cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r991197 - in /websites/production/cxf/content: cache/main.pageCache fediz-oidc.html fediz.html
Date Wed, 22 Jun 2016 14:48:12 GMT
Author: buildbot
Date: Wed Jun 22 14:48:12 2016
New Revision: 991197

Log:
Production update by buildbot for cxf

Added:
    websites/production/cxf/content/fediz-oidc.html
Modified:
    websites/production/cxf/content/cache/main.pageCache
    websites/production/cxf/content/fediz.html

Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Added: websites/production/cxf/content/fediz-oidc.html
==============================================================================
--- websites/production/cxf/content/fediz-oidc.html (added)
+++ websites/production/cxf/content/fediz-oidc.html Wed Jun 22 14:48:12 2016
@@ -0,0 +1,149 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<html>
+  <head>
+
+<link type="text/css" rel="stylesheet" href="/resources/site.css">
+<script src='/resources/space.js'></script>
+
+<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+<meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture,
web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support,
integration standards, application integration, middleware, software, solutions, services,
CXF, open source">
+<meta name="description" content="Apache CXF, Services Framework - Fediz OIDC">
+
+
+
+
+    <title>
+Apache CXF -- Fediz OIDC
+    </title>
+  </head>
+<body onload="init()">
+
+
+<table width="100%" cellpadding="0" cellspacing="0">
+  <tr>
+    <td id="cell-0-0" colspan="2">&nbsp;</td>
+    <td id="cell-0-1">&nbsp;</td>
+    <td id="cell-0-2" colspan="2">&nbsp;</td>
+  </tr>
+  <tr>
+    <td id="cell-1-0">&nbsp;</td>
+    <td id="cell-1-1">&nbsp;</td>
+    <td id="cell-1-2">
+      <!-- Banner -->
+<div class="banner" id="banner"><div><table border="0" cellpadding="0" cellspacing="0"
width="100%"><tr><td align="left" colspan="1" nowrap>
+<a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight:
bold; font-size: 170%; color: white">Apache CXF</span></a>
+</td><td align="right" colspan="1" nowrap>
+<a shape="rect" href="http://www.apache.org/" title="The Apache Software Foundation"><img
border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
+</td></tr></table></div></div>
+      <!-- Banner -->
+      <div id="top-menu">
+        <table border="0" cellpadding="1" cellspacing="0" width="100%">
+          <tr>
+            <td>
+              <div align="left">
+                <!-- Breadcrumbs -->
+<a href="index.html">Index</a>&nbsp;&gt;&nbsp;<a href="fediz.html">Fediz</a>&nbsp;&gt;&nbsp;<a
href="fediz-oidc.html">Fediz OIDC</a>
+                <!-- Breadcrumbs -->
+              </div>
+            </td>
+            <td>
+              <div align="right">
+                <!-- Quicklinks -->
+<div id="quicklinks"><p><a shape="rect" href="download.html">Download</a>
| <a shape="rect" href="http://cxf.apache.org/docs/index.html">Documentation</a></p></div>
+                <!-- Quicklinks -->
+              </div>
+            </td>
+          </tr>
+        </table>
+      </div>
+    </td>
+    <td id="cell-1-3">&nbsp;</td>
+    <td id="cell-1-4">&nbsp;</td>
+  </tr>
+  <tr>
+    <td id="cell-2-0" colspan="2">&nbsp;</td>
+    <td id="cell-2-1">
+      <table>
+        <tr valign="top">
+          <td height="100%">
+            <div id="wrapper-menu-page-right">
+              <div id="wrapper-menu-page-top">
+                <div id="wrapper-menu-page-bottom">
+                  <div id="menu-page">
+                    <!-- NavigationBar -->
+<div id="navigation"><h3 id="Navigation-ApacheCXF"><a shape="rect" href="index.html">Apache
CXF</a></h3><ul class="alternate"><li><a shape="rect" href="index.html">Home</a></li><li><a
shape="rect" href="download.html">Download</a></li><li><a shape="rect"
href="people.html">People</a></li><li><a shape="rect" href="project-status.html">Project
Status</a></li><li><a shape="rect" href="roadmap.html">Roadmap</a></li><li><a
shape="rect" href="mailing-lists.html">Mailing Lists</a></li><li><a
shape="rect" class="external-link" href="http://issues.apache.org/jira/browse/CXF">Issue
Reporting</a></li><li><a shape="rect" href="special-thanks.html">Special
Thanks</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/licenses/">License</a></li><li><a
shape="rect" href="security-advisories.html">Security Advisories</a></li></ul><h3
id="Navigation-Users">Users</h3><ul class="alternate"><li><a shape="rect"
href="http://cxf.apache.org/docs/index.html">User's Guide</a></li><li>
 <a shape="rect" href="support.html">Support</a></li><li><a shape="rect"
href="faq.html">FAQ</a></li><li><a shape="rect" href="resources-and-articles.html">Resources
and Articles</a></li></ul><h3 id="Navigation-Search">Search</h3><form
enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse"><div>
<input type="hidden" name="cx" value="002890367768291051730:o99qiwa09y4"> <input
type="hidden" name="ie" value="UTF-8"> <input type="text" name="q" size="21"> <input
type="submit" name="sa" value="Search"> </div> </form> <script type="text/javascript"
src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en"></script>
<h3 id="Navigation-Developers">Developers</h3><ul class="alternate"><li><a
shape="rect" href="http://cxf.apache.org/docs/cxf-architecture.html">Architecture Guide</a></li><li><a
shape="rect" href="source-repository.html">Source Repository</a></li><li><a
shape="rect" href="building.html">Building</a></li><li><a 
 shape="rect" href="automated-builds.html">Automated Builds</a></li><li><a
shape="rect" href="testing-debugging.html">Testing-Debugging</a></li><li><a
shape="rect" href="coding-guidelines.html">Coding Guidelines</a></li><li><a
shape="rect" href="getting-involved.html">Getting Involved</a></li><li><a
shape="rect" href="release-management.html">Release Management</a></li></ul><h3
id="Navigation-Subprojects">Subprojects</h3><ul class="alternate"><li><a
shape="rect" href="distributed-osgi.html">Distributed OSGi</a></li><li><a
shape="rect" href="xjc-utils.html">XJC Utils</a></li><li><a shape="rect"
href="build-utils.html">Build Utils</a></li><li><a shape="rect" href="fediz.html">Fediz</a></li></ul><h3
id="Navigation-ASF"><a shape="rect" class="external-link" href="http://www.apache.org">ASF</a></h3><ul
class="alternate"><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/how-it-works.html">How
Apache Works</a></li><li><a shape="rect" class="external-link" href
 ="http://www.apache.org/foundation/">Foundation</a></li><li><a shape="rect"
class="external-link" href="http://www.apache.org/foundation/sponsorship.html">Sponsor
Apache</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/thanks.html">Thanks</a></li><li><a
shape="rect" class="external-link" href="http://www.apache.org/security/">Security</a></li></ul></div>
+                    <!-- NavigationBar -->
+                  </div>
+              </div>
+            </div>
+          </div>
+         </td>
+         <td height="100%">
+           <!-- Content -->
+           <div class="wiki-content">
+<div id="ConfluenceContent"></div>
+           </div>
+           <!-- Content -->
+         </td>
+        </tr>
+      </table>
+   </td>
+   <td id="cell-2-2" colspan="2">&nbsp;</td>
+  </tr>
+  <tr>
+   <td id="cell-3-0">&nbsp;</td>
+   <td id="cell-3-1">&nbsp;</td>
+   <td id="cell-3-2">
+     <div id="footer">
+       <!-- Footer -->
+       <div id="site-footer">
+         <a href="http://cxf.apache.org/privacy-policy.html">Privacy Policy</a>
- 
+         (<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=65143648">edit
page</a>) 
+	 (<a href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=65143648&amp;showComments=true&amp;showCommentArea=true#addcomment">add
comment</a>)<br>
+	Apache CXF, CXF, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
+        All other marks mentioned may be trademarks or registered trademarks of their respective
owners.
+       </div>
+       <!-- Footer -->
+     </div>
+   </td>
+   <td id="cell-3-3">&nbsp;</td>
+   <td id="cell-3-4">&nbsp;</td>
+  </tr>
+  <tr>
+    <td id="cell-4-0" colspan="2">&nbsp;</td>
+    <td id="cell-4-1">&nbsp;</td>
+    <td id="cell-4-2" colspan="2">&nbsp;</td>
+  </tr>
+</table>
+
+<script type="text/javascript">
+var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
+document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
+</script>
+<script type="text/javascript">
+try {
+var pageTracker = _gat._getTracker("UA-4458903-1");
+pageTracker._trackPageview();
+} catch(err) {}</script>
+
+</body>
+</html>
+

Modified: websites/production/cxf/content/fediz.html
==============================================================================
--- websites/production/cxf/content/fediz.html (original)
+++ websites/production/cxf/content/fediz.html Wed Jun 22 14:48:12 2016
@@ -99,7 +99,7 @@ Apache CXF -- Fediz
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="Fediz-ApacheCXFFediz:AnOpen-SourceWebSecurityFramework">Apache
CXF Fediz: An Open-Source Web Security Framework</h1><h2 id="Fediz-Overview">Overview</h2><p>Apache
CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates
security enforcement to the underlying application server. With Fediz, authentication is externalized
from your web application to an identity provider installed as a dedicated server component.
The supported standard is <a shape="rect" class="external-link" href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002"
rel="nofollow">WS-Federation Passive Requestor Profile</a>. Fediz supports <a
shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Claims-based_identity"
rel="nofollow">Claims Based Access Control</a> beyond Role Based Access Control (RBAC).</p><h2
id="Fediz-News">News</h2><p><strong><strong>March 30, 2016 - Apache
CXF F
 ediz 1.3.0 released<br clear="none"></strong></strong></p><p>Apache
CXF Fediz 1.3.0 has been released. It contains an update to use CXF 3.1.6, a new OpenId Connect
based IdP, support for bridging between the WS-Federation and OpenId Connect protocols, and
support for SAML SSO in the Fediz IdP.</p><p>For more information and to download
the new releases, please go <a shape="rect" href="fediz-downloads.html">here</a>.</p><p><strong><strong>February
16, 2016 - Apache CXF Fediz 1.2.2 released<br clear="none"></strong></strong></p><p>Apache
CXF Fediz 1.2.2 has been released. It contains an update to use CXF 3.0.8, some updates to
the Websphere plugin, a fix for some issues relating to caching SAML tokens, and various other
bug fixes.</p><p>For more information and to download the new releases, please
go <a shape="rect" href="fediz-downloads.html">here</a>.</p><p><strong>August
28, 2015 - A new security advisory for Apache CXF Fediz is released</strong></p><p>A
security issue was fixed in
  the latest Fediz releases (1.2.1 + 1.1.3):</p><ul><li><a shape="rect"
href="http://cxf.apache.org/security-advisories.data/CVE-2015-5175.txt.asc?version=1&amp;modificationDate=1440598018000&amp;api=v2">CVE-2015-5175</a>:
Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks</li></ul><p>Please
upgrade to the latest releases as soon as possible.</p><h2 id="Fediz-Features">Features</h2><p>The
following features are supported by Fediz 1.2</p><ul><li>WS-Federation 1.0/1.1/1.2</li><li>SAML
1.1/2.0 Tokens</li><li>Support for encrypted SAML Tokens (Release 1.1)</li><li>Support
for Holder-Of-Key SubjectConfirmationMethod (1.1)</li><li>Custom token Support</li><li>Publish
WS-Federation Metadata document</li><li>Role information encoded as AttributeStatement
in SAML 1.1/2.0 tokens</li><li>Claims information provided by FederationPrincipal
Interface</li><li>Support for Tomcat, Jetty, Websphere, Spring Security and CXF
(1.1)</li><li>Fediz IDP supports "Resource 
 IDP" role as well (1.1)</li><li>A new REST API for the IdP (1.2)</li><li>Support
for logout in both the RP and IdP (1.2)</li><li>Support for logging on to the
IdP via Kerberos and TLS client authentication (1.2)</li><li>A new container-independent
CXF plugin for WS-Federation (1.2)</li><li>Support to use the IdP as an identity
broker with a remote SAML SSO IdP (1.2)</li></ul><p>The following features
are planned for the next release:</p><ul><li>support for other protocols
like OAuth</li></ul><p>You can get the current status of the enhancements
<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/FEDIZ">here
</a>.</p><h2 id="Fediz-Architecture">Architecture</h2><p>The
Fediz architecture is described in more detail <a shape="rect" href="fediz-architecture.html">here</a>.</p><h2
id="Fediz-Download">Download</h2><p>See <a shape="rect" href="fediz-downloads.html">here</a>.</p><h2
id="Fediz-Gettingstarted">Getting started</h2><p>The WS-Federation specificatio
 n defines the following parties involved during a web login:</p><ul><li>Browser</li><li>Identity
Provider (IDP)<br clear="none"> The IDP is a centralized, application independent runtime
component which implements the protocol defined by WS-Federation. You can use any open source
or commercial product that supports WS-Federation 1.1/1.2 as your IDP. It's recommended to
use the Fediz IDP for testing as it allows for testing your web application in a sandbox without
having all infrastructure components available. The Fediz IDP consists of two WAR components.
The Security Token Service (STS) does most of the work including user authentication, claims/role
data retrieval and creating the SAML token. The IDP WAR translates the response to an HTML
response allowing a browser to process it.</li><li>Relying Party (RP)<br clear="none">
The RP is a web application that needs to be protected. The RP must be able to implement the
protocol as defined by WS-Federation. This component is called "F
 ediz Plugin" in this project which consists of container agnostic module/jar and a container
specific jar. When an authenticated request is detected by the plugin it redirects to the
IDP for authentication. The browser sends the response from the IDP to the RP after successful
authentication. The RP validates the response and creates the container security context.</li></ul><p>It's
recommended to deploy the IDP and the web application (RP) into different container instances
as in a production deployment. The container with the IDP can be used during development and
testing for multiple web applications needing security.</p><h3 id="Fediz-SettinguptheIDP">Setting
up the IDP</h3><p>The installation and configuration of the IDP is documented
<a shape="rect" href="fediz-idp-11.html">here</a></p><h3 id="Fediz-SetuptheRelyingPartyContainer">Set
up the Relying Party Container</h3><p>The Fediz plugin needs to be deployed into
the Relying Party (RP) container. The security mechanism is not sp
 ecified by JEE. Even though it is very similar in each servlet container there are some differences
which require a dedicated Fediz plugin for each servlet container implementation. Most of
the configuration goes into a Servlet container independent configuration file which is described
<a shape="rect" href="fediz-configuration.html">here</a></p><p>The
following lists shows the supported containers and the location of the installation and configuration
page.</p><ul><li><a shape="rect" href="fediz-tomcat.html">Tomcat 7
</a></li><li><a shape="rect" href="fediz-jetty.html">Jetty 7/8 (1.1)</a></li><li><a
shape="rect" href="fediz-spring.html">Spring Security 3.1 (1.1)</a></li><li><a
shape="rect" href="fediz-websphere.html">Websphere 7/8 (1.1)</a></li><li><a
shape="rect" href="fediz-cxf.html">CXF (1.1) </a></li></ul><h2 id="Fediz-Samples">Samples</h2><p>The
examples directory contains two sample relying party applications. They are independent of
each other, so it is not necessary to depl
 oy both at once.</p><p>Each sample is described in a <code>README.txt</code>
file located in the base directory of each sample.</p><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Sample</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>simpleWebapp</strong></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>a simple web application which is
protected by the Fediz IDP. The FederationServlet illustrates how to get security information
using the standard APIs.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><strong>wsclientWebapp</strong></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>a protected web application that
calls a web service that uses the Fediz STS to validate credentials. Here, the same STS is
used for token issuance (indirectly, by the web application through use 
 of the Fediz IDP) and validation. The FederationServlet illustrates how to securely call
a web service.</p></td></tr></tbody></table></div><p><span
class="confluence-anchor-link" id="Fediz-building"></span></p><h2 id="Fediz-Building">Building</h2><p>Check
out the code from here:</p><ul><li>git clone -v <a shape="rect" class="external-link"
href="https://git-wip-us.apache.org/repos/asf/cxf-fediz.git">https://git-wip-us.apache.org/repos/asf/cxf-fediz.git</a></li></ul><p>Then
follow the <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/fediz/trunk/BUILDING.txt?view=markup">BUILDING.txt</a>
file in the Fediz download for full build instructions.</p><h5 id="Fediz-SettingupEclipse:">Setting
up Eclipse:</h5><p>See <a shape="rect" href="http://cxf.apache.org/setting-up-eclipse.html">this
page</a> for information on using the Eclipse IDE with the Fediz source code. This page
is created for CXF but the same commands are applicable for Fediz too.</p></div>
+<div id="ConfluenceContent"><h1 id="Fediz-ApacheCXFFediz:AnOpen-SourceWebSecurityFramework">Apache
CXF Fediz: An Open-Source Web Security Framework</h1><h2 id="Fediz-Overview">Overview</h2><p>Apache
CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates
security enforcement to the underlying application server. With Fediz, authentication is externalized
from your web application to an identity provider installed as a dedicated server component.
The supported standard is <a shape="rect" class="external-link" href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002"
rel="nofollow">WS-Federation Passive Requestor Profile</a>. Fediz supports <a
shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Claims-based_identity"
rel="nofollow">Claims Based Access Control</a> beyond Role Based Access Control (RBAC).</p><h2
id="Fediz-News">News</h2><p><strong><strong>March 30, 2016 - Apache
CXF F
 ediz 1.3.0 released<br clear="none"></strong></strong></p><p>Apache
CXF Fediz 1.3.0 has been released. It contains an update to use CXF 3.1.6, a new OpenId Connect
based IdP (<a shape="rect" href="fediz-oidc.html">Fediz OIDC</a>), support for
bridging between the WS-Federation and OpenId Connect protocols, and support for SAML SSO
in the Fediz IdP.</p><p>For more information and to download the new releases,
please go <a shape="rect" href="fediz-downloads.html">here</a>.</p><p><strong><strong>February
16, 2016 - Apache CXF Fediz 1.2.2 released<br clear="none"></strong></strong></p><p>Apache
CXF Fediz 1.2.2 has been released. It contains an update to use CXF 3.0.8, some updates to
the Websphere plugin, a fix for some issues relating to caching SAML tokens, and various other
bug fixes.</p><p>For more information and to download the new releases, please
go <a shape="rect" href="fediz-downloads.html">here</a>.</p><p><strong>August
28, 2015 - A new security advisory for Apache CXF Fediz 
 is released</strong></p><p>A security issue was fixed in the latest Fediz
releases (1.2.1 + 1.1.3):</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2015-5175.txt.asc?version=1&amp;modificationDate=1440598018000&amp;api=v2">CVE-2015-5175</a>:
Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks</li></ul><p>Please
upgrade to the latest releases as soon as possible.</p><h2 id="Fediz-Features">Features</h2><p>The
following features are supported by Fediz 1.2</p><ul><li>WS-Federation 1.0/1.1/1.2</li><li>SAML
1.1/2.0 Tokens</li><li>Support for encrypted SAML Tokens (Release 1.1)</li><li>Support
for Holder-Of-Key SubjectConfirmationMethod (1.1)</li><li>Custom token Support</li><li>Publish
WS-Federation Metadata document</li><li>Role information encoded as AttributeStatement
in SAML 1.1/2.0 tokens</li><li>Claims information provided by FederationPrincipal
Interface</li><li>Support for Tomcat, Jetty, Websphere, Spring Secu
 rity and CXF (1.1)</li><li>Fediz IDP supports "Resource IDP" role as well (1.1)</li><li>A
new REST API for the IdP (1.2)</li><li>Support for logout in both the RP and IdP
(1.2)</li><li>Support for logging on to the IdP via Kerberos and TLS client authentication
(1.2)</li><li>A new container-independent CXF plugin for WS-Federation (1.2)</li><li>Support
to use the IdP as an identity broker with a remote SAML SSO IdP (1.2)</li></ul><p>The
following features are planned for the next release:</p><ul><li>support
for other protocols like OAuth</li></ul><p>You can get the current status
of the enhancements <a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/FEDIZ">here
</a>.</p><h2 id="Fediz-Architecture">Architecture</h2><p>The
Fediz architecture is described in more detail <a shape="rect" href="fediz-architecture.html">here</a>.</p><h2
id="Fediz-Download">Download</h2><p>See <a shape="rect" href="fediz-downloads.html">here</a>.</p><h2
id="Fediz-Gettingstarte
 d">Getting started</h2><p>The WS-Federation specification defines the following
parties involved during a web login:</p><ul><li>Browser</li><li>Identity
Provider (IDP)<br clear="none"> The IDP is a centralized, application independent runtime
component which implements the protocol defined by WS-Federation. You can use any open source
or commercial product that supports WS-Federation 1.1/1.2 as your IDP. It's recommended to
use the Fediz IDP for testing as it allows for testing your web application in a sandbox without
having all infrastructure components available. The Fediz IDP consists of two WAR components.
The Security Token Service (STS) does most of the work including user authentication, claims/role
data retrieval and creating the SAML token. The IDP WAR translates the response to an HTML
response allowing a browser to process it.</li><li>Relying Party (RP)<br clear="none">
The RP is a web application that needs to be protected. The RP must be able to implement the
protocol 
 as defined by WS-Federation. This component is called "Fediz Plugin" in this project which
consists of container agnostic module/jar and a container specific jar. When an authenticated
request is detected by the plugin it redirects to the IDP for authentication. The browser
sends the response from the IDP to the RP after successful authentication. The RP validates
the response and creates the container security context.</li></ul><p>It's
recommended to deploy the IDP and the web application (RP) into different container instances
as in a production deployment. The container with the IDP can be used during development and
testing for multiple web applications needing security.</p><h3 id="Fediz-SettinguptheIDP">Setting
up the IDP</h3><p>The installation and configuration of the IDP is documented
<a shape="rect" href="fediz-idp-11.html">here</a></p><h3 id="Fediz-SetuptheRelyingPartyContainer">Set
up the Relying Party Container</h3><p>The Fediz plugin needs to be deployed into
the Relyin
 g Party (RP) container. The security mechanism is not specified by JEE. Even though it is
very similar in each servlet container there are some differences which require a dedicated
Fediz plugin for each servlet container implementation. Most of the configuration goes into
a Servlet container independent configuration file which is described <a shape="rect" href="fediz-configuration.html">here</a></p><p>The
following lists shows the supported containers and the location of the installation and configuration
page.</p><ul><li><a shape="rect" href="fediz-tomcat.html">Tomcat 7
</a></li><li><a shape="rect" href="fediz-jetty.html">Jetty 7/8 (1.1)</a></li><li><a
shape="rect" href="fediz-spring.html">Spring Security 3.1 (1.1)</a></li><li><a
shape="rect" href="fediz-websphere.html">Websphere 7/8 (1.1)</a></li><li><a
shape="rect" href="fediz-cxf.html">CXF (1.1) </a></li></ul><h2 id="Fediz-Samples">Samples</h2><p>The
examples directory contains two sample relying party applications. They are i
 ndependent of each other, so it is not necessary to deploy both at once.</p><p>Each
sample is described in a <code>README.txt</code> file located in the base directory
of each sample.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Sample</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>simpleWebapp</strong></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>a simple web application which is
protected by the Fediz IDP. The FederationServlet illustrates how to get security information
using the standard APIs.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><strong>wsclientWebapp</strong></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>a protected web application that
calls a web service that uses the Fediz STS to validate credentials. Here, the same STS is
used for token i
 ssuance (indirectly, by the web application through use of the Fediz IDP) and validation.
The FederationServlet illustrates how to securely call a web service.</p></td></tr></tbody></table></div><p><span
class="confluence-anchor-link" id="Fediz-building"></span></p><h2 id="Fediz-Building">Building</h2><p>Check
out the code from here:</p><ul><li>git clone -v <a shape="rect" class="external-link"
href="https://git-wip-us.apache.org/repos/asf/cxf-fediz.git">https://git-wip-us.apache.org/repos/asf/cxf-fediz.git</a></li></ul><p>Then
follow the <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/fediz/trunk/BUILDING.txt?view=markup">BUILDING.txt</a>
file in the Fediz download for full build instructions.</p><h5 id="Fediz-SettingupEclipse:">Setting
up Eclipse:</h5><p>See <a shape="rect" href="http://cxf.apache.org/setting-up-eclipse.html">this
page</a> for information on using the Eclipse IDE with the Fediz source code. This page
is created for CXF but the same com
 mands are applicable for Fediz too.</p></div>
            </div>
            <!-- Content -->
          </td>



Mime
View raw message