cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r1011316 - in /websites/production/cxf/content: cache/main.pageCache fediz-downloads.html fediz.html
Date Fri, 28 Apr 2017 16:47:38 GMT
Author: buildbot
Date: Fri Apr 28 16:47:38 2017
New Revision: 1011316

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/main.pageCache
    websites/production/cxf/content/fediz-downloads.html
    websites/production/cxf/content/fediz.html

Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/fediz-downloads.html
==============================================================================
--- websites/production/cxf/content/fediz-downloads.html (original)
+++ websites/production/cxf/content/fediz-downloads.html Fri Apr 28 16:47:38 2017
@@ -108,7 +108,7 @@ Apache CXF -- Fediz Downloads
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="FedizDownloads-Releases">Releases</h1><h2
id="FedizDownloads-1.3.2">1.3.2</h2><p>The 1.3.2 release is our latest release.
For more information please see the <a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/FEDIZ/fixforversion/12338091">release
notes</a>.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>MD5</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>SHA1</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>PGP</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="http://www.apache.org/dyn/closer.lua?path=/cxf/fediz/1.3.2/fediz-1.3.2-source-release.zi
 p">fediz-1.3.2-source-release.zip</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" class="external-link" href="https://www.apache.org/dist/cxf/fediz/1.3.2/fediz-1.3.2-source-release.zip.md5">fediz-1.3.2-source-release.zip.md5</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/fediz/1.3.2/fediz-1.3.2-source-release.zip.sha1">fediz-1.3.2-source-release.zip.sha1</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/fediz/1.3.2/fediz-1.3.2-source-release.zip.asc">fediz-1.3.2-source-release.zip.asc</a></p></td></tr></tbody></table></div><h2
id="FedizDownloads-1.2.4">1.2.4</h2><p>The 1.2.4 release is our latest release
of the 1.2.x branch. For more information please see the <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/FEDIZ/fixforversion/12338219">r
 elease notes</a>.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>MD5</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>SHA1</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>PGP</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>Binary distribution</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="http://www.apache.org/dyn/closer.lua?path=/cxf/fediz/1.2.4/apache-fediz-1.2.4.zip">apache-fediz-1.2.4.zip</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/fediz/1.2.4/apache-fediz-1.2.4.zip.md5">apache-fediz-1.2.4.zip.md5</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" cl
 ass="external-link" href="https://www.apache.org/dist/cxf/fediz/1.2.4/apache-fediz-1.2.4.zip.sha1">apache-fediz-1.2.4.zip.sha1</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/fediz/1.2.4/apache-fediz-1.2.4.zip.asc">apache-fediz-1.2.4.zip.asc</a></p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="http://www.apache.org/dyn/closer.lua?path=/cxf/fediz/1.2.4/fediz-1.2.4-source-release.zip">fediz-1.2.4-source-release.zip</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/fediz/1.2.4/fediz-1.2.4-source-release.zip.md5">fediz-1.2.4-source-release.zip.md5</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.a
 pache.org/dist/cxf/fediz/1.2.4/fediz-1.2.4-source-release.zip.sha1">fediz-1.2.4-source-release.zip.sha1</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/fediz/1.2.4/fediz-1.2.4-source-release.zip.asc">fediz-1.2.4-source-release.zip.asc</a></p></td></tr></tbody></table></div><h2
id="FedizDownloads-VerifyingReleases">Verifying Releases</h2><p>When downloading
from a mirror please check the SHA1/MD5 checksums as well as verifying the OpenPGP compatible
signature available from the main Apache site. The <a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/KEYS">KEYS</a> file contains the public keys
used for signing the release. It is recommended that a web of trust is used to confirm the
identity of these keys.</p><p>You can check the OpenPGP signature with GnuPG via:</p><p>&#160;</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
  pdl">
+<div id="ConfluenceContent"><h1 id="FedizDownloads-Releases">Releases</h1><h2
id="FedizDownloads-1.4.0">1.4.0</h2><p>The 1.4.0 release is our latest release.
For more information please see the <a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/FEDIZ/fixforversion/12338680">release
notes</a>.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>MD5</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>SHA1</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>PGP</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="http://www.apache.org/dyn/closer.lua?path=/cxf/fediz/1.4.0/fediz-1.4.0-source-release.zi
 p">fediz-1.4.0-source-release.zip</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" class="external-link" href="https://www.apache.org/dist/cxf/fediz/1.4.0/fediz-1.4.0-source-release.zip.md5">fediz-1.4.0-source-release.zip.md5</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/fediz/1.4.0/fediz-1.4.0-source-release.zip.sha1">fediz-1.4.0-source-release.zip.sha1</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/fediz/1.4.0/fediz-1.4.0-source-release.zip.asc">fediz-1.4.0-source-release.zip.asc</a></p></td></tr></tbody></table></div><h2
id="FedizDownloads-1.3.2">1.3.2</h2><p>The 1.3.2 release is our latest release
of the 1.3.x branch. For more information please see the <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/FEDIZ/fixforversion/12338091">r
 elease notes</a>.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>MD5</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>SHA1</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>PGP</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="http://www.apache.org/dyn/closer.lua?path=/cxf/fediz/1.3.2/fediz-1.3.2-source-release.zip">fediz-1.3.2-source-release.zip</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/fediz/1.3.2/fediz-1.3.2-source-release.zip.md5">fediz-1.3.2-source-release.zip.md5</a></p></td><td
colspan="1" rowspan="1" class="con
 fluenceTd"><p><a shape="rect" class="external-link" href="https://www.apache.org/dist/cxf/fediz/1.3.2/fediz-1.3.2-source-release.zip.sha1">fediz-1.3.2-source-release.zip.sha1</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/fediz/1.3.2/fediz-1.3.2-source-release.zip.asc">fediz-1.3.2-source-release.zip.asc</a></p></td></tr></tbody></table></div><h2
id="FedizDownloads-1.2.4">1.2.4</h2><p>The 1.2.4 release is our latest release
of the 1.2.x branch. For more information please see the <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/FEDIZ/fixforversion/12338219">release notes</a>.</p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>File</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>MD5</p></th><th colspan="1" row
 span="1" class="confluenceTh"><p>SHA1</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>PGP</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>Binary distribution</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="http://www.apache.org/dyn/closer.lua?path=/cxf/fediz/1.2.4/apache-fediz-1.2.4.zip">apache-fediz-1.2.4.zip</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/fediz/1.2.4/apache-fediz-1.2.4.zip.md5">apache-fediz-1.2.4.zip.md5</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/fediz/1.2.4/apache-fediz-1.2.4.zip.sha1">apache-fediz-1.2.4.zip.sha1</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/fediz/1.2.4/apache-fediz-1.2.4.zip.asc">
 apache-fediz-1.2.4.zip.asc</a></p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="http://www.apache.org/dyn/closer.lua?path=/cxf/fediz/1.2.4/fediz-1.2.4-source-release.zip">fediz-1.2.4-source-release.zip</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/fediz/1.2.4/fediz-1.2.4-source-release.zip.md5">fediz-1.2.4-source-release.zip.md5</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/fediz/1.2.4/fediz-1.2.4-source-release.zip.sha1">fediz-1.2.4-source-release.zip.sha1</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/fediz/1.2.4/fediz-1.2.4-source-release.zip.asc">fediz-1.2.4-sou
 rce-release.zip.asc</a></p></td></tr></tbody></table></div><h2
id="FedizDownloads-VerifyingReleases">Verifying Releases</h2><p>When downloading
from a mirror please check the SHA1/MD5 checksums as well as verifying the OpenPGP compatible
signature available from the main Apache site. The <a shape="rect" class="external-link"
href="https://www.apache.org/dist/cxf/KEYS">KEYS</a> file contains the public keys
used for signing the release. It is recommended that a web of trust is used to confirm the
identity of these keys.</p><p>You can check the OpenPGP signature with GnuPG via:</p><p>&#160;</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">gpg
--import KEYS
 gpg --verify apache-fediz-*.zip.asc
 </pre>

Modified: websites/production/cxf/content/fediz.html
==============================================================================
--- websites/production/cxf/content/fediz.html (original)
+++ websites/production/cxf/content/fediz.html Fri Apr 28 16:47:38 2017
@@ -99,7 +99,7 @@ Apache CXF -- Fediz
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="Fediz-ApacheCXFFediz:AnOpen-SourceWebSecurityFramework">Apache
CXF Fediz: An Open-Source Web Security Framework</h1><h2 id="Fediz-Overview">Overview</h2><p>Apache
CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates
security enforcement to the underlying application server. With Fediz, authentication is externalized
from your web application to an identity provider installed as a dedicated server component.
The supported standard is <a shape="rect" class="external-link" href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002"
rel="nofollow">WS-Federation Passive Requestor Profile</a>. Fediz supports <a
shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Claims-based_identity"
rel="nofollow">Claims Based Access Control</a> beyond Role Based Access Control (RBAC).</p><h2
id="Fediz-News">News</h2><p><strong><strong>April 25, 2017 - Apache
CXF F
 ediz 1.3.2 and 1.2.4 released<br clear="none"></strong></strong></p><p>Apache
CXF Fediz 1.3.2 and 1.2.4 have been released.</p><p>For more information and to
download the new releases, please go <a shape="rect" href="fediz-downloads.html">here</a>.</p><p><strong><strong><strong>September
8, 2016</strong></strong>&#160;- A new security advisory for Apache CXF Fediz
is released</strong></p><p>A security issue was fixed in the latest Fediz
releases (1.3.1 + 1.2.3):</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc?version=1&amp;modificationDate=1473350153000&amp;api=v2">CVE-2016-4464</a>:
Apache CXF Fediz application plugins do not match the SAML AudienceRestriction values against
the list of configured audience URIs</li></ul><p>Please upgrade to the latest
releases as soon as possible.</p><h2 id="Fediz-Features">Features</h2><p>The
following features are supported by Fediz 1.2</p><ul><li>WS-Federation 1.0/1.1/1.2</li><li>SAML
1.1/2.0
  Tokens</li><li>Support for encrypted SAML Tokens (Release 1.1)</li><li>Support
for Holder-Of-Key SubjectConfirmationMethod (1.1)</li><li>Custom token Support</li><li>Publish
WS-Federation Metadata document</li><li>Role information encoded as AttributeStatement
in SAML 1.1/2.0 tokens</li><li>Claims information provided by FederationPrincipal
Interface</li><li>Support for Tomcat, Jetty, Websphere, Spring Security and CXF
(1.1)</li><li>Fediz IDP supports "Resource IDP" role as well (1.1)</li><li>A
new REST API for the IdP (1.2)</li><li>Support for logout in both the RP and IdP
(1.2)</li><li>Support for logging on to the IdP via Kerberos and TLS client authentication
(1.2)</li><li>A new container-independent CXF plugin for WS-Federation (1.2)</li><li>Support
to use the IdP as an identity broker with a remote SAML SSO IdP (1.2)</li></ul><p>The
following features are planned for the next release:</p><ul><li>support
for other protocols like OAuth</li></ul><p>You can get the current status
  of the enhancements <a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/FEDIZ">here
</a>.</p><h2 id="Fediz-Architecture">Architecture</h2><p>The
Fediz architecture is described in more detail <a shape="rect" href="fediz-architecture.html">here</a>.</p><h2
id="Fediz-Download">Download</h2><p>See <a shape="rect" href="fediz-downloads.html">here</a>.</p><h2
id="Fediz-Gettingstarted">Getting started</h2><p>The WS-Federation specification
defines the following parties involved during a web login:</p><ul><li>Browser</li><li>Identity
Provider (IDP)<br clear="none"> The IDP is a centralized, application independent runtime
component which implements the protocol defined by WS-Federation. You can use any open source
or commercial product that supports WS-Federation 1.1/1.2 as your IDP. It's recommended to
use the Fediz IDP for testing as it allows for testing your web application in a sandbox without
having all infrastructure components available. The Fediz IDP
  consists of two WAR components. The Security Token Service (STS) does most of the work including
user authentication, claims/role data retrieval and creating the SAML token. The IDP WAR translates
the response to an HTML response allowing a browser to process it.</li><li>Relying
Party (RP)<br clear="none"> The RP is a web application that needs to be protected.
The RP must be able to implement the protocol as defined by WS-Federation. This component
is called "Fediz Plugin" in this project which consists of container agnostic module/jar and
a container specific jar. When an authenticated request is detected by the plugin it redirects
to the IDP for authentication. The browser sends the response from the IDP to the RP after
successful authentication. The RP validates the response and creates the container security
context.</li></ul><p>It's recommended to deploy the IDP and the web application
(RP) into different container instances as in a production deployment. The container with
t
 he IDP can be used during development and testing for multiple web applications needing security.</p><h3
id="Fediz-SettinguptheIDP">Setting up the IDP</h3><p>The installation and configuration
of the IDP is documented <a shape="rect" href="fediz-idp-11.html">here</a></p><h3
id="Fediz-SetuptheRelyingPartyContainer">Set up the Relying Party Container</h3><p>The
Fediz plugin needs to be deployed into the Relying Party (RP) container. The security mechanism
is not specified by JEE. Even though it is very similar in each servlet container there are
some differences which require a dedicated Fediz plugin for each servlet container implementation.
Most of the configuration goes into a Servlet container independent configuration file which
is described <a shape="rect" href="fediz-configuration.html">here</a></p><p>The
following lists shows the supported containers and the location of the installation and configuration
page.</p><ul><li><a shape="rect" href="fediz-tomcat.html">Tomcat 7
</a></
 li><li><a shape="rect" href="fediz-jetty.html">Jetty 7/8 (1.1)</a></li><li><a
shape="rect" href="fediz-spring.html">Spring Security 3.1 (1.1)</a></li><li><a
shape="rect" href="fediz-websphere.html">Websphere 7/8 (1.1)</a></li><li><a
shape="rect" href="fediz-cxf.html">CXF (1.1) </a></li></ul><h2 id="Fediz-Samples">Samples</h2><p>The
examples directory contains two sample relying party applications. They are independent of
each other, so it is not necessary to deploy both at once.</p><p>Each sample is
described in a <code>README.txt</code> file located in the base directory of each
sample.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Sample</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>simpleWebapp</strong></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>a simple web application which is
protected
  by the Fediz IDP. The FederationServlet illustrates how to get security information using
the standard APIs.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><strong>wsclientWebapp</strong></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>a protected web application that
calls a web service that uses the Fediz STS to validate credentials. Here, the same STS is
used for token issuance (indirectly, by the web application through use of the Fediz IDP)
and validation. The FederationServlet illustrates how to securely call a web service.</p></td></tr></tbody></table></div><p><span
class="confluence-anchor-link" id="Fediz-building"></span></p><h2 id="Fediz-Building">Building</h2><p>Check
out the code from here:</p><ul><li>git clone -v <a shape="rect" class="external-link"
href="https://git-wip-us.apache.org/repos/asf/cxf-fediz.git">https://git-wip-us.apache.org/repos/asf/cxf-fediz.git</a></li></ul><p>Then
follow the <a shape="rect" class="external-link" hre
 f="http://svn.apache.org/viewvc/cxf/fediz/trunk/BUILDING.txt?view=markup">BUILDING.txt</a>
file in the Fediz download for full build instructions.</p><h5 id="Fediz-SettingupEclipse:">Setting
up Eclipse:</h5><p>See <a shape="rect" href="http://cxf.apache.org/setting-up-eclipse.html">this
page</a> for information on using the Eclipse IDE with the Fediz source code. This page
is created for CXF but the same commands are applicable for Fediz too.</p></div>
+<div id="ConfluenceContent"><h1 id="Fediz-ApacheCXFFediz:AnOpen-SourceWebSecurityFramework">Apache
CXF Fediz: An Open-Source Web Security Framework</h1><h2 id="Fediz-Overview">Overview</h2><p>Apache
CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates
security enforcement to the underlying application server. With Fediz, authentication is externalized
from your web application to an identity provider installed as a dedicated server component.
The supported standard is <a shape="rect" class="external-link" href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002"
rel="nofollow">WS-Federation Passive Requestor Profile</a>. Fediz supports <a
shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Claims-based_identity"
rel="nofollow">Claims Based Access Control</a> beyond Role Based Access Control (RBAC).</p><h2
id="Fediz-News">News</h2><p><strong><strong>April 28, 2017 - Apache
CXF F
 ediz 1.4.0, 1.3.2 and 1.2.4 released<br clear="none"></strong></strong></p><p>Apache
CXF Fediz 1.4.0, 1.3.2 and 1.2.4 have been released.</p><p>For more information
and to download the new releases, please go <a shape="rect" href="fediz-downloads.html">here</a>.</p><p><strong><strong><strong>September
8, 2016</strong></strong>&#160;- A new security advisory for Apache CXF Fediz
is released</strong></p><p>A security issue was fixed in the latest Fediz
releases (1.3.1 + 1.2.3):</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc?version=1&amp;modificationDate=1473350153000&amp;api=v2">CVE-2016-4464</a>:
Apache CXF Fediz application plugins do not match the SAML AudienceRestriction values against
the list of configured audience URIs</li></ul><p>Please upgrade to the latest
releases as soon as possible.</p><h2 id="Fediz-Features">Features</h2><p>The
following features are supported by Fediz 1.2</p><ul><li>WS-Federation 1.0/1.1/1.2</li><l
 i>SAML 1.1/2.0 Tokens</li><li>Support for encrypted SAML Tokens (Release 1.1)</li><li>Support
for Holder-Of-Key SubjectConfirmationMethod (1.1)</li><li>Custom token Support</li><li>Publish
WS-Federation Metadata document</li><li>Role information encoded as AttributeStatement
in SAML 1.1/2.0 tokens</li><li>Claims information provided by FederationPrincipal
Interface</li><li>Support for Tomcat, Jetty, Websphere, Spring Security and CXF
(1.1)</li><li>Fediz IDP supports "Resource IDP" role as well (1.1)</li><li>A
new REST API for the IdP (1.2)</li><li>Support for logout in both the RP and IdP
(1.2)</li><li>Support for logging on to the IdP via Kerberos and TLS client authentication
(1.2)</li><li>A new container-independent CXF plugin for WS-Federation (1.2)</li><li>Support
to use the IdP as an identity broker with a remote SAML SSO IdP (1.2)</li></ul><p>The
following features are planned for the next release:</p><ul><li>support
for other protocols like OAuth</li></ul><p>You can get the 
 current status of the enhancements <a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/FEDIZ">here
</a>.</p><h2 id="Fediz-Architecture">Architecture</h2><p>The
Fediz architecture is described in more detail <a shape="rect" href="fediz-architecture.html">here</a>.</p><h2
id="Fediz-Download">Download</h2><p>See <a shape="rect" href="fediz-downloads.html">here</a>.</p><h2
id="Fediz-Gettingstarted">Getting started</h2><p>The WS-Federation specification
defines the following parties involved during a web login:</p><ul><li>Browser</li><li>Identity
Provider (IDP)<br clear="none"> The IDP is a centralized, application independent runtime
component which implements the protocol defined by WS-Federation. You can use any open source
or commercial product that supports WS-Federation 1.1/1.2 as your IDP. It's recommended to
use the Fediz IDP for testing as it allows for testing your web application in a sandbox without
having all infrastructure components available.
  The Fediz IDP consists of two WAR components. The Security Token Service (STS) does most
of the work including user authentication, claims/role data retrieval and creating the SAML
token. The IDP WAR translates the response to an HTML response allowing a browser to process
it.</li><li>Relying Party (RP)<br clear="none"> The RP is a web application
that needs to be protected. The RP must be able to implement the protocol as defined by WS-Federation.
This component is called "Fediz Plugin" in this project which consists of container agnostic
module/jar and a container specific jar. When an authenticated request is detected by the
plugin it redirects to the IDP for authentication. The browser sends the response from the
IDP to the RP after successful authentication. The RP validates the response and creates the
container security context.</li></ul><p>It's recommended to deploy the IDP
and the web application (RP) into different container instances as in a production deployment.
The co
 ntainer with the IDP can be used during development and testing for multiple web applications
needing security.</p><h3 id="Fediz-SettinguptheIDP">Setting up the IDP</h3><p>The
installation and configuration of the IDP is documented <a shape="rect" href="fediz-idp-11.html">here</a></p><h3
id="Fediz-SetuptheRelyingPartyContainer">Set up the Relying Party Container</h3><p>The
Fediz plugin needs to be deployed into the Relying Party (RP) container. The security mechanism
is not specified by JEE. Even though it is very similar in each servlet container there are
some differences which require a dedicated Fediz plugin for each servlet container implementation.
Most of the configuration goes into a Servlet container independent configuration file which
is described <a shape="rect" href="fediz-configuration.html">here</a></p><p>The
following lists shows the supported containers and the location of the installation and configuration
page.</p><ul><li><a shape="rect" href="fediz-tomcat.html">T
 omcat 7 </a></li><li><a shape="rect" href="fediz-jetty.html">Jetty
7/8 (1.1)</a></li><li><a shape="rect" href="fediz-spring.html">Spring
Security 3.1 (1.1)</a></li><li><a shape="rect" href="fediz-websphere.html">Websphere
7/8 (1.1)</a></li><li><a shape="rect" href="fediz-cxf.html">CXF (1.1)
</a></li></ul><h2 id="Fediz-Samples">Samples</h2><p>The
examples directory contains two sample relying party applications. They are independent of
each other, so it is not necessary to deploy both at once.</p><p>Each sample is
described in a <code>README.txt</code> file located in the base directory of each
sample.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Sample</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>simpleWebapp</strong></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>a simple web application whic
 h is protected by the Fediz IDP. The FederationServlet illustrates how to get security information
using the standard APIs.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><strong>wsclientWebapp</strong></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>a protected web application that
calls a web service that uses the Fediz STS to validate credentials. Here, the same STS is
used for token issuance (indirectly, by the web application through use of the Fediz IDP)
and validation. The FederationServlet illustrates how to securely call a web service.</p></td></tr></tbody></table></div><p><span
class="confluence-anchor-link" id="Fediz-building"></span></p><h2 id="Fediz-Building">Building</h2><p>Check
out the code from here:</p><ul><li>git clone -v <a shape="rect" class="external-link"
href="https://git-wip-us.apache.org/repos/asf/cxf-fediz.git">https://git-wip-us.apache.org/repos/asf/cxf-fediz.git</a></li></ul><p>Then
follow the <a shape="rect" class="exte
 rnal-link" href="http://svn.apache.org/viewvc/cxf/fediz/trunk/BUILDING.txt?view=markup">BUILDING.txt</a>
file in the Fediz download for full build instructions.</p><h5 id="Fediz-SettingupEclipse:">Setting
up Eclipse:</h5><p>See <a shape="rect" href="http://cxf.apache.org/setting-up-eclipse.html">this
page</a> for information on using the Eclipse IDE with the Fediz source code. This page
is created for CXF but the same commands are applicable for Fediz too.</p></div>
            </div>
            <!-- Content -->
          </td>



Mime
View raw message