cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r885608 - in /websites/production/cxf/content: cache/main.pageCache fediz-idp-11.html
Date Wed, 06 Nov 2013 09:47:56 GMT
Author: buildbot
Date: Wed Nov  6 09:47:56 2013
New Revision: 885608

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/main.pageCache
    websites/production/cxf/content/fediz-idp-11.html

Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/fediz-idp-11.html
==============================================================================
--- websites/production/cxf/content/fediz-idp-11.html (original)
+++ websites/production/cxf/content/fediz-idp-11.html Wed Nov  6 09:47:56 2013
@@ -255,13 +255,16 @@ $CATALINA_HOME/bin/shutdown.sh
 <p>The users and passwords are configured in a Spring configuration file in <tt>webapps/fediz-idp-sts/WEB-INF/passwords.xml</tt>.
The following users are already configured for the <em>Realm A</em> and can easily
be extended.</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
 <script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
-    &lt;util:map id="passwords"&gt;
-        &lt;entry key="alice"
-            value="ecila" /&gt;
-        &lt;entry key="bob"
-            value="bob" /&gt;
-        &lt;entry key="ted"
-            value="det" /&gt;
+    &lt;util:map id="REALMA"&gt;
+        &lt;entry key="alice" value="ecila" /&gt;
+        &lt;entry key="bob" value="bob" /&gt;
+        &lt;entry key="ted" value="det" /&gt;
+    &lt;/util:map&gt;
+	
+    &lt;util:map id="REALMB"&gt;
+        &lt;entry key="ALICE" value="ECILA" /&gt;
+        &lt;entry key="BOB" value="BOB" /&gt;
+        &lt;entry key="TED" value="DET" /&gt;
     &lt;/util:map&gt;
 ]]></script>
 </div></div>
@@ -295,11 +298,54 @@ $CATALINA_HOME/bin/shutdown.sh
 
 <p>The claim id's are configured according to Section 7.5 in the specification <a
shape="rect" class="external-link" href="http://docs.oasis-open.org/imi/identity/v1.0/identity.html"
rel="nofollow">Identity Metasystem Interoperability</a>. The mapping of claims to
a SAML attribute statement are described in Section 7.2.</p>
 
-<h5><a shape="rect" name="FedizIDP1.1-Applicationclaims"></a>Application
claims</h5>
+<h5><a shape="rect" name="FedizIDP1.1-IDPconfiguration"></a>IDP configuration</h5>
+
+<p>The IDP configuration is done in the new configuration file <tt>idp-config-&lt;realm&gt;.xml</tt>
which is illustrated below</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+    &lt;bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.model.IDPConfig"&gt;
+        &lt;property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" /&gt;
+        &lt;property name="uri" value="realma" /&gt;
+        &lt;!--&lt;property name="hrds" value="" /&gt;--&gt; &lt;!--
TBD, not defined, provide list if enabled --&gt;
+        &lt;property name="provideIDPList" value="true" /&gt;
+        &lt;property name="useCurrentIDP" value="true" /&gt;
+        &lt;property name="certificate" value="stsKeystoreA.properties" /&gt;
+        &lt;property name="certificatePassword" value="realma" /&gt;
+        &lt;property name="stsUrl" value="https://localhost:9443/fediz-idp-sts/REALMA"
/&gt;
+        &lt;property name="idpUrl" value="https://localhost:9443/fediz-idp/federation"
/&gt;
+        &lt;property name="supportedProtocols"&gt;
+            &lt;util:list&gt;
+                &lt;value&gt;http://docs.oasis-open.org/wsfed/federation/200706&lt;/value&gt;
+                &lt;value&gt;http://docs.oasis-open.org/ws-sx/ws-trust/200512&lt;/value&gt;
+            &lt;/util:list&gt;
+        &lt;/property&gt;
+        &lt;property name="services"&gt;
+            &lt;util:map&gt;
+	        &lt;entry key="urn:org:apache:cxf:fediz:fedizhelloworld" value-ref="srv-fedizhelloworld"
/&gt;
+            &lt;/util:map&gt;
+        &lt;/property&gt;
+        &lt;property name="authenticationURIs"&gt;
+            &lt;util:map&gt;
+	        &lt;entry key="default" value="/login/default" /&gt;
+            &lt;/util:map&gt;       
+        &lt;/property&gt;
+        &lt;property name="trustedIDPs"&gt;
+            &lt;util:map&gt;
+                &lt;entry key="urn:org:apache:cxf:fediz:idp:realm-B" value-ref="trusted-idp-realmB"
/&gt;
+            &lt;/util:map&gt;
+        &lt;/property&gt;
+        &lt;property name="serviceDisplayName" value="REALM A" /&gt;
+        &lt;property name="serviceDescription" value="IDP of Realm A" /&gt;
+    &lt;/bean&gt;
+]]></script>
+</div></div>
+
+<h5><a shape="rect" name="FedizIDP1.1-RelyingParty%2FApplicationconfiguration"></a>Relying
Party / Application configuration</h5>
 
 <p><em>Note: The configuration file</em> <tt><em>RPClaims.xml</em></tt>
<em>has been replaced</em></p>
 
-<p>The required claims per relying party are configured in the new IDP configuration
file <tt>idp-config-&lt;realm&gt;.xml</tt> which has been enhanced to
support other configuration parameters as well:</p>
+<p>The application related configuration like required claims are configured in the
new IDP configuration file <tt>idp-config-&lt;realm&gt;.xml</tt> which
has been enhanced to support other configuration parameters as well:</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
 <script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
     &lt;bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.model.ServiceConfig"&gt;
@@ -334,6 +380,24 @@ $CATALINA_HOME/bin/shutdown.sh
 ]]></script>
 </div></div>
 
+<h5><a shape="rect" name="FedizIDP1.1-TrustedIDPconfiguration"></a>Trusted
IDP configuration</h5>
+
+<p>This feature is new in Fediz IDP 1.1 and allows to redirect a SignIn Request to
a trusted IDP. The following configuration is required:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+    &lt;bean id="trusted-idp-realmB" class="org.apache.cxf.fediz.service.idp.model.TrustedIDPConfig"&gt;
+        &lt;property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" /&gt;
+        &lt;property name="url" value="https://localhost:12443/fediz-idp-remote/federation"
/&gt;
+        &lt;property name="certificate" value="realmb.cert" /&gt;
+        &lt;property name="trustType" value="PEER_TRUST" /&gt;
+        &lt;property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"
/&gt;
+        &lt;property name="federationType" value="FederateIdentity" /&gt;
+        &lt;property name="name" value="REALM B" /&gt;
+        &lt;property name="description" value="IDP of Realm B" /&gt;
+    &lt;/bean&gt;
+]]></script>
+</div></div>
 
 <h3><a shape="rect" name="FedizIDP1.1-ConfigureLDAPdirectory"></a>Configure
LDAP directory</h3>
 



Mime
View raw message