I am trying to integrate Fediz Tomcat plug-in to talk to our Shibboleth IdP. The Fediz tomcat plug-in on the Service Provider talks SAML 1.0.
Sample Fediz configuration file looks like this: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file. Keystore referenced below must have IDP STS' public cert included in it. This example re-uses the Tomcat SSL keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead. --> <FedizConfig> <contextConfig name="/fedizhelloworld"> <audienceUris> <audienceItem>https://localhost:8443/fedizhelloworld/</audienceItem<https://localhost:8443/fedizhelloworld/%3C/audienceItem>> </audienceUris> <certificateStores> <trustManager> <keyStore file="tomcat-rp.jks" password="tompass" type="JKS" /> </trustManager> </certificateStores> <trustedIssuers> <issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust" name="DoubleItSTSIssuer" /> </trustedIssuers> <maximumClockSkew>1000</maximumClockSkew> <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"<http://www.w3.org/2001/XMLSchema-instance%22> xsi:type="federationProtocolType" version="1.0.0"> <!--<realm>target realm</realm>--> <issuer>https://localhost:9443/fedizidp/</issuer<https://localhost:9443/fedizidp/%3C/issuer>> <roleDelimiter>,</roleDelimiter> <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role%3C/roleURI>> <!--<authenticationType type="String">some auth type</authenticationType>--> <!--<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm</homeRealm>--> <!--<freshness>0</freshness>--> <!--<reply>reply value</reply>--> <!--<request>REQUEST</request>--> <claimTypesRequested> <claimType type="a particular claim type" optional="true" /> </claimTypesRequested> </protocol> </contextConfig> </FedizConfig> I am trying to map the different values required by fediz plugin to talk to our Shibboleth IdP. Any help is much appreciated. Thanks, Abba