cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oliver Wulff (JIRA)" <>
Subject [jira] [Commented] (FEDIZ-3) Support the role "Resource IDP" in IDP
Date Mon, 22 Apr 2013 07:55:15 GMT


Oliver Wulff commented on FEDIZ-3:

An IDP requires two caches:
One cached for all trusted IDPs where he caches their tokens per wauth. We can't use a cached
token if the wauth requirements are not met. (application requires certificate based authentication
whereas the cached token is based on username/password authentication)
The other cache is for tokens the IDP issued itself. These tokens must also be cached based
on wauth.

With respect to wauth, ADFS redirects the signin request (keeping the query parameters) to
a different URI depending on wauth. This works pretty well with spring security as well as
you can define different spring security beans per URI.

A Fediz IDP instance should be able to host several IDP. Imagine a company with different
security domains/realms like more than one LDAP directory.

Proposal for URL semantic:

https://<fediz-host>:<fediz-port>/fediz-idp/<IDP URI>/login/<wauth URI>/

If no differentiation is required for authentication this defaults to /fediz-idp/<IDP URI>/login/default

> Support the role "Resource IDP" in IDP
> --------------------------------------
>                 Key: FEDIZ-3
>                 URL:
>             Project: CXF-Fediz
>          Issue Type: New Feature
>          Components: IDP
>            Reporter: Oliver Wulff
>         Attachments: patch.txt, SignInRequest.png, SignInResponse.png

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message