starting to set up the IDP side of SourceID-SSO support (not ready yet)
This commit is contained in:
parent
dfb73d88ff
commit
e62375e6ee
86
build.xml
86
build.xml
|
@ -425,17 +425,20 @@
|
|||
<fileset dir="${sourceid.base}/conf" includes="*.xsd"/>
|
||||
</copy>
|
||||
<copy todir="assembly/venice-sp/WEB-INF">
|
||||
<fileset dir="conf-sso/sp">
|
||||
<fileset dir="conf-sso">
|
||||
<include name="dynamo.xml"/>
|
||||
<include name="web.xml"/>
|
||||
</fileset>
|
||||
<fileset dir="conf-sso/sp">
|
||||
<include name="sourceid-sso.xml"/>
|
||||
<include name="sourceid-sso-providers.xml"/>
|
||||
<include name="venice-sp.keystore"/>
|
||||
</fileset>
|
||||
</copy>
|
||||
<copy file="conf-sso/sp/logging.xml" todir="assembly/venice-sp/WEB-INF">
|
||||
<copy file="conf-sso/logging.xml" todir="assembly/venice-sp/WEB-INF">
|
||||
<filterset>
|
||||
<filter token="LOGDIR" value="${logfile.dir}"/>
|
||||
<filter token="WHICH" value="sp"/>
|
||||
</filterset>
|
||||
</copy>
|
||||
<copy file="${sourceid.base}/conf/server-config.wsdd" todir="assembly/venice-sp/WEB-INF"
|
||||
|
@ -451,11 +454,88 @@
|
|||
</copy>
|
||||
</target>
|
||||
|
||||
<!-- ============================================================================
|
||||
"assemble-venice-sso-idp" - Pseudo-target that creates the directory structure
|
||||
for Venice, with configuration as a SourceID-SSO
|
||||
Identity Provider.
|
||||
============================================================================ -->
|
||||
|
||||
<target name="assemble-venice-sso-idp" depends="init,all-jars" if="sourceid.present">
|
||||
<mkdir dir="assembly/venice-idp"/>
|
||||
<mkdir dir="assembly/venice-idp/WEB-INF/classes"/>
|
||||
<mkdir dir="assembly/venice-idp/WEB-INF/lib"/>
|
||||
<mkdir dir="assembly/venice-idp/WEB-INF/modules"/>
|
||||
<mkdir dir="assembly/venice-idp/WEB-INF/xsd"/>
|
||||
<copy todir="assembly/venice-idp/WEB-INF/classes" preservelastmodified="yes">
|
||||
<fileset dir="${sourceid.base}/conf">
|
||||
<include name="commons-logging.properties"/>
|
||||
<include name="ApplicationResources.properties"/>
|
||||
</fileset>
|
||||
</copy>
|
||||
<copy todir="assembly/venice-idp/WEB-INF/lib">
|
||||
<fileset dir="jars" includes="venice-sso-helper.jar,venice-base.jar,dynamo-framework.jar,baseutil.jar"/>
|
||||
<fileset dir="drivers" includes="*.jar"/>
|
||||
<fileset dir="${bsf.lib}" includes="${bsf.jarfile}"/>
|
||||
<fileset dir="${collections.lib}" includes="${collections.jarfile}"/>
|
||||
<fileset dir="${commlang.lib}" includes="${commlang.jarfile}"/>
|
||||
<fileset dir="${rhino.lib}" includes="${rhino.jarfile}"/>
|
||||
<fileset dir="${log4j.lib}" includes="${log4j.jarfile}"/>
|
||||
<fileset dir="${velocity.lib}" includes="${velocity.jarfile}"/>
|
||||
<fileset dir="${lucene.lib}" includes="${lucene.jarfile}"/>
|
||||
<fileset dir="${sourceid.base}" includes="sourceid-sso.jar"/>
|
||||
<fileset dir="${sourceid.base}/webapp/WEB-INF/lib">
|
||||
<include name="axis-ant.jar"/>
|
||||
<include name="axis.jar"/>
|
||||
<include name="castor-0.9.4.2-xml.jar"/>
|
||||
<include name="commons-discovery.jar"/>
|
||||
<include name="commons-logging.jar"/>
|
||||
<include name="jaxrpc.jar"/>
|
||||
<include name="saaj.jar"/>
|
||||
<include name="wsdl4j.jar"/>
|
||||
<include name="xalan.jar"/>
|
||||
<include name="xml-apis.jar"/>
|
||||
<include name="xmlsec.jar"/>
|
||||
</fileset>
|
||||
</copy>
|
||||
<copy todir="assembly/venice-idp/WEB-INF/xsd" preservelastmodified="yes">
|
||||
<fileset dir="${sourceid.base}/conf" includes="*.xsd"/>
|
||||
</copy>
|
||||
<copy todir="assembly/venice-idp/WEB-INF">
|
||||
<fileset dir="conf-sso">
|
||||
<include name="dynamo.xml"/>
|
||||
<include name="web.xml"/>
|
||||
</fileset>
|
||||
<fileset dir="conf-sso/idp">
|
||||
<include name="sourceid-sso.xml"/>
|
||||
<include name="sourceid-sso-providers.xml"/>
|
||||
<include name="venice-idp.keystore"/>
|
||||
</fileset>
|
||||
</copy>
|
||||
<copy file="conf-sso/logging.xml" todir="assembly/venice-idp/WEB-INF">
|
||||
<filterset>
|
||||
<filter token="LOGDIR" value="${logfile.dir}"/>
|
||||
<filter token="WHICH" value="idp"/>
|
||||
</filterset>
|
||||
</copy>
|
||||
<copy file="${sourceid.base}/conf/server-config.wsdd" todir="assembly/venice-idp/WEB-INF"
|
||||
preservelastmodified="yes"/>
|
||||
<copy todir="assembly/venice-idp/WEB-INF">
|
||||
<fileset dir="venice-data" includes="**/*"/>
|
||||
</copy>
|
||||
<copy todir="assembly/venice-idp/WEB-INF" overwrite="yes">
|
||||
<fileset dir="venice-data-sso/idp" includes="**/*"/>
|
||||
</copy>
|
||||
<copy todir="assembly/venice-idp">
|
||||
<fileset dir="venice-web" includes="**/*"/>
|
||||
</copy>
|
||||
</target>
|
||||
|
||||
<!-- ============================================================================
|
||||
"all-assemblies" - Pseudo-target that assembles all Web application directory
|
||||
structures.
|
||||
============================================================================ -->
|
||||
<target name="all-assemblies" depends="init,assemble-test-app,assemble-venice,assemble-venice-sso-sp"/>
|
||||
<target name="all-assemblies"
|
||||
depends="init,assemble-test-app,assemble-venice,assemble-venice-sso-sp,assemble-venice-sso-idp"/>
|
||||
|
||||
<!-- ============================================================================
|
||||
"all" - Pseudo-target that builds everything.
|
||||
|
|
227
conf-sso/idp/sourceid-sso-providers.xml
Normal file
227
conf-sso/idp/sourceid-sso-providers.xml
Normal file
|
@ -0,0 +1,227 @@
|
|||
<?xml version="1.0"?>
|
||||
|
||||
<ProviderDirectory xmlns:lib="http://projectliberty.org/schemas/core/2002/12"
|
||||
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
|
||||
xmlns="http://www.sourceid.org/schemas/sso/providers/2002/11">
|
||||
|
||||
<lib:SPDescriptor xmlns:lib="http://projectliberty.org/schemas/core/2002/12"
|
||||
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<lib:ProviderID>Venice-SSO-SP</lib:ProviderID>
|
||||
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#">MIICbjCCAdcCBD7AlmwwDQYJKoZIhvcNAQEEBQAwfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNPMQ8wDQYDVQQHEwZEZW52ZXIxIzAhBgNVBAoTGlNpbHZlcndyaXN0IERlc2lnbiBTdHVkaW9zMRQwEgYDVQQLEwtEZXZlbG9wbWVudDEWMBQGA1UEAxMNRXJpYyBCb3dlcnNveDAeFw0wMzA1MTMwNjUzMzJaFw0wMzA4MTEwNjUzMzJaMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMSMwIQYDVQQKExpTaWx2ZXJ3cmlzdCBEZXNpZ24gU3R1ZGlvczEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxFjAUBgNVBAMTDUVyaWMgQm93ZXJzb3gwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvjYZPJwt16vTVIKleltTVDyvswVr2vCd9aHg7rKPhNKN+iVS2XY+Y5IopgcVtshQx/SbWnPNldtpGtFewaSQzCud/Lhja1xoGO/nTbjRr7MrPlR3yub8KO90tgslZ9yjEPZDWDEr3Y59ieDpMtAnYjS2GQ2LFRHq63kzd4AXg1AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAVhJqkLZd59BiTjvRF0ZtBKXe+kxnvyclc0MeIzkzGFmnpMuSpSyZ3LlYp0uvFn5OADM6KkXj7DgXIqb1bqIvXmlwDds+oO3KL+WdHBO9KHW0KjR2jpIujpmJ8Eaf/cefcOxxA00CMrwBeL8EXyAaynpcT78nrT5iN3FZwMkBi9o=</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
|
||||
<lib:AssertionConsumerServiceURL>http://localhost:8080/venice-sp/sso/authnRequest</lib:AssertionConsumerServiceURL>
|
||||
<lib:SoapEndpoint>http://localhost:8080/venice-sp/sso/soap/endpoint</lib:SoapEndpoint>
|
||||
<lib:SingleLogoutServiceURL>http://localhost:8080/venice-sp/sso/logout</lib:SingleLogoutServiceURL>
|
||||
<lib:SingleLogoutServiceReturnURL>http://localhost:8080/venice-sp/sso/logout</lib:SingleLogoutServiceReturnURL>
|
||||
<lib:FederationTerminationServiceURL>http://localhost:8080/venice-sp/sso/fedterm</lib:FederationTerminationServiceURL>
|
||||
<lib:FederationTerminationServiceReturnURL>http://localhost:8080/venice-sp/sso/fedterm</lib:FederationTerminationServiceReturnURL>
|
||||
|
||||
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</lib:FederationTerminationNotificationProtocolProfile>
|
||||
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</lib:FederationTerminationNotificationProtocolProfile>
|
||||
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</lib:SingleLogoutProtocolProfile>
|
||||
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</lib:SingleLogoutProtocolProfile>
|
||||
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http-get</lib:SingleLogoutProtocolProfile>
|
||||
<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</lib:RegisterNameIdentifierProtocolProfile>
|
||||
<lib:RegisterNameIdentifierServiceURL>http://localhost:9080/sourceid-sso/sso/rni</lib:RegisterNameIdentifierServiceURL>
|
||||
<lib:RegisterNameIdentifierServiceReturnURL>http://localhost:9080/sourceid-sso/sso/rni</lib:RegisterNameIdentifierServiceReturnURL>
|
||||
<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-http</lib:RegisterNameIdentifierProtocolProfile>
|
||||
<lib:AuthnRequestsSigned>false</lib:AuthnRequestsSigned>
|
||||
|
||||
</lib:SPDescriptor>
|
||||
|
||||
<!--
|
||||
Sample Service Provider Descriptor. If this instance of SourceID-SSO is configured to
|
||||
operate in the "idp" role, then the entry below describes a Service Provider with which
|
||||
we are federated. If this instance is configured to operate in the "sp" role, then the entry
|
||||
below will be ignored.
|
||||
-->
|
||||
<lib:SPDescriptor xmlns:lib="http://projectliberty.org/schemas/core/2002/12" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<!--
|
||||
Customize the following line to match the ProviderID of the remote provider; if the other
|
||||
provider is SourceID-SSO, then the ProviderID below should match the <provider-id> element
|
||||
in the other deployment's sourceid-sso.xml.
|
||||
-->
|
||||
<lib:ProviderID>SourceID-Sample-SP</lib:ProviderID>
|
||||
<!--
|
||||
The following KeyInfo represents the public key contained in the sample "sourceid.keystore"
|
||||
file bundled with SourceID-SSO
|
||||
-->
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#">MIICSjCCAbMCBD4coSAwDQYJKoZIhvcNAQEEBQAwbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjAeFw0wMzAxMDgyMjA3MjhaFw0wMzA0MDgyMjA3MjhaMGwxEDAOBgNVBAYTB1Vua25vd24xEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24xEDAOBgNVBAMTB1Vua25vd24wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJhokczPBJlZe48d5oKZiX6vo7DBU5b54t9JjSHLOEZd0XK5w81BY4iX8QADMc7GyTrqDDrehfh4S5eQO89Fll50D4f6HpSI2QGtionDrj3kuET9nW9n98IzWc3eiLLH+5q3VGm04rylo4PTnJCeMYmDRqYJkWR1xQbNsrv9HHJAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAI16O969XJkYRJaTiPXMcJg8XRM9oHKqc4L6YEDXGvnQ8NfTPDuJEzKIcU8QWNnprcY+MOue+O2YvP7u9NQuKK4zDA14CcIRb8G+VMLFa2A+BYiD66yIBWsb89YNFYnvH379wGp+ankQBTdljpgFo6Bt+fXmZxB6mToBdXy0h5b8=</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
<!--
|
||||
The endpoints in the following URL's are correct for services offered by SourceID-SSO.
|
||||
If federating this installation with another instance of SourceID-SSO, then all you need to do
|
||||
is customize the URL's to match your deployment (e.g. replace "http://localhost:9080/sso-sample-sp"
|
||||
with your server name and servlet context).
|
||||
-->
|
||||
<lib:AssertionConsumerServiceURL>http://localhost:8080/sso-sample-sp/sso/authnRequest</lib:AssertionConsumerServiceURL>
|
||||
<lib:SoapEndpoint>http://localhost:8080/sso-sample-sp/sso/soap/endpoint</lib:SoapEndpoint>
|
||||
<lib:SingleLogoutServiceURL>http://localhost:8080/sso-sample-sp/sso/logout</lib:SingleLogoutServiceURL>
|
||||
<lib:SingleLogoutServiceReturnURL>http://localhost:8080/sso-sample-sp/sso/logout</lib:SingleLogoutServiceReturnURL>
|
||||
<lib:FederationTerminationServiceURL>http://localhost:8080/sso-sample-sp/sso/fedterm</lib:FederationTerminationServiceURL>
|
||||
<lib:FederationTerminationServiceReturnURL>http://localhost:8080/sso-sample-sp/sso/fedterm</lib:FederationTerminationServiceReturnURL>
|
||||
<!--
|
||||
The following profile declarations indicate the variants of the Liberty Protocol which
|
||||
this provider can speak.
|
||||
-->
|
||||
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</lib:FederationTerminationNotificationProtocolProfile>
|
||||
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</lib:FederationTerminationNotificationProtocolProfile>
|
||||
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</lib:SingleLogoutProtocolProfile>
|
||||
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</lib:SingleLogoutProtocolProfile>
|
||||
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http-get</lib:SingleLogoutProtocolProfile>
|
||||
<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</lib:RegisterNameIdentifierProtocolProfile>
|
||||
<lib:RegisterNameIdentifierServiceURL>http://localhost:8080/sourceid-sso/sso/rni</lib:RegisterNameIdentifierServiceURL>
|
||||
<lib:RegisterNameIdentifierServiceReturnURL>http://localhost:8080/sourceid-sso/sso/rni</lib:RegisterNameIdentifierServiceReturnURL>
|
||||
<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-http</lib:RegisterNameIdentifierProtocolProfile>
|
||||
<lib:AuthnRequestsSigned>false</lib:AuthnRequestsSigned>
|
||||
</lib:SPDescriptor>
|
||||
|
||||
<!--
|
||||
Sample Identity Provider Descriptor. If this instance of SourceID-SSO is configured to
|
||||
operate in the "sp" role, then the entry below describes an Identity Provider with which
|
||||
we are federated. If this instance is configured to operate in the "idp" role, then the entry
|
||||
below will be ignored.
|
||||
-->
|
||||
<lib:IDPDescriptor xmlns:lib="http://projectliberty.org/schemas/core/2002/12" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<!--
|
||||
Customize the following line to match the ProviderID of the remote provider; if the other
|
||||
provider is SourceID-SSO, then the ProviderID below should match the <provider-id> element
|
||||
in the other deployment's sourceid-sso.xml.
|
||||
-->
|
||||
<lib:ProviderID>SourceID-Sample-IDP</lib:ProviderID>
|
||||
<!--
|
||||
The following KeyInfo represents the public key contained in the sample "sourceid.keystore"
|
||||
file bundled with SourceID-SSO
|
||||
-->
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#">MIICSjCCAbMCBD4coSAwDQYJKoZIhvcNAQEEBQAwbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjAeFw0wMzAxMDgyMjA3MjhaFw0wMzA0MDgyMjA3MjhaMGwxEDAOBgNVBAYTB1Vua25vd24xEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24xEDAOBgNVBAMTB1Vua25vd24wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJhokczPBJlZe48d5oKZiX6vo7DBU5b54t9JjSHLOEZd0XK5w81BY4iX8QADMc7GyTrqDDrehfh4S5eQO89Fll50D4f6HpSI2QGtionDrj3kuET9nW9n98IzWc3eiLLH+5q3VGm04rylo4PTnJCeMYmDRqYJkWR1xQbNsrv9HHJAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAI16O969XJkYRJaTiPXMcJg8XRM9oHKqc4L6YEDXGvnQ8NfTPDuJEzKIcU8QWNnprcY+MOue+O2YvP7u9NQuKK4zDA14CcIRb8G+VMLFa2A+BYiD66yIBWsb89YNFYnvH379wGp+ankQBTdljpgFo6Bt+fXmZxB6mToBdXy0h5b8=</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
<!--
|
||||
The endpoints in the following URL's are correct for services offered by SourceID-SSO.
|
||||
If federating this installation with another instance of SourceID-SSO, then all you need to do
|
||||
is customize the URL's to match your deployment (e.g. replace "http://localhost:8080/sso-sample-idp"
|
||||
with your server name and servlet context).
|
||||
-->
|
||||
<lib:SoapEndpoint>http://localhost:8080/sso-sample-idp/sso/soap/endpoint</lib:SoapEndpoint>
|
||||
<lib:SingleLogoutServiceURL>http://localhost:8080/sso-sample-idp/sso/logout</lib:SingleLogoutServiceURL>
|
||||
<lib:SingleLogoutServiceReturnURL>http://localhost:8080/sso-sample-idp/sso/logout</lib:SingleLogoutServiceReturnURL>
|
||||
<lib:FederationTerminationServiceURL>http://localhost:8080/sso-sample-idp/sso/fedterm</lib:FederationTerminationServiceURL>
|
||||
<lib:FederationTerminationServiceReturnURL>http://localhost:8080/sso-sample-idp/sso/fedterm</lib:FederationTerminationServiceReturnURL>
|
||||
<lib:SingleSignOnServiceURL>http://localhost:8080/sso-sample-idp/sso/authn</lib:SingleSignOnServiceURL>
|
||||
<!--
|
||||
The following profile declarations indicate the variants of the Liberty Protocol which
|
||||
this provider can speak.
|
||||
-->
|
||||
<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</lib:RegisterNameIdentifierProtocolProfile>
|
||||
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</lib:FederationTerminationNotificationProtocolProfile>
|
||||
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</lib:FederationTerminationNotificationProtocolProfile>
|
||||
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-soap</lib:SingleLogoutProtocolProfile>
|
||||
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-http</lib:SingleLogoutProtocolProfile>
|
||||
<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-art</lib:SingleSignOnProtocolProfile>
|
||||
<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-post</lib:SingleSignOnProtocolProfile>
|
||||
<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/wml-post</lib:SingleSignOnProtocolProfile>
|
||||
<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/lecp</lib:SingleSignOnProtocolProfile>
|
||||
</lib:IDPDescriptor>
|
||||
|
||||
<!--
|
||||
The following IDPDescriptor and two SPDescriptors are commented out. They represent the parameters
|
||||
needed to federate with the Sun IPL, not included with this distribution.
|
||||
-->
|
||||
|
||||
<!-- Sun IPL IDP, commented out by default -->
|
||||
<!--
|
||||
<lib:IDPDescriptor>
|
||||
<lib:ProviderID>http://localhost:8080/idp</lib:ProviderID>
|
||||
<ds:KeyInfo>
|
||||
<ds:KeyValue>
|
||||
<ds:RSAKeyValue>
|
||||
<ds:Modulus>sbYgCsImOgGr2Ynd3sp88UiIjKglM4nmNz+OdJJvJON5ov8ncuj9Gqnf0/huBASUW1fPFLoy9pGDydZlF4jneMp5PZ+7DjcZQrffiQkA+FO28CtviRgj1m8qGGHynP1XEoseBxHKYVtCmyvyN72q8zO6ANq/WdqSBB8hOqqtpFk=</ds:Modulus>
|
||||
<ds:Exponent>AQAB</ds:Exponent>
|
||||
</ds:RSAKeyValue>
|
||||
</ds:KeyValue>
|
||||
</ds:KeyInfo>
|
||||
<lib:SoapEndpoint>http://localhost:8080/idp/soap</lib:SoapEndpoint>
|
||||
<lib:SingleLogoutServiceURL>http://localhost:8080/idp/logout</lib:SingleLogoutServiceURL>
|
||||
<lib:SingleLogoutServiceReturnURL>http://localhost:8080/idp/logout-completion</lib:SingleLogoutServiceReturnURL>
|
||||
<lib:FederationTerminationServiceURL>http://localhost:8080/idp/fedterm</lib:FederationTerminationServiceURL>
|
||||
<lib:FederationTerminationServiceReturnURL>http://localhost:8080/idp/federate.jsp</lib:FederationTerminationServiceReturnURL>
|
||||
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</lib:FederationTerminationNotificationProtocolProfile>
|
||||
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</lib:FederationTerminationNotificationProtocolProfile>
|
||||
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-soap</lib:SingleLogoutProtocolProfile>
|
||||
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-http</lib:SingleLogoutProtocolProfile>
|
||||
<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</lib:RegisterNameIdentifierProtocolProfile>
|
||||
<lib:SingleSignOnServiceURL>http://localhost:8080/idp/authn</lib:SingleSignOnServiceURL>
|
||||
<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-post</lib:SingleSignOnProtocolProfile>
|
||||
<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-art</lib:SingleSignOnProtocolProfile>
|
||||
</lib:IDPDescriptor>
|
||||
-->
|
||||
|
||||
<!-- Sun IPL SP (1), commented out by default -->
|
||||
<!--
|
||||
<lib:SPDescriptor>
|
||||
<lib:ProviderID>http://localhost:8080/sp</lib:ProviderID>
|
||||
<ds:KeyInfo>
|
||||
<ds:KeyValue>
|
||||
<ds:RSAKeyValue>
|
||||
<ds:Modulus>sbYgCsImOgGr2Ynd3sp88UiIjKglM4nmNz+OdJJvJON5ov8ncuj9Gqnf0/huBASUW1fPFLoy9pGDydZlF4jneMp5PZ+7DjcZQrffiQkA+FO28CtviRgj1m8qGGHynP1XEoseBxHKYVtCmyvyN72q8zO6ANq/WdqSBB8hOqqtpFk=</ds:Modulus>
|
||||
<ds:Exponent>AQAB</ds:Exponent>
|
||||
</ds:RSAKeyValue>
|
||||
</ds:KeyValue>
|
||||
</ds:KeyInfo>
|
||||
<lib:SoapEndpoint>http://localhost:8080/sp/soap</lib:SoapEndpoint>
|
||||
<lib:SingleLogoutServiceURL>http://localhost:8080/sp/logout</lib:SingleLogoutServiceURL>
|
||||
<lib:SingleLogoutServiceReturnURL>http://localhost:8080/sp/logout-completion</lib:SingleLogoutServiceReturnURL>
|
||||
<lib:FederationTerminationServiceURL>http://localhost:8080/sp/fedterm</lib:FederationTerminationServiceURL>
|
||||
<lib:FederationTerminationServiceReturnURL>http://localhost:8080/sp/federate.jsp</lib:FederationTerminationServiceReturnURL>
|
||||
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</lib:FederationTerminationNotificationProtocolProfile>
|
||||
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</lib:FederationTerminationNotificationProtocolProfile>
|
||||
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</lib:SingleLogoutProtocolProfile>
|
||||
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</lib:SingleLogoutProtocolProfile>
|
||||
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http-get</lib:SingleLogoutProtocolProfile>
|
||||
<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</lib:RegisterNameIdentifierProtocolProfile>
|
||||
<lib:AssertionConsumerServiceURL>http://localhost:8080/sp/assertion</lib:AssertionConsumerServiceURL>
|
||||
<lib:AuthnRequestsSigned>false</lib:AuthnRequestsSigned>
|
||||
</lib:SPDescriptor>
|
||||
-->
|
||||
|
||||
<!-- Sun IPL SP (2), commented out by default -->
|
||||
<!--
|
||||
<lib:SPDescriptor>
|
||||
<lib:ProviderID>http://localhost:8080/sp2</lib:ProviderID>
|
||||
<ds:KeyInfo>
|
||||
<ds:KeyValue>
|
||||
<ds:RSAKeyValue>
|
||||
<ds:Modulus>sbYgCsImOgGr2Ynd3sp88UiIjKglM4nmNz+OdJJvJON5ov8ncuj9Gqnf0/huBASUW1fPFLoy9pGDydZlF4jneMp5PZ+7DjcZQrffiQkA+FO28CtviRgj1m8qGGHynP1XEoseBxHKYVtCmyvyN72q8zO6ANq/WdqSBB8hOqqtpFk=</ds:Modulus>
|
||||
<ds:Exponent>AQAB</ds:Exponent>
|
||||
</ds:RSAKeyValue>
|
||||
</ds:KeyValue>
|
||||
</ds:KeyInfo>
|
||||
<lib:SoapEndpoint>http://localhost:8080/sp2/soap</lib:SoapEndpoint>
|
||||
<lib:SingleLogoutServiceURL>http://localhost:8080/sp2/logout</lib:SingleLogoutServiceURL>
|
||||
<lib:SingleLogoutServiceReturnURL>http://localhost:8080/sp2/logout-completion</lib:SingleLogoutServiceReturnURL>
|
||||
<lib:FederationTerminationServiceURL>http://localhost:8080/sp2/fedterm</lib:FederationTerminationServiceURL>
|
||||
<lib:FederationTerminationServiceReturnURL>http://localhost:8080/sp2/federate.jsp</lib:FederationTerminationServiceReturnURL>
|
||||
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</lib:FederationTerminationNotificationProtocolProfile>
|
||||
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</lib:FederationTerminationNotificationProtocolProfile>
|
||||
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</lib:SingleLogoutProtocolProfile>
|
||||
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</lib:SingleLogoutProtocolProfile>
|
||||
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http-get</lib:SingleLogoutProtocolProfile>
|
||||
<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</lib:RegisterNameIdentifierProtocolProfile>
|
||||
<lib:AssertionConsumerServiceURL>http://localhost:8080/sp2/assertion</lib:AssertionConsumerServiceURL>
|
||||
<lib:AuthnRequestsSigned>false</lib:AuthnRequestsSigned>
|
||||
</lib:SPDescriptor>
|
||||
-->
|
||||
|
||||
|
||||
</ProviderDirectory>
|
||||
|
92
conf-sso/idp/sourceid-sso.xml
Normal file
92
conf-sso/idp/sourceid-sso.xml
Normal file
|
@ -0,0 +1,92 @@
|
|||
<?xml version="1.0"?>
|
||||
|
||||
<SourceID-SSO>
|
||||
<!-- See SourceID-SSO documentation for more detailed documentation for these options -->
|
||||
|
||||
<!--
|
||||
The unique ProviderID of this installation. The value here should appear in other sites'
|
||||
<SPDescriptor> or <IDPDescriptor> elements describing this site.
|
||||
-->
|
||||
<provider-id>Venice-SSO-IDP</provider-id>
|
||||
|
||||
<!--
|
||||
The role of this site with respect to the Liberty Protocol; valid values are "sp" and "idp".
|
||||
-->
|
||||
<provider-role>idp</provider-role>
|
||||
|
||||
<provider-directory>/WEB-INF/sourceid-sso-providers.xml</provider-directory>
|
||||
|
||||
<exception-handlers>
|
||||
<default>/defaultExceptionHandler.jsp</default>
|
||||
</exception-handlers>
|
||||
|
||||
<signing-key>
|
||||
<keystore-path>/WEB-INF/venice-idp.keystore</keystore-path>
|
||||
<keystore-password>thecheat</keystore-password>
|
||||
<key-alias>thatkey</key-alias>
|
||||
<key-password>strongbad</key-password>
|
||||
</signing-key>
|
||||
|
||||
<idp-authentication-uri>TODO</idp-authentication-uri>
|
||||
<idp-authn-lifespan>1800</idp-authn-lifespan>
|
||||
<idp-logout-render-page>TODO</idp-logout-render-page>
|
||||
<idp-logout-done-image>TODO</idp-logout-done-image>
|
||||
<idp-post-assertion-render-page>TODO</idp-post-assertion-render-page>
|
||||
|
||||
<!--
|
||||
Here, you may optionally specify a Session-context attribute which SourceID-SSO should remove whenever
|
||||
a user is logged off (either via a browser-based front-channel, or via a SOAP-based backchannel). SourceID-SSO
|
||||
will already cleanup it's own session tracking info for the user, effectively logging them out of SourceID-SSO.
|
||||
By putting an attribute key here, you can have SourceID-SSO log the user out of your application as well.
|
||||
Future versions of SourceID-SSO will also support JAAS-based login/logout.
|
||||
-->
|
||||
<remove-session-attribute-on-logout>dynamo.session</remove-session-attribute-on-logout>
|
||||
|
||||
<!--
|
||||
When generating or consuming assertions, tolerances for "Not Before" and "Not On or After" are encoded in the
|
||||
assertion document. Liberty Protocol recommends 1 minute for "Not Before", and 5 minutes for "Not On Or After".
|
||||
Enter the number of SECONDS for these tolerances below (default values should work).
|
||||
-->
|
||||
<assert-tolerance-not-before>60</assert-tolerance-not-before>
|
||||
<assert-tolerance-not-on-or-after>300</assert-tolerance-not-on-or-after>
|
||||
|
||||
<!--
|
||||
Here, set the AccountHandler implementation class. The default configuration
|
||||
is to use the "in-memory handler", which is really for demo and testing purposes only,
|
||||
as it does not connect to any actual persistent storage. The SourceID-SSO User's Guide
|
||||
describes how to implement an AccountHandler for your user directory. You may also use
|
||||
the provided JDBC Account Handler, with simple table mappings described in the file
|
||||
sourceid-sso-jdbc.xml. Or for LDAP access, use the JNDI Account Handler, with attribute
|
||||
mappings described in the file sourceid-sso-jndi.xml.
|
||||
-->
|
||||
<account-handler>com.silverwrist.venice.sourceid.VeniceAccountHandler</account-handler>
|
||||
|
||||
<artifact-handler>org.sourceid.sso.handlers.ArtifactHandlerInMemoryImpl</artifact-handler>
|
||||
|
||||
<!--
|
||||
If you plan to implement a LECP (Liberty-Enabled Client or Proxy) and run SourceID
|
||||
as an IDP, then you need to write an adaptor class for SourceID to acquire the currently
|
||||
authenticated userID "out of band". This is because the LECP profile specifies that
|
||||
IDP authentication occurs (you guessed it) "out of band". If you don't know what this
|
||||
is for, you almost certainly don't need it. The sample class below is for testing and
|
||||
illustration purposes only, do NOT deploy it in a production capacity (e.g. leave this
|
||||
commented out!).
|
||||
-->
|
||||
<!--
|
||||
<out-of-band-authn-handler>org.sourceid.sso.tests.OOBAuthnHandlerTest</out-of-band-authn-handler>
|
||||
-->
|
||||
|
||||
<!--
|
||||
To use the Identity Provider Introduction via Common Domain Cookie (Liberty Bindings and
|
||||
Profiles, section 3.6), then uncomment these lines and configure your Common Domain (which
|
||||
you share with your other Identity Providers and Service Providers), as well as the host
|
||||
name (INCLUDING PORT NUMBER IF NOT STANDARD) of this web application within that Common
|
||||
Domain. Commenting out these options will disable the Identity Provider Introduction
|
||||
protocol.
|
||||
-->
|
||||
<!--
|
||||
<common-domain>your-trust-circle-common-domain.com</common-domain>
|
||||
<common-domain-host>this-server.your-trust-circle-common-domain.com:8080</common-domain-host>
|
||||
-->
|
||||
|
||||
</SourceID-SSO>
|
BIN
conf-sso/idp/venice-idp.keystore
Normal file
BIN
conf-sso/idp/venice-idp.keystore
Normal file
Binary file not shown.
|
@ -21,7 +21,7 @@
|
|||
|
||||
<!-- Define the standard file appender. -->
|
||||
<appender name="STDLOG" class="org.apache.log4j.RollingFileAppender">
|
||||
<param name="File" value="@LOGDIR@/venice-sp.log"/>
|
||||
<param name="File" value="@LOGDIR@/venice-@WHICH@.log"/>
|
||||
<param name="Append" value="true"/>
|
||||
<param name="MaxFileSize" value="10MB"/>
|
||||
<param name="MaxBackupIndex" value="5"/>
|
|
@ -38,8 +38,6 @@
|
|||
will already cleanup it's own session tracking info for the user, effectively logging them out of SourceID-SSO.
|
||||
By putting an attribute key here, you can have SourceID-SSO log the user out of your application as well.
|
||||
Future versions of SourceID-SSO will also support JAAS-based login/logout.
|
||||
|
||||
The sample value below works for the sample JSP-based application distributed with SourceID-SSO.
|
||||
-->
|
||||
<remove-session-attribute-on-logout>dynamo.session</remove-session-attribute-on-logout>
|
||||
|
||||
|
|
25
venice-data-sso/idp/scripts/sourceid/errorHandler.js
Normal file
25
venice-data-sso/idp/scripts/sourceid/errorHandler.js
Normal file
|
@ -0,0 +1,25 @@
|
|||
// The contents of this file are subject to the Mozilla Public License Version 1.1
|
||||
// (the "License"); you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
|
||||
//
|
||||
// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
|
||||
// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
|
||||
// language governing rights and limitations under the License.
|
||||
//
|
||||
// The Original Code is the Venice Web Communities System.
|
||||
//
|
||||
// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
|
||||
// for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
|
||||
// Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
|
||||
//
|
||||
// Contributor(s):
|
||||
|
||||
importPackage(Packages.com.silverwrist.dynamo.iface);
|
||||
importPackage(Packages.com.silverwrist.dynamo.util);
|
||||
importPackage(Packages.com.silverwrist.venice.content);
|
||||
|
||||
req = bsf.lookupBean("request"); // get request
|
||||
rhelp = bsf.lookupBean("request_help"); // get request helper
|
||||
|
||||
ex = cast.toThrowable(rhelp.getChainParameter("javax.servlet.jsp.jspException"));
|
||||
dynamo.scriptReturn(new ErrorBox("Captured SourceID Error",ex));
|
Loading…
Reference in New Issue
Block a user