
by the IDP.</p>
 
 <p>The Tomcat HTTP(s) configuration is done in conf/server.xml.</p>
@@ -172,12 +177,14 @@ add the previously created directory to 
 </pre>
 </div></div>
 
-<p>The keystoreFile is relative to $CATALINA_HOME. See <a shape="rect" class="external-link"
href="http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html">here</a> for the Tomcat
7 configuration reference. This page also describes how to create certificates.  Sample Tomcat
keystores (not for production use, but useful for demoing Fediz and running the sample applications)
are provided in the examples/samplekeys folder of the Fediz distribution.</p>
+<p>The keystoreFile is relative to $CATALINA_HOME. See <a shape="rect" class="external-link"
href="http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html">here</a> for the Tomcat
7 configuration reference. This page also describes how to create certificates.  Sample Tomcat
keystores (not for production use, but useful for demoing Fediz and running the sample applications)
are provided in the examples/samplekeys folder of the Fediz distribution.  Note the Tomcat
keystore here is different from the one used to configure the Tomcat-IDP instance.</p>
 
 <p>To establish trust, there are significant keystore/truststore requirements between
the Tomcat instances and the various web applications (IDP, STS, Relying party applications,
third party web services, etc.)  See <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html?view=co">this
page</a> for more details, it lists the trust requirements as well as sample scripts
for creating your own (self-signed) keys.</p>
 
 <p><b>Warning:  All sample keystores provided with Fediz (including in the WAR
files for its services and examples) are for development/prototyping use only.  They'll need
to be replaced for production use, at a minimum with your own self-signed keys but strongly
recommended to use third-party signed keys.</b></p>
 
+<p>If you are currently just trying to run the Fediz samples, the configuration above
is all you need (the below configuration is already provided within the samples) so you can
return now to the samples' READMEs for the next steps in running them.</p>
+
 
 <h5><a shape="rect" name="FedizTomcat-FedizPluginconfigurationforYourWebApplication"></a>Fediz
Plugin configuration for Your Web Application</h5>
 
@@ -187,7 +194,7 @@ add the previously created directory to 
 
 <p>A Valve can be configured on different levels like <em>Host</em> or
<em>Context</em>. The Fediz configuration file allows to configure all servlet
contexts in one file or choosing one file per Servlet Context. If you choose to have one Fediz
configuration file per Servlet Context then you must configure the FederationAuthenticator
on the <em>Context</em> level otherwise on the <em>Host</em> level
in the Tomcat configuration file <em>server.xml</em></p>
 
-<p>You can either configure the context in the server.xml or in META-INF/context.xml
as part of your WAR file.  (The sample RP applications bundled with Fediz already have this
configured via the latter option.)</p>
+<p>You can either configure the context in the server.xml or in META-INF/context.xml
as part of your WAR file.</p>
 
 <h6><a shape="rect" name="FedizTomcat-METAINF%2Fcontext.xml"></a>META-INF/context.xml</h6>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
@@ -224,7 +231,7 @@ add the previously created directory to 
 
 <h3><a shape="rect" name="FedizTomcat-WebApplicationdeployment"></a>Web
Application deployment</h3>
 
-<p>Deploy your Web Application to your Tomcat installation (&lt;catalina.home&gt;/webapps).</p>
+<p>Deploy your Web Application to your Tomcat installation (&lt;catalina.home&gt;/webapps).
 If you're running the Fediz examples, their README files will have instructions on how to
do this.</p>
 
 <h3><a shape="rect" name="FedizTomcat-FederationMetadatadocument"></a>Federation
Metadata document</h3>
 



Mime
View raw message