cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oliver Wulff (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (FEDIZ-72) Make Trusted IDP protocol customizable
Date Fri, 21 Feb 2014 12:51:19 GMT

     [ https://issues.apache.org/jira/browse/FEDIZ-72?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Oliver Wulff updated FEDIZ-72:
------------------------------

    Description: 
In release 1.1, the Fediz IDP doesn't support other protocols than WS-Federation for a Trusted
IDP. Due to the usage of Spring Web Flow, the flow can still be customized but it has a bigger
impact and later migration to new release require more effort.

This is a proposal to add support for custom protocols for Trusted IDPs:

- Introduce Interface "SSOProtocolBridge" which is able to transform a WS-Federation SignIn
Request to another SignIn Request (ex. SAML-P AuthRequest) and to transform another SignIn
Response (ex. SAML-P AuthResponse) to a WS-Federation SignIn Response.

- Processing logic is part of the main IDP web flow which chooses a protocol depending on
the configuration of the TrustedIdp

- New protocol implementations can be found due to spring annotations scanning and injecting
the beans in the core processing logic

public interface SSOProtocolBridge {
    
    boolean canHandleRequest(HttpServletRequest request);

    String getProtocol();


    // ActionState before redirectToTrustedIDP end-state to define SignIn URL
    // Note: Only supports HTTP GET SignIn Requests
    URL mapSignInRequest(RequestContext context);
    
    //Hook in <action-state id="validateToken"> of federation-signin-response.xml
     //ValidateTokenAction class delegates to an implementation of mapSignInResponse() according
to the current protocol in the conversation
    SecurityToken mapSignInResponse(RequestContext context);
}


  was:
In release 1.1, the Fediz IDP doesn't support other protocols than WS-Federation for a Trusted
IDP. Due to the usage of Spring Web Flow, the flow can still be customized but it has a bigger
impact and later migration to new release require more effort.

This is a proposal to add support for custom protocols for Trusted IDPs:

- Introduce Interface "SSOProtocolBridge" which is able to transform a WS-Federation SignIn
Request to another SignIn Request (ex. SAML-P AuthRequest) and to transform another SignIn
Response (ex. SAML-P AuthResponse) to a WS-Federation SignIn Response.

- Processing logic is part of the main IDP web flow which chooses a protocol depending on
the configuration of the TrustedIdp

- New protocol implementations can be found due to spring annotations scanning and injecting
the beans in the core processing logic



> Make Trusted IDP protocol customizable
> --------------------------------------
>
>                 Key: FEDIZ-72
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-72
>             Project: CXF-Fediz
>          Issue Type: Improvement
>          Components: IDP
>    Affects Versions: 1.1.0
>            Reporter: Oliver Wulff
>            Assignee: Oliver Wulff
>
> In release 1.1, the Fediz IDP doesn't support other protocols than WS-Federation for
a Trusted IDP. Due to the usage of Spring Web Flow, the flow can still be customized but it
has a bigger impact and later migration to new release require more effort.
> This is a proposal to add support for custom protocols for Trusted IDPs:
> - Introduce Interface "SSOProtocolBridge" which is able to transform a WS-Federation
SignIn Request to another SignIn Request (ex. SAML-P AuthRequest) and to transform another
SignIn Response (ex. SAML-P AuthResponse) to a WS-Federation SignIn Response.
> - Processing logic is part of the main IDP web flow which chooses a protocol depending
on the configuration of the TrustedIdp
> - New protocol implementations can be found due to spring annotations scanning and injecting
the beans in the core processing logic
> public interface SSOProtocolBridge {
>     
>     boolean canHandleRequest(HttpServletRequest request);
>     String getProtocol();
>     // ActionState before redirectToTrustedIDP end-state to define SignIn URL
>     // Note: Only supports HTTP GET SignIn Requests
>     URL mapSignInRequest(RequestContext context);
>     
>     //Hook in <action-state id="validateToken"> of federation-signin-response.xml
>      //ValidateTokenAction class delegates to an implementation of mapSignInResponse()
according to the current protocol in the conversation
>     SecurityToken mapSignInResponse(RequestContext context);
> }



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message