Author: prabath
Date: Fri Apr 4 06:14:41 2008
New Revision: 15572
Log:
added OpenID related admin/user guides
Added:
trunk/solutions/identity/modules/documentation/src/site/resources/images/idp_userguide04.jpg
(contents, props changed)
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide01.jpg
(contents, props changed)
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide02.jpg
(contents, props changed)
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide03.jpg
(contents, props changed)
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide04.jpg
(contents, props changed)
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide05.jpg
(contents, props changed)
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide06.jpg
(contents, props changed)
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide07.jpg
(contents, props changed)
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide08.jpg
(contents, props changed)
trunk/solutions/identity/modules/documentation/src/site/xdoc/op_userguide.xml
Modified:
trunk/solutions/identity/modules/documentation/src/site/resources/images/idp_userguide01.jpg
trunk/solutions/identity/modules/documentation/src/site/resources/images/idp_userguide02.jpg
trunk/solutions/identity/modules/documentation/src/site/site.xml
trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_administratorguide.xml
trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_production.xml
trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_userguide.xml
trunk/solutions/identity/modules/documentation/src/site/xdoc/op_administratorguide.xml
trunk/solutions/identity/modules/documentation/src/site/xdoc/rp_developer_guide.xml
Modified:
trunk/solutions/identity/modules/documentation/src/site/resources/images/idp_userguide01.jpg
==============================================================================
Binary files. No diff available.
Modified:
trunk/solutions/identity/modules/documentation/src/site/resources/images/idp_userguide02.jpg
==============================================================================
Binary files. No diff available.
Added:
trunk/solutions/identity/modules/documentation/src/site/resources/images/idp_userguide04.jpg
==============================================================================
Binary file. No diff available.
Added:
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide01.jpg
==============================================================================
Binary file. No diff available.
Added:
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide02.jpg
==============================================================================
Binary file. No diff available.
Added:
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide03.jpg
==============================================================================
Binary file. No diff available.
Added:
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide04.jpg
==============================================================================
Binary file. No diff available.
Added:
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide05.jpg
==============================================================================
Binary file. No diff available.
Added:
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide06.jpg
==============================================================================
Binary file. No diff available.
Added:
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide07.jpg
==============================================================================
Binary file. No diff available.
Added:
trunk/solutions/identity/modules/documentation/src/site/resources/images/op_userguide08.jpg
==============================================================================
Binary file. No diff available.
Modified: trunk/solutions/identity/modules/documentation/src/site/site.xml
==============================================================================
--- trunk/solutions/identity/modules/documentation/src/site/site.xml
(original)
+++ trunk/solutions/identity/modules/documentation/src/site/site.xml Fri Apr
4 06:14:41 2008
@@ -26,13 +26,14 @@
href="http://dist.wso2.org/products/solutions/identity/@wso2is_version@"/>
</menu>
<menu name="Documentation" href="index_docs.html">
- <item name="Idnetity Provider Adminstrator Guide"
href="idp_administratorguide.html"/>
- <item name="OpenID Provider Adminstrator Guide"
href="op_administratorguide.html"/>
<item name="Installation Guide" href="installation_guide.html"/>
- <item name="Idetity Solution in Production Environment"
href="idp_production.html"/>
+ <item name="Identity Provider Adminstrator Guide"
href="idp_administratorguide.html"/>
+ <item name="OpenID Provider Adminstrator Guide"
href="op_administratorguide.html"/>
+ <item name="Identity Solution in Production Environment"
href="idp_production.html"/>
<item name="mod_cspace Configuration Guide"
href="mod_cspace_config.html"/>
<item name="Relying Party Developer Guide"
href="rp_developer_guide.html"/>
<item name="Idp User Guide" href="idp_userguide.html"/>
+ <item name="OpenID User Guide" href="op_userguide.html"/>
</menu>
<menu name="Samples">
Modified:
trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_administratorguide.xml
==============================================================================
---
trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_administratorguide.xml
(original)
+++
trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_administratorguide.xml
Fri Apr 4 06:14:41 2008
@@ -107,9 +107,7 @@
<p>Click the "switch" icon in the claim detail section of each claim to
enable/disable
a claim.</p>
-<br/>
-
-<p>A detailed guide on defining claims realted to OpenID is available <a
href="op_administratorguide.xml">here</a>.</p>
+<p>A detailed guide on defining claims realted to OpenID is available <a
href="op_administratorguide.html">here</a>.</p>
<h3><a name="claim_mapping"></a>Mapping Claims</h3>
Modified:
trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_production.xml
==============================================================================
---
trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_production.xml
(original)
+++
trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_production.xml
Fri Apr 4 06:14:41 2008
@@ -94,7 +94,7 @@
]]></pre>
<p>OpenID provider server url can be changed by changing the following
-configuration element.Once this is set, OpenIDs will be generated in the
+configuration element. Once this is set, OpenIDs will be generated in the
following format [OpenIDServerUrl]/user/[User Name].</p>
<p>e.g: http://localhost:12080/user/bob</p>
<pre><![CDATA[
Modified:
trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_userguide.xml
==============================================================================
---
trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_userguide.xml
(original)
+++
trunk/solutions/identity/modules/documentation/src/site/xdoc/idp_userguide.xml
Fri Apr 4 06:14:41 2008
@@ -1,66 +1,73 @@
-<!--
- ~ Licensed to the Apache Software Foundation (ASF) under one
- ~ or more contributor license agreements. See the NOTICE file
- ~ distributed with this work for additional information
- ~ regarding copyright ownership. The ASF licenses this file
- ~ to you under the Apache License, Version 2.0 (the
- ~ "License"); you may not use this file except in compliance
- ~ with the License. You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing,
- ~ software distributed under the License is distributed on an
- ~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- ~ KIND, either express or implied. See the License for the
- ~ specific language governing permissions and limitations
- ~ under the License.
- -->
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
- "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd";>
-<html xmlns="http://www.w3.org/1999/xhtml";>
-<body>
-
-<h2>Identity Provider - User Guide</h2>
-
-<p>Users can login to Identity Provider (IdP) and manage their identity.</p>
-
-<ul>
-<li><a href="#t1">How to login to IdP?</a></li>
-<li><a href="#t2">How to get a Managed Card?</a></li>
-<li><a href="#t3">How to register with a Personal Card?</a></li>
-<li><a href="#t4">How to register your trusted Relying Party?</a></li>
-</ul>
-
-
-<h3><a name="t1">How to login to IdP?</a></h3>
-<p>You can login to IdP in two ways - one is to use your username/password and
-the other is to use a registered personal card. First obtain a
username/password
-from IdP administrator. Now you can login using that. Please check
-<a href="#t3">here</a> for more details on registering your personal card. Once
-you register your personal card, you can login using that.</p>
-
-<h3><a name="t2">How to get a Managed Card?</a></h3>
-<p>After you login click on [1] shown in the figure below. It will download a
-managed card.</p>
-
-<img alt="Downloading a Managed Card" src="./images/idp_userguide01.jpg" />
-
-<h3><a name="t3">How to register your personal card?</a></h3>
-<p>Create a personal card for yourself.</p>
-<p>Then obtain a username/password from IdP administrator and login using
that.
-Then click on [1] shown in the figure below. This will register your personal
-card. All personal cards registerd under your username/password will be
-displayed in [2] in the figure below. By clicking on [3] you can download the
-managed card relating to your personal card.</p>
-
-<img alt="Registering a Personal Card" src="./images/idp_userguide02.jpg" />
-
-<h3><a name="t4">How to register your trusted Relying Party?</a></h3>
-
-<p>Obtain Relying party certificate from the Relying party. Upload the
-certificate as show below.</p>
-<img alt="Registering a Personal Card" src="./images/idp_userguide03.jpg" />
-
-</body>
-</html>
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+<body>
+
+<h2>Identity Provider - User Guide</h2>
+
+<p>Users can login to Identity Provider (IdP) and manage their identity.</p>
+
+<ul>
+<li><a href="#t1">How to login to IdP?</a></li>
+<li><a href="#t2">How to get a Managed Card?</a></li>
+<li><a href="#t5">How to get an OpenID Information Card?</a></li>
+<li><a href="#t3">How to register with a Personal Card?</a></li>
+<li><a href="#t4">How to register your trusted Relying Party?</a></li>
+</ul>
+
+
+<h3><a name="t1">How to login to IdP?</a></h3>
+<p>You can login to IdP in four ways - one is to use your username/password
and
+another is to use a registered personal card. Also you can use either an
OpenID or an OpenID Information Card issued from WSO2 IdP,
+First obtain a username/password from IdP administrator. Now you can login
using that. Please check
+<a href="#t3">here</a> for more details on registering your personal card. Once
+you register your personal card, you can login using that.</p>
+
+<h3><a name="t2">How to get a Managed Card?</a></h3>
+<p>After you login click on [1] shown in the figure below. It will download a
+managed card.</p>
+
+<img alt="Downloading a Managed Card" src="./images/idp_userguide01.jpg" />
+
+<h3><a name="t5">How to get an OpenID Information Card?</a></h3>
+<p>After you login click on [1] shown in the figure below. It will download an
+OpenID Information Card card.</p>
+
+<img alt="Downloading an OpenID Information Card"
src="./images/idp_userguide04.jpg" />
+
+<h3><a name="t3">How to register your personal card?</a></h3>
+<p>Create a personal card for yourself.</p>
+<p>Then obtain a username/password from IdP administrator and login using
that.
+Then click on [1] shown in the figure below. This will register your personal
+card. All personal cards registerd under your username/password will be
+displayed in [2] in the figure below. By clicking on [3] you can download the
+managed card relating to your personal card.</p>
+
+<img alt="Registering a Personal Card" src="./images/idp_userguide02.jpg" />
+
+<h3><a name="t4">How to register your trusted Relying Party?</a></h3>
+
+<p>Obtain Relying party certificate from the Relying party. Upload the
+certificate as show below.</p>
+<img alt="Registering a Personal Card" src="./images/idp_userguide03.jpg" />
+
+</body>
+</html>
Modified:
trunk/solutions/identity/modules/documentation/src/site/xdoc/op_administratorguide.xml
==============================================================================
---
trunk/solutions/identity/modules/documentation/src/site/xdoc/op_administratorguide.xml
(original)
+++
trunk/solutions/identity/modules/documentation/src/site/xdoc/op_administratorguide.xml
Fri Apr 4 06:14:41 2008
@@ -48,7 +48,6 @@
<h2 id="start">Configuring WSO2 Identity Provider</h2>
<p>Please configure WSO2 Identity Provider as in
<a href="idp_administratorguide.html">here</a>.</p>
-<br/>
<p>Point your browser to https://host:port/admin. If you haven't changed
the default settings then you should be able to login to
@@ -67,7 +66,6 @@
<p>Please refer <a href="idp_production.html">this</a> for configuring WSO2
OpenID Provider in a production environment</p>
-
<h3><a name="enableOpenID"></a>Enable OpenID Registration</h3>
<p>By default OpenID registration is enabled in WSO2 Identity Solution. To
change the setting, switch off the "Enable OpenID Registration"
check box under "User Management" [Manage --> Users].
@@ -84,24 +82,22 @@
<p>Click the "switch" icon in the claim detail section of each claim to
enable/disable
a claim.</p>
-<br/>
+
<p>The same claim is identified by different namespaces under different
contexts. For example,email address is identified by
<b>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</b> for
Information Cards and for OpenID Simple Registration by
<b>http://schema.openid.net/2007/05/claims/email</b> and
<b>http://axschema.org/contact/email</b> is used by OpenID Attribute Exchange.
Even under OpenID Attribute Exchange, there can be different namespaces -
another widely used one is <b>http://schema.openid.net/contact/email</b>.
</p>
-<br/>
+
<p>
If you want to suppport all of these. simply we have
to enable all these claiims as supported claims - but this will give a bad
user experince since he has to enter his email 4 time at the time of
registration.
To avoid this we use an internal claim mapper - which can map one namespace
under one context to another namespace under a different context, using an XML
configuration
file [EMAIL PROTECTED]@/conf/openid-claim-mapper.xml file].</p>
-<br/>
<p>To add a new claim as an OpenID claim, make sure you set a non-empty value
for the OpenID Tag field. You can't set the same OpenID Tag for two supported
claims
at the same time</p>
-<br/>
<p>With default installation WSO2 OpenID Provider supports following claims
under OpenID Attribute Exchange 1.0 and all are mapped to the respective
OpenID Simple Registration claims</p>
Added:
trunk/solutions/identity/modules/documentation/src/site/xdoc/op_userguide.xml
==============================================================================
--- (empty file)
+++
trunk/solutions/identity/modules/documentation/src/site/xdoc/op_userguide.xml
Fri Apr 4 06:14:41 2008
@@ -0,0 +1,99 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+<body>
+
+<h2>OpenID - User Guide</h2>
+
+<ul>
+<li><a href="#t1">How to get an OpenID?</a></li>
+<li><a href="#t2">How to add multiple profiles?</a></li>
+<li><a href="#t3">How to login with OpenID?</a></li>
+<li><a href="#t4">How to view sites authenticated by your OpenID?</a></li>
+</ul>
+
+
+<h3><a name="t1">How to get an OpenID?</a></h3>
+<p>You can register with WSO2 OpenID Provider with two ways. One is
registering with username/password and the other is, registering
+with a self-issued information card. Which ever the way you used to
register[sign-up], you'll be assigned an OpenID atfer
+successfully completing the registration.</p>
+
+<p>An OpenID created after a successfull user registration is shown on [1] in
the figure below.</p>
+
+<img alt="OpenID created after a successfull user registration"
src="./images/op_userguide01.jpg" />
+
+
+<h3><a name="t2">How to add multiple profiles?</a></h3>
+<p>After you login to the IdP [or the OpenID Provider] click on [1] shown in
the figure below. It will direct you to
+a screen where you can add multiple profiles.</p>
+
+<img alt="Multiple Profiles" src="./images/op_userguide02.jpg" /><br/>
+
+<p>After you added a new profile it will be listed as shown in the image
below.</p>
+
+<img alt="Multiple Profiles" src="./images/op_userguide03.jpg" />
+
+<h3><a name="t5">How to login with OpenID?</a></h3>
+<p>You use your OpenID to login to any OpenID relying party which accepts
OpenIDs.</p>
+
+<p>WSO2 IdP also acts as an OpenID relying party - but this only accepts
OpenID issues by WSO2 OpenID Provider it self.</p>
+
+<p>To login to WSO2 IdP with your OpenID click on [1] shown in the image
below.</p>
+
+<img alt="Login with OpenID" src="./images/op_userguide04.jpg" /> <br/>
+
+<p>Type your OpenID at [1] shown in the image below and press 'Login'.</p>
+
+<img alt="Login with OpenID" src="./images/op_userguide05.jpg" /> <br/>
+
+<p>Type your password at [1] shown in the image below or if you have a
registered self-issued card with your account, then use it by clicking on
+[2] shown in the image below.</p>
+
+<img alt="Login with OpenID" src="./images/op_userguide06.jpg" /> <br/>
+
+
+<p>All your profile are listed at [1] shown in the image below - select the
profile which you want to used against this relying party.
+Claim values corresponding to the selected profile are are listed in [2] shown
in the image below.</p>
+
+<p>If you click on "Only Once" - then each time you login to this relying
party with your OpenID, you'll be given choise to decide
+whether you want to send data or not.</p>
+
+<p>If you click on "Always" - then for subsequent logins to this relying
party, will not ask you whether to trust or not.Profile you selected
+at the time you click "Always" will be used as the default profile for
subsequent logins.</p>
+
+<p>If you click on "Deny" - then your data are not submitted.</p>
+
+<img alt="Login with OpenID" src="./images/op_userguide07.jpg" /> <br/>
+
+Once you click on "Only Once" or "Always" you'll be redircetd to the calling
relying party - in this case to the WSO2 IdP.
+
+
+<h3><a name="t3">How to view sites authenticated by your OpenID?</a></h3>
+<p>Login to WSO2 IdP and at [1] shown in the image below - you can see the
relying party sites you have visited with your OpenID.</p>
+
+<p>By clicking on switch at [2] shown in the image below - you can switch
between whether to trust the corresponding relying party
+ "Only Once" or "Always".</p>
+
+<img alt="OpenID relying party site settings"
src="./images/op_userguide08.jpg" />
+
+
+</body>
+</html>
Modified:
trunk/solutions/identity/modules/documentation/src/site/xdoc/rp_developer_guide.xml
==============================================================================
---
trunk/solutions/identity/modules/documentation/src/site/xdoc/rp_developer_guide.xml
(original)
+++
trunk/solutions/identity/modules/documentation/src/site/xdoc/rp_developer_guide.xml
Fri Apr 4 06:14:41 2008
@@ -1,209 +1,210 @@
-<!--
- ~ Copyright 2005-2007 WSO2, Inc. (http://wso2.com)
- ~
- ~ Licensed under the Apache License, Version 2.0 (the "License");
- ~ you may not use this file except in compliance with the License.
- ~ You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
- "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd";>
-<html xmlns="http://www.w3.org/1999/xhtml";>
-<head>
-</head>
-<body>
-<h1>WSO2 Identity Solution, [EMAIL PROTECTED]@ : Java Servlet Filter Developer
Guide</h1>
-
-<h2>Introduction</h2>
-This servlet filter
org.wso2.solutions.identity.relyingparty.servletfilter.RelyingPartyFilter
-can be used with a servlet based web application to provide information card
-login to that application. The developer should follow the steps described
below
-in intgrating this servlet filter:
-
-<h2>Configuration Steps</h2>
-
-<p></p>
-<h3>Step 1 : Add the servlet filter to you application</h3>
-
-<p>Include the following entry in the web.xml file of the application:</p>
-
-<pre><![CDATA[
-
- <filter>
- <filter-name>TokenValidator</filter-name>
-
<filter-class>org.wso2.solutions.identity.relyingparty.servletfilter.RelyingPartyFilter</filter-class>
- <init-param>
- <param-name> ................ </param-name>
- <param-value> ............... </param-value>
- </init-param>
- <init-param>
- ......................
- </init-param>
- ......................
- ......................
- </filter>
-
- <filter-mapping>
- <filter-name>TokenValidator</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-]]></pre>
-<br/>
-<br/>
-Add the following as init-params to the web.xml
-<br/>
-<br/>
-<table>
- <tr>
- <th>ParameterName</th>
- <th>Required</th>
- <th>Description</th>
- </tr>
- <tr>
- <td>Keystore</td>
- <td>Yes</td>
- <td>Relative path to the keystore holding private key</td>
- </tr>
- <tr>
- <td>StorePass</td>
- <td>Yes</td>
- <td>Password to the keystore holding private key</td>
- </tr>
- <tr>
- <td>KeyAlias</td>
- <td>Yes</td>
- <td>Private key alias</td>
- </tr>
- <tr>
- <td>KeyPass</td>
- <td>Yes</td>
- <td>Private key pass</td>
- </tr>
- <tr>
- <td>StoreType</td>
- <td>Yes</td>
- <td>Store type of the keystore holding private key - e.g.
JDK</td>
- </tr>
- <tr>
- <td>TrustedIdP.KeyStore</td>
- <td></td>
- <td>Relative path to the trusted keystore</td>
- </tr>
- <tr>
- <td>TrustedIdP.StorePass</td>
- <td>If TokenValidationPolicy is NOT Promiscuous</td>
- <td>Trust store password</td>
- </tr>
- <tr>
- <td>TrustedIdP.StoreType</td>
- <td>If TokenValidationPolicy is NOT Promiscuous</td>
- <td>Trust store type</td>
- </tr>
- <tr>
- <td>MultiValueClaimsPolicy</td>
- <td>No - default applied</td>
- <td>Must be either MultiValueClaimsAllowed or
MultiValueClaimsNotAllowed. Default is MultiValueClaimsNotAllowed</td>
- </tr>
- <tr>
- <td>IssuerPolicy</td>
- <td>No - default applied</td>
- <td>Must be one of SelfAndManaged, Self, Managed. Default is
self and managed</td>
- </tr>
- <tr>
- <td>TokenValidationPolicy</td>
- <td>No - default applied</td>
- <td>Must be one of Promiscuous, WhiteList, BlackList,
CertValidate. Default is CertValidate. Please read more about this below.</td>
- </tr>
- <tr>
- <td>WhiteList</td>
- <td>Yes, if TokenValidationPolicy is WhiteList</td>
- <td>This is required to indicate the list of allowed DNs. If
not specified in WhiteList mode none of the users can login</td>
- </tr>
- <tr>
- <td>BlackList</td>
- <td>Yes, if TokenValidationPolicy is BlackList</td>
- <td>This is required to indicate the list of rejected DNs. If
not specified in BlackList mode all users who pass CertValidity can login</td>
- </tr>
-</table>
-
-<br/>
-<br/>
-<strong>TokenValidationPolicy</strong>
-<p>There are 4 modes of token validations.</p>
-<ul>
- <li>Promiscuous - In this mode, all tokens that has a valid signature
are allowed</li>
- <li>CertValidate - In this mode, all tokens that has a valid signarue
by an IDP who has a trusted certificate are allowed</li>
- <li>WhiteList - First CertValidity checked and after that if the issuer
DN is in the white list, the token is allowed</li>
- <li>BlackList - First CertValidity checked and after that if the issuer
DN is not listed in the BlackList, the token is allowed</li>
-</ul>
-<br/>
-<h3>Step 2 : Add the information card login page</h3>
-<br/>
-The user loing page must contain a form with an <strong>object</strong> tag as
shown below:
-
-<pre><![CDATA[
- <form name="frm" id="frm" method="post" action="InfoCardLogin.action">
- <input type="hidden" name="InfoCardSignin" value="Log in"
/><br/>
- <OBJECT type="application/x-informationCard" name="xmlToken">
- <PARAM Name="tokenType"
-
Value="urn:oasis:names:tc:SAML:1.0:assertion">
- <PARAM Name="requiredClaims"
-
Value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier";>
- <PARAM Name="issuer"
value="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self";>
- </OBJECT>
- </form>
-]]></pre>
-
-<p>The <strong>object</strong> tag here is the standard information card
object as
-defined <a
href="http://www.identityblog.com/wp-content/resources/profile/InfoCard-Profile-v1-Web-Integration.pdf";>
-here</a>.</p>
-
-<p><i>It is important that you include the hidden field called
"InfoCardSignin" with
-the value "Log in". The filter will process the HTTP POST request to extract
-the token sent when this request parameter is available.</i></p>
-
-<br/>
-<br/>
-<h3>Step 3 : Add the following jars to your classpath</h3>
-<ul>
-<li>axiom-api-1.2.4.jar</li>
-<li>axiom-dom-1.2.4.jar</li>
-<li>axiom-impl-1.2.4.jar</li>
-<li>wstx-asl-3.2.1.jar</li>
-<li>bcprov-jdk15-132.jar</li>
-<li>core-3.1.1.jar</li>
-<li>dom4j-1.6.1.jar</li>
-<li>opensaml-1.1.406.jar</li>
-<li>stax-api-1.0.1.jar</li>
-<li>wss4j-SNAPSHOT.jar</li>
-<li>xmlsec-534045-patched.jar</li>
-<li>wso2is-token-verifier-core-1.0.jar</li>
-<li>wso2is-base-1.0.jar</li>
-</ul>
-<br/>
-<h3>Step 4 : Obtain the information in the verified token and process</h3>
-
-<p>The results of token processing will be available as attributes in the
-ServletRequest object.</p>
-
-<p>To indicate whether token verification was successful or not there will be
an
-attribute by the name "<strong>org.wso2.solutions.identity.rp.State</strong>".
-On successful verification value of this attribute will be
-"<strong>success</strong>". Otherwise it will be
"<strong>failure</strong>".</p>
-
-<p>The ServletRequest will also contain a set of attrbites by the names of
-the claims (the part of claim URI after the final "/")</p> with their values.
-
-<p>These values can be used by the developer to initiate a user session in a
web
-application.</p>
-
-
-</body>
-</html>
+<!--
+ ~ Copyright 2005-2007 WSO2, Inc. (http://wso2.com)
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+<head>
+</head>
+<body>
+<h1>WSO2 Identity Solution, [EMAIL PROTECTED]@ : Java Servlet Filter Developer
Guide</h1>
+
+<h2>Introduction</h2>
+This servlet filter
org.wso2.solutions.identity.relyingparty.servletfilter.RelyingPartyFilter
+can be used with a servlet based web application to provide information card
and OpenID
+login to that application. The developer should follow the steps described
below
+in intgrating this servlet filter:
+
+<h2>Configuration Steps</h2>
+
+<p></p>
+<h3>Step 1 : Add the servlet filter to you application</h3>
+
+<p>Include the following entry in the web.xml file of the application:</p>
+
+<pre><![CDATA[
+
+ <filter>
+ <filter-name>TokenValidator</filter-name>
+
<filter-class>org.wso2.solutions.identity.relyingparty.servletfilter.RelyingPartyFilter</filter-class>
+ <init-param>
+ <param-name> ................ </param-name>
+ <param-value> ............... </param-value>
+ </init-param>
+ <init-param>
+ ......................
+ </init-param>
+ ......................
+ ......................
+ </filter>
+
+ <filter-mapping>
+ <filter-name>TokenValidator</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+]]></pre>
+<br/>
+<br/>
+Add the following as init-params to the web.xml
+<br/>
+<br/>
+<table>
+ <tr>
+ <th>ParameterName</th>
+ <th>Required</th>
+ <th>Description</th>
+ </tr>
+ <tr>
+ <td>Keystore</td>
+ <td>Yes</td>
+ <td>Relative path to the keystore holding private key</td>
+ </tr>
+ <tr>
+ <td>StorePass</td>
+ <td>Yes</td>
+ <td>Password to the keystore holding private key</td>
+ </tr>
+ <tr>
+ <td>KeyAlias</td>
+ <td>Yes</td>
+ <td>Private key alias</td>
+ </tr>
+ <tr>
+ <td>KeyPass</td>
+ <td>Yes</td>
+ <td>Private key pass</td>
+ </tr>
+ <tr>
+ <td>StoreType</td>
+ <td>Yes</td>
+ <td>Store type of the keystore holding private key - e.g.
JDK</td>
+ </tr>
+ <tr>
+ <td>TrustedIdP.KeyStore</td>
+ <td></td>
+ <td>Relative path to the trusted keystore</td>
+ </tr>
+ <tr>
+ <td>TrustedIdP.StorePass</td>
+ <td>If TokenValidationPolicy is NOT Promiscuous</td>
+ <td>Trust store password</td>
+ </tr>
+ <tr>
+ <td>TrustedIdP.StoreType</td>
+ <td>If TokenValidationPolicy is NOT Promiscuous</td>
+ <td>Trust store type</td>
+ </tr>
+ <tr>
+ <td>MultiValueClaimsPolicy</td>
+ <td>No - default applied</td>
+ <td>Must be either MultiValueClaimsAllowed or
MultiValueClaimsNotAllowed. Default is MultiValueClaimsNotAllowed</td>
+ </tr>
+ <tr>
+ <td>IssuerPolicy</td>
+ <td>No - default applied</td>
+ <td>Must be one of SelfAndManaged, Self, Managed. Default is
self and managed</td>
+ </tr>
+ <tr>
+ <td>TokenValidationPolicy</td>
+ <td>No - default applied</td>
+ <td>Must be one of Promiscuous, WhiteList, BlackList,
CertValidate. Default is CertValidate. Please read more about this below.</td>
+ </tr>
+ <tr>
+ <td>WhiteList</td>
+ <td>Yes, if TokenValidationPolicy is WhiteList</td>
+ <td>This is required to indicate the list of allowed DNs. If
not specified in WhiteList mode none of the users can login</td>
+ </tr>
+ <tr>
+ <td>BlackList</td>
+ <td>Yes, if TokenValidationPolicy is BlackList</td>
+ <td>This is required to indicate the list of rejected DNs. If
not specified in BlackList mode all users who pass CertValidity can login</td>
+ </tr>
+</table>
+
+<br/>
+<br/>
+<strong>TokenValidationPolicy</strong>
+<p>There are 4 modes of token validations.</p>
+<ul>
+ <li>Promiscuous - In this mode, all tokens that has a valid signature
are allowed</li>
+ <li>CertValidate - In this mode, all tokens that has a valid signarue
by an IDP who has a trusted certificate are allowed</li>
+ <li>WhiteList - First CertValidity checked and after that if the issuer
DN is in the white list, the token is allowed</li>
+ <li>BlackList - First CertValidity checked and after that if the issuer
DN is not listed in the BlackList, the token is allowed</li>
+</ul>
+<br/>
+<h3>Step 2 : Add the information card login page</h3>
+<br/>
+The user loing page must contain a form with an <strong>object</strong> tag as
shown below:
+
+<pre><![CDATA[
+ <form name="frm" id="frm" method="post" action="InfoCardLogin.action">
+ <input type="hidden" name="InfoCardSignin" value="Log in"
/><br/>
+ <OBJECT type="application/x-informationCard" name="xmlToken">
+ <PARAM Name="tokenType"
+
Value="urn:oasis:names:tc:SAML:1.0:assertion">
+ <PARAM Name="requiredClaims"
+
Value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier";>
+ <PARAM Name="issuer"
value="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self";>
+ </OBJECT>
+ </form>
+]]></pre>
+
+<p>The <strong>object</strong> tag here is the standard information card
object as
+defined <a
href="http://www.identityblog.com/wp-content/resources/profile/InfoCard-Profile-v1-Web-Integration.pdf";>
+here</a>.</p>
+
+<p><i>It is important that you include the hidden field called
"InfoCardSignin" with
+the value "Log in". The filter will process the HTTP POST request to extract
+the token sent when this request parameter is available.</i></p>
+
+<br/>
+<br/>
+<h3>Step 3 : Add the following jars to your classpath</h3>
+<ul>
+<li>axiom-api-1.2.4.jar</li>
+<li>axiom-dom-1.2.4.jar</li>
+<li>axiom-impl-1.2.4.jar</li>
+<li>wstx-asl-3.2.1.jar</li>
+<li>bcprov-jdk15-132.jar</li>
+<li>core-3.1.1.jar</li>
+<li>dom4j-1.6.1.jar</li>
+<li>opensaml-1.1.406.jar</li>
+<li>stax-api-1.0.1.jar</li>
+<li>wss4j-SNAPSHOT.jar</li>
+<li>xmlsec-534045-patched.jar</li>
+<li>wso2is-token-verifier-core-1.0.jar</li>
+<li>wso2is-base-1.0.jar</li>
+<li>openid4java-nodeps-0.9.3.1.jar</li>
+</ul>
+<br/>
+<h3>Step 4 : Obtain the information in the verified token and process</h3>
+
+<p>The results of token processing will be available as attributes in the
+ServletRequest object.</p>
+
+<p>To indicate whether token verification was successful or not there will be
an
+attribute by the name "<strong>org.wso2.solutions.identity.rp.State</strong>".
+On successful verification value of this attribute will be
+"<strong>success</strong>". Otherwise it will be
"<strong>failure</strong>".</p>
+
+<p>The ServletRequest will also contain a set of attrbites by the names of
+the claims (the part of claim URI after the final "/")</p> with their values.
+
+<p>These values can be used by the developer to initiate a user session in a
web
+application.</p>
+
+
+</body>
+</html>
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
