Changes between Version 7 and Version 8 of Aaa
- Timestamp:
- Oct 5, 2010, 12:08:51 PM (14 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Aaa
v7 v8 82 82 ==== Configure ==== 83 83 The configuration files are located in /WEB-INF within the WAR file. The Spring Security and authentication filters are configured in applicationContext-security.xml. The rest of the code is configured in applicationContext.xml. However, many of the properties set in the Spring context can configured in the properties files located in /WEB-INF/classes. 84 85 84 ===== Keystore ===== 86 85 The AAA Service requires a JKS keystore that contains a private key. This is the key that will be used to sign all SAML objects such as requests. A keystore can be generated using the Java Keytool. Instructions here: http://wiki.eclipse.org/Generating_a_Private_Key_and_a_Keystore … … 91 90 ||key.alias||Certificate alias to be used for signing objects|| 92 91 ||key.pass||Password for the certificate alias|| 93 94 92 ===== Metadata ===== 95 93 The exchange of SAML metadata is the first stage in enabling SAML single sign-on. Entities that wish to establish trust with the hosted AAA Service will need to exchange metadata. Therefore the STS used by the AAA Service to generate tokens must have the metadata for the AAA Service. Similarly, the AAA Service must have the metadata for the STS. The metadata follows the SAML 2.0 Metadata specification [1]. Metadata for the AAA Service should be created by hand or in the same way as for the STS above. 96 97 94 In addition, the following properties must be set in metadata.properties 98 95 ||=Property=||=Description=|| … … 100 97 ||sts.request.uri||URI on the STS to which requests for tokens should be sent|| 101 98 ||aaaservice.uri||Location of the hosted AAA Service|| 102 103 99 ===== Trusted Entity Register ===== 104 100 The Trusted Entity Register contains the metadata for all trusted Service Providers and trusted STSs. It is configured in the metadataProvider bean in applicationContext-saml.xml. 105 101 To register a trusted entity, you will need the metadata for that entity either in a file or as a URL. The default metadata files are stored in /WEB-INF/classes/trustedEntities. Configure a bean for each trusted entity using the org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider class for metadata contained in a file or the org.opensaml.saml2.metadata.provider.HTTPMetadataProvider class for metadata as a URL. 106 107 102 ===== Accounting ===== 108 103 The database used for storing the accounting data may be configured by changing the following properties in application.properties. 109 104 ||=Property=||=Description=|| 110 ||jdbc.driverClassName||The fully qualified Java class 105 ||jdbc.driverClassName||The fully qualified Java classname of the JDBC driver to be used|| 111 106 ||jdbc.url||The connection URL to be passed to the JDBC driver to establish a connection|| 112 107 ||jdbc.username||The connection username to be passed to the JDBC driver to establish a connection|| 113 108 ||jdbc.password||The connection password to be passed to the JDBC driver to establish a connection|| 114 ||hibernate.dialect||The classname of a org.hibernate.dialect.Dialect which allows Hibernate to generate SQL optimised for a particulat relational database|| 115 109 ||hibernate.dialect||The classname of a org.hibernate.dialect.Dialect which allows Hibernate to generate SQL optimised for a particular relational database|| 116 110 The AAA Service requires the following permissions for the database: 117 111 * Create … … 120 114 * Select 121 115 * Insert 122 123 116 === Management === 124 117 ==== Handling access controlled entities ====