cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: Moving the SAML SSO SP code to its own module
Date Tue, 15 May 2012 12:54:05 GMT
I moved the code to the new module as agreed,

Cheers, Sergey
On 10/05/12 10:35, Colm O hEigeartaigh wrote:
> +1 from me.
>
> Colm.
>
> On Wed, May 9, 2012 at 10:33 PM, Sergey Beryozkin<sberyozkin@gmail.com>  wrote:
>> Hi
>>
>> Colm and myself have been working recently on the initial support for the
>> SAML-based Web SSO support on the Service Provider (SP) side.
>>
>> What we've got at the moment is the filters which can enforce the security
>> context and redirect via GET or POST to the IDP, validate SAMLResponse and
>> set the security context.
>>
>> There's still a bit of work that needs to be completed, to do with the
>> better security context population on the actual application path, more
>> sophisticated support for the session management, supporting the delegation
>> of the SAMLResponse validation. Then going forward we can think about the
>> logout support, artifact resolution support, etc, etc...
>>
>> Right now, the code lives in rt/rs/security/xml, I started prototyping the
>> code there simply because it already contained the support for SAML-based
>> validation of SAML assertions, etc.
>>
>> However, given a number of enhancements that are expected to be added for
>> the SSO-based support, we thought with Colm that it would make sense to move
>> the relevant code to its own dedicated module. As I said earlier I believe
>> this code should work with different IDPs, so for now I'm not sure that it
>> should be moved to the Fediz sub-project. I guess the possibility of moving
>> to Fediz can be reviewed later on again, but right now I'd suggest creating
>> a module such as
>>
>> cxf-rt-rs-security-sso-saml
>>
>> under rt/rs/security/sso/saml
>>
>> with the idea that perhaps some other SSO techologies will be supported at
>> the CXF RS level in the future
>>
>>
>> Comments are welcome.
>>
>> Cheers, Sergey
>
>
>


-- 
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com

Mime
View raw message