From jboss-identity-commits at lists.jboss.org Wed Dec 16 14:15:23 2009 Content-Type: multipart/mixed; boundary="===============5058404183440707615==" MIME-Version: 1.0 From: jboss-identity-commits at lists.jboss.org To: jboss-identity-commits at lists.jboss.org Subject: [jboss-identity-commits] JBoss Identity SVN: r1095 - in identity-doc/trunk: DeveloperGuide and 5 other directories. Date: Wed, 16 Dec 2009 14:15:23 -0500 Message-ID: <200912161915.nBGJFNwh031847@svn01.web.mwc.hst.phx2.redhat.com> --===============5058404183440707615== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Author: anil.saldhana(a)jboss.com Date: 2009-12-16 14:15:22 -0500 (Wed, 16 Dec 2009) New Revision: 1095 Modified: identity-doc/trunk/DeveloperGuide/pom.xml identity-doc/trunk/DeveloperGuide/src/main/docbook/DeveloperGuide.xml identity-doc/trunk/UserGuide/pom.xml identity-doc/trunk/UserGuide/src/main/docbook/Author_Group.xml identity-doc/trunk/UserGuide/src/main/docbook/UserGuide.xml identity-doc/trunk/assembly/pom.xml identity-doc/trunk/parent/pom.xml identity-doc/trunk/pom.xml Log: picketlink Modified: identity-doc/trunk/DeveloperGuide/pom.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-doc/trunk/DeveloperGuide/pom.xml 2009-11-30 11:18:05 UTC (rev = 1094) +++ identity-doc/trunk/DeveloperGuide/pom.xml 2009-12-16 19:15:22 UTC (rev = 1095) @@ -1,7 +1,7 @@ - org.jboss.identity - jboss-identity-doc-parent + org.picketlink + picketlink-doc-parent 1.0.0.alpha2-SNAPSHOT ../parent Modified: identity-doc/trunk/DeveloperGuide/src/main/docbook/DeveloperGuide= .xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-doc/trunk/DeveloperGuide/src/main/docbook/DeveloperGuide.xml 2= 009-11-30 11:18:05 UTC (rev 1094) +++ identity-doc/trunk/DeveloperGuide/src/main/docbook/DeveloperGuide.xml 2= 009-12-16 19:15:22 UTC (rev 1095) @@ -1,19 +1,22 @@ - + + + %xinclude; ]> - = - - JBoss Identity Federation = + + + PicketLink Federation + Developer Guide = = = + xmlns:xi=3D"http://www.w3.org/2001/XInclude" /> = = - 1.0.0.alpha3. + 1.0.0 = @@ -21,7 +24,7 @@ What this Book Covers? = - This book aims to help you become familiar with JBoss Identity + This book aims to help you become familiar with PicketLink Federation in order that you can use it to develop your own Federated Identity based services or applications. = @@ -44,12 +47,12 @@ Introduction = - JBoss Identity Federation allows you to implement SAML v2.0 ba= sed + PicketLink Federation allows you to implement SAML v2.0 based services and applications. It also has support for Oasis WS-Trust ba= sed applications. = - With JBoss Identity Federation, you have the following + With PicketLink Federation, you have the following features. = @@ -103,8 +106,8 @@ and convert it into XML and back using the marshall or unmarshall= methods. - import org.jboss.identity.federation.api.saml.v2.request.SAML2Re= quest; - import org.jboss.identity.federation.saml.v2.protocol.LogoutRequ= estType; + import org.picketlink.identity.federation.api.saml.v2.request.SA= ML2Request; + import org.picketlink.identity.federation.saml.v2.protocol.Logou= tRequestType; = SAML2Request saml2Request =3D new SAML2Request(); = = @@ -128,7 +131,7 @@ as well as marshall and unmarshall to xml and back. - import org.jboss.identity.federation.api.saml.v2.request.SAML2Re= sponse; + import org.picketlink.identity.federation.api.saml.v2.request.SA= ML2Response; = SAML2Response saml2Response =3D new SAML2Response(); = saml2Response.createTimedConditions(assertion, this.assertionVal= idity) @@ -154,18 +157,18 @@ = JAXB2 Based Object Model for SAML and WS-Trust - JBoss Identity Federation contains an object model for SAMLv= 2 and WS-Trust v1.3 + PicketLink Federation contains an object model for SAMLv2 an= d WS-Trust v1.3 applications. The object model is very useful for developers who wa= nt to build advanced applications that are not fully supported by the Identity API from = the previous section. = Object Model for SAML v2 - org.jboss.identity.federation.sam= l.v2 is + org.picketlink.identity.federatio= n.saml.v2 is the package that contains the object model. Object Model for WS-Trust v1.3 - org.jboss.identity.federation.ws.= trust is + org.picketlink.identity.federatio= n.ws.trust is the package that contains the object model. = Modified: identity-doc/trunk/UserGuide/pom.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-doc/trunk/UserGuide/pom.xml 2009-11-30 11:18:05 UTC (rev 1094) +++ identity-doc/trunk/UserGuide/pom.xml 2009-12-16 19:15:22 UTC (rev 1095) @@ -1,7 +1,7 @@ - org.jboss.identity - jboss-identity-doc-parent + org.picketlink + picketlink-doc-parent 1.0.0.alpha2-SNAPSHOT ../parent Modified: identity-doc/trunk/UserGuide/src/main/docbook/Author_Group.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-doc/trunk/UserGuide/src/main/docbook/Author_Group.xml 2009-11-= 30 11:18:05 UTC (rev 1094) +++ identity-doc/trunk/UserGuide/src/main/docbook/Author_Group.xml 2009-12-= 16 19:15:22 UTC (rev 1095) @@ -1,6 +1,9 @@ - - Anil Saldhana + = + + Anil + Saldhana + = Modified: identity-doc/trunk/UserGuide/src/main/docbook/UserGuide.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-doc/trunk/UserGuide/src/main/docbook/UserGuide.xml 2009-11-30 = 11:18:05 UTC (rev 1094) +++ identity-doc/trunk/UserGuide/src/main/docbook/UserGuide.xml 2009-12-16 = 19:15:22 UTC (rev 1095) @@ -1,29 +1,31 @@ - - + = + + + %xinclude; ]> - + = + = + = + PicketLink Federation = - - JBoss Identity Federation + User Guide = = - User Guide = - - = = + = - 1.0.0.alpha3. + 1.0.0 = - = = What this Book Covers = - This book aims to help you become familiar with JBoss Identity + This book aims to help you become familiar with PicketLink Federation in order that you can use it to build your own Federated Identity based services or applications. = @@ -52,15 +54,18 @@ Introduction = - JBoss Identity Federation allows you to implement SAML v2.0 ba= sed + PicketLink Federation allows you to implement SAML v2.0 based services and applications. It also has support for Oasis WS-Trust ba= sed - applications (which is under development). + applications. = - With JBoss Identity Federation, you have the following + With PicketLink Federation, you have the following features. = = + SAML v2 Web Browser SSO Support for JavaEE Web Container.<= /para> + + = SAML v2 Web Browser SSO (HTTP/Redirect Binding) Support fo= r = JBoss Application Server and Apache Tomcat. @@ -70,6 +75,16 @@ JBoss Application Server and Apache Tomcat with XML Signature Support. = + = + SAML v2 Web Browser SSO (HTTP/POST Binding) Support for = + JBoss Application Server and Apache Tomcat. + + + + SAML v2 Web Browser SSO (HTTP/POST Binding) Support for = + JBoss Application Server and Apache Tomcat + with XML Signature Support. + = = @@ -77,12 +92,12 @@ Installation - JBoss Identity Federation requires the following libraries + PicketLink Federation requires the following libraries to be either downloaded separately or as part of the Java JDK or as part of JBoss Application Server. - Download the ZIP version of the JBoss Identity Community Platform. = + Download the ZIP version of the PicketLink for either JBoss AS or = Tomcat. = Place the unzipped jar files in the lib directory of tomcat or JBoss AS. Additionally ensure that the following dependencies are met. @@ -116,7 +131,7 @@ = Web Single Sign On (SSO) - In this chapter, we will look at usage of JBoss Identity + In this chapter, we will look at usage of PicketLink Federation to help you obtain a platform to implement federated iden= tity based services (including centralized identity services and Single Sign-On (SSO) for applications). @@ -157,13 +172,15 @@ Check list for configuring the IDP - Configure the IDP as a secure web application. + + the IDP as a secure web application. = - Configure the web.xml to either allow FORM or BASIC= authentication. + + Configure the web.xml to either allow FORM or BASIC a= uthentication. - Configure the context.xml for IDP valves. + Configure the context.xml for IDP valves. - Configure the jboss-idfed.xml for IDP configuration. + Configure the picketlink-idfed.xml for IDP co= nfiguration. @@ -235,10 +252,12 @@ = Remember to configure the realm or login modules for yo= ur IDP as per the Tomcat or = JBoss AS documentation on "securing your web application". - + = + Tomcat Realm and JBoss= AS Security + = = @@ -255,7 +274,7 @@ <Context> <Valve = - className=3D"org.jboss.identity.federation.bindings.tomcat= .idp.IDPWebBrowserSSOValve" = + className=3D"org.picketlink.identity.federation.bindings.t= omcat.idp.IDPWebBrowserSSOValve" = /> </Context> @@ -275,13 +294,13 @@ =
- Configure the JBoss Identity Federation configuration f= ile (jboss-idfed.xml) - Configure jboss-idfed.xml in WEB-INF of your = + Configure the PicketLink Federation configuration file = (picketlink-idfed.xml) + Configure picketlink-idfed.xml= in WEB-INF of your = IDP web application - <JBossIDP xmlns=3D"urn:jboss:identity-federation:config:1.0= " > + <PicketLinkIDP xmlns=3D"urn:picketlink:identity-federation:= config:1.0" > <IdentityURL>http://localhost:8080/idp</IdentityURL= > = - </JBossIDP> + </PicketLinkIDP> = In this configuration file, you are providing the URL of= your IDP. = @@ -300,15 +319,20 @@ Check List for configuring the Service Provider. - Configure the SP as a secure FORM authentication b= ased web application. + + Configure the SP as a secure FORM authentication bas= ed web application. - Configure the web.xml of the SP web application. + + Configure the web.xml of the SP web application. - Configure the context.xml for the SP valves. + + Configure the context.xml for the SP valves. - Configure the jboss-idfed.xml for the SP configura= tion. + + Configure the picketlink-idfed.xml for the SP config= uration. - Perform additional steps if the SP is running on J= Boss Application Server. + + Perform additional steps if the SP is running on JB= oss Application Server. @@ -401,7 +425,7 @@ = <Context> <Valve - className=3D"org.jboss.identity.federation.bindings.tomcat.s= p.SPRedirectFormAuthenticator" = + className=3D"org.picketlink.identity.federation.bindings.tom= cat.sp.SPRedirectFormAuthenticator" = /> </Context> = @@ -422,16 +446,16 @@
=
- Configure the JBoss Identity Federation configuration f= ile (jboss-idfed.xml) - Configure jboss-idfed.xml in WEB-INF of your = + Configure the PicketLink Federation configuration file = (picketlink-idfed.xml) + Configure picketlink.xml in WEB-INF of your = SP web application = = - <JBossSP xmlns=3D"urn:jboss:identity-federation:config:1.0"= > + <PicketLinkSP xmlns=3D"urn:picketlink:identity-federation:c= onfig:1.0"> <IdentityURL>http://localhost:8080/idp</IdentityURL= > <ServiceURL>http://localhost:8080/sales</ServiceURL= > - </JBossSP> + </PicketLinkSP> = = @@ -473,7 +497,7 @@ <application-policy name =3D "sp"> <authentication> <login-module = - code =3D "org.jboss.identity.federation.bindings.jboss.a= uth.SAML2LoginModule" /> + code =3D "org.picketlink.identity.federation.bindings.jb= oss.auth.SAML2LoginModule" /> </authentication> = </application-policy> = @@ -503,13 +527,13 @@ Check list for configuring the IDP - Configure the IDP as a secure web application. + Configure the IDP as a secure web application= . - Configure the web.xml to either allow FORM or BASIC= authentication. + Configure the web.xml to either allow FORM or= BASIC authentication. - Configure the context.xml for IDP valves. + Configure the context.xml for IDP valves. - Configure the jboss-idfed.xml for IDP configuration. + Configure the picketlink-idfed.xml for IDP co= nfiguration. @@ -535,7 +559,7 @@ <Context> <Valve = className - =3D"org.jboss.identity.federation.bindings.tomcat.idp.IDPR= edirectWithSignatureValve" = + =3D"org.picketlink.identity.federation.bindings.tomcat.idp= .IDPRedirectWithSignatureValve" = /> </Context> @@ -555,17 +579,17 @@
=
- Configure the JBoss Identity Federation configuration f= ile (jboss-idfed.xml) - Configure jboss-idfed.xml in WEB-INF of your = + Configure the PicketLink Federation configuration file = (picketlink-idfed.xml) + Configure picketlink-idfed.xml= in WEB-INF of your = IDP web application - <JBossIDP xmlns=3D"urn:jboss:identity-federation:config:1.0= " > + <PicketLinkIDP xmlns=3D"urn:picketlink:identity-federation:= config:1.0" > <IdentityURL>http://localhost:8080/idp-sig</Identit= yURL> <Trust> <Domains>localhost,jboss.com,jboss.org</Domains&= gt; </Trust> <KeyProvider = - ClassName=3D"org.jboss.identity.federation.bindings.tomca= t.KeyStoreKeyManager"> + ClassName=3D"org.picketlink.identity.federation.bindings.= tomcat.KeyStoreKeyManager"> <Auth Key=3D"KeyStoreURL" Value=3D"jbid_test_keystore.= jks" /> <Auth Key=3D"KeyStorePass" Value=3D"store123" /> <Auth Key=3D"SigningKeyPass" Value=3D"test123" /> @@ -573,7 +597,7 @@ <ValidatingAlias Key=3D"localhost" Value=3D"servercert= "/> <ValidatingAlias Key=3D"127.0.0.1" Value=3D"servercert= "/> </KeyProvider> - </JBossIDP> + </PicketLinkIDP> = In this configuration file, you are providing the URL of= your IDP. = @@ -607,13 +631,14 @@ Check List for configuring the Service Provider. - Configure the SP as a secure FORM authentication b= ased web application. + + Configure the SP as a secure FORM authentication ba= sed web application. - Configure the web.xml of the SP web application. + Configure the web.xml of the SP web applicat= ion. - Configure the context.xml for the SP valves. + Configure the context.xml for the SP valves.= - Configure the jboss-idfed.xml for the SP configura= tion. + Configure the picketlink-idfed.xml for the S= P configuration. = @@ -646,7 +671,7 @@ <Context> <Valve className=3D - "org.jboss.identity.federation.bindings.tomcat.sp.SPRedirect= SignatureFormAuthenticator" = + "org.picketlink.identity.federation.bindings.tomcat.sp.SPRed= irectSignatureFormAuthenticator" = /> </Context> = @@ -667,17 +692,17 @@
=
- Configure the JBoss Identity Federation configuration f= ile (jboss-idfed.xml) - Configure jboss-idfed.xml in WEB-INF of your = + Configure the PicketLink Federation configuration file = (picketlink-idfed.xml) + Configure picketlink-idfed.xml= in WEB-INF of your = IDP web application - <JBossIDP xmlns=3D"urn:jboss:identity-federation:config:1.0= " > + <PicketLinkIDP xmlns=3D"urn:picketlink:identity-federation:= config:1.0" > <IdentityURL>http://localhost:8080/idp-sig</Identit= yURL> <Trust> <Domains>localhost,jboss.com,jboss.org</Domains&= gt; </Trust> <KeyProvider = - ClassName=3D"org.jboss.identity.federation.bindings.tomca= t.KeyStoreKeyManager"> + ClassName=3D"org.picketlink.identity.federation.bindings.= tomcat.KeyStoreKeyManager"> <Auth Key=3D"KeyStoreURL" Value=3D"jbid_test_keystore.= jks" /> <Auth Key=3D"KeyStorePass" Value=3D"store123" /> <Auth Key=3D"SigningKeyPass" Value=3D"test123" /> @@ -685,7 +710,7 @@ <ValidatingAlias Key=3D"localhost" Value=3D"servercert= "/> <ValidatingAlias Key=3D"127.0.0.1" Value=3D"servercert= "/> </KeyProvider> - </JBossIDP> + </PicketLinkIDP> = In this configuration file, we define the URLs for the s= ervice provider and = @@ -714,10 +739,10 @@ = -
- - Web SSO (XML Encryption Support) - + Web SSO (XML Encryption Support) +
= + Web SSO (XML Encryption Support) + =
@@ -725,10 +750,12 @@ Troubleshooting + Logging + =
Configuring Logging - JBoss Identity Federation uses Apache log4j as the logging fra= mework. + PicketLink Federation uses Apache log4j as the logging framewo= rk.
Configuring Logging on Apache Tomcat @@ -856,7 +883,7 @@ Resources on the Web - JBossIdentity P= roject Page + PicketLink Project= Page - org.jboss.identity - jboss-identity-doc-parent + org.picketlink + picketlink-doc-parent 1.0.0.alpha2-SNAPSHOT ../parent 4.0.0 - org.jboss.identity - jboss-identity-doc + picketlink-doc pom - JBoss Identity Federation- Assembly - http://labs.jboss.org/portal/jbosssecurity/ - JBoss Identity doc + PicketLink Federation- Assembly + http://labs.jboss.org/portal/picketlink/ + PicketLink doc lgpl @@ -40,14 +39,14 @@ - JBoss Identity + PicketLink ${project.version} Red Hat Middleware LLC - JBoss Identity + PicketLink ${project.version} - org.jboss.security + org.picketlink Red Hat Middleware LLC - http://labs.jboss.org/portal/jbosssecuri= ty/ + http://labs.jboss.org/picketlink Modified: identity-doc/trunk/parent/pom.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-doc/trunk/parent/pom.xml 2009-11-30 11:18:05 UTC (rev 1094) +++ identity-doc/trunk/parent/pom.xml 2009-12-16 19:15:22 UTC (rev 1095) @@ -5,13 +5,13 @@ 4 4.0.0 - org.jboss.identity - jboss-identity-doc-parent + org.picketlink + picketlink-doc-parent pom 1.0.0.alpha2-SNAPSHOT - JBoss Identity Doc- Parent - http://labs.jboss.org/portal/jbossidentity/ - JBoss Identity is a cross-cutting project that handles ident= ity needs for the JEMS projects + PicketLink Doc- Parent + http://labs.jboss.org/picketlink + PicketLink is a cross-cutting project that handles identity = needs for the JEMS projects lgpl Modified: identity-doc/trunk/pom.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-doc/trunk/pom.xml 2009-11-30 11:18:05 UTC (rev 1094) +++ identity-doc/trunk/pom.xml 2009-12-16 19:15:22 UTC (rev 1095) @@ -1,19 +1,18 @@ - org.jboss.identity - jboss-identity-doc-parent + org.picketlink + picketlink-doc-parent 1.0.0.alpha2-SNAPSHOT parent = 4.0.0 - org.jboss.identity.docs - jboss-identity-docs + picketlink-docs 1.0.0.alpha2-SNAPSHOT pom - JBoss Identity Docs - http://www.jboss.com/products/jbossidentity - JBoss Identity Documentation + PicketLink Docs + http://www.jboss.com/picketlink + PicketLink Documentation parent DeveloperGuide --===============5058404183440707615==-- From jboss-identity-commits at lists.jboss.org Thu Dec 17 12:15:37 2009 Content-Type: multipart/mixed; boundary="===============5834948636618776029==" MIME-Version: 1.0 From: jboss-identity-commits at lists.jboss.org To: jboss-identity-commits at lists.jboss.org Subject: [jboss-identity-commits] JBoss Identity SVN: r1096 - identity-doc/trunk/UserGuide/src/main/docbook. Date: Thu, 17 Dec 2009 12:15:37 -0500 Message-ID: <200912171715.nBHHFbxu024376@svn01.web.mwc.hst.phx2.redhat.com> --===============5834948636618776029== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Author: anil.saldhana(a)jboss.com Date: 2009-12-17 12:15:36 -0500 (Thu, 17 Dec 2009) New Revision: 1096 Modified: identity-doc/trunk/UserGuide/src/main/docbook/UserGuide.xml Log: update doc Modified: identity-doc/trunk/UserGuide/src/main/docbook/UserGuide.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-doc/trunk/UserGuide/src/main/docbook/UserGuide.xml 2009-12-16 = 19:15:22 UTC (rev 1095) +++ identity-doc/trunk/UserGuide/src/main/docbook/UserGuide.xml 2009-12-17 = 17:15:36 UTC (rev 1096) @@ -120,7 +120,7 @@ Location for downloading the jars - JBoss Maven Rep= ository + = PicketLink - JBoss Maven Repository = = @@ -137,11 +137,11 @@ and Single Sign-On (SSO) for applications). =
- SAML v2 based Web SSO + SAML v2 based Web SSO using HTTP/Redirect Binding This section will talk about the configuration information to support the SAML V2.0 based Web Single Sign On (SSO). The SAML p= rofile - that is implemented is the HTTP/Redirect binding with centralized - identity services to enable web SSO for your applications. + has support for both the HTTP/POST and the HTTP/Redirect binding= s = + with centralized identity services to enable web SSO for your ap= plications. @@ -154,14 +154,15 @@ - The architecture follows the Hub and Spoke architecture of I= dentity Management. = + The architecture follows the Hub and Spoke architecture of I= dentity = + Management. = An Identity Provider (IDP) acts as the central source (hub) for id= entity and role = information to all the applications (Service Providers/SP). The sp= okes are the = Service Providers (SP). The IDP and the SP can be a JBoss Application Server or a = Tomcat instance. - Please note that the instructions for Tomcat and JBAS are differ= ent. + Please note that the instructions for Tomcat and JBAS have sligh= t differences. = @@ -173,15 +174,30 @@ Check list for configuring the IDP - the IDP as a secure web application. = + + The IDP as a secure web application. + = - Configure the web.xml to either allow FORM or BASIC a= uthentication. + + Configure the web.xml to either allow FORM or BASIC authe= ntication. = + - Configure the context.xml for IDP valves. + + + Configure the context.xml for IDP valves. + - Configure the picketlink-idfed.xml for IDP co= nfiguration. + + + Configure the picketlink-idfed.xml for IDP configuration. + + + + Configure the picketlink-handlers.xml for IDP configurati= on. + + = @@ -299,7 +315,7 @@ IDP web application <PicketLinkIDP xmlns=3D"urn:picketlink:identity-federation:= config:1.0" > - <IdentityURL>http://localhost:8080/idp</IdentityURL= > = + <IdentityURL>http://localhost:8080/idp/</IdentityUR= L> = </PicketLinkIDP> = @@ -309,6 +325,27 @@
+ + Configure the PicketLink Federation Handlers file (picketlink= -handlers.xml) + + + Configure picketlink-handlers.xml = + in WEB-INF of your IDP web application + + + <Handlers xmlns=3D"urn:picketlink:identity-federation:handl= er:config:1.0"> +<Handler class=3D"org.picketlink.identity.federation.web.handlers.saml2= .SAML2IssuerTrustHandler"/> +<Handler class=3D"org.picketlink.identity.federation.web.handlers.saml2= .SAML2LogOutHandler"/> +<Handler class=3D"org.picketlink.identity.federation.web.handlers.saml2= .SAML2AuthenticationHandler"/> +<Handler class=3D"org.picketlink.identity.federation.web.handlers.saml2= .RolesGenerationHandler"/> +</Handlers> + + + + Note the order of the handlers is important. + +
= @@ -332,6 +369,11 @@ Configure the picketlink-idfed.xml for the SP config= uration. + + Configure the picketlink-handlers.xml for the SP configu= ration. + + + Perform additional steps if the SP is running on JB= oss Application Server. @@ -447,8 +489,10 @@ =
Configure the PicketLink Federation configuration file = (picketlink-idfed.xml) - Configure picketlink.xml in WEB-INF of your = - SP web application + + Configure picketlink-idfed.xml = + in WEB-INF of your SP web application + = = @@ -464,6 +508,29 @@ the identity provider.
+ + Configure the PicketLink Federation Handlers file (picketlink= -handlers.xml) + + + Configure picketlink-handlers.xml = + in WEB-INF of your SP web application. + + + +<Handlers xmlns=3D"urn:picketlink:identity-federation:handler:config:1.= 0"> + +<Handler class=3D"org.picketlink.identity.federation.web.handlers.saml2= .SAML2LogOutHandler"/> + +<Handler class=3D"org.picketlink.identity.federation.web.handlers.saml2= .SAML2AuthenticationHandler"/> + +</Handlers> + + +
+ + =
Additional Steps for JBoss AS based SP @@ -508,6 +575,38 @@
=
+ + +
+ SAML v2 based Web SSO using HTTP/POST Binding + + In the previous section, we looked at the HTTP/Redirect Binding = for obtaining + web browser based SSO. If you would like to utilize the HTTP/POS= T binding + which is the recommended binding, then configure the IDP as in t= he = + HTTP/Redirect binding. + + + The configuration at the SP is identical to the HTTP/Redirect Bi= nding except + that the context.xml at the SP looks as follows (change in the va= lve class): + + = + The context.xml file should look like: + + + <Context> + <Valve + className=3D"org.picketlink.identity.federation.bindings.tomca= t.sp.SPPostFormAuthenticator" = + /> + </Context> + + + + + Remember for the HTTP/POST Binding, the IDP configuration is exac= tly the same as the HTTP/Redirect Binding. For the SP Configuration, there = is a change in context.xml only. The rest is the same as HTTP/Redirect bind= ing. + + + +
= @@ -632,14 +731,28 @@ - Configure the SP as a secure FORM authentication ba= sed web application. + + Configure the SP as a secure FORM authentication based w= eb application. + - Configure the web.xml of the SP web applicat= ion. + + Configure the web.xml of the SP web application. - Configure the context.xml for the SP valves.= + + + Configure the context.xml for the SP valves. + - Configure the picketlink-idfed.xml for the S= P configuration. + + + Configure the picketlink-idfed.xml for the SP configurati= on. + + + + Configure the picketlink-handlers.xml for the SP configur= ation. + + = = @@ -684,7 +797,9 @@ = - If the SP is running in JBoss Application Server, then= place the context.xml in = + = + If the SP is running in JBoss Application Server, then place= the = + context.xml in = WEB-INF of your SP web ap= plication. @@ -693,8 +808,9 @@ =
Configure the PicketLink Federation configuration file = (picketlink-idfed.xml) - Configure picketlink-idfed.xml= in WEB-INF of your = - IDP web application + Configure picketlink-idfed.xml= = + in WEB-INF of your SP web application. + <PicketLinkIDP xmlns=3D"urn:picketlink:identity-federation:= config:1.0" > <IdentityURL>http://localhost:8080/idp-sig</Identit= yURL> @@ -734,6 +850,17 @@
+ Configure the PicketLink Federation handlers file (pick= etlink-handlers.xml) + + Configure picketlink-handlers.xml = + in WEB-INF of your SP web application + + + Please refer to the previous chapter for the handlers file. + +
= + = = --===============5834948636618776029==--