cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <rmannibu...@gmail.com>
Subject Re: fediz & SSO?
Date Mon, 20 Aug 2012 21:17:21 GMT
two distinct RP webapps (let say in different tomcat).

currently it "almost works" because with 401 the client (browser) will
cache authorization header so it will seem it work but since you change the
way you login (and the user/pass is no more in headers) it can't work
anymore (typically a form).

The point today is "what's next' in IDP? I mean, does fediz aims to provide
extensibility or will user need to fork the IDP to get some custom features
(i know the answer will not be yes or no ;), but a state is important IMO)?

*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.com*




2012/8/20 Oliver Wulff <owulff@talend.com>

> Hi Romain
>
> The IDP has a lot of potential for new features. At the very beginning,
> the Fediz IDP was intended to mock an IDP and test your application but it
> has grown as you can meanwhile attach LDAP for authentication and claims
> support.
>
> I'm not sure what you mean by classical SSO between two web apps?
>
> Thanks
> Oli
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com
> Solution Architect
> http://coders.talend.com
>
> Talend Application Integration Division http://www.talend.com
>
> ________________________________________
> From: Romain Manni-Bucau [rmannibucau@gmail.com]
> Sent: 17 August 2012 15:13
> To: dev@cxf.apache.org
> Subject: Re: fediz & SSO?
>
> ok, great, so i'll wait some news from fediz ;)
>
> thanks for the answer
>
> *Romain Manni-Bucau*
> *Twitter: @rmannibucau*
> *Blog: http://rmannibucau.wordpress.com*
>
>
>
>
> 2012/8/17 Sergey Beryozkin <sberyozkin@gmail.com>
>
> > Hi
> >
> > On 17/08/12 09:11, Romain Manni-Bucau wrote:
> >
> >> Hi,
> >>
> >> i didn't see anything in the roadmap of fediz regarding the 'classical'
> >> SSO
> >> (between 2 webapps with GUI).
> >>
> >> It doesn't seem to currently work (well that's not a big surprise but
> >> that's a big problem for real applications which have GUI + WS).
> >>
> >> Any information about it?
> >>
> >>
> > Colm and myself worked on implementing SAML SSO Web Profile at the SP
> side
> > only, currently in CXF, implemented with the help of JAX-RS
> > filters/endpoints. I hope we can come to some agreement soon enough on
> how
> > to get it linked with Fediz
> >
> >
> >  Another question is the GUI used for the login, a 401 is rarely what an
> >> application wants, any way to use a form or is th eonly way to achieve
> it
> >>   forking the existing servlets?
> >>
> >
> > The login form is offered by IDP (Fediz in this case). We've chatted with
> > Oli few months ago on providing CXF-centric Fediz extensions, when we do
> it
> > we will be able to utilize JAX-RS RequestDispatcherProvider which links
> the
> > data with JSP/other view handlers - this is how we do SAML SSO Post
> > Redirect support too
> >
> > Cheers, Sergey
> >
> >
> >> *Romain Manni-Bucau*
> >> *Twitter: @rmannibucau*
> >> *Blog: http://rmannibucau.wordpress.**com<
> http://rmannibucau.wordpress.com>
> >> *
> >>
> >>
> >
> > --
> > Sergey Beryozkin
> >
> > Talend Community Coders
> > http://coders.talend.com/
> >
> > Blog: http://sberyozkin.blogspot.com
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message