cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <rmannibu...@gmail.com>
Subject Re: fediz & SSO?
Date Tue, 21 Aug 2012 10:42:05 GMT
well i thought of some distributed solutions but for me that's not a
solution since you keep the password instead of keeping the token, i think
the current logic flow is not matching this requirement (but is it a fediz
requirement?)

*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.com*




2012/8/21 Sergey Beryozkin <sberyozkin@gmail.com>

> On 20/08/12 22:17, Romain Manni-Bucau wrote:
>
>> two distinct RP webapps (let say in different tomcat).
>>
>> currently it "almost works" because with 401 the client (browser) will
>> cache authorization header so it will seem it work but since you change
>> the
>> way you login (and the user/pass is no more in headers) it can't work
>> anymore (typically a form).
>>
>
> This seems like a state management issue to me. Fediz currently relies on
> the servlet container to manage the session state, so if you say have the
> single application running on two Tomcat containers then Tomcat has to be
> configured to get the state shared between multiple containers, I recall I
> saw some material on the web on how to do it,
>
> Alternatively, the state can be managed by Fediz itself (similarly to the
> way we do it with Web profile), may be we can support that too once
> CXF-centric extensions are added
>
> Cheers, Sergey
>
>
>> The point today is "what's next' in IDP? I mean, does fediz aims to
>> provide
>> extensibility or will user need to fork the IDP to get some custom
>> features
>> (i know the answer will not be yes or no ;), but a state is important
>> IMO)?
>>
>> *Romain Manni-Bucau*
>> *Twitter: @rmannibucau*
>> *Blog: http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com>
>> *
>>
>>
>>
>>
>> 2012/8/20 Oliver Wulff<owulff@talend.com>
>>
>>  Hi Romain
>>>
>>> The IDP has a lot of potential for new features. At the very beginning,
>>> the Fediz IDP was intended to mock an IDP and test your application but
>>> it
>>> has grown as you can meanwhile attach LDAP for authentication and claims
>>> support.
>>>
>>> I'm not sure what you mean by classical SSO between two web apps?
>>>
>>> Thanks
>>> Oli
>>>
>>> ------
>>>
>>> Oliver Wulff
>>>
>>> Blog: http://owulff.blogspot.com
>>> Solution Architect
>>> http://coders.talend.com
>>>
>>> Talend Application Integration Division http://www.talend.com
>>>
>>> ______________________________**__________
>>> From: Romain Manni-Bucau [rmannibucau@gmail.com]
>>> Sent: 17 August 2012 15:13
>>> To: dev@cxf.apache.org
>>> Subject: Re: fediz&  SSO?
>>>
>>>
>>> ok, great, so i'll wait some news from fediz ;)
>>>
>>> thanks for the answer
>>>
>>> *Romain Manni-Bucau*
>>> *Twitter: @rmannibucau*
>>> *Blog: http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com>
>>> *
>>>
>>>
>>>
>>>
>>> 2012/8/17 Sergey Beryozkin<sberyozkin@gmail.com**>
>>>
>>>  Hi
>>>>
>>>> On 17/08/12 09:11, Romain Manni-Bucau wrote:
>>>>
>>>>  Hi,
>>>>>
>>>>> i didn't see anything in the roadmap of fediz regarding the 'classical'
>>>>> SSO
>>>>> (between 2 webapps with GUI).
>>>>>
>>>>> It doesn't seem to currently work (well that's not a big surprise but
>>>>> that's a big problem for real applications which have GUI + WS).
>>>>>
>>>>> Any information about it?
>>>>>
>>>>>
>>>>>  Colm and myself worked on implementing SAML SSO Web Profile at the SP
>>>>
>>> side
>>>
>>>> only, currently in CXF, implemented with the help of JAX-RS
>>>> filters/endpoints. I hope we can come to some agreement soon enough on
>>>>
>>> how
>>>
>>>> to get it linked with Fediz
>>>>
>>>>
>>>>   Another question is the GUI used for the login, a 401 is rarely what
>>>> an
>>>>
>>>>> application wants, any way to use a form or is th eonly way to achieve
>>>>>
>>>> it
>>>
>>>>    forking the existing servlets?
>>>>>
>>>>>
>>>> The login form is offered by IDP (Fediz in this case). We've chatted
>>>> with
>>>> Oli few months ago on providing CXF-centric Fediz extensions, when we do
>>>>
>>> it
>>>
>>>> we will be able to utilize JAX-RS RequestDispatcherProvider which links
>>>>
>>> the
>>>
>>>> data with JSP/other view handlers - this is how we do SAML SSO Post
>>>> Redirect support too
>>>>
>>>> Cheers, Sergey
>>>>
>>>>
>>>>  *Romain Manni-Bucau*
>>>>> *Twitter: @rmannibucau*
>>>>> *Blog: http://rmannibucau.wordpress.****com<
>>>>>
>>>> http://rmannibucau.wordpress.**com <http://rmannibucau.wordpress.com>>
>>>
>>>> *
>>>>>
>>>>>
>>>>>
>>>> --
>>>> Sergey Beryozkin
>>>>
>>>> Talend Community Coders
>>>> http://coders.talend.com/
>>>>
>>>> Blog: http://sberyozkin.blogspot.com
>>>>
>>>>
>>>
>>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message