cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r991200 - in /websites/production/cxf/content: cache/docs.pageCache cache/main.pageCache docs/jax-rs-jose.html fediz-oidc.html
Date Wed, 22 Jun 2016 15:47:35 GMT
Author: buildbot
Date: Wed Jun 22 15:47:34 2016
New Revision: 991200

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/cache/main.pageCache
    websites/production/cxf/content/docs/jax-rs-jose.html
    websites/production/cxf/content/fediz-oidc.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs-jose.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Wed Jun 22 15:47:34 2016
@@ -119,11 +119,11 @@ Apache CXF -- JAX-RS JOSE
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><p>&#160;</p><p>&#160;</p><p><style
type="text/css">/*<![CDATA[*/
-div.rbtoc1464342422013 {padding: 0px;}
-div.rbtoc1464342422013 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1464342422013 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1466610419696 {padding: 0px;}
+div.rbtoc1466610419696 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1466610419696 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1464342422013">
+/*]]>*/</style></p><div class="toc-macro rbtoc1466610419696">
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-Introduction">Introduction</a></li><li><a
shape="rect" href="#JAX-RSJOSE-MavenDependencies">Maven Dependencies</a></li><li><a
shape="rect" href="#JAX-RSJOSE-JavaandJCEPolicy">Java and JCE Policy&#160;</a></li><li><a
shape="rect" href="#JAX-RSJOSE-JOSEOverviewandImplementation">JOSE Overview and Implementation</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-JWAAlgorithms">JWA
Algorithms</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWKKeys">JWK
Keys</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSSignature">JWS
Signature</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-SignatureandVerificationProviders">Signature
and Verification Providers</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSCompact">JWS
Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSJSON">JWS
JSON</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithDetachedContent">JWS
with Detached Content</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithUnencodedPayload">JWS
with Unencoded Payload</a></li></ul>
@@ -137,7 +137,7 @@ div.rbtoc1464342422013 li {margin-left:
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-Signature">Signature</a></li><li><a
shape="rect" href="#JAX-RSJOSE-Encryption">Encryption</a></li></ul>
 </li><li><a shape="rect" href="#JAX-RSJOSE-Configurationthatappliestobothencryptionandsignature">Configuration
that applies to both encryption and signature</a></li><li><a shape="rect"
href="#JAX-RSJOSE-Configurationthatappliestosignatureonly">Configuration that applies to
signature only</a></li><li><a shape="rect" href="#JAX-RSJOSE-Configurationthatappliestoencryptiononly">Configuration
that applies to encryption only</a></li><li><a shape="rect" href="#JAX-RSJOSE-ConfigurationthatappliestoJWTtokensonly">Configuration
that applies to JWT tokens only</a></li></ul>
 </li><li><a shape="rect" href="#JAX-RSJOSE-Interoperability">Interoperability</a></li><li><a
shape="rect" href="#JAX-RSJOSE-Third-PartyLibraries">Third-Party Libraries</a></li></ul>
-</div><h1 id="JAX-RSJOSE-Introduction">Introduction</h1><p><a
shape="rect" class="external-link" href="https://datatracker.ietf.org/wg/jose/documents/"
rel="nofollow">JOSE</a>&#160;is a set of high quality specifications that specify
how data payloads can be signed/validated and/or encrypted/decrypted with the cryptographic
properties set in the JSON-formatted metadata (headers). The data to be secured can be in
JSON or other formats (plain text, XML, binary data).</p><p><a shape="rect"
class="external-link" href="https://datatracker.ietf.org/wg/jose/documents/" rel="nofollow">JOSE</a>&#160;is
a key piece of advanced OAuth2 and OpenId Connect applications but can also be successfully
used for securing the regular HTTP web service communications.</p><p>CXF 3.0.x,
3.1.x and 3.2.0 provide a complete implementation of <a shape="rect" class="external-link"
href="https://datatracker.ietf.org/wg/jose/documents/" rel="nofollow">JOSE</a> and
offer a comprehensive utility and filter support f
 or protecting JAX-RS services and clients with the help of <a shape="rect" class="external-link"
href="https://datatracker.ietf.org/wg/jose/documents/" rel="nofollow">JOSE</a>.</p><p>CXF
OAuth2 and OIDC modules are also depending on it.</p><h1 id="JAX-RSJOSE-MavenDependencies">Maven
Dependencies</h1><p>&#160;</p><p>Having the following dependency
will let developers write JOSE JWS or JWE code:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+</div><h1 id="JAX-RSJOSE-Introduction">Introduction</h1><p><a
shape="rect" class="external-link" href="https://datatracker.ietf.org/wg/jose/documents/"
rel="nofollow">JOSE</a>&#160;is a set of high quality specifications that specify
how data payloads can be signed/validated and/or encrypted/decrypted with the cryptographic
properties set in the JSON-formatted metadata (headers). The data to be secured can be in
JSON or other formats (plain text, XML, binary data).</p><p><a shape="rect"
class="external-link" href="https://datatracker.ietf.org/wg/jose/documents/" rel="nofollow">JOSE</a>&#160;is
a key piece of advanced OAuth2 and OpenId Connect applications but can also be successfully
used for securing the regular HTTP web service communications.</p><p>CXF 3.0.x,
3.1.x and 3.2.0 provide a complete implementation of <a shape="rect" class="external-link"
href="https://datatracker.ietf.org/wg/jose/documents/" rel="nofollow">JOSE</a> and
offer a comprehensive utility and filter support f
 or protecting JAX-RS services and clients with the help of <a shape="rect" class="external-link"
href="https://datatracker.ietf.org/wg/jose/documents/" rel="nofollow">JOSE</a>.</p><p>CXF
<a shape="rect" href="http://cxf.apache.org/docs/jax-rs-oauth2.html">OAuth2</a>
and <a shape="rect" href="http://cxf.apache.org/docs/jax-rs-oidc.html">OIDC</a>
modules are also depending on it.</p><h1 id="JAX-RSJOSE-MavenDependencies">Maven
Dependencies</h1><p>&#160;</p><p>Having the following dependency
will let developers write JOSE JWS or JWE code:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">&lt;dependency&gt;
   &lt;groupId&gt;org.apache.cxf&lt;/groupId&gt;
   &lt;artifactId&gt;cxf-rt-rs-security-jose&lt;/artifactId&gt;

Modified: websites/production/cxf/content/fediz-oidc.html
==============================================================================
--- websites/production/cxf/content/fediz-oidc.html (original)
+++ websites/production/cxf/content/fediz-oidc.html Wed Jun 22 15:47:34 2016
@@ -99,7 +99,16 @@ Apache CXF -- Fediz OIDC
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
-<div id="ConfluenceContent"></div>
+<div id="ConfluenceContent"><p>&#160;</p><p><style type="text/css">/*<![CDATA[*/
+div.rbtoc1466610419679 {padding: 0px;}
+div.rbtoc1466610419679 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1466610419679 li {margin-left: 0px;padding-left: 0px;}
+
+/*]]>*/</style></p><div class="toc-macro rbtoc1466610419679">
+<ul class="toc-indentation"><li><a shape="rect" href="#FedizOIDC-Introduction">Introduction</a></li><li><a
shape="rect" href="#FedizOIDC-UserAuthentication">User Authentication</a>
+<ul class="toc-indentation"><li><a shape="rect" href="#FedizOIDC-TrustedProviders">Trusted
Providers</a></li></ul>
+</li><li><a shape="rect" href="#FedizOIDC-DataPersistence">Data Persistence</a></li><li><a
shape="rect" href="#FedizOIDC-ClientRegistration">Client Registration</a></li><li><a
shape="rect" href="#FedizOIDC-OIDCServices">OIDC Services</a></li><li><a
shape="rect" href="#FedizOIDC-Deployment">Deployment</a></li></ul>
+</div><h1 id="FedizOIDC-Introduction">Introduction</h1><p><a shape="rect"
class="external-link" href="http://openid.net/connect/" rel="nofollow">OpenId Connect</a>
(OIDC) is an identity layer built on top of the OAuth2 protocol.</p><p>When a
user authentication is required the client application initiates one of <a shape="rect"
class="external-link" href="http://openid.net/specs/openid-connect-core-1_0.html" rel="nofollow">OIDC
Core</a> flows and redirects this user to OIDC provider. The user gets redirected back
to the client after the authentication, with the client application receiving <a shape="rect"
class="external-link" href="http://openid.net/specs/openid-connect-core-1_0.html#IDToken"
rel="nofollow">IdToken</a>. If <a shape="rect" class="external-link" href="http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth"
rel="nofollow">Authorization Code Flow</a> is used then IdToken is returned as part
of the follow up <a shape="rect" class="external-link" href="http://
 openid.net/specs/openid-connect-core-1_0.html#TokenResponse" rel="nofollow">code to access
token exchange</a>, and if <a shape="rect" class="external-link" href="http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth"
rel="nofollow">Implicit Flow</a> is used then IdToken is returned <a shape="rect"
class="external-link" href="http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthResponse"
rel="nofollow">immediately</a>.&#160; It is very much like OAuth2 except that
an extra IdToken parameter is returned.</p><p><a shape="rect" class="external-link"
href="https://github.com/apache/cxf-fediz/tree/master/services/oidc" rel="nofollow">Fediz
OIDC</a> provides an implementation of <a shape="rect" class="external-link" href="http://openid.net/specs/openid-connect-core-1_0.html"
rel="nofollow">OIDC Core</a> by integrating <a shape="rect" href="http://cxf.apache.org/docs/jax-rs-oidc.html">CXF
OIDC IDP</a> with Fediz Authentication System. It is available starting fro
 m Fediz 1.3.0.</p><p>This project is a work in progress. &#160;</p><h1
id="FedizOIDC-UserAuthentication">User Authentication</h1><p><a shape="rect"
class="external-link" href="https://github.com/apache/cxf-fediz/tree/master/services/oidc"
rel="nofollow">Fediz OIDC</a> is currently implemented as a Fediz WS-Federation RP
web application. When Fediz OIDC is accessed by a user, Fediz WS-Fed Authenticator will redirect
a user to Fediz WS-Fed IDP to complete the authentication process. The fact WS-Fed is used
during this process is transparent to the user. Note&#160;<a shape="rect" class="external-link"
href="https://github.com/apache/cxf-fediz/tree/master/services/oidc" rel="nofollow">Fediz
OIDC</a> itself is completely agnostic to the way the authentication is done - all it
needs is for Fediz to provide it an authenticated principal for it to support its OIDC flows.</p><p>Future
major releases of Fediz will optimize and improve this process by bringing&#160; <a
shape="rect" class="exte
 rnal-link" href="https://github.com/apache/cxf-fediz/tree/master/services/oidc" rel="nofollow">Fediz
OIDC</a> much closer to the core Fediz Authentication System thus avoiding an internal
WS-Fed flow completely.</p><h2 id="FedizOIDC-TrustedProviders">Trusted Providers</h2><p>Fediz
provides a comprehensive support for delegating the user authentication to trusted providers.
Such providers can support SAML, WS-Fed or OpenId Connect protocols. Thus <a shape="rect"
class="external-link" href="https://github.com/apache/cxf-fediz/tree/master/services/oidc"
rel="nofollow">Fediz OIDC</a> users can be authenticated locally or redirected further
to registered authentication providers. This is achieved by assigning <strong>home realms
</strong>to <a shape="rect" class="external-link" href="https://github.com/apache/cxf-fediz/tree/master/services/oidc"
rel="nofollow">Fediz OIDC</a> client registrations.&#160;</p><h1 id="FedizOIDC-DataPersistence">Data
Persistence</h1><h1 id="FedizOIDC-ClientReg
 istration">Client Registration</h1><h1 id="FedizOIDC-OIDCServices">OIDC Services</h1><h1
id="FedizOIDC-Deployment">Deployment</h1><p>Drop fediz-oidc.war into a Tomcat
container hosting the core Fediz IDP service.&#160;</p><p>&#160;</p><p>&#160;</p><p>&#160;</p></div>
            </div>
            <!-- Content -->
          </td>



Mime
View raw message