cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <>
Subject Re: OpenId Connect
Date Mon, 03 Mar 2014 21:16:18 GMT
On 03/03/14 18:42, Thorsten Höger wrote:
> Am 03.03.2014 11:27, schrieb Sergey Beryozkin:
>> Hi Thorsten
>> On 01/03/14 17:42, Thorsten Höger wrote:
>>> Hi,
>>> are there plans to support OpenId Connect (Server/Client) as extension to OAuth2
in CXF?
>> Yes.
>> Right now, the immediate priority is to support JWT wrapped as CXF ServerAccessToken,
>> and the JWT assertions grant. Next, offer the JAX-RS services support for the client
>> registration and token management.
>> OpenId Connect will be next (possibly some prototyping will start after the JWT support
>> is done). I'm not sure right now in what form it will be supported, may be some of
>> will be done as part of Fediz, but I think at the very least CXF OAuth2 endpoints
>> be able to work with the OpenId Connect aware infrastructure...
>> Do you have any particular integration requirements ? What is it that attracts you
>> OpenId-Connect most ?
> We are using CXF as a REST backend for our online-banking system. The first part with
> OpenId Connect would be to act as an OpenId Identity-Provider. The next part would be
> authenticate/register new users via Google+, Facebook etc.
Right, thanks. I believe this is in line with the Fediz roadmap which 
Oli has put in place, with OAuth2-based SSO covered eventually too.

Just in case: CXF supports SAML SP Web Profile and this has been tested 
against many SAML IDPs; Fediz currently supports WS-Fed passive Profile 
- deployed in a major production. So we have some SSO support in place.

Cheers, Sergey

> Regards,
> Thorsten
>> Cheers, Sergey
>>> Regards,
>>> Thorsten

View raw message