Re: Running Fediz Spring example webapp

Fri, 19 Jul 2013 07:45:42 -0700 

El 15/07/13 12:14, Oliver Wulff escribió:


Please update the issuer url to the following (WEB-INF/fediz_config.xml, I'll 
delete the one in src/main/config)
https://localhost:9443/fediz-idp/federation



Thanks for your help. I made great progress. I have my own application 
authenticating against the a Tomcat running Fediz IDP-STS.



My question now is about the certificates on the relaying party side (my 
application).



I'm now using the example's keystores and certificates. In the 
CATALINA_HOME of my application's Tomcat 7 I have "tomcat-rp.jks" which 
is used to set up HTTPS connector and inside my application's WAR I have 
"stsstore.jks" which is referenced in my application's 
WEB-INF/fediz_config.xml like this


<certificateStores>
<trustManager>
<keyStore file="stsstore.jks" password="stsspass" type="JKS" />
</trustManager>
</certificateStores>


I'm a bit confused as the documentation 
[http://cxf.apache.org/fediz-configuration.html] says


- certificateStores
- Trusted certificate store
- Required

"The list of keystores (JKS, PEM) includes at least the certificate of 
the Certificate Authorities (CA) which signed the certificate which is 
used to sign the SAML token.
If the file location is not fully qualified it needs to be relative to 
the Container home directory"



Right now that file is not relative to the container. So maybe the doc 
is outdated?



I want to authenticate to a different identity server (I think this one 
is based on ActiveDirectory).



If those 2 are the only stores I have to manage from my application, 
then reading the keystore documentation I think what I have to do is:


 - import the IDP key (from the active directory) in the stsstore.jks

Because the example already has the other 2 step done from the beggining:
 - export the key from stsstore.jks into MySTS.cer
 - import the MySTS.cer into tomcat-rp.jks


So I need to get the IDP key. Would it the the public key I can export 
from the browser when accessing the identity server I want to 
authenticate to?


https://186.33.232.65/


I may be confused because I'm new to the WS-Federation protocol. Any 
help is appreciated.


Thanks.






















					Reply via email to