cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r1034376 - in /websites/production/cxf/content: cache/main.pageCache fediz-introduction.html
Date Fri, 24 Aug 2018 11:57:58 GMT
Author: buildbot
Date: Fri Aug 24 11:57:58 2018
New Revision: 1034376

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/main.pageCache
    websites/production/cxf/content/fediz-introduction.html

Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/fediz-introduction.html
==============================================================================
--- websites/production/cxf/content/fediz-introduction.html (original)
+++ websites/production/cxf/content/fediz-introduction.html Fri Aug 24 11:57:58 2018
@@ -99,7 +99,7 @@ Apache CXF -- Fediz Introduction
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
-<div id="ConfluenceContent"><h2 id="FedizIntroduction-Overview">Overview</h2><p>Apache
CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates
security enforcement to the underlying application server. With Fediz, authentication is externalized
from your web application to an identity provider installed as a dedicated server component.
Apache CXF Fediz supports both <a shape="rect" class="external-link" href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002"
rel="nofollow">WS-Federation Passive Requestor Profile</a> and the <a shape="rect"
class="external-link" href="https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf"
rel="nofollow">SAML Web Browser SSO Profile</a>. Fediz supports <a shape="rect"
class="external-link" href="http://en.wikipedia.org/wiki/Claims-based_identity" rel="nofollow">Claims
Based Access Control</a> beyond Role Based Access Control (RBAC).</p><h2 id="Fed
 izIntroduction-GettingStarted">Getting Started</h2><p>The WS-Federation specification
defines the following parties involved during a web login:</p><p>&#160;&#160;&#160;
Browser</p><p>&#160;&#160;&#160; Identity Provider (IDP)</p><p>&#160;&#160;&#160;
The IDP is a centralized, application independent runtime component which implements the protocol
defined by WS-Federation. You can use any open source or commercial product that supports
WS-Federation 1.1/1.2 as your IDP. It's recommended to use the Fediz IDP for testing as it
allows for testing your web application in a sandbox without having all infrastructure components
available. The Fediz IDP consists of two WAR components. The Security Token Service (STS)
does most of the work including user authentication, claims/role data retrieval and creating
the SAML token. The IDP WAR translates the response to an HTML response allowing a browser
to process it.</p><p>&#160;&#160;&#160; Relying Party (RP)</p><p>&#160;&#160;&#160;
The RP is 
 a web application that needs to be protected. The RP must be able to implement the protocol
as defined by WS-Federation. This component is called "Fediz Plugin" in this project which
consists of container agnostic module/jar and a container specific jar. When an authenticated
request is detected by the plugin it redirects to the IDP for authentication. The browser
sends the response from the IDP to the RP after successful authentication. The RP validates
the response and creates the container security context.</p><p><br clear="none"></p><p>It's
recommended to deploy the IDP and the web application (RP) into different container instances
as in a production deployment. The container with the IDP can be used during development and
testing for multiple web applications needing security.</p><p>Features</p><p>The
following features are supported by Fediz 1.2</p><p><br clear="none"></p><p>&#160;&#160;&#160;
WS-Federation 1.0/1.1/1.2</p><p>&#160;&#160;&#160; SAML 1.1/2.0 Tokens</p><p>&#160;
 &#160;&#160; Support for encrypted SAML Tokens (Release 1.1)</p><p>&#160;&#160;&#160;
Support for Holder-Of-Key SubjectConfirmationMethod (1.1)</p><p>&#160;&#160;&#160;
Custom token Support</p><p>&#160;&#160;&#160; Publish WS-Federation
Metadata document</p><p>&#160;&#160;&#160; Role information encoded
as AttributeStatement in SAML 1.1/2.0 tokens</p><p>&#160;&#160;&#160;
Claims information provided by FederationPrincipal Interface</p><p>&#160;&#160;&#160;
Support for Tomcat, Jetty, Websphere, Spring Security and CXF (1.1)</p><p>&#160;&#160;&#160;
Fediz IDP supports "Resource IDP" role as well (1.1)</p><p>&#160;&#160;&#160;
A new REST API for the IdP (1.2)</p><p>&#160;&#160;&#160; Support
for logout in both the RP and IdP (1.2)</p><p>&#160;&#160;&#160; Support
for logging on to the IdP via Kerberos and TLS client authentication (1.2)</p><p>&#160;&#160;&#160;
A new container-independent CXF plugin for WS-Federation (1.2)</p><p>&#160;&#160;&#160;
Support to use the IdP as an identity 
 broker with a remote SAML SSO IdP (1.2)</p></div>
+<div id="ConfluenceContent"><h2 id="FedizIntroduction-Overview">Overview</h2><p>Apache
CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates
security enforcement to the underlying application server. With Fediz, authentication is externalized
from your web application to an identity provider installed as a dedicated server component.
Apache CXF Fediz supports both <a shape="rect" class="external-link" href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002"
rel="nofollow">WS-Federation Passive Requestor Profile</a> and the <a shape="rect"
class="external-link" href="https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf"
rel="nofollow">SAML Web Browser SSO Profile</a>. Fediz supports <a shape="rect"
class="external-link" href="http://en.wikipedia.org/wiki/Claims-based_identity" rel="nofollow">Claims
Based Access Control</a> beyond Role Based Access Control (RBAC).</p><h2 id="Fed
 izIntroduction-Features">Features</h2><p>Here are some of the features supported
by Fediz:</p><ul><li>WS-Federation 1.0/1.1/1.2</li><li>SAML
SSO (IdP and the Apache Tomcat 8 plugin only thus far)</li><li>Support for SAML
1.1/2.0 tokens, encrypted SAML Tokens, Holder-Of-Key Subject Confirmation Method.</li><li>Custom
token Support</li><li>Support to publish WS-Federation and SAML SSO Metadata documents</li><li>Support
for Tomcat, Jetty, Websphere, Spring Security and CXF plugins</li><li>A new REST
API for the IdP (1.2)</li><li>Support for logout in both the RP and IdP (1.2)</li><li>Support
for logging on to the IdP via Kerberos and TLS client authentication (1.2)</li><li>Support
to use the IdP as an identity broker with a remote IdP. SAML SSO, Open Id Connect, Facebook
and WS-Federation protocols supported.</li></ul><p><br clear="none"></p><p>&#160;&#160;&#160;
</p></div>
            </div>
            <!-- Content -->
          </td>



Mime
View raw message