cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r1020026 - in /websites/production/cxf/content: cache/main.pageCache fediz.html
Date Wed, 25 Oct 2017 10:57:35 GMT
Author: buildbot
Date: Wed Oct 25 10:57:35 2017
New Revision: 1020026

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/main.pageCache
    websites/production/cxf/content/fediz.html

Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/fediz.html
==============================================================================
--- websites/production/cxf/content/fediz.html (original)
+++ websites/production/cxf/content/fediz.html Wed Oct 25 10:57:35 2017
@@ -32,8 +32,8 @@
 <link type="text/css" rel="stylesheet" href="/resources/highlighter/styles/shThemeCXF.css">
 
 <script src='/resources/highlighter/scripts/shCore.js'></script>
-<script src='/resources/highlighter/scripts/shBrushBash.js'></script>
 <script src='/resources/highlighter/scripts/shBrushJava.js'></script>
+<script src='/resources/highlighter/scripts/shBrushBash.js'></script>
 <script>
   SyntaxHighlighter.defaults['toolbar'] = false;
   SyntaxHighlighter.all();
@@ -111,7 +111,7 @@ Apache CXF -- Fediz
            <div class="wiki-content">
 <div id="ConfluenceContent"><h1 id="Fediz-ApacheCXFFediz:AnOpen-SourceWebSecurityFramework">Apache
CXF Fediz: An Open-Source Web Security Framework</h1><h2 id="Fediz-Overview">Overview</h2><p>Apache
CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates
security enforcement to the underlying application server. With Fediz, authentication is externalized
from your web application to an identity provider installed as a dedicated server component.
The supported standard is <a shape="rect" class="external-link" href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002"
rel="nofollow">WS-Federation Passive Requestor Profile</a>. Fediz supports <a
shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Claims-based_identity"
rel="nofollow">Claims Based Access Control</a> beyond Role Based Access Control (RBAC).</p><h2
id="Fediz-News">News</h2><p><strong><strong>September 15, 2017
- <strong>
 <strong>Apache CXF Fediz 1.4.</strong></strong>2 released</strong></strong></p><p>Apache
CXF Fediz 1.4.2 has been released.</p><p>For more information and to download
the new release, please go <a shape="rect" href="fediz-downloads.html">here</a>.</p><p><strong><strong>August
18, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>1
released</strong></strong></p><p>Apache CXF Fediz 1.4.1 has been released.</p><p>For
more information and to download the new release, please go <a shape="rect" href="fediz-downloads.html">here</a>.</p><p><strong><strong>May
16, 2017 - Two new security advisories for Apache CXF Fediz are released</strong></strong></p><p>Two
new security advisories have been released for issues that are fixed in the latest releases
(1.4.0, 1.3.2 and 1.2.4):</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2017-7661.txt.asc?version=1&amp;modificationDate=1494949364764&amp;api=v2">CVE-2017-7661</a>:
The Apache CXF Fediz Jetty and
  Spring plugins are vulnerable to CSRF attacks.</li><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc?version=1&amp;modificationDate=1494949377300&amp;api=v2">CVE-2017-7662</a>:
The Apache CXF Fediz OIDC Client Registration Service is vulnerable to CSRF attacks.</li></ul><p>Please
upgrade to the latest releases as soon as possible.</p><p><strong><strong>April
28, 2017 - Apache CXF Fediz 1.4.0, 1.3.2 and 1.2.4 released<br clear="none"></strong></strong></p><p>Apache
CXF Fediz 1.4.0, 1.3.2 and 1.2.4 have been released.</p><p>For more information
and to download the new releases, please go <a shape="rect" href="fediz-downloads.html">here</a>.</p><h2
id="Fediz-Features">Features</h2><p>The following features are supported by
Fediz 1.2</p><ul><li>WS-Federation 1.0/1.1/1.2</li><li>SAML
1.1/2.0 Tokens</li><li>Support for encrypted SAML Tokens (Release 1.1)</li><li>Support
for Holder-Of-Key SubjectConfirmationMethod (1.1)</li><li>Custom token Sup
 port</li><li>Publish WS-Federation Metadata document</li><li>Role
information encoded as AttributeStatement in SAML 1.1/2.0 tokens</li><li>Claims
information provided by FederationPrincipal Interface</li><li>Support for Tomcat,
Jetty, Websphere, Spring Security and CXF (1.1)</li><li>Fediz IDP supports "Resource
IDP" role as well (1.1)</li><li>A new REST API for the IdP (1.2)</li><li>Support
for logout in both the RP and IdP (1.2)</li><li>Support for logging on to the
IdP via Kerberos and TLS client authentication (1.2)</li><li>A new container-independent
CXF plugin for WS-Federation (1.2)</li><li>Support to use the IdP as an identity
broker with a remote SAML SSO IdP (1.2)</li></ul><p>The following features
are planned for the next release:</p><ul><li>support for other protocols
like OAuth</li></ul><p>You can get the current status of the enhancements
<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/FEDIZ">here
</a>.</p><h2 id="Fediz-Architecture">Ar
 chitecture</h2><p>The Fediz architecture is described in more detail <a shape="rect"
href="fediz-architecture.html">here</a>.</p><h2 id="Fediz-Download">Download</h2><p>See
<a shape="rect" href="fediz-downloads.html">here</a>.</p><h2 id="Fediz-Gettingstarted">Getting
started</h2><p>The WS-Federation specification defines the following parties involved
during a web login:</p><ul><li>Browser</li><li>Identity Provider
(IDP)<br clear="none"> The IDP is a centralized, application independent runtime component
which implements the protocol defined by WS-Federation. You can use any open source or commercial
product that supports WS-Federation 1.1/1.2 as your IDP. It's recommended to use the Fediz
IDP for testing as it allows for testing your web application in a sandbox without having
all infrastructure components available. The Fediz IDP consists of two WAR components. The
Security Token Service (STS) does most of the work including user authentication, claims/role
data retrieval and crea
 ting the SAML token. The IDP WAR translates the response to an HTML response allowing a browser
to process it.</li><li>Relying Party (RP)<br clear="none"> The RP is a web
application that needs to be protected. The RP must be able to implement the protocol as defined
by WS-Federation. This component is called "Fediz Plugin" in this project which consists of
container agnostic module/jar and a container specific jar. When an authenticated request
is detected by the plugin it redirects to the IDP for authentication. The browser sends the
response from the IDP to the RP after successful authentication. The RP validates the response
and creates the container security context.</li></ul><p>It's recommended
to deploy the IDP and the web application (RP) into different container instances as in a
production deployment. The container with the IDP can be used during development and testing
for multiple web applications needing security.</p><h3 id="Fediz-SettinguptheIDP">Setting
up the IDP</h3
 ><p>The installation and configuration of the IDP is documented <a shape="rect"
href="fediz-idp-11.html">here</a></p><h3 id="Fediz-SetuptheRelyingPartyContainer">Set
up the Relying Party Container</h3><p>The Fediz plugin needs to be deployed into
the Relying Party (RP) container. The security mechanism is not specified by JEE. Even though
it is very similar in each servlet container there are some differences which require a dedicated
Fediz plugin for each servlet container implementation. Most of the configuration goes into
a Servlet container independent configuration file which is described <a shape="rect" href="fediz-configuration.html">here</a></p><p>The
following lists shows the supported containers and the location of the installation and configuration
page.</p><ul><li><a shape="rect" href="fediz-tomcat.html">Tomcat 7
</a></li><li><a shape="rect" href="fediz-jetty.html">Jetty 7/8 (1.1)</a></li><li><a
shape="rect" href="fediz-spring.html">Spring Security 3.1 (1.1)</a></li><li>
 <a shape="rect" href="fediz-websphere.html">Websphere 7/8 (1.1)</a></li><li><a
shape="rect" href="fediz-cxf.html">CXF (1.1) </a></li></ul><h2 id="Fediz-Samples">Samples</h2><p>The
examples directory contains two sample relying party applications. They are independent of
each other, so it is not necessary to deploy both at once.</p><p>Each sample is
described in a <code>README.txt</code> file located in the base directory of each
sample.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Sample</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><strong>simpleWebapp</strong></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>a simple web application which is
protected by the Fediz IDP. The FederationServlet illustrates how to get security information
using the standard APIs.</p></td></tr><tr><td colspan="1" rowspan="1"
  class="confluenceTd"><p><strong>wsclientWebapp</strong></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>a protected web application that
calls a web service that uses the Fediz STS to validate credentials. Here, the same STS is
used for token issuance (indirectly, by the web application through use of the Fediz IDP)
and validation. The FederationServlet illustrates how to securely call a web service.</p></td></tr></tbody></table></div><p><span
class="confluence-anchor-link" id="Fediz-building"></span></p><h2 id="Fediz-Checkout">Checkout</h2><p>The
CXF sources are hosted at&#160;<a shape="rect" class="external-link" href="https://gitbox.apache.org/">Apache
gitbox</a>. This includes a full two way sync with github. As github provides the nicer
user interface we now recommend to directly work on the github cxf repo.</p><h2 id="Fediz-Webbrowsing">Web
browsing</h2><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf-fediz"
rel="nofollow">https://githu
 b.com/apache/cxf-fediz</a></p><h2 id="Fediz-CheckingoutfromGIT">Checking
out from GIT</h2><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">git
clone git@github.com:apache/cxf-fediz.git</pre>
-</div></div><h2 id="Fediz-Committing">Committing</h2><p>CXF
committers can directly commit to github after doing the&#160;<a shape="rect" class="external-link"
href="https://gitbox.apache.org/setup/">Apache&#160;gitbox setup</a>. Be aware
that the sync might take half an hour before you are added to the cxf github group.</p><h2
id="Fediz-Forkingandpullrequests">Forking and pull requests</h2><p>See&#160;<a
shape="rect" href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=69407398">Getting
Involved</a></p><h2 id="Fediz-Building">Building</h2><p>Then
follow the <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/fediz/trunk/BUILDING.txt?view=markup">BUILDING.txt</a>
file in the Fediz download for full build instructions.</p><h2 id="Fediz-SettingupEclipse">Setting
up Eclipse</h2><p>See <a shape="rect" href="http://cxf.apache.org/setting-up-eclipse.html">this
page</a> for information on using the Eclipse IDE with the Fediz source code. This page
  is created for CXF but the same commands are applicable for Fediz too.</p><p>&#160;</p></div>
+</div></div><h2 id="Fediz-Committing">Committing</h2><p>CXF
committers can directly commit to github after doing the&#160;<a shape="rect" class="external-link"
href="https://gitbox.apache.org/setup/">Apache&#160;gitbox setup</a>. Be aware
that the sync might take half an hour before you are added to the cxf github group.</p><h2
id="Fediz-Forkingandpullrequests">Forking and pull requests</h2><p>See&#160;<a
shape="rect" href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=69407398">Getting
Involved</a></p><h2 id="Fediz-Building">Building</h2><p>Then
follow the <a shape="rect" class="external-link" href="https://github.com/apache/cxf-fediz/blob/master/BUILDING.txt"
rel="nofollow">BUILDING.txt</a> file in the Fediz download for full build instructions.</p><h2
id="Fediz-SettingupEclipse">Setting up Eclipse</h2><p>See <a shape="rect"
href="http://cxf.apache.org/setting-up-eclipse.html">this page</a> for information
on using the Eclipse IDE with the Fediz source code. Thi
 s page is created for CXF but the same commands are applicable for Fediz too.</p><p>&#160;</p></div>
            </div>
            <!-- Content -->
          </td>



Mime
View raw message