cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oliver Wulff (Confluence)" <>
Subject [CONF] Apache CXF > Migration Guide 1.1
Date Fri, 01 Nov 2013 20:49:02 GMT
    <base href="">
            <link rel="stylesheet" href="/confluence/s/en/2176/1/15/_/styles/combined.css?spaceKey=CXF&amp;forWysiwyg=true"
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="">Migration
Guide 1.1</a></h2>
    <h4>Page <b>edited</b> by             <a href="">Oliver
                         <h4>Changes (1)</h4>
<div id="page-diffs">
                    <table class="diff" cellpadding="0" cellspacing="0">
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >    &lt;issuer certificateValidation=&quot;PeerTrust&quot;
/&gt; <br>{code} <br></td></tr>
            <tr><td class="diff-deleted-lines" style="color:#999;background-color:#fdd;text-decoration:line-through;">
<br>* Sample Keystore {{tomcat-rp.jks}} includes Realm A and Realm B signer certificate
    </div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
        <h3><a name="MigrationGuide1.1-NewFeatures"></a>New Features</h3>
<p><b>Fediz IDP</b></p>
	<li>Core relies on Spring Web Flow and Spring Security</li>
	<li>supports publishing WS-Federation Metadata document</li>
	<li>can act as Resource IDP</li>
	<li>supports Home Realm Discovery Service</li>
	<li>Form based Login support</li>
	<li>SAML Holder-Of-Key support</li>
	<li>Encrypted token support</li>

<p><b>Fediz Plugins</b></p>
	<li>Support for Jetty 7 and 8</li>
	<li>Support for IBM Websphere 7 and 8</li>
	<li>Support for Spring Security 3.1 and 2.0</li>
	<li>Support for CXF JAX-WS</li>
	<li>Support for PEM format signer certificate</li>
	<li>SAML Holder-Of-Key support</li>
	<li>Encrypted token support</li>
	<li>Extension points to customize SignIn request</li>

<h3><a name="MigrationGuide1.1-MajorChanges"></a>Major Changes</h3>
	<li>Configuration file for Relying Parties in the IDP moved from <tt>RPClaims.xml</tt>
to <tt>idp-config-realma.xml</tt></li>
	<li>IDP Federation URL changed to <tt>https://&lt;hostname&gt;:&lt;port&gt;/fediz-idp/federation</tt></li>
	<li>IDP supports two realms A and B out-of-the-box which impacts the certificates used.
The stsstore.jks has been replaced by stsrealm_a.jks and stsrealm_b.jks</li>
	<li>Relying Parties use the ststrust.jks which only contains the public key of the
two signer certificates and the 1.0 signer certificate for backwards compatibility (Fediz
1.1. RP and Fediz 1.0 IDP)</li>

<h3><a name="MigrationGuide1.1-APIChanges"></a>API Changes</h3>

<h3><a name="MigrationGuide1.1-DeprecatedAPI"></a>Deprecated API</h3>

<h3><a name="MigrationGuide1.1-Examples"></a>Examples</h3>
	<li>Signer certificate changed to support more than one realm. All examples trust the
Realm A by default whereas Realm B is used for authentication only.<br/>
 Configure the following issuer in <tt>&lt;trustedIssuers&gt;</tt> in
the fediz configuration file:</li>

<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Default; brush: java; gutter: false" style="font-size:12px; font-family:
    &lt;issuer certificateValidation="PeerTrust" /&gt;
        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;" class="grey">
                        <a href="">Stop
watching space</a>
            <span style="padding: 0px 5px;">|</span>
                <a href="">Change
email notification preferences</a>
        <a href="">View
        <a href="">View

View raw message