Fediz Service Provider and Shibboleth IdP

Abba Yadav APY at usp.org
Mon Feb 18 10:34:32 EST 2013 

I am trying to integrate Fediz Tomcat plugin to talk to our Shibboleth IdP. The fediz tomcat plugin on the Service Provider talk SAML 1.0.

Sample fedix configuration file looks like this:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file.
     Keystore referenced below must have IDP STS' public cert included in it.  This example re-uses the Tomcat SSL
     keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead.
-->
<FedizConfig>
                <contextConfig name="/fedizhelloworld">
                                <audienceUris>
                                                <audienceItem>https://localhost:8443/fedizhelloworld/</audienceItem>
                                </audienceUris>
                                <certificateStores>
                                                <trustManager>
                                                                <keyStore file="tomcat-rp.jks" password="tompass" type="JKS" />
                                                </trustManager>
                                </certificateStores>
                                <trustedIssuers>
                                                <issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
                                                                name="DoubleItSTSIssuer" />
                                </trustedIssuers>
                                <maximumClockSkew>1000</maximumClockSkew>
                                <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                                xsi:type="federationProtocolType" version="1.0.0">
                                                <!--<realm>target realm</realm>-->
                                                <issuer>https://localhost:9443/fedizidp/</issuer>
                                                <roleDelimiter>,</roleDelimiter>
                                                <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
                                                <!--<authenticationType type="String">some auth type</authenticationType>-->
                                                <!--<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm</homeRealm>-->
                                                <!--<freshness>0</freshness>-->
                                                <!--<reply>reply value</reply>-->
                                                <!--<request>REQUEST</request>-->
                                                <claimTypesRequested>
                                                                <claimType type="a particular claim type" optional="true" />
                                                </claimTypesRequested>
                                </protocol>
                </contextConfig>
</FedizConfig>


I am trying to map the different values required by fediz plugin to talk to our Shibboleth IdP. Any help is much appreciated.

Thanks,
Abba
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130218/0ba64a22/attachment.html

More information about the users mailing list