cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r823098 - in /websites/production/cxf/content: cache/docs.pageCache docs/saml-web-sso.html
Date Mon, 25 Jun 2012 11:47:58 GMT
Author: buildbot
Date: Mon Jun 25 11:47:58 2012
New Revision: 823098

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/saml-web-sso.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/saml-web-sso.html
==============================================================================
--- websites/production/cxf/content/docs/saml-web-sso.html (original)
+++ websites/production/cxf/content/docs/saml-web-sso.html Mon Jun 25 11:47:58 2012
@@ -125,7 +125,7 @@ Apache CXF -- SAML Web SSO
 
 
 <div>
-<ul><li><a shape="rect" href="#SAMLWebSSO-Introduction">Introduction</a></li><ul><li><a
shape="rect" href="#SAMLWebSSO-TypicalFlow">Typical Flow</a></li></ul><li><a
shape="rect" href="#SAMLWebSSO-Mavendependencies">Maven dependencies</a></li><li><a
shape="rect" href="#SAMLWebSSO-IdentityProvider">Identity Provider</a></li><li><a
shape="rect" href="#SAMLWebSSO-RequestAssertionSecurityService">Request Assertion Security
Service</a></li><li><a shape="rect" href="#SAMLWebSSO-ApplicationSecurityFilter">Application
Security Filter</a></li><li><a shape="rect" href="#SAMLWebSSO-SSOStateProvider">SSO
State Provider</a></li></ul></div>
+<ul><li><a shape="rect" href="#SAMLWebSSO-Introduction">Introduction</a></li><ul><li><a
shape="rect" href="#SAMLWebSSO-TypicalFlow">Typical Flow</a></li></ul><li><a
shape="rect" href="#SAMLWebSSO-Mavendependencies">Maven dependencies</a></li><li><a
shape="rect" href="#SAMLWebSSO-IdentityProvider">Identity Provider</a></li><li><a
shape="rect" href="#SAMLWebSSO-ApplicationSecurityFilter">Application Security Filter</a></li><li><a
shape="rect" href="#SAMLWebSSO-RequestAssertionSecurityService">Request Assertion Security
Service</a></li><li><a shape="rect" href="#SAMLWebSSO-SSOStateProvider">SSO
State Provider</a></li></ul></div>
 
 <h1><a shape="rect" name="SAMLWebSSO-Introduction"></a>Introduction</h1>
 
@@ -137,7 +137,7 @@ Apache CXF -- SAML Web SSO
 
 <p>The following components are required to get SSO supported:</p>
 
-<ul class="alternate" type="square"><li>Identity Provider (IDP) supporting SAML
SSO</li><li>Request Assertion Consumer Service (RACS)</li><li>Application
Security Filter</li><li>SSO State Provider</li></ul>
+<ul class="alternate" type="square"><li>Identity Provider (IDP) supporting SAML
SSO</li><li>Request Assertion Consumer Service (RACS)</li><li>Service
Provider Security Filter</li><li>SSO State Provider</li></ul>
 
 
 <p>The following sections will describe these components in more details</p>
@@ -147,13 +147,13 @@ Apache CXF -- SAML Web SSO
 <p>Typically, the following flow represents the way SAML SSO is enforced:</p>
 
 <p>1. User accesses a custom application for the first time<br clear="none">
-2. Application Security Filter checks if the security context is available <br clear="none">
+2. Service Provider Security Filter checks if the security context is available <br clear="none">
    and redirects the user to IDP with a SAML SSO request<br clear="none">
 3. IDP challenges the user with the authentication dialog and redirects the user to<br
clear="none">
    Request Assertion Consumer Service (RACS) after the user has authenticated<br clear="none">
 4. RACS validates the response from IDP, establishes a security context and redirects the
user <br clear="none">
    to the original application endpoint<br clear="none">
-5. Application Security Filter enforces that a valid security context is available and lets
the user<br clear="none">
+5. Service Provider Security Filter enforces that a valid security context is available and
lets the user<br clear="none">
    access the custom application.</p>
 
 <h1><a shape="rect" name="SAMLWebSSO-Mavendependencies"></a>Maven dependencies</h1>
@@ -169,8 +169,17 @@ Apache CXF -- SAML Web SSO
 </div></div>
 
 <h1><a shape="rect" name="SAMLWebSSO-IdentityProvider"></a>Identity Provider</h1>
-<h1><a shape="rect" name="SAMLWebSSO-RequestAssertionSecurityService"></a>Request
Assertion Security Service</h1>
+
+<p>Identity Provider (IDP) is the service which accepts the redirect requests from
application security filters, authenticates users and redirects them back to Request Assertion
Security Service.</p>
+
+<p>CXF does not offer its own IDP SAML Web SSO implementation but might provide it
in the future as part of the <a shape="rect" href="http://cxf.apache.org/fediz.html">Fediz</a>
project.</p>
+
+<p>However, CXF has been tested against a number of popular IDP implementations which
support SAML SSO and thus should be interoperable with whatever IDP is being used in the specific
production environment. The interoperability tests have shown that some IDPs may process SAML
request and produce SAML response data the way which may not be exactly specification-compliant
and thus CXF Request Assertion Consumer Service (RACS) and Service Provider Security Filter
implementations have a number of configuration properties for adjusting the way SAML requests
to IDP are prepared and SAML responsed from IDP are processed.</p>
+
 <h1><a shape="rect" name="SAMLWebSSO-ApplicationSecurityFilter"></a>Application
Security Filter</h1>
+
+<h1><a shape="rect" name="SAMLWebSSO-RequestAssertionSecurityService"></a>Request
Assertion Security Service</h1>
+
 <h1><a shape="rect" name="SAMLWebSSO-SSOStateProvider"></a>SSO State Provider</h1></div>
            </div>
            <!-- Content -->



Mime
View raw message