-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification
5.6.4. Configure Service Provider
The Service Provider (SP) can be a JBoss EAP server instance.
Procedure 5.2. Configure Service Provider (SP)
Configure the Web Application Security For the SP
The web application to be configured as a SP should have FORM based security enabled in its web.xml file.Example 5.9. web.xml Configuration for SP
<display-name>IDP</display-name> <description>IDP</description> <!-- Define a security constraint that gives unlimited access to images --> <security-constraint> <web-resource-collection> <web-resource-name>Images</web-resource-name> <url-pattern>/images/*</url-pattern> </web-resource-collection> </security-constraint> <!-- Define a Security Constraint on this Application --> <security-constraint> <web-resource-collection> <web-resource-name>IDP</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>manager</role-name> </auth-constraint> </security-constraint> <!-- Define the Login Configuration for this Application --> <login-config> <auth-method>FORM</auth-method> <realm-name>IDP Application</realm-name> <form-login-config> <form-login-page>/jsp/login.jsp</form-login-page> <form-error-page>/jsp/loginerror.jsp</form-error-page> </form-login-config> </login-config> <!-- Security roles referenced by this web application --> <security-role> <description> The role that is required to log in to the IDP Application </description> <role-name>manager</role-name> </security-role> </web-app>
Configure the SP Valve
To configure the valve for the SP, create acontext.xml
in the WEB-INF directory of your SP web application.Example 5.10. context.xml File Configuration for IDP Valves
<Context> <Valve className="org.jboss.identity.federation.bindings.tomcat.sp.SPRedirectSignatureFormAuthenticator" /> </Context>
Configure the PicketLink Federation configuration file (picketlink-idfed.xml)
Configurepicketlink-idfed.xml
in WEB-INF of your IDP web application. In this configuration file you provide the URL that gets added as the issuer in the outgoing SAML2 assertions to the Service Providers and the IDP. The following is an example ofpicketlink-idfed.xml
configuration.Example 5.11. picketlink-idfed.xml Configuration
<PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:1.0" > <IdentityURL>http://localhost:8080/idp/</IdentityURL> </PicketLinkIDP
Configure the PicketLink Federation Handlers file (
picketlink-handlers.xml
)Configurepicketlink-handlers.xml
in WEB-INF of your SP web application.Example 5.12. Configure picketlink-handlers.xml
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:1.0"> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"/> </Handlers>
Note
Retain the order in which the handlers are listed.