cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Fediz Tomcat plug-in and Shibboleth IdP
Date Wed, 27 Mar 2013 11:16:30 GMT
I am trying to map the different values required by fediz plugin to talk to
> our Shibboleth IdP. Any help is much appreciated.


What kind of help are you looking for? Is the Fediz plugin making an
invocation on the Shibboleth IdP that is rejected? If so please post the
exception and we might be able to help.

Colm.

On Tue, Mar 19, 2013 at 2:16 PM, Abba Yadav <APY@usp.org> wrote:

>
>
> I am trying to integrate Fediz Tomcat plug-in to talk to our Shibboleth
> IdP. The Fediz tomcat plug-in on the Service Provider talks SAML 1.0.
>
>
>
> Sample Fediz configuration file looks like this:
>
>
>
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
>
> <!-- Place in Tomcat conf folder or other location as designated in this
> sample's webapp/META-INF/context.xml file.
>
>      Keystore referenced below must have IDP STS' public cert included in
> it.  This example re-uses the Tomcat SSL
>
>      keystore (tomcat-rp.jks) for this task; alternatively you may wish to
> use a Fediz-specific keystore instead.
>
> -->
>
> <FedizConfig>
>
>                 <contextConfig name="/fedizhelloworld">
>
>                                 <audienceUris>
>
>                                                 <audienceItem>
> https://localhost:8443/fedizhelloworld/</audienceItem<
> https://localhost:8443/fedizhelloworld/%3C/audienceItem>>
>
>                                 </audienceUris>
>
>                                 <certificateStores>
>
>                                                 <trustManager>
>
>                                                                 <keyStore
> file="tomcat-rp.jks" password="tompass" type="JKS" />
>
>                                                 </trustManager>
>
>                                 </certificateStores>
>
>                                 <trustedIssuers>
>
>                                                 <issuer
> subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
>
>
> name="DoubleItSTSIssuer" />
>
>                                 </trustedIssuers>
>
>                                 <maximumClockSkew>1000</maximumClockSkew>
>
>                                 <protocol xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance"<
> http://www.w3.org/2001/XMLSchema-instance%22>
>
>
> xsi:type="federationProtocolType" version="1.0.0">
>
>                                                 <!--<realm>target
> realm</realm>-->
>
>                                                 <issuer>
> https://localhost:9443/fedizidp/</issuer<
> https://localhost:9443/fedizidp/%3C/issuer>>
>
>
> <roleDelimiter>,</roleDelimiter>
>
>                                                 <roleURI>
> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI<
> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role%3C/roleURI>>
>
>                                                 <!--<authenticationType
> type="String">some auth type</authenticationType>-->
>
>                                                 <!--<homeRealm
> type="Class">org.apache.fediz.realm.MyHomeRealm</homeRealm>-->
>
>
> <!--<freshness>0</freshness>-->
>
>                                                 <!--<reply>reply
> value</reply>-->
>
>
> <!--<request>REQUEST</request>-->
>
>                                                 <claimTypesRequested>
>
>                                                                 <claimType
> type="a particular claim type" optional="true" />
>
>                                                 </claimTypesRequested>
>
>                                 </protocol>
>
>                 </contextConfig>
>
> </FedizConfig>
>
>
>
>
>
> I am trying to map the different values required by fediz plugin to talk
> to our Shibboleth IdP. Any help is much appreciated.
>
>
>
> Thanks,
>
> Abba
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message