Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Relying Party Enablement Servlet Implementation"
m |
(→Configuration) |
||
| Line 14: | Line 14: | ||
== Configuration == | == Configuration == | ||
| + | Configuration of a web application to use the relying party enablement servlet requires some changes to the web deployment file (web.xml), configuration parameters for the authentication protocol handler configured in the deployment file and creation of a login page to be displayed to the user of the application. | ||
| + | |||
| + | 1. Additions to the web application deployment file (WebContent/WEB-INF/web.xml) | ||
| + | |||
| + | In the servlet implementation, authentication is performed through a servlet filter. There are 2 filters that need to be configured, one for login and one for logout. The following lines should be added to the web.xml file inside the <web-app> element: | ||
| + | <pre> | ||
| + | <web-app ......> | ||
| + | <filter> | ||
| + | <filter-name>AuthenticationFilter</filter-name> | ||
| + | <filter-class>org.eclipse.higgins.rp.servlet.server.AuthNFilter</filter-class> | ||
| + | </filter> | ||
| + | <filter-mapping> | ||
| + | <filter-name>AuthenticationFilter</filter-name> | ||
| + | <url-pattern>/protected/index.jsp</url-pattern> | ||
| + | </filter-mapping> | ||
| + | <servlet> | ||
| + | <description>Logout servlet for filter</description> | ||
| + | <display-name>Logout</display-name> | ||
| + | <servlet-name>Logout</servlet-name> | ||
| + | <servlet-class> | ||
| + | org.eclipse.higgins.rp.servlet.server.Logout</servlet-class> | ||
| + | </servlet> | ||
| + | <servlet-mapping> | ||
| + | <servlet-name>Logout</servlet-name> | ||
| + | <url-pattern>/Logout</url-pattern> | ||
| + | </servlet-mapping> | ||
| + | ... | ||
| + | </web-app> | ||
| + | </pre> | ||
| + | |||
| + | The following servlet context parmaters are configured to define the types of tokens supported, the authentication protocol handlers to configure and the properties file to use for the authentication protocol handlers. | ||
| + | <pre> | ||
| + | <web-app ......> | ||
| + | ... | ||
| + | <context-param> | ||
| + | <param-name>TokenTypes</param-name> | ||
| + | <param-value>urn:oasis:names:tc:SAML:1.0:assertion</param-value> | ||
| + | </context-param> | ||
| + | <context-param> | ||
| + | <param-name>RootCertUrl</param-name> | ||
| + | <param-value>TestRoot.cer</param-value> | ||
| + | </context-param> | ||
| + | <context-param> | ||
| + | <param-name>RequiredClaims</param-name> | ||
| + | <param-value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier</param-value> | ||
| + | </context-param> | ||
| + | <context-param> | ||
| + | <param-name>OptionalClaims</param-name> | ||
| + | <param-value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender http://schemas.xmlsoap.org/ws/2005/05/identity/claims/website http://burtongroup.com/interop/2007/05/identity/cameratype http://burtongroup.com/interop/2007/05/identity/group http://burtongroup.com/interop/2007/05/identity/groupRole http://sts.labs.live.com/2006/06/claims/nickname http://www.bandit-project.org/identity/claims/groupmembership http://www.ibmidentitydemo.com/claims/assurancelevel</param-value> | ||
| + | </context-param> | ||
| + | <context-param> | ||
| + | <param-name>PrivacyUrl</param-name> | ||
| + | <param-value>https://localhost/RelyingPartyDemoApp2/Privacy.txt</param-value> | ||
| + | </context-param> | ||
| + | <context-param> | ||
| + | <param-name>AuthProtocolHandlers</param-name> | ||
| + | <param-value>org.eclipse.higgins.rp.icard.ICardProtocolHandler</param-value> | ||
| + | </context-param> | ||
| + | <context-param> | ||
| + | <param-name>urn:oasis:names:tc:SAML:1.0:assertionProperties</param-name> | ||
| + | <param-value>/icard.properties</param-value> | ||
| + | </context-param> | ||
| + | ... | ||
| + | </web-app> | ||
| + | </pre> | ||
== Links == | == Links == | ||
* [http://eclipse.org/higgins Higgins Home] | * [http://eclipse.org/higgins Higgins Home] | ||
Revision as of 17:09, 22 January 2008
This is a servlet container implementation of the Relying Party Interface
Details
- Language: Java
- Packaging: JAR
Plans
- The returned attributes are current stored in the session. The plan is to store the information as part of a JAAS Subject.
Service
- Authentication filter for protected resource. Initializes the authentication protocol handler specified in web.xml.
API
Configuration
Configuration of a web application to use the relying party enablement servlet requires some changes to the web deployment file (web.xml), configuration parameters for the authentication protocol handler configured in the deployment file and creation of a login page to be displayed to the user of the application.
1. Additions to the web application deployment file (WebContent/WEB-INF/web.xml)
In the servlet implementation, authentication is performed through a servlet filter. There are 2 filters that need to be configured, one for login and one for logout. The following lines should be added to the web.xml file inside the <web-app> element:
<web-app ......> <filter> <filter-name>AuthenticationFilter</filter-name> <filter-class>org.eclipse.higgins.rp.servlet.server.AuthNFilter</filter-class> </filter> <filter-mapping> <filter-name>AuthenticationFilter</filter-name> <url-pattern>/protected/index.jsp</url-pattern> </filter-mapping> <servlet> <description>Logout servlet for filter</description> <display-name>Logout</display-name> <servlet-name>Logout</servlet-name> <servlet-class> org.eclipse.higgins.rp.servlet.server.Logout</servlet-class> </servlet> <servlet-mapping> <servlet-name>Logout</servlet-name> <url-pattern>/Logout</url-pattern> </servlet-mapping> ... </web-app>
The following servlet context parmaters are configured to define the types of tokens supported, the authentication protocol handlers to configure and the properties file to use for the authentication protocol handlers.
<web-app ......> ... <context-param> <param-name>TokenTypes</param-name> <param-value>urn:oasis:names:tc:SAML:1.0:assertion</param-value> </context-param> <context-param> <param-name>RootCertUrl</param-name> <param-value>TestRoot.cer</param-value> </context-param> <context-param> <param-name>RequiredClaims</param-name> <param-value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier</param-value> </context-param> <context-param> <param-name>OptionalClaims</param-name> <param-value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender http://schemas.xmlsoap.org/ws/2005/05/identity/claims/website http://burtongroup.com/interop/2007/05/identity/cameratype http://burtongroup.com/interop/2007/05/identity/group http://burtongroup.com/interop/2007/05/identity/groupRole http://sts.labs.live.com/2006/06/claims/nickname http://www.bandit-project.org/identity/claims/groupmembership http://www.ibmidentitydemo.com/claims/assurancelevel</param-value> </context-param> <context-param> <param-name>PrivacyUrl</param-name> <param-value>https://localhost/RelyingPartyDemoApp2/Privacy.txt</param-value> </context-param> <context-param> <param-name>AuthProtocolHandlers</param-name> <param-value>org.eclipse.higgins.rp.icard.ICardProtocolHandler</param-value> </context-param> <context-param> <param-name>urn:oasis:names:tc:SAML:1.0:assertionProperties</param-name> <param-value>/icard.properties</param-value> </context-param> ... </web-app>