starting to set up the IDP side of SourceID-SSO support (not ready yet)

This commit is contained in:
Eric J. Bowersox 2003-06-17 23:17:34 +00:00
parent dfb73d88ff
commit e62375e6ee
9 changed files with 428 additions and 6 deletions

View File

@ -425,17 +425,20 @@
<fileset dir="${sourceid.base}/conf" includes="*.xsd"/>
</copy>
<copy todir="assembly/venice-sp/WEB-INF">
<fileset dir="conf-sso/sp">
<fileset dir="conf-sso">
<include name="dynamo.xml"/>
<include name="web.xml"/>
</fileset>
<fileset dir="conf-sso/sp">
<include name="sourceid-sso.xml"/>
<include name="sourceid-sso-providers.xml"/>
<include name="venice-sp.keystore"/>
</fileset>
</copy>
<copy file="conf-sso/sp/logging.xml" todir="assembly/venice-sp/WEB-INF">
<copy file="conf-sso/logging.xml" todir="assembly/venice-sp/WEB-INF">
<filterset>
<filter token="LOGDIR" value="${logfile.dir}"/>
<filter token="WHICH" value="sp"/>
</filterset>
</copy>
<copy file="${sourceid.base}/conf/server-config.wsdd" todir="assembly/venice-sp/WEB-INF"
@ -451,11 +454,88 @@
</copy>
</target>
<!-- ============================================================================
"assemble-venice-sso-idp" - Pseudo-target that creates the directory structure
for Venice, with configuration as a SourceID-SSO
Identity Provider.
============================================================================ -->
<target name="assemble-venice-sso-idp" depends="init,all-jars" if="sourceid.present">
<mkdir dir="assembly/venice-idp"/>
<mkdir dir="assembly/venice-idp/WEB-INF/classes"/>
<mkdir dir="assembly/venice-idp/WEB-INF/lib"/>
<mkdir dir="assembly/venice-idp/WEB-INF/modules"/>
<mkdir dir="assembly/venice-idp/WEB-INF/xsd"/>
<copy todir="assembly/venice-idp/WEB-INF/classes" preservelastmodified="yes">
<fileset dir="${sourceid.base}/conf">
<include name="commons-logging.properties"/>
<include name="ApplicationResources.properties"/>
</fileset>
</copy>
<copy todir="assembly/venice-idp/WEB-INF/lib">
<fileset dir="jars" includes="venice-sso-helper.jar,venice-base.jar,dynamo-framework.jar,baseutil.jar"/>
<fileset dir="drivers" includes="*.jar"/>
<fileset dir="${bsf.lib}" includes="${bsf.jarfile}"/>
<fileset dir="${collections.lib}" includes="${collections.jarfile}"/>
<fileset dir="${commlang.lib}" includes="${commlang.jarfile}"/>
<fileset dir="${rhino.lib}" includes="${rhino.jarfile}"/>
<fileset dir="${log4j.lib}" includes="${log4j.jarfile}"/>
<fileset dir="${velocity.lib}" includes="${velocity.jarfile}"/>
<fileset dir="${lucene.lib}" includes="${lucene.jarfile}"/>
<fileset dir="${sourceid.base}" includes="sourceid-sso.jar"/>
<fileset dir="${sourceid.base}/webapp/WEB-INF/lib">
<include name="axis-ant.jar"/>
<include name="axis.jar"/>
<include name="castor-0.9.4.2-xml.jar"/>
<include name="commons-discovery.jar"/>
<include name="commons-logging.jar"/>
<include name="jaxrpc.jar"/>
<include name="saaj.jar"/>
<include name="wsdl4j.jar"/>
<include name="xalan.jar"/>
<include name="xml-apis.jar"/>
<include name="xmlsec.jar"/>
</fileset>
</copy>
<copy todir="assembly/venice-idp/WEB-INF/xsd" preservelastmodified="yes">
<fileset dir="${sourceid.base}/conf" includes="*.xsd"/>
</copy>
<copy todir="assembly/venice-idp/WEB-INF">
<fileset dir="conf-sso">
<include name="dynamo.xml"/>
<include name="web.xml"/>
</fileset>
<fileset dir="conf-sso/idp">
<include name="sourceid-sso.xml"/>
<include name="sourceid-sso-providers.xml"/>
<include name="venice-idp.keystore"/>
</fileset>
</copy>
<copy file="conf-sso/logging.xml" todir="assembly/venice-idp/WEB-INF">
<filterset>
<filter token="LOGDIR" value="${logfile.dir}"/>
<filter token="WHICH" value="idp"/>
</filterset>
</copy>
<copy file="${sourceid.base}/conf/server-config.wsdd" todir="assembly/venice-idp/WEB-INF"
preservelastmodified="yes"/>
<copy todir="assembly/venice-idp/WEB-INF">
<fileset dir="venice-data" includes="**/*"/>
</copy>
<copy todir="assembly/venice-idp/WEB-INF" overwrite="yes">
<fileset dir="venice-data-sso/idp" includes="**/*"/>
</copy>
<copy todir="assembly/venice-idp">
<fileset dir="venice-web" includes="**/*"/>
</copy>
</target>
<!-- ============================================================================
"all-assemblies" - Pseudo-target that assembles all Web application directory
structures.
============================================================================ -->
<target name="all-assemblies" depends="init,assemble-test-app,assemble-venice,assemble-venice-sso-sp"/>
<target name="all-assemblies"
depends="init,assemble-test-app,assemble-venice,assemble-venice-sso-sp,assemble-venice-sso-idp"/>
<!-- ============================================================================
"all" - Pseudo-target that builds everything.

View File

@ -0,0 +1,227 @@
<?xml version="1.0"?>
<ProviderDirectory xmlns:lib="http://projectliberty.org/schemas/core/2002/12"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns="http://www.sourceid.org/schemas/sso/providers/2002/11">
<lib:SPDescriptor xmlns:lib="http://projectliberty.org/schemas/core/2002/12"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<lib:ProviderID>Venice-SSO-SP</lib:ProviderID>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#">MIICbjCCAdcCBD7AlmwwDQYJKoZIhvcNAQEEBQAwfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNPMQ8wDQYDVQQHEwZEZW52ZXIxIzAhBgNVBAoTGlNpbHZlcndyaXN0IERlc2lnbiBTdHVkaW9zMRQwEgYDVQQLEwtEZXZlbG9wbWVudDEWMBQGA1UEAxMNRXJpYyBCb3dlcnNveDAeFw0wMzA1MTMwNjUzMzJaFw0wMzA4MTEwNjUzMzJaMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMSMwIQYDVQQKExpTaWx2ZXJ3cmlzdCBEZXNpZ24gU3R1ZGlvczEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxFjAUBgNVBAMTDUVyaWMgQm93ZXJzb3gwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvjYZPJwt16vTVIKleltTVDyvswVr2vCd9aHg7rKPhNKN+iVS2XY+Y5IopgcVtshQx/SbWnPNldtpGtFewaSQzCud/Lhja1xoGO/nTbjRr7MrPlR3yub8KO90tgslZ9yjEPZDWDEr3Y59ieDpMtAnYjS2GQ2LFRHq63kzd4AXg1AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAVhJqkLZd59BiTjvRF0ZtBKXe+kxnvyclc0MeIzkzGFmnpMuSpSyZ3LlYp0uvFn5OADM6KkXj7DgXIqb1bqIvXmlwDds+oO3KL+WdHBO9KHW0KjR2jpIujpmJ8Eaf/cefcOxxA00CMrwBeL8EXyAaynpcT78nrT5iN3FZwMkBi9o=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<lib:AssertionConsumerServiceURL>http://localhost:8080/venice-sp/sso/authnRequest</lib:AssertionConsumerServiceURL>
<lib:SoapEndpoint>http://localhost:8080/venice-sp/sso/soap/endpoint</lib:SoapEndpoint>
<lib:SingleLogoutServiceURL>http://localhost:8080/venice-sp/sso/logout</lib:SingleLogoutServiceURL>
<lib:SingleLogoutServiceReturnURL>http://localhost:8080/venice-sp/sso/logout</lib:SingleLogoutServiceReturnURL>
<lib:FederationTerminationServiceURL>http://localhost:8080/venice-sp/sso/fedterm</lib:FederationTerminationServiceURL>
<lib:FederationTerminationServiceReturnURL>http://localhost:8080/venice-sp/sso/fedterm</lib:FederationTerminationServiceReturnURL>
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</lib:FederationTerminationNotificationProtocolProfile>
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</lib:FederationTerminationNotificationProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</lib:SingleLogoutProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</lib:SingleLogoutProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http-get</lib:SingleLogoutProtocolProfile>
<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</lib:RegisterNameIdentifierProtocolProfile>
<lib:RegisterNameIdentifierServiceURL>http://localhost:9080/sourceid-sso/sso/rni</lib:RegisterNameIdentifierServiceURL>
<lib:RegisterNameIdentifierServiceReturnURL>http://localhost:9080/sourceid-sso/sso/rni</lib:RegisterNameIdentifierServiceReturnURL>
<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-http</lib:RegisterNameIdentifierProtocolProfile>
<lib:AuthnRequestsSigned>false</lib:AuthnRequestsSigned>
</lib:SPDescriptor>
<!--
Sample Service Provider Descriptor. If this instance of SourceID-SSO is configured to
operate in the "idp" role, then the entry below describes a Service Provider with which
we are federated. If this instance is configured to operate in the "sp" role, then the entry
below will be ignored.
-->
<lib:SPDescriptor xmlns:lib="http://projectliberty.org/schemas/core/2002/12" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<!--
Customize the following line to match the ProviderID of the remote provider; if the other
provider is SourceID-SSO, then the ProviderID below should match the <provider-id> element
in the other deployment's sourceid-sso.xml.
-->
<lib:ProviderID>SourceID-Sample-SP</lib:ProviderID>
<!--
The following KeyInfo represents the public key contained in the sample "sourceid.keystore"
file bundled with SourceID-SSO
-->
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#">MIICSjCCAbMCBD4coSAwDQYJKoZIhvcNAQEEBQAwbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjAeFw0wMzAxMDgyMjA3MjhaFw0wMzA0MDgyMjA3MjhaMGwxEDAOBgNVBAYTB1Vua25vd24xEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24xEDAOBgNVBAMTB1Vua25vd24wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJhokczPBJlZe48d5oKZiX6vo7DBU5b54t9JjSHLOEZd0XK5w81BY4iX8QADMc7GyTrqDDrehfh4S5eQO89Fll50D4f6HpSI2QGtionDrj3kuET9nW9n98IzWc3eiLLH+5q3VGm04rylo4PTnJCeMYmDRqYJkWR1xQbNsrv9HHJAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAI16O969XJkYRJaTiPXMcJg8XRM9oHKqc4L6YEDXGvnQ8NfTPDuJEzKIcU8QWNnprcY+MOue+O2YvP7u9NQuKK4zDA14CcIRb8G+VMLFa2A+BYiD66yIBWsb89YNFYnvH379wGp+ankQBTdljpgFo6Bt+fXmZxB6mToBdXy0h5b8=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<!--
The endpoints in the following URL's are correct for services offered by SourceID-SSO.
If federating this installation with another instance of SourceID-SSO, then all you need to do
is customize the URL's to match your deployment (e.g. replace "http://localhost:9080/sso-sample-sp"
with your server name and servlet context).
-->
<lib:AssertionConsumerServiceURL>http://localhost:8080/sso-sample-sp/sso/authnRequest</lib:AssertionConsumerServiceURL>
<lib:SoapEndpoint>http://localhost:8080/sso-sample-sp/sso/soap/endpoint</lib:SoapEndpoint>
<lib:SingleLogoutServiceURL>http://localhost:8080/sso-sample-sp/sso/logout</lib:SingleLogoutServiceURL>
<lib:SingleLogoutServiceReturnURL>http://localhost:8080/sso-sample-sp/sso/logout</lib:SingleLogoutServiceReturnURL>
<lib:FederationTerminationServiceURL>http://localhost:8080/sso-sample-sp/sso/fedterm</lib:FederationTerminationServiceURL>
<lib:FederationTerminationServiceReturnURL>http://localhost:8080/sso-sample-sp/sso/fedterm</lib:FederationTerminationServiceReturnURL>
<!--
The following profile declarations indicate the variants of the Liberty Protocol which
this provider can speak.
-->
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</lib:FederationTerminationNotificationProtocolProfile>
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</lib:FederationTerminationNotificationProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</lib:SingleLogoutProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</lib:SingleLogoutProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http-get</lib:SingleLogoutProtocolProfile>
<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</lib:RegisterNameIdentifierProtocolProfile>
<lib:RegisterNameIdentifierServiceURL>http://localhost:8080/sourceid-sso/sso/rni</lib:RegisterNameIdentifierServiceURL>
<lib:RegisterNameIdentifierServiceReturnURL>http://localhost:8080/sourceid-sso/sso/rni</lib:RegisterNameIdentifierServiceReturnURL>
<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-http</lib:RegisterNameIdentifierProtocolProfile>
<lib:AuthnRequestsSigned>false</lib:AuthnRequestsSigned>
</lib:SPDescriptor>
<!--
Sample Identity Provider Descriptor. If this instance of SourceID-SSO is configured to
operate in the "sp" role, then the entry below describes an Identity Provider with which
we are federated. If this instance is configured to operate in the "idp" role, then the entry
below will be ignored.
-->
<lib:IDPDescriptor xmlns:lib="http://projectliberty.org/schemas/core/2002/12" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<!--
Customize the following line to match the ProviderID of the remote provider; if the other
provider is SourceID-SSO, then the ProviderID below should match the <provider-id> element
in the other deployment's sourceid-sso.xml.
-->
<lib:ProviderID>SourceID-Sample-IDP</lib:ProviderID>
<!--
The following KeyInfo represents the public key contained in the sample "sourceid.keystore"
file bundled with SourceID-SSO
-->
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#">MIICSjCCAbMCBD4coSAwDQYJKoZIhvcNAQEEBQAwbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjAeFw0wMzAxMDgyMjA3MjhaFw0wMzA0MDgyMjA3MjhaMGwxEDAOBgNVBAYTB1Vua25vd24xEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24xEDAOBgNVBAMTB1Vua25vd24wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJhokczPBJlZe48d5oKZiX6vo7DBU5b54t9JjSHLOEZd0XK5w81BY4iX8QADMc7GyTrqDDrehfh4S5eQO89Fll50D4f6HpSI2QGtionDrj3kuET9nW9n98IzWc3eiLLH+5q3VGm04rylo4PTnJCeMYmDRqYJkWR1xQbNsrv9HHJAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAI16O969XJkYRJaTiPXMcJg8XRM9oHKqc4L6YEDXGvnQ8NfTPDuJEzKIcU8QWNnprcY+MOue+O2YvP7u9NQuKK4zDA14CcIRb8G+VMLFa2A+BYiD66yIBWsb89YNFYnvH379wGp+ankQBTdljpgFo6Bt+fXmZxB6mToBdXy0h5b8=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<!--
The endpoints in the following URL's are correct for services offered by SourceID-SSO.
If federating this installation with another instance of SourceID-SSO, then all you need to do
is customize the URL's to match your deployment (e.g. replace "http://localhost:8080/sso-sample-idp"
with your server name and servlet context).
-->
<lib:SoapEndpoint>http://localhost:8080/sso-sample-idp/sso/soap/endpoint</lib:SoapEndpoint>
<lib:SingleLogoutServiceURL>http://localhost:8080/sso-sample-idp/sso/logout</lib:SingleLogoutServiceURL>
<lib:SingleLogoutServiceReturnURL>http://localhost:8080/sso-sample-idp/sso/logout</lib:SingleLogoutServiceReturnURL>
<lib:FederationTerminationServiceURL>http://localhost:8080/sso-sample-idp/sso/fedterm</lib:FederationTerminationServiceURL>
<lib:FederationTerminationServiceReturnURL>http://localhost:8080/sso-sample-idp/sso/fedterm</lib:FederationTerminationServiceReturnURL>
<lib:SingleSignOnServiceURL>http://localhost:8080/sso-sample-idp/sso/authn</lib:SingleSignOnServiceURL>
<!--
The following profile declarations indicate the variants of the Liberty Protocol which
this provider can speak.
-->
<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</lib:RegisterNameIdentifierProtocolProfile>
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</lib:FederationTerminationNotificationProtocolProfile>
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</lib:FederationTerminationNotificationProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-soap</lib:SingleLogoutProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-http</lib:SingleLogoutProtocolProfile>
<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-art</lib:SingleSignOnProtocolProfile>
<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-post</lib:SingleSignOnProtocolProfile>
<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/wml-post</lib:SingleSignOnProtocolProfile>
<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/lecp</lib:SingleSignOnProtocolProfile>
</lib:IDPDescriptor>
<!--
The following IDPDescriptor and two SPDescriptors are commented out. They represent the parameters
needed to federate with the Sun IPL, not included with this distribution.
-->
<!-- Sun IPL IDP, commented out by default -->
<!--
<lib:IDPDescriptor>
<lib:ProviderID>http://localhost:8080/idp</lib:ProviderID>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>sbYgCsImOgGr2Ynd3sp88UiIjKglM4nmNz+OdJJvJON5ov8ncuj9Gqnf0/huBASUW1fPFLoy9pGDydZlF4jneMp5PZ+7DjcZQrffiQkA+FO28CtviRgj1m8qGGHynP1XEoseBxHKYVtCmyvyN72q8zO6ANq/WdqSBB8hOqqtpFk=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
<lib:SoapEndpoint>http://localhost:8080/idp/soap</lib:SoapEndpoint>
<lib:SingleLogoutServiceURL>http://localhost:8080/idp/logout</lib:SingleLogoutServiceURL>
<lib:SingleLogoutServiceReturnURL>http://localhost:8080/idp/logout-completion</lib:SingleLogoutServiceReturnURL>
<lib:FederationTerminationServiceURL>http://localhost:8080/idp/fedterm</lib:FederationTerminationServiceURL>
<lib:FederationTerminationServiceReturnURL>http://localhost:8080/idp/federate.jsp</lib:FederationTerminationServiceReturnURL>
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</lib:FederationTerminationNotificationProtocolProfile>
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</lib:FederationTerminationNotificationProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-soap</lib:SingleLogoutProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-http</lib:SingleLogoutProtocolProfile>
<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</lib:RegisterNameIdentifierProtocolProfile>
<lib:SingleSignOnServiceURL>http://localhost:8080/idp/authn</lib:SingleSignOnServiceURL>
<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-post</lib:SingleSignOnProtocolProfile>
<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-art</lib:SingleSignOnProtocolProfile>
</lib:IDPDescriptor>
-->
<!-- Sun IPL SP (1), commented out by default -->
<!--
<lib:SPDescriptor>
<lib:ProviderID>http://localhost:8080/sp</lib:ProviderID>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>sbYgCsImOgGr2Ynd3sp88UiIjKglM4nmNz+OdJJvJON5ov8ncuj9Gqnf0/huBASUW1fPFLoy9pGDydZlF4jneMp5PZ+7DjcZQrffiQkA+FO28CtviRgj1m8qGGHynP1XEoseBxHKYVtCmyvyN72q8zO6ANq/WdqSBB8hOqqtpFk=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
<lib:SoapEndpoint>http://localhost:8080/sp/soap</lib:SoapEndpoint>
<lib:SingleLogoutServiceURL>http://localhost:8080/sp/logout</lib:SingleLogoutServiceURL>
<lib:SingleLogoutServiceReturnURL>http://localhost:8080/sp/logout-completion</lib:SingleLogoutServiceReturnURL>
<lib:FederationTerminationServiceURL>http://localhost:8080/sp/fedterm</lib:FederationTerminationServiceURL>
<lib:FederationTerminationServiceReturnURL>http://localhost:8080/sp/federate.jsp</lib:FederationTerminationServiceReturnURL>
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</lib:FederationTerminationNotificationProtocolProfile>
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</lib:FederationTerminationNotificationProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</lib:SingleLogoutProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</lib:SingleLogoutProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http-get</lib:SingleLogoutProtocolProfile>
<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</lib:RegisterNameIdentifierProtocolProfile>
<lib:AssertionConsumerServiceURL>http://localhost:8080/sp/assertion</lib:AssertionConsumerServiceURL>
<lib:AuthnRequestsSigned>false</lib:AuthnRequestsSigned>
</lib:SPDescriptor>
-->
<!-- Sun IPL SP (2), commented out by default -->
<!--
<lib:SPDescriptor>
<lib:ProviderID>http://localhost:8080/sp2</lib:ProviderID>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>sbYgCsImOgGr2Ynd3sp88UiIjKglM4nmNz+OdJJvJON5ov8ncuj9Gqnf0/huBASUW1fPFLoy9pGDydZlF4jneMp5PZ+7DjcZQrffiQkA+FO28CtviRgj1m8qGGHynP1XEoseBxHKYVtCmyvyN72q8zO6ANq/WdqSBB8hOqqtpFk=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
<lib:SoapEndpoint>http://localhost:8080/sp2/soap</lib:SoapEndpoint>
<lib:SingleLogoutServiceURL>http://localhost:8080/sp2/logout</lib:SingleLogoutServiceURL>
<lib:SingleLogoutServiceReturnURL>http://localhost:8080/sp2/logout-completion</lib:SingleLogoutServiceReturnURL>
<lib:FederationTerminationServiceURL>http://localhost:8080/sp2/fedterm</lib:FederationTerminationServiceURL>
<lib:FederationTerminationServiceReturnURL>http://localhost:8080/sp2/federate.jsp</lib:FederationTerminationServiceReturnURL>
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</lib:FederationTerminationNotificationProtocolProfile>
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</lib:FederationTerminationNotificationProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</lib:SingleLogoutProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</lib:SingleLogoutProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http-get</lib:SingleLogoutProtocolProfile>
<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</lib:RegisterNameIdentifierProtocolProfile>
<lib:AssertionConsumerServiceURL>http://localhost:8080/sp2/assertion</lib:AssertionConsumerServiceURL>
<lib:AuthnRequestsSigned>false</lib:AuthnRequestsSigned>
</lib:SPDescriptor>
-->
</ProviderDirectory>

View File

@ -0,0 +1,92 @@
<?xml version="1.0"?>
<SourceID-SSO>
<!-- See SourceID-SSO documentation for more detailed documentation for these options -->
<!--
The unique ProviderID of this installation. The value here should appear in other sites'
<SPDescriptor> or <IDPDescriptor> elements describing this site.
-->
<provider-id>Venice-SSO-IDP</provider-id>
<!--
The role of this site with respect to the Liberty Protocol; valid values are "sp" and "idp".
-->
<provider-role>idp</provider-role>
<provider-directory>/WEB-INF/sourceid-sso-providers.xml</provider-directory>
<exception-handlers>
<default>/defaultExceptionHandler.jsp</default>
</exception-handlers>
<signing-key>
<keystore-path>/WEB-INF/venice-idp.keystore</keystore-path>
<keystore-password>thecheat</keystore-password>
<key-alias>thatkey</key-alias>
<key-password>strongbad</key-password>
</signing-key>
<idp-authentication-uri>TODO</idp-authentication-uri>
<idp-authn-lifespan>1800</idp-authn-lifespan>
<idp-logout-render-page>TODO</idp-logout-render-page>
<idp-logout-done-image>TODO</idp-logout-done-image>
<idp-post-assertion-render-page>TODO</idp-post-assertion-render-page>
<!--
Here, you may optionally specify a Session-context attribute which SourceID-SSO should remove whenever
a user is logged off (either via a browser-based front-channel, or via a SOAP-based backchannel). SourceID-SSO
will already cleanup it's own session tracking info for the user, effectively logging them out of SourceID-SSO.
By putting an attribute key here, you can have SourceID-SSO log the user out of your application as well.
Future versions of SourceID-SSO will also support JAAS-based login/logout.
-->
<remove-session-attribute-on-logout>dynamo.session</remove-session-attribute-on-logout>
<!--
When generating or consuming assertions, tolerances for "Not Before" and "Not On or After" are encoded in the
assertion document. Liberty Protocol recommends 1 minute for "Not Before", and 5 minutes for "Not On Or After".
Enter the number of SECONDS for these tolerances below (default values should work).
-->
<assert-tolerance-not-before>60</assert-tolerance-not-before>
<assert-tolerance-not-on-or-after>300</assert-tolerance-not-on-or-after>
<!--
Here, set the AccountHandler implementation class. The default configuration
is to use the "in-memory handler", which is really for demo and testing purposes only,
as it does not connect to any actual persistent storage. The SourceID-SSO User's Guide
describes how to implement an AccountHandler for your user directory. You may also use
the provided JDBC Account Handler, with simple table mappings described in the file
sourceid-sso-jdbc.xml. Or for LDAP access, use the JNDI Account Handler, with attribute
mappings described in the file sourceid-sso-jndi.xml.
-->
<account-handler>com.silverwrist.venice.sourceid.VeniceAccountHandler</account-handler>
<artifact-handler>org.sourceid.sso.handlers.ArtifactHandlerInMemoryImpl</artifact-handler>
<!--
If you plan to implement a LECP (Liberty-Enabled Client or Proxy) and run SourceID
as an IDP, then you need to write an adaptor class for SourceID to acquire the currently
authenticated userID "out of band". This is because the LECP profile specifies that
IDP authentication occurs (you guessed it) "out of band". If you don't know what this
is for, you almost certainly don't need it. The sample class below is for testing and
illustration purposes only, do NOT deploy it in a production capacity (e.g. leave this
commented out!).
-->
<!--
<out-of-band-authn-handler>org.sourceid.sso.tests.OOBAuthnHandlerTest</out-of-band-authn-handler>
-->
<!--
To use the Identity Provider Introduction via Common Domain Cookie (Liberty Bindings and
Profiles, section 3.6), then uncomment these lines and configure your Common Domain (which
you share with your other Identity Providers and Service Providers), as well as the host
name (INCLUDING PORT NUMBER IF NOT STANDARD) of this web application within that Common
Domain. Commenting out these options will disable the Identity Provider Introduction
protocol.
-->
<!--
<common-domain>your-trust-circle-common-domain.com</common-domain>
<common-domain-host>this-server.your-trust-circle-common-domain.com:8080</common-domain-host>
-->
</SourceID-SSO>

Binary file not shown.

View File

@ -21,7 +21,7 @@
<!-- Define the standard file appender. -->
<appender name="STDLOG" class="org.apache.log4j.RollingFileAppender">
<param name="File" value="@LOGDIR@/venice-sp.log"/>
<param name="File" value="@LOGDIR@/venice-@WHICH@.log"/>
<param name="Append" value="true"/>
<param name="MaxFileSize" value="10MB"/>
<param name="MaxBackupIndex" value="5"/>

View File

@ -38,8 +38,6 @@
will already cleanup it's own session tracking info for the user, effectively logging them out of SourceID-SSO.
By putting an attribute key here, you can have SourceID-SSO log the user out of your application as well.
Future versions of SourceID-SSO will also support JAAS-based login/logout.
The sample value below works for the sample JSP-based application distributed with SourceID-SSO.
-->
<remove-session-attribute-on-logout>dynamo.session</remove-session-attribute-on-logout>

View File

@ -0,0 +1,25 @@
// The contents of this file are subject to the Mozilla Public License Version 1.1
// (the "License"); you may not use this file except in compliance with the License.
// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
//
// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
// language governing rights and limitations under the License.
//
// The Original Code is the Venice Web Communities System.
//
// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
// for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
// Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
//
// Contributor(s):
importPackage(Packages.com.silverwrist.dynamo.iface);
importPackage(Packages.com.silverwrist.dynamo.util);
importPackage(Packages.com.silverwrist.venice.content);
req = bsf.lookupBean("request"); // get request
rhelp = bsf.lookupBean("request_help"); // get request helper
ex = cast.toThrowable(rhelp.getChainParameter("javax.servlet.jsp.jspException"));
dynamo.scriptReturn(new ErrorBox("Captured SourceID Error",ex));