Re: Fediz Tomcat plug-in and Shibboleth IdP

2013-03-27 Thread Colm O hEigeartaigh 
I am trying to map the different values required by fediz plugin to talk to
 our Shibboleth IdP. Any help is much appreciated.


What kind of help are you looking for? Is the Fediz plugin making an
invocation on the Shibboleth IdP that is rejected? If so please post the
exception and we might be able to help.

Colm.

On Tue, Mar 19, 2013 at 2:16 PM, Abba Yadav a...@usp.org wrote:



 I am trying to integrate Fediz Tomcat plug-in to talk to our Shibboleth
 IdP. The Fediz tomcat plug-in on the Service Provider talks SAML 1.0.



 Sample Fediz configuration file looks like this:



 ?xml version=1.0 encoding=UTF-8 standalone=yes?

 !-- Place in Tomcat conf folder or other location as designated in this
 sample's webapp/META-INF/context.xml file.

  Keystore referenced below must have IDP STS' public cert included in
 it.  This example re-uses the Tomcat SSL

  keystore (tomcat-rp.jks) for this task; alternatively you may wish to
 use a Fediz-specific keystore instead.

 --

 FedizConfig

 contextConfig name=/fedizhelloworld

 audienceUris

 audienceItem
 https://localhost:8443/fedizhelloworld//audienceItem
 https://localhost:8443/fedizhelloworld/%3C/audienceItem

 /audienceUris

 certificateStores

 trustManager

 keyStore
 file=tomcat-rp.jks password=tompass type=JKS /

 /trustManager

 /certificateStores

 trustedIssuers

 issuer
 subject=.*CN=www.sts.com.* certificateValidation=ChainTrust


 name=DoubleItSTSIssuer /

 /trustedIssuers

 maximumClockSkew1000/maximumClockSkew

 protocol xmlns:xsi=
 http://www.w3.org/2001/XMLSchema-instance;
 http://www.w3.org/2001/XMLSchema-instance%22


 xsi:type=federationProtocolType version=1.0.0

 !--realmtarget
 realm/realm--

 issuer
 https://localhost:9443/fedizidp//issuer
 https://localhost:9443/fedizidp/%3C/issuer


 roleDelimiter,/roleDelimiter

 roleURI
 http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role/roleURI
 http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role%3C/roleURI

 !--authenticationType
 type=Stringsome auth type/authenticationType--

 !--homeRealm
 type=Classorg.apache.fediz.realm.MyHomeRealm/homeRealm--


 !--freshness0/freshness--

 !--replyreply
 value/reply--


 !--requestREQUEST/request--

 claimTypesRequested

 claimType
 type=a particular claim type optional=true /

 /claimTypesRequested

 /protocol

 /contextConfig

 /FedizConfig





 I am trying to map the different values required by fediz plugin to talk
 to our Shibboleth IdP. Any help is much appreciated.



 Thanks,

 Abba




-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Fediz Tomcat plug-in and Shibboleth IdP

2013-03-19 Thread Abba Yadav 


I am trying to integrate Fediz Tomcat plug-in to talk to our Shibboleth IdP. 
The Fediz tomcat plug-in on the Service Provider talks SAML 1.0.



Sample Fediz configuration file looks like this:



?xml version=1.0 encoding=UTF-8 standalone=yes?

!-- Place in Tomcat conf folder or other location as designated in this 
sample's webapp/META-INF/context.xml file.

 Keystore referenced below must have IDP STS' public cert included in it.  
This example re-uses the Tomcat SSL

 keystore (tomcat-rp.jks) for this task; alternatively you may wish to use 
a Fediz-specific keystore instead.

--

FedizConfig

contextConfig name=/fedizhelloworld

audienceUris


audienceItemhttps://localhost:8443/fedizhelloworld//audienceItemhttps://localhost:8443/fedizhelloworld/%3C/audienceItem

/audienceUris

certificateStores

trustManager

keyStore 
file=tomcat-rp.jks password=tompass type=JKS /

/trustManager

/certificateStores

trustedIssuers

issuer 
subject=.*CN=www.sts.com.* certificateValidation=ChainTrust


name=DoubleItSTSIssuer /

/trustedIssuers

maximumClockSkew1000/maximumClockSkew

protocol 
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;http://www.w3.org/2001/XMLSchema-instance%22


xsi:type=federationProtocolType version=1.0.0

!--realmtarget 
realm/realm--


issuerhttps://localhost:9443/fedizidp//issuerhttps://localhost:9443/fedizidp/%3C/issuer

roleDelimiter,/roleDelimiter


roleURIhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/role/roleURIhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/role%3C/roleURI

!--authenticationType 
type=Stringsome auth type/authenticationType--

!--homeRealm 
type=Classorg.apache.fediz.realm.MyHomeRealm/homeRealm--

!--freshness0/freshness--

!--replyreply 
value/reply--


!--requestREQUEST/request--

claimTypesRequested

claimType 
type=a particular claim type optional=true /

/claimTypesRequested

/protocol

/contextConfig

/FedizConfig





I am trying to map the different values required by fediz plugin to talk to our 
Shibboleth IdP. Any help is much appreciated.



Thanks,

Abba