cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Initial WS-Federation support commited to sandbox
Date Wed, 04 Jan 2012 17:43:08 GMT
Hi Oli,

Is there a reason why the IDP STS (and the IDP) deploys to Tomcat on
port 9080 instead of 8080? It uses 8080 for the commented out plugin.

> What do you think about this?

It's pretty cool from a security POV. Do you have any plans to look at
supporting the Federation Metadata document? How about sign-out?

Is there much work involved in support the full scenario of having
both resource and requestor STS instances?

Colm.


On Wed, Dec 21, 2011 at 10:20 PM, Oliver Wulff <owulff@talend.com> wrote:
> Hi there
>
> I was working in the last 5 months in enabling tomcat for federation and propagate the
security context of the browser user to the back end web services using the CXF STS.
>
> I just committed this code to the cxf sandbox:
> http://svn.apache.org/viewvc/cxf/sandbox/fediz/
>
> This project contains 5 modules:
>
> A) Identity provider (IDP), authentication server
>
> * fediz-idp
> This module is more or less a servlet which processes and transforms the incoming federation
message for an STS request
> more information can be found here:
> http://owulff.blogspot.com/2011/10/configure-and-deploy-identity-provider.html
>
> * fediz-idp-sts
> The CXF sts is responsible to issue a SAML token and adding the claims (firstname, lastname,
email, roles) to the SAML token
> more information can be found here:
> http://owulff.blogspot.com/2011/10/configure-and-deploy-cxf-25-sts-part-i.html
>
>
> B) Federation plugin for application server
>
> * fediz-core
> This module contains the core logic to validate the federation sign in message. It validates
the SAML token. The whole processing is application server agnostic.
>
> * fediz-tomcat
>
> This module implements the Tomcat authenticator and adapts the core federation logic
to the Tomcat specific authenticator and establish the jee security context
>
>
> more information can be found here:
>
> http://owulff.blogspot.com/2011/11/configure-tomcat-for-federation-part.html
>
>
> C) Sample application
>
>
> I've planned to add support for Websphere and Pax Web.
>
>
>
> What do you think about this?
>
>
>
> Thanks
>
> Oli



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message