I am trying to map the different values required by fediz plugin to talk to
our Shibboleth IdP. Any help is much appreciated.
What kind of help are you looking for? Is the Fediz plugin making an
invocation on the Shibboleth IdP that is rejected? If so please post the
exception and we might be able to help.
Colm.
On Tue, Mar 19, 2013 at 2:16 PM, Abba Yadav a...@usp.org wrote:
I am trying to integrate Fediz Tomcat plug-in to talk to our Shibboleth
IdP. The Fediz tomcat plug-in on the Service Provider talks SAML 1.0.
Sample Fediz configuration file looks like this:
?xml version=1.0 encoding=UTF-8 standalone=yes?
!-- Place in Tomcat conf folder or other location as designated in this
sample's webapp/META-INF/context.xml file.
Keystore referenced below must have IDP STS' public cert included in
it. This example re-uses the Tomcat SSL
keystore (tomcat-rp.jks) for this task; alternatively you may wish to
use a Fediz-specific keystore instead.
--
FedizConfig
contextConfig name=/fedizhelloworld
audienceUris
audienceItem
https://localhost:8443/fedizhelloworld//audienceItem
https://localhost:8443/fedizhelloworld/%3C/audienceItem
/audienceUris
certificateStores
trustManager
keyStore
file=tomcat-rp.jks password=tompass type=JKS /
/trustManager
/certificateStores
trustedIssuers
issuer
subject=.*CN=www.sts.com.* certificateValidation=ChainTrust
name=DoubleItSTSIssuer /
/trustedIssuers
maximumClockSkew1000/maximumClockSkew
protocol xmlns:xsi=
http://www.w3.org/2001/XMLSchema-instance;
http://www.w3.org/2001/XMLSchema-instance%22
xsi:type=federationProtocolType version=1.0.0
!--realmtarget
realm/realm--
issuer
https://localhost:9443/fedizidp//issuer
https://localhost:9443/fedizidp/%3C/issuer
roleDelimiter,/roleDelimiter
roleURI
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role/roleURI
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role%3C/roleURI
!--authenticationType
type=Stringsome auth type/authenticationType--
!--homeRealm
type=Classorg.apache.fediz.realm.MyHomeRealm/homeRealm--
!--freshness0/freshness--
!--replyreply
value/reply--
!--requestREQUEST/request--
claimTypesRequested
claimType
type=a particular claim type optional=true /
/claimTypesRequested
/protocol
/contextConfig
/FedizConfig
I am trying to map the different values required by fediz plugin to talk
to our Shibboleth IdP. Any help is much appreciated.
Thanks,
Abba
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com