cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r848462 - in /websites/production/cxf/content: cache/main.pageCache fediz-configuration.html
Date Tue, 29 Jan 2013 17:47:59 GMT
Author: buildbot
Date: Tue Jan 29 17:47:58 2013
New Revision: 848462

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/main.pageCache
    websites/production/cxf/content/fediz-configuration.html

Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/fediz-configuration.html
==============================================================================
--- websites/production/cxf/content/fediz-configuration.html (original)
+++ websites/production/cxf/content/fediz-configuration.html Tue Jan 29 17:47:58 2013
@@ -178,7 +178,7 @@ Finally, the audience URI is validated a
 <div class="table-wrap">
 <table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh">XML element </th><th colspan="1" rowspan="1" class="confluenceTh">Name
</th><th colspan="1" rowspan="1" class="confluenceTh">Use </th><th colspan="1"
rowspan="1" class="confluenceTh">Description</th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> audienceUris </td><td colspan="1" rowspan="1"
class="confluenceTd"> Audience URI </td><td colspan="1" rowspan="1" class="confluenceTd">
Required </td><td colspan="1" rowspan="1" class="confluenceTd"> The values of
the list of audience URIs are verified against the element <tt>AudienceRestriction</tt>
in the SAML token </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
certificateStores </td><td colspan="1" rowspan="1" class="confluenceTd"> Trusted
certificate store </td><td colspan="1" rowspan="1" class="confluenceTd"> Required
</td><td colspan="1" rowspan="1" class="confluenceTd"> The list of keystores (JKS,
PEM) inclu
 des at least the certificate of the Certificate Authorities (CA) which signed the certificate
which is used to sign the SAML token.<br clear="none">
 If the file location is not fully qualified it needs to be relative to the Container home
directory </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
trustedIssuers </td><td colspan="1" rowspan="1" class="confluenceTd"> Trusted
Issuers </td><td colspan="1" rowspan="1" class="confluenceTd"> Required </td><td
colspan="1" rowspan="1" class="confluenceTd"> There are two ways to configure a trusted
issuer (IDP). Either you configure the subject name and the CA(s) who signed the certificate
of the IDP (<tt>certificateValidation=ChainTrust</tt>) or you configure the certificate
of the IDP and the CA(s) who signed it (<tt>certificateValidation=PeerTrust</tt>)</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> maximumClockSkew </td><td colspan="1"
rowspan="1" class="confluenceTd"> Maximum Clock Skew </td><td colspan="1" rowspan="1"
class="confluenceTd"> Optional </td><td colspan="1" rowspan="1" class="confluenceTd">
Maximum allowable time difference between 
 the system clocks of the IDP and RP.<br clear="none">
-Default 5 seconds. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
tokenReplayCache </td><td colspan="1" rowspan="1" class="confluenceTd"> Token
Replay Cache </td><td colspan="1" rowspan="1" class="confluenceTd"> Optional </td><td
colspan="1" rowspan="1" class="confluenceTd"> The <a shape="rect" class="external-link"
href="http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java?view=markup">TokenReplayCache</a>
implementation to use to cache tokens. The default is an implementation based on EHCache.
</td></tr></tbody></table>
+Default 5 seconds. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
tokenReplayCache </td><td colspan="1" rowspan="1" class="confluenceTd"> Token
Replay Cache </td><td colspan="1" rowspan="1" class="confluenceTd"> Optional </td><td
colspan="1" rowspan="1" class="confluenceTd"> The <a shape="rect" class="external-link"
href="http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java?view=markup">TokenReplayCache</a>
implementation to use to cache tokens. The default is an implementation based on EHCache.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> signingKey
</td><td colspan="1" rowspan="1" class="confluenceTd"> Key for Signature </td><td
colspan="1" rowspan="1" class="confluenceTd"> Optional </td><td colspan="1" rowspan="1"
class="confluenceTd"> If configured, the published (WS-Federation) <a shape="rect" href="fediz-metadata.html"
title="Fediz Metadata">Metadata document</a> is s
 igned by this key. Otherwise, not signed.</td></tr></tbody></table>
 </div>
 
 
@@ -192,7 +192,7 @@ The WS-Federation standard defines a lis
 Required for Role Based Access Control. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> roleDelimiter </td><td colspan="1" rowspan="1"
class="confluenceTd"> Role Value Delimiter </td><td colspan="1" rowspan="1" class="confluenceTd">
Optional </td><td colspan="1" rowspan="1" class="confluenceTd"> NA </td><td
colspan="1" rowspan="1" class="confluenceTd"> There are different ways to encode multi
value attributes in SAML.
 <ul><li>Single attribute with multiple values</li><li>Several attributes
with the same name but only one value</li><li>Single attribute with single value.
Roles are delimited by <tt>roleDelimiter</tt></li></ul>
 </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> claimTypesRequested
</td><td colspan="1" rowspan="1" class="confluenceTd"> Requested claims </td><td
colspan="1" rowspan="1" class="confluenceTd"> Optional </td><td colspan="1" rowspan="1"
class="confluenceTd"> ClaimTypesRequested </td><td colspan="1" rowspan="1" class="confluenceTd">
The claims required by the Relying Party are listed here. Claims can be optional. If a mandatory
claim can't be provided by the IDP the issuance of the token should fail </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> homeRealm </td><td colspan="1" rowspan="1"
class="confluenceTd"> Home Realm </td><td colspan="1" rowspan="1" class="confluenceTd">
Optional </td><td colspan="1" rowspan="1" class="confluenceTd"> NA </td><td
colspan="1" rowspan="1" class="confluenceTd"> Indicates the Resource IDP the home realm
of the requestor. This may be an URL or an identifier like urn: or uuid: and depends on the
Resource IDP imple
 mentation. This value is part of the SignIn request as the <tt>whr</tt> parameter
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> freshness
</td><td colspan="1" rowspan="1" class="confluenceTd"> Freshness </td><td
colspan="1" rowspan="1" class="confluenceTd"> Optional </td><td colspan="1" rowspan="1"
class="confluenceTd"> NA </td><td colspan="1" rowspan="1" class="confluenceTd">
The desired "freshness" of the token from the IdP. This information is provided in the SignInRequest
to the IdP (paramater <tt>wfresh</tt>)</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> tokenValidators </td><td colspan="1" rowspan="1"
class="confluenceTd"> TokenValidators </td><td colspan="1" rowspan="1" class="confluenceTd">
Optional </td><td colspan="1" rowspan="1" class="confluenceTd"> NA </td><td
colspan="1" rowspan="1" class="confluenceTd"> Custom Token validator classes can be configured
here. The SAML Token validator is enabled by default.<br clear="none">
-See example <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/CustomValidator.java">here</a></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> signingKey </td><td colspan="1"
rowspan="1" class="confluenceTd"> Key for Signature </td><td colspan="1" rowspan="1"
class="confluenceTd"> Optional </td><td colspan="1" rowspan="1" class="confluenceTd">
Metadata signature </td><td colspan="1" rowspan="1" class="confluenceTd"> If configured,
the published WS-Federation <a shape="rect" href="fediz-metadata.html" title="Fediz Metadata">Metadata
document</a> is signed by this key. Otherwise, not signed.</td></tr></tbody></table>
+See example <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/CustomValidator.java">here</a></td></tr></tbody></table>
 </div>
 
 



Mime
View raw message