I moved the code to the new module as agreed,
Cheers, Sergey
On 10/05/12 10:35, Colm O hEigeartaigh wrote:
+1 from me.
Colm.
On Wed, May 9, 2012 at 10:33 PM, Sergey Beryozkin<[email protected]> wrote:
Hi
Colm and myself have been working recently on the initial support for the
SAML-based Web SSO support on the Service Provider (SP) side.
What we've got at the moment is the filters which can enforce the security
context and redirect via GET or POST to the IDP, validate SAMLResponse and
set the security context.
There's still a bit of work that needs to be completed, to do with the
better security context population on the actual application path, more
sophisticated support for the session management, supporting the delegation
of the SAMLResponse validation. Then going forward we can think about the
logout support, artifact resolution support, etc, etc...
Right now, the code lives in rt/rs/security/xml, I started prototyping the
code there simply because it already contained the support for SAML-based
validation of SAML assertions, etc.
However, given a number of enhancements that are expected to be added for
the SSO-based support, we thought with Colm that it would make sense to move
the relevant code to its own dedicated module. As I said earlier I believe
this code should work with different IDPs, so for now I'm not sure that it
should be moved to the Fediz sub-project. I guess the possibility of moving
to Fediz can be reviewed later on again, but right now I'd suggest creating
a module such as
cxf-rt-rs-security-sso-saml
under rt/rs/security/sso/saml
with the idea that perhaps some other SSO techologies will be supported at
the CXF RS level in the future
Comments are welcome.
Cheers, Sergey
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
