cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <>
Subject Re: Moving the SAML SSO SP code to its own module
Date Thu, 10 May 2012 09:35:44 GMT
+1 from me.


On Wed, May 9, 2012 at 10:33 PM, Sergey Beryozkin <> wrote:
> Hi
> Colm and myself have been working recently on the initial support for the
> SAML-based Web SSO support on the Service Provider (SP) side.
> What we've got at the moment is the filters which can enforce the security
> context and redirect via GET or POST to the IDP, validate SAMLResponse and
> set the security context.
> There's still a bit of work that needs to be completed, to do with the
> better security context population on the actual application path, more
> sophisticated support for the session management, supporting the delegation
> of the SAMLResponse validation. Then going forward we can think about the
> logout support, artifact resolution support, etc, etc...
> Right now, the code lives in rt/rs/security/xml, I started prototyping the
> code there simply because it already contained the support for SAML-based
> validation of SAML assertions, etc.
> However, given a number of enhancements that are expected to be added for
> the SSO-based support, we thought with Colm that it would make sense to move
> the relevant code to its own dedicated module. As I said earlier I believe
> this code should work with different IDPs, so for now I'm not sure that it
> should be moved to the Fediz sub-project. I guess the possibility of moving
> to Fediz can be reviewed later on again, but right now I'd suggest creating
> a module such as
> cxf-rt-rs-security-sso-saml
> under rt/rs/security/sso/saml
> with the idea that perhaps some other SSO techologies will be supported at
> the CXF RS level in the future
> Comments are welcome.
> Cheers, Sergey

Colm O hEigeartaigh

Talend Community Coder

View raw message