Hi Oli, Is there a reason why the IDP STS (and the IDP) deploys to Tomcat on port 9080 instead of 8080? It uses 8080 for the commented out plugin.
> What do you think about this? It's pretty cool from a security POV. Do you have any plans to look at supporting the Federation Metadata document? How about sign-out? Is there much work involved in support the full scenario of having both resource and requestor STS instances? Colm. On Wed, Dec 21, 2011 at 10:20 PM, Oliver Wulff <[email protected]> wrote: > Hi there > > I was working in the last 5 months in enabling tomcat for federation and > propagate the security context of the browser user to the back end web > services using the CXF STS. > > I just committed this code to the cxf sandbox: > http://svn.apache.org/viewvc/cxf/sandbox/fediz/ > > This project contains 5 modules: > > A) Identity provider (IDP), authentication server > > * fediz-idp > This module is more or less a servlet which processes and transforms the > incoming federation message for an STS request > more information can be found here: > http://owulff.blogspot.com/2011/10/configure-and-deploy-identity-provider.html > > * fediz-idp-sts > The CXF sts is responsible to issue a SAML token and adding the claims > (firstname, lastname, email, roles) to the SAML token > more information can be found here: > http://owulff.blogspot.com/2011/10/configure-and-deploy-cxf-25-sts-part-i.html > > > B) Federation plugin for application server > > * fediz-core > This module contains the core logic to validate the federation sign in > message. It validates the SAML token. The whole processing is application > server agnostic. > > * fediz-tomcat > > This module implements the Tomcat authenticator and adapts the core > federation logic to the Tomcat specific authenticator and establish the jee > security context > > > more information can be found here: > > http://owulff.blogspot.com/2011/11/configure-tomcat-for-federation-part.html > > > C) Sample application > > > I've planned to add support for Websphere and Pax Web. > > > > What do you think about this? > > > > Thanks > > Oli -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
