| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file. |
| Keystore referenced below must have IDP STS' public cert included in it. This example re-uses the Tomcat SSL |
| keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead. |
| --> |
| <FedizConfig> |
| <contextConfig name="/fedizhelloworld"> |
| <audienceUris> |
| <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem> |
| </audienceUris> |
| <certificateStores> |
| <trustManager> |
| <keyStore file="clienttrust.jks" password="storepass" type="JKS" /> |
| </trustManager> |
| </certificateStores> |
| <trustedIssuers> |
| <issuer certificateValidation="PeerTrust" /> |
| </trustedIssuers> |
| <maximumClockSkew>1000</maximumClockSkew> |
| <signingKey keyAlias="mytomidpkey" keyPassword="tompass"> |
| <keyStore file="server.jks" password="tompass" type="JKS" /> |
| </signingKey> |
| <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:type="federationProtocolType" version="1.0.0"> |
| <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm> |
| <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer> |
| <roleDelimiter>,</roleDelimiter> |
| <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> |
| <freshness>10</freshness> |
| <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm> |
| <claimTypesRequested> |
| <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" optional="false" /> |
| <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" /> |
| <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" /> |
| <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" /> |
| </claimTypesRequested> |
| <authenticationType>http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl</authenticationType> |
| <request type="Class">org.apache.cxf.fediz.systests.jetty9.HOKCallbackHandler</request> |
| </protocol> |
| <logoutURL>/secure/logout</logoutURL> |
| <logoutRedirectTo>/index.html</logoutRedirectTo> |
| </contextConfig> |
| <contextConfig name="/fedizspringhelloworld"> |
| <audienceUris> |
| <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem> |
| </audienceUris> |
| <certificateStores> |
| <trustManager> |
| <keyStore file="clienttrust.jks" password="storepass" type="JKS" /> |
| </trustManager> |
| </certificateStores> |
| <trustedIssuers> |
| <issuer certificateValidation="PeerTrust" /> |
| </trustedIssuers> |
| <maximumClockSkew>1000</maximumClockSkew> |
| <signingKey keyAlias="mytomidpkey" keyPassword="tompass"> |
| <keyStore file="server.jks" password="tompass" type="JKS" /> |
| </signingKey> |
| <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:type="federationProtocolType" version="1.0.0"> |
| <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm> |
| <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer> |
| <roleDelimiter>,</roleDelimiter> |
| <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> |
| <freshness>10</freshness> |
| <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm> |
| <claimTypesRequested> |
| <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" optional="false" /> |
| <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" /> |
| <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" /> |
| <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" /> |
| </claimTypesRequested> |
| <authenticationType>http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl</authenticationType> |
| <request type="Class">org.apache.cxf.fediz.systests.jetty9.HOKCallbackHandler</request> |
| </protocol> |
| <logoutURL>/secure/logout</logoutURL> |
| <logoutRedirectTo>/index.html</logoutRedirectTo> |
| </contextConfig> |
| </FedizConfig> |
| |