Author: buildbot
Date: Tue Jun 5 19:48:02 2012
New Revision: 820382
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/main.pageCache
websites/production/cxf/content/fediz.html
Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/fediz.html
==============================================================================
--- websites/production/cxf/content/fediz.html (original)
+++ websites/production/cxf/content/fediz.html Tue Jun 5 19:48:02 2012
@@ -140,13 +140,12 @@ Apache CXF -- Fediz
<h2><a shape="rect" name="Fediz-Overview"></a>Overview</h2>
-<p>Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web
applications and delegates security enforcement to the underlying application
server. Authentication is externalized from your web application to an identity
provider which is a dedicated server component. The supported standard is
WS-Federation 1.2 Passive Requestor Profile. Fediz supports Claims based Access
control beyond Role Based Access Control (RBAC).</p>
+<p>Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web
applications and delegates security enforcement to the underlying application
server. With Fediz, authentication is externalized from your web application to
an identity provider installed as a dedicated server component. The supported
standard is <a shape="rect" class="external-link"
href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002";
rel="nofollow">WS-Federation 1.2 Passive Requestor Profile</a>. Fediz supports
<a shape="rect" class="external-link"
href="http://en.wikipedia.org/wiki/Claims-based_identity"; rel="nofollow">Claims
Based Access Control</a> beyond Role Based Access Control (RBAC).</p>
<h2><a shape="rect" name="Fediz-News"></a>News</h2>
-
<h2><a shape="rect" name="Fediz-Features"></a>Features</h2>
<p>The following features are supported by the Fediz plugin 1.0</p>
@@ -161,13 +160,13 @@ Apache CXF -- Fediz
<h2><a shape="rect" name="Fediz-Gettingstarted"></a>Getting started</h2>
-<p>The WS-Federation specification defines the following parties involved
during the web login:</p>
+<p>The WS-Federation specification defines the following parties involved
during a web login:</p>
<ul><li>Browser</li><li>Identity Provider (IDP)<br clear="none">
-The IDP is a centralized, application independent runtime component which
implements the protocol defined by WS-Federation. You can use any open source
or commercial product as your IDP which supports WS-Federation 1.1/1.2. It's
recommended to use the Fediz IDP for testing as it allows to test your web
application in a sandbox without having all infrastructure components
available. The Fediz IDP consists of two WAR components. The Security Token
Service (STS) is doing most of the part like authenticating the user, retrieve
claims/role data and create the SAML token. The IDP WAR translates the response
to a HTML response thus a browser can process it.</li><li>Relying Party (RP)<br
clear="none">
-The RP is the web application which should be protected. The RP must be able
to implement the protocol as defined by WS-Federation. This component is called
"Fediz Plugin" in this project which consists of container agnostic module/jar
and a container specific jar. When an authenticated request is detected by the
plugin it redirects to the IDP or authentication. The browser sends the
response from IDP to the RP after successful authentication. The RP validates
the response and creates the container security context.</li></ul>
+The IDP is a centralized, application independent runtime component which
implements the protocol defined by WS-Federation. You can use any open source
or commercial product that supports WS-Federation 1.1/1.2 as your IDP. It's
recommended to use the Fediz IDP for testing as it allows for testing your web
application in a sandbox without having all infrastructure components
available. The Fediz IDP consists of two WAR components. The Security Token
Service (STS) does most of the work including user authentication, claims/role
data retrieval and creating the SAML token. The IDP WAR translates the response
to an HTML response allowing a browser to process it.</li><li>Relying Party
(RP)<br clear="none">
+The RP is a web application that needs to be protected. The RP must be able to
implement the protocol as defined by WS-Federation. This component is called
"Fediz Plugin" in this project which consists of container agnostic module/jar
and a container specific jar. When an authenticated request is detected by the
plugin it redirects to the IDP for authentication. The browser sends the
response from the IDP to the RP after successful authentication. The RP
validates the response and creates the container security context.</li></ul>
-<p>It's recommended to deploy the IDP and the web application (RP) into
different container instances as in a production deployment. The container with
the IDP can be used during development and testing for any web application.</p>
+<p>It's recommended to deploy the IDP and the web application (RP) into
different container instances as in a production deployment. The container with
the IDP can be used during development and testing for multiple web
applications needing security.</p>
<h3><a shape="rect" name="Fediz-SettinguptheIDP"></a>Setting up the IDP</h3>
@@ -175,7 +174,7 @@ The RP is the web application which shou
<h3><a shape="rect" name="Fediz-SetuptheRelyingPartyContainer"></a>Set up the
Relying Party Container</h3>
-<p>The Fediz plugin is deployed into the Relying Party (RP) container. The
security mechanism is not specified by JEE. Even it is very similar in each
Servlet Container there are some differences which requires dedicated Fediz
plugins for each Servlet Container implementation. Most of the configuration is
container independent and described <a shape="rect"
href="fediz-configuration.html" title="Fediz Configuration">here</a></p>
+<p>The Fediz plugin needs to be deployed into the Relying Party (RP)
container. The security mechanism is not specified by JEE. Even though it is
very similar in each servlet container there are some differences which require
a dedicated Fediz plugin for each servlet container implementation. Most of the
configuration is container independent and described <a shape="rect"
href="fediz-configuration.html" title="Fediz Configuration">here</a></p>
<p>The following lists shows the supported containers and the location of the
installation and configuration page.</p>
<ul><li><a shape="rect" href="fediz-tomcat.html" title="Fediz Tomcat">Tomcat 7
</a></li></ul>
