Author: buildbot
Date: Mon Jun 25 11:47:58 2012
New Revision: 823098
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/saml-web-sso.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/saml-web-sso.html
==============================================================================
--- websites/production/cxf/content/docs/saml-web-sso.html (original)
+++ websites/production/cxf/content/docs/saml-web-sso.html Mon Jun 25 11:47:58
2012
@@ -125,7 +125,7 @@ Apache CXF -- SAML Web SSO
<div>
-<ul><li><a shape="rect"
href="#SAMLWebSSO-Introduction">Introduction</a></li><ul><li><a shape="rect"
href="#SAMLWebSSO-TypicalFlow">Typical Flow</a></li></ul><li><a shape="rect"
href="#SAMLWebSSO-Mavendependencies">Maven dependencies</a></li><li><a
shape="rect" href="#SAMLWebSSO-IdentityProvider">Identity
Provider</a></li><li><a shape="rect"
href="#SAMLWebSSO-RequestAssertionSecurityService">Request Assertion Security
Service</a></li><li><a shape="rect"
href="#SAMLWebSSO-ApplicationSecurityFilter">Application Security
Filter</a></li><li><a shape="rect" href="#SAMLWebSSO-SSOStateProvider">SSO
State Provider</a></li></ul></div>
+<ul><li><a shape="rect"
href="#SAMLWebSSO-Introduction">Introduction</a></li><ul><li><a shape="rect"
href="#SAMLWebSSO-TypicalFlow">Typical Flow</a></li></ul><li><a shape="rect"
href="#SAMLWebSSO-Mavendependencies">Maven dependencies</a></li><li><a
shape="rect" href="#SAMLWebSSO-IdentityProvider">Identity
Provider</a></li><li><a shape="rect"
href="#SAMLWebSSO-ApplicationSecurityFilter">Application Security
Filter</a></li><li><a shape="rect"
href="#SAMLWebSSO-RequestAssertionSecurityService">Request Assertion Security
Service</a></li><li><a shape="rect" href="#SAMLWebSSO-SSOStateProvider">SSO
State Provider</a></li></ul></div>
<h1><a shape="rect" name="SAMLWebSSO-Introduction"></a>Introduction</h1>
@@ -137,7 +137,7 @@ Apache CXF -- SAML Web SSO
<p>The following components are required to get SSO supported:</p>
-<ul class="alternate" type="square"><li>Identity Provider (IDP) supporting
SAML SSO</li><li>Request Assertion Consumer Service (RACS)</li><li>Application
Security Filter</li><li>SSO State Provider</li></ul>
+<ul class="alternate" type="square"><li>Identity Provider (IDP) supporting
SAML SSO</li><li>Request Assertion Consumer Service (RACS)</li><li>Service
Provider Security Filter</li><li>SSO State Provider</li></ul>
<p>The following sections will describe these components in more details</p>
@@ -147,13 +147,13 @@ Apache CXF -- SAML Web SSO
<p>Typically, the following flow represents the way SAML SSO is enforced:</p>
<p>1. User accesses a custom application for the first time<br clear="none">
-2. Application Security Filter checks if the security context is available <br
clear="none">
+2. Service Provider Security Filter checks if the security context is
available <br clear="none">
and redirects the user to IDP with a SAML SSO request<br clear="none">
3. IDP challenges the user with the authentication dialog and redirects the
user to<br clear="none">
Request Assertion Consumer Service (RACS) after the user has
authenticated<br clear="none">
4. RACS validates the response from IDP, establishes a security context and
redirects the user <br clear="none">
to the original application endpoint<br clear="none">
-5. Application Security Filter enforces that a valid security context is
available and lets the user<br clear="none">
+5. Service Provider Security Filter enforces that a valid security context is
available and lets the user<br clear="none">
access the custom application.</p>
<h1><a shape="rect" name="SAMLWebSSO-Mavendependencies"></a>Maven
dependencies</h1>
@@ -169,8 +169,17 @@ Apache CXF -- SAML Web SSO
</div></div>
<h1><a shape="rect" name="SAMLWebSSO-IdentityProvider"></a>Identity
Provider</h1>
-<h1><a shape="rect"
name="SAMLWebSSO-RequestAssertionSecurityService"></a>Request Assertion
Security Service</h1>
+
+<p>Identity Provider (IDP) is the service which accepts the redirect requests
from application security filters, authenticates users and redirects them back
to Request Assertion Security Service.</p>
+
+<p>CXF does not offer its own IDP SAML Web SSO implementation but might
provide it in the future as part of the <a shape="rect"
href="http://cxf.apache.org/fediz.html";>Fediz</a> project.</p>
+
+<p>However, CXF has been tested against a number of popular IDP
implementations which support SAML SSO and thus should be interoperable with
whatever IDP is being used in the specific production environment. The
interoperability tests have shown that some IDPs may process SAML request and
produce SAML response data the way which may not be exactly
specification-compliant and thus CXF Request Assertion Consumer Service (RACS)
and Service Provider Security Filter implementations have a number of
configuration properties for adjusting the way SAML requests to IDP are
prepared and SAML responsed from IDP are processed.</p>
+
<h1><a shape="rect"
name="SAMLWebSSO-ApplicationSecurityFilter"></a>Application Security Filter</h1>
+
+<h1><a shape="rect"
name="SAMLWebSSO-RequestAssertionSecurityService"></a>Request Assertion
Security Service</h1>
+
<h1><a shape="rect" name="SAMLWebSSO-SSOStateProvider"></a>SSO State
Provider</h1></div>
</div>
<!-- Content -->
