cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Burke <>
Subject Re: OpenId Connect
Date Mon, 03 Mar 2014 18:50:11 GMT

On 3/3/2014 1:42 PM, Thorsten Höger wrote:
> Am 03.03.2014 11:27, schrieb Sergey Beryozkin:
>> Hi Thorsten
>> On 01/03/14 17:42, Thorsten Höger wrote:
>>> Hi,
>>> are there plans to support OpenId Connect (Server/Client) as extension to OAuth2
in CXF?
>> Yes.
>> Right now, the immediate priority is to support JWT wrapped as CXF ServerAccessToken,
>> and the JWT assertions grant. Next, offer the JAX-RS services support for the client
>> registration and token management.
>> OpenId Connect will be next (possibly some prototyping will start after the JWT support
>> is done). I'm not sure right now in what form it will be supported, may be some of
>> will be done as part of Fediz, but I think at the very least CXF OAuth2 endpoints
>> be able to work with the OpenId Connect aware infrastructure...
>> Do you have any particular integration requirements ? What is it that attracts you
>> OpenId-Connect most ?
> We are using CXF as a REST backend for our online-banking system. The first part with
> OpenId Connect would be to act as an OpenId Identity-Provider. The next part would be
> authenticate/register new users via Google+, Facebook etc.

Shameless plug:

We're working on a OpenID Connect extension/auth server over at  It can be a social broker, or register/manage its 
own users.  Supports permission/role mappings, OTP, and a lot more. 
Aims for integrated security for both web apps and REST services. 
Keycloak is a solution, not a library, so I don't see why eventually CXF 
couldn't integrate with it if it has/will have openid connect/oauth2 
client libraries.

Bill Burke
JBoss, a division of Red Hat

View raw message