Skip to content
Permalink
Browse files
Switched keys README to a more readable HTML format.
git-svn-id: https://svn.apache.org/repos/asf/cxf/fediz/trunk@1360912 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
Glen Mazza committed Jul 12, 2012
1 parent f487c1e commit a943c6f3c99f9c32bae2d3bb57bce96f56926eba
Show file tree
Hide file tree
Showing 5 changed files with 71 additions and 99 deletions.
@@ -4,12 +4,12 @@ Building Apache CXF Fediz
Initial Setup
-------------

1) Install J2SE 6.0 SDK, which can be downloaded from
http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javase6-419409.html
1) Install J2SE 6 or 7 SDK, which can be downloaded from
http://www.oracle.com/technetwork/java/javase/downloads/index.html

2) Make sure that your JAVA_HOME environment variable is set to the newly installed
JDK location, and that your PATH includes %JAVA_HOME%\bin (windows) or
$JAVA_HOME$/bin (unix).
JDK location, and that your PATH includes %JAVA_HOME%\bin (Windows) or
$JAVA_HOME$/bin (*nix).

3) Install Maven 2.2.1 or newer, which can be downloaded from
http://maven.apache.org/download.html. Make sure that your PATH includes
@@ -21,33 +21,32 @@ Building

1) Change to the top level directory of Apache CXF Fediz source distribution.
2) Run
$> mvn.
$> mvn clean install
This will compile Apache CXF Fediz and run all of the tests in the Apache CXF Fediz source
distribution. Alternatively, you can run
$> mvn -Pfastinstall.
This will compile Apache CXF Fediz without running the tests and takes less
time to build.
Depending on the load of remote Maven repositories, you may have
to run "mvn" several times utill the required dependencies are
all located in your local maven repository. It usually takes some time for
maven to download required dependencies in the first build.
to run "mvn" multiple times until the required dependencies are
all located in your local Maven repository. It usually takes some time for
Maven to download required dependencies in the first build.


Source Directory structure
--------------------------

+ plugins contains the sources of the federation plugin
+ plugins contains the sources of the Federation plugin
+ core the core module contains the majority of functionality which is Servlet container agnostic
+ tomcat the tomcat module is the bridge of the core to the tomcat specific security engine
+ tomcat the Tomcat module is the bridge of the core to the Tomcat specific security engine

+ services contains the sources of the Identity Provider
+ sts the sts module contains the configured CXF STS which supports the usecases for Federation
+ idp the idp module is the bridge of the STS to a WS-Trust/SOAP unaware browser
+ sts the STS module contains the configured CXF STS which supports the Federation use cases
+ idp the IDP module is the bridge of the STS to a WS-Trust/SOAP unaware browser

+ examples
+ simpleWebapp this example shows how to protect a simple web application using the fediz plugin
+ simpleWebapp this example shows how to protect a simple web application using the Fediz plugin
+ wsclientWebapp this example shows how a protected web application calls a web service protected by the STS
+ webapp contains the web application
+ webservice contains the web services implementation


@@ -1,6 +1,6 @@
Welcome to Apache CXF Fediz!
============================
Fediz helps you to secure your web applications and delegates security enforcement
Fediz helps you secure your web applications by delegating security enforcement
to the underlying application server. With Fediz, authentication is externalized
from your web application to an identity provider installed as a dedicated server component.
The supported standard is WS-Federation 1.2 Passive Requestor Profile.
@@ -48,14 +48,14 @@ software:
Getting Started
===============

For an Apache CXF Fediz source distribution, please read BUILDING.txt for
instructions on building Apache CXF Fediz.
For an Apache CXF Fediz source distribution, please read BUILDING.txt
in this folder for instructions on building Apache CXF Fediz.

For an Apache CXF Fediz binary distribution, please read release_notes.txt
for installation instructions and list of supported and unsupported
features.

Alternatively, you can also find out how to get started here:
Check the Fediz website for the latest news:
http://cxf.apache.org/fediz.html

If you need more help try talking to us on our mailing lists:
@@ -73,4 +73,3 @@ Thank you for using CXF Fediz!

The Apache CXF Team
http://cxf.apache.org/

@@ -0,0 +1,44 @@
<html>
<head/>
<body>
<p>The below lists the sample sample (<strong>non-production use!</strong>) self-signed keystores used in running the FEDIZ samples.
Don't use the provided keystores in production--everyone has them! At a minimum, regenerate new keys using the scripts (with different
passwords) below. These will be just self-signed keys however, for real production use having third-party signed CA keys
is recommended.</p>

<table border="1" bgcolor="#FFFFCC" align="center">
<tr bgcolor="#FFCCCC">
<th>Keystore (Password)</th><th>Alias (Password)</th><th>Location</th><th>Creation Script Used</th><th>Needs to trust</th><th>Is trusted by</th></tr>
<tr><td colspan="6"><strong><em>Tomcat Keystores: The Tomcat keys can be simply placed in the root folder of each Tomcat installation. They are used to configure SSL for the Tomcat instances as described here: <a href="http://cxf.apache.org/fediz-tomcat.html">http://cxf.apache.org/fediz-tomcat.html</a>. For Tomcat keys only, the keystore password and the private key password needs to be the same.</em></strong></tr>
<tr><td>tomcat-idp.jks (tompass)</td><td>mytomidpkey (tompass)</td><td>base folder of Tomcat instance holding the IDP and IDP STS</td>
<td><code>keytool -genkeypair -validity 730 -alias mytomidpkey -keystore tomcat-idp.jks -dname "cn=localhost" -keypass tompass -storepass tompass</code><br/><br/><code>keytool -keystore tomcat-idp.jks -storepass tompass -export -alias mytomidpkey -file MyTCIDP.cer</code></td>
<td>Nobody</td><td>IDP app</td></tr>
<tr><td>tomcat-rp.jks (tompass)</td><td>mytomrpkey (tompass)</td><td>base folder of Tomcat instance holding the relying party applications for both samples (simpleWebapp and wsclientWebapp)</td>
<td><code>keytool -genkeypair -validity 730 -alias mytomrpkey -keystore tomcat-rp.jks -dname "cn=localhost" -keypass tompass -storepass tompass</code></td>
<td>Nobody</td><td>Nobody</td></tr>
<tr><td>tomcat-wsp.jks (tompass)</td><td>mytomwspkey (tompass)</td><td>base folder of Tomcat instance holding the web service provider in the second (wsClientWebapp) sample</td>
<td><code>keytool -genkeypair -validity 730 -alias mytomwspkey -keystore tomcat-wsp.jks -dname "cn=localhost" -keypass tompass -storepass tompass</code><br/><br/><code>keytool -keystore tomcat-wsp.jks -storepass tompass -export -alias mytomwspkey -file MyTCWSP.cer</code></td>
<td>Nobody</td><td>wsclientWebapp's webapp module</td></tr>
<tr><td colspan="6"><strong><em>Service Keystores: These Fediz services form the core of the product and can be used with both the sample webapps provided and of course your own web applications.</em></strong></tr>
<tr><td>idpstore.jks (ispass)</td><td>myidpkey (ikpass)</td><td>services/idp/src/main/resources/idpstore.jks</td>
<td><code>keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730 -alias myidpkey -keypass ikpass -storepass ispass -keystore idpstore.jks</code><br/><br/><code>keytool -import -trustcacerts -keystore idpstore.jks -storepass ispass -alias mytomidpkey -file MyTCIDP.cer -noprompt</code><br/><br/><code>keytool -export -rfc -keystore idpstore.jks -storepass ispass -alias myidpkey -file MyIDP.cer</code></td>
<td>mytomidpkey (because of SSL call to IDP STS)</td><td>IDP STS</td></tr>
<tr><td>stsstore.jks (stsspass)</td><td>mystskey (stskpass)</td><td>services/sts/src/main/resources/stsstore.jks</td>
<td><code>
keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730 -alias mystskey -keypass stskpass -storepass stsspass -keystore stsstore.jks<br/><br/>
keytool -import -trustcacerts -keystore stsstore.jks -storepass stsspass -alias myidpkey -file MyIDP.cer -noprompt<br/><br/>
keytool -export -rfc -keystore stsstore.jks -storepass stsspass -alias mystskey -file MySTS.cer
</code>
</td>
<td>myidpkey (because of X.509 auth between IDP and IDP STS)</td><td>wsclientWebapp's webservice</td></tr>
<tr><td colspan="6"><strong><em>Sample Keystores: No production value, just used for running the "wsclientWebapp" sample provided with Fediz. (simpleWebapp has/uses no keys).</em></strong></tr>
<tr><td>webappKeystore.jks (waspass)</td><td>mywakey (wakpass)</td><td>examples/wsclientWebapp/webapp/src/main/resources/webappKeystore.jks</td>
<td><code>keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730 -alias mywakey -keypass wakpass -storepass waspass -keystore webappKeystore.jks<br/><br/>
keytool -import -trustcacerts -keystore webappKeystore.jks -storepass waspass -alias mytomidpkey -file MyTCIDP.cer -noprompt<br/><br/>
keytool -import -trustcacerts -keystore webappKeystore.jks -storepass waspass -alias mytomwspkey -file MyTCWSP.cer -noprompt<br/><br/>
</code></td>
<td>mytomidpkey (to access IDP STS via HTTPS, mytomwspkey (to access web service via HTTPS)</td><td>Nobody</td></tr>
<tr><td>webserviceKeystore.jks (wsspass)</td><td>N/A (no key, just a truststore)</td><td>examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.jks</td>
<td><code>keytool -import -trustcacerts -keystore webserviceKeystore.jks -storepass wsspass -alias mystskey -file MySTS.cer -noprompt</code></td>
<td>IDP STS (signature verification)</td><td>Nobody</td></tr>
</table>

This file was deleted.

@@ -18,31 +18,36 @@ provides the following features:
Before installing Apache CXF Fediz, make sure the following products,
with the specified versions, are installed on your system:

* Java 6 Development Kit
* Java 6 or 7 Development Kit
* Apache Maven 2.2.1 or 3.x to build the samples


3. Building the Samples

Building the samples included in the binary distribution is easy. Change to
the examples directory and follow the build instructions in the README.txt file
included with each sample.

4. Replacing provided keystores

The sample keystores provided are fine for development and prototyping use
but make sure to replace them for any production use, see
see examples/samplekeys/HowToGenerateKeysREADME.html for key generation
information.

4. Reporting Problems
5. Reporting Problems

If you have any problems or want to send feedback of any kind, please e-mail the
CXF user list, users@cxf.apache.org. You can also file issues in JIRA at:

http://issues.apache.org/jira/browse/FEDIZ


5. Migration notes:
6. Migration notes:

N.A.


6. Specific issues, features, and improvements fixed in this version
7. Specific issues, features, and improvements fixed in this version

** Bug

@@ -55,4 +60,3 @@ N.A.
** Test



0 comments on commit a943c6f

Please sign in to comment.