cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Moving the SAML SSO SP code to its own module
Date Thu, 10 May 2012 09:35:44 GMT
+1 from me.

Colm.

On Wed, May 9, 2012 at 10:33 PM, Sergey Beryozkin <sberyozkin@gmail.com> wrote:
> Hi
>
> Colm and myself have been working recently on the initial support for the
> SAML-based Web SSO support on the Service Provider (SP) side.
>
> What we've got at the moment is the filters which can enforce the security
> context and redirect via GET or POST to the IDP, validate SAMLResponse and
> set the security context.
>
> There's still a bit of work that needs to be completed, to do with the
> better security context population on the actual application path, more
> sophisticated support for the session management, supporting the delegation
> of the SAMLResponse validation. Then going forward we can think about the
> logout support, artifact resolution support, etc, etc...
>
> Right now, the code lives in rt/rs/security/xml, I started prototyping the
> code there simply because it already contained the support for SAML-based
> validation of SAML assertions, etc.
>
> However, given a number of enhancements that are expected to be added for
> the SSO-based support, we thought with Colm that it would make sense to move
> the relevant code to its own dedicated module. As I said earlier I believe
> this code should work with different IDPs, so for now I'm not sure that it
> should be moved to the Fediz sub-project. I guess the possibility of moving
> to Fediz can be reviewed later on again, but right now I'd suggest creating
> a module such as
>
> cxf-rt-rs-security-sso-saml
>
> under rt/rs/security/sso/saml
>
> with the idea that perhaps some other SSO techologies will be supported at
> the CXF RS level in the future
>
>
> Comments are welcome.
>
> Cheers, Sergey



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message