Return-Path: 
 <commits-return-20654-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 6FB4395CE
	for <apmail-cxf-commits-archive@www.apache.org>;
 Mon, 25 Jun 2012 12:05:33 +0000 (UTC)
Received: (qmail 81909 invoked by uid 500); 25 Jun 2012 11:48:42 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 81654 invoked by uid 500); 25 Jun 2012 11:48:31 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 81385 invoked by uid 99); 25 Jun 2012 11:48:21 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Jun 2012 11:48:21 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Jun 2012 11:48:18 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id E3AD523889E0
	for <commits@cxf.apache.org>; Mon, 25 Jun 2012 11:47:58 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r823098 - in /websites/production/cxf/content:
 cache/docs.pageCache docs/saml-web-sso.html
Date: Mon, 25 Jun 2012 11:47:58 -0000
To: commits@cxf.apache.org
From: buildbot@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20120625114758.E3AD523889E0@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: buildbot
Date: Mon Jun 25 11:47:58 2012
New Revision: 823098

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/saml-web-sso.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/saml-web-sso.html
==============================================================================
--- websites/production/cxf/content/docs/saml-web-sso.html (original)
+++ websites/production/cxf/content/docs/saml-web-sso.html Mon Jun 25 11:47:58 2012
@@ -125,7 +125,7 @@ Apache CXF -- SAML Web SSO
 
 
 <div>
-<ul><li><a shape="rect" href="#SAMLWebSSO-Introduction">Introduction</a></li><ul><li><a shape="rect" href="#SAMLWebSSO-TypicalFlow">Typical Flow</a></li></ul><li><a shape="rect" href="#SAMLWebSSO-Mavendependencies">Maven dependencies</a></li><li><a shape="rect" href="#SAMLWebSSO-IdentityProvider">Identity Provider</a></li><li><a shape="rect" href="#SAMLWebSSO-RequestAssertionSecurityService">Request Assertion Security Service</a></li><li><a shape="rect" href="#SAMLWebSSO-ApplicationSecurityFilter">Application Security Filter</a></li><li><a shape="rect" href="#SAMLWebSSO-SSOStateProvider">SSO State Provider</a></li></ul></div>
+<ul><li><a shape="rect" href="#SAMLWebSSO-Introduction">Introduction</a></li><ul><li><a shape="rect" href="#SAMLWebSSO-TypicalFlow">Typical Flow</a></li></ul><li><a shape="rect" href="#SAMLWebSSO-Mavendependencies">Maven dependencies</a></li><li><a shape="rect" href="#SAMLWebSSO-IdentityProvider">Identity Provider</a></li><li><a shape="rect" href="#SAMLWebSSO-ApplicationSecurityFilter">Application Security Filter</a></li><li><a shape="rect" href="#SAMLWebSSO-RequestAssertionSecurityService">Request Assertion Security Service</a></li><li><a shape="rect" href="#SAMLWebSSO-SSOStateProvider">SSO State Provider</a></li></ul></div>
 
 <h1><a shape="rect" name="SAMLWebSSO-Introduction"></a>Introduction</h1>
 
@@ -137,7 +137,7 @@ Apache CXF -- SAML Web SSO
 
 <p>The following components are required to get SSO supported:</p>
 
-<ul class="alternate" type="square"><li>Identity Provider (IDP) supporting SAML SSO</li><li>Request Assertion Consumer Service (RACS)</li><li>Application Security Filter</li><li>SSO State Provider</li></ul>
+<ul class="alternate" type="square"><li>Identity Provider (IDP) supporting SAML SSO</li><li>Request Assertion Consumer Service (RACS)</li><li>Service Provider Security Filter</li><li>SSO State Provider</li></ul>
 
 
 <p>The following sections will describe these components in more details</p>
@@ -147,13 +147,13 @@ Apache CXF -- SAML Web SSO
 <p>Typically, the following flow represents the way SAML SSO is enforced:</p>
 
 <p>1. User accesses a custom application for the first time<br clear="none">
-2. Application Security Filter checks if the security context is available <br clear="none">
+2. Service Provider Security Filter checks if the security context is available <br clear="none">
    and redirects the user to IDP with a SAML SSO request<br clear="none">
 3. IDP challenges the user with the authentication dialog and redirects the user to<br clear="none">
    Request Assertion Consumer Service (RACS) after the user has authenticated<br clear="none">
 4. RACS validates the response from IDP, establishes a security context and redirects the user <br clear="none">
    to the original application endpoint<br clear="none">
-5. Application Security Filter enforces that a valid security context is available and lets the user<br clear="none">
+5. Service Provider Security Filter enforces that a valid security context is available and lets the user<br clear="none">
    access the custom application.</p>
 
 <h1><a shape="rect" name="SAMLWebSSO-Mavendependencies"></a>Maven dependencies</h1>
@@ -169,8 +169,17 @@ Apache CXF -- SAML Web SSO
 </div></div>
 
 <h1><a shape="rect" name="SAMLWebSSO-IdentityProvider"></a>Identity Provider</h1>
-<h1><a shape="rect" name="SAMLWebSSO-RequestAssertionSecurityService"></a>Request Assertion Security Service</h1>
+
+<p>Identity Provider (IDP) is the service which accepts the redirect requests from application security filters, authenticates users and redirects them back to Request Assertion Security Service.</p>
+
+<p>CXF does not offer its own IDP SAML Web SSO implementation but might provide it in the future as part of the <a shape="rect" href="http://cxf.apache.org/fediz.html">Fediz</a> project.</p>
+
+<p>However, CXF has been tested against a number of popular IDP implementations which support SAML SSO and thus should be interoperable with whatever IDP is being used in the specific production environment. The interoperability tests have shown that some IDPs may process SAML request and produce SAML response data the way which may not be exactly specification-compliant and thus CXF Request Assertion Consumer Service (RACS) and Service Provider Security Filter implementations have a number of configuration properties for adjusting the way SAML requests to IDP are prepared and SAML responsed from IDP are processed.</p>
+
 <h1><a shape="rect" name="SAMLWebSSO-ApplicationSecurityFilter"></a>Application Security Filter</h1>
+
+<h1><a shape="rect" name="SAMLWebSSO-RequestAssertionSecurityService"></a>Request Assertion Security Service</h1>
+
 <h1><a shape="rect" name="SAMLWebSSO-SSOStateProvider"></a>SSO State Provider</h1></div>
            </div>
            <!-- Content -->