Fediz Tomcat plug-in and Shibboleth IdP

Tue, 19 Mar 2013 07:16:36 -0700 


I am trying to integrate Fediz Tomcat plug-in to talk to our Shibboleth IdP. 
The Fediz tomcat plug-in on the Service Provider talks SAML 1.0.



Sample Fediz configuration file looks like this:



<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<!-- Place in Tomcat conf folder or other location as designated in this 
sample's webapp/META-INF/context.xml file.

     Keystore referenced below must have IDP STS' public cert included in it.  
This example re-uses the Tomcat SSL

     keystore (tomcat-rp.jks) for this task; alternatively you may wish to use 
a Fediz-specific keystore instead.

-->

<FedizConfig>

                <contextConfig name="/fedizhelloworld">

                                <audienceUris>

                                                
<audienceItem>https://localhost:8443/fedizhelloworld/</audienceItem<https://localhost:8443/fedizhelloworld/%3C/audienceItem>>

                                </audienceUris>

                                <certificateStores>

                                                <trustManager>

                                                                <keyStore 
file="tomcat-rp.jks" password="tompass" type="JKS" />

                                                </trustManager>

                                </certificateStores>

                                <trustedIssuers>

                                                <issuer 
subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"

                                                                
name="DoubleItSTSIssuer" />

                                </trustedIssuers>

                                <maximumClockSkew>1000</maximumClockSkew>

                                <protocol 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";<http://www.w3.org/2001/XMLSchema-instance%22>

                                                
xsi:type="federationProtocolType" version="1.0.0">

                                                <!--<realm>target 
realm</realm>-->

                                                
<issuer>https://localhost:9443/fedizidp/</issuer<https://localhost:9443/fedizidp/%3C/issuer>>

                                                <roleDelimiter>,</roleDelimiter>

                                                
<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role%3C/roleURI>>

                                                <!--<authenticationType 
type="String">some auth type</authenticationType>-->

                                                <!--<homeRealm 
type="Class">org.apache.fediz.realm.MyHomeRealm</homeRealm>-->

                                                <!--<freshness>0</freshness>-->

                                                <!--<reply>reply 
value</reply>-->

                                                
<!--<request>REQUEST</request>-->

                                                <claimTypesRequested>

                                                                <claimType 
type="a particular claim type" optional="true" />

                                                </claimTypesRequested>

                                </protocol>

                </contextConfig>

</FedizConfig>





I am trying to map the different values required by fediz plugin to talk to our 
Shibboleth IdP. Any help is much appreciated.



Thanks,

Abba

Reply via email to