well i thought of some distributed solutions but for me that's not a solution since you keep the password instead of keeping the token, i think the current logic flow is not matching this requirement (but is it a fediz requirement?)
*Romain Manni-Bucau* *Twitter: @rmannibucau* *Blog: http://rmannibucau.wordpress.com* 2012/8/21 Sergey Beryozkin <[email protected]> > On 20/08/12 22:17, Romain Manni-Bucau wrote: > >> two distinct RP webapps (let say in different tomcat). >> >> currently it "almost works" because with 401 the client (browser) will >> cache authorization header so it will seem it work but since you change >> the >> way you login (and the user/pass is no more in headers) it can't work >> anymore (typically a form). >> > > This seems like a state management issue to me. Fediz currently relies on > the servlet container to manage the session state, so if you say have the > single application running on two Tomcat containers then Tomcat has to be > configured to get the state shared between multiple containers, I recall I > saw some material on the web on how to do it, > > Alternatively, the state can be managed by Fediz itself (similarly to the > way we do it with Web profile), may be we can support that too once > CXF-centric extensions are added > > Cheers, Sergey > > >> The point today is "what's next' in IDP? I mean, does fediz aims to >> provide >> extensibility or will user need to fork the IDP to get some custom >> features >> (i know the answer will not be yes or no ;), but a state is important >> IMO)? >> >> *Romain Manni-Bucau* >> *Twitter: @rmannibucau* >> *Blog: http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com> >> * >> >> >> >> >> 2012/8/20 Oliver Wulff<[email protected]> >> >> Hi Romain >>> >>> The IDP has a lot of potential for new features. At the very beginning, >>> the Fediz IDP was intended to mock an IDP and test your application but >>> it >>> has grown as you can meanwhile attach LDAP for authentication and claims >>> support. >>> >>> I'm not sure what you mean by classical SSO between two web apps? >>> >>> Thanks >>> Oli >>> >>> ------ >>> >>> Oliver Wulff >>> >>> Blog: http://owulff.blogspot.com >>> Solution Architect >>> http://coders.talend.com >>> >>> Talend Application Integration Division http://www.talend.com >>> >>> ______________________________**__________ >>> From: Romain Manni-Bucau [[email protected]] >>> Sent: 17 August 2012 15:13 >>> To: [email protected] >>> Subject: Re: fediz& SSO? >>> >>> >>> ok, great, so i'll wait some news from fediz ;) >>> >>> thanks for the answer >>> >>> *Romain Manni-Bucau* >>> *Twitter: @rmannibucau* >>> *Blog: http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com> >>> * >>> >>> >>> >>> >>> 2012/8/17 Sergey Beryozkin<[email protected]**> >>> >>> Hi >>>> >>>> On 17/08/12 09:11, Romain Manni-Bucau wrote: >>>> >>>> Hi, >>>>> >>>>> i didn't see anything in the roadmap of fediz regarding the 'classical' >>>>> SSO >>>>> (between 2 webapps with GUI). >>>>> >>>>> It doesn't seem to currently work (well that's not a big surprise but >>>>> that's a big problem for real applications which have GUI + WS). >>>>> >>>>> Any information about it? >>>>> >>>>> >>>>> Colm and myself worked on implementing SAML SSO Web Profile at the SP >>>> >>> side >>> >>>> only, currently in CXF, implemented with the help of JAX-RS >>>> filters/endpoints. I hope we can come to some agreement soon enough on >>>> >>> how >>> >>>> to get it linked with Fediz >>>> >>>> >>>> Another question is the GUI used for the login, a 401 is rarely what >>>> an >>>> >>>>> application wants, any way to use a form or is th eonly way to achieve >>>>> >>>> it >>> >>>> forking the existing servlets? >>>>> >>>>> >>>> The login form is offered by IDP (Fediz in this case). We've chatted >>>> with >>>> Oli few months ago on providing CXF-centric Fediz extensions, when we do >>>> >>> it >>> >>>> we will be able to utilize JAX-RS RequestDispatcherProvider which links >>>> >>> the >>> >>>> data with JSP/other view handlers - this is how we do SAML SSO Post >>>> Redirect support too >>>> >>>> Cheers, Sergey >>>> >>>> >>>> *Romain Manni-Bucau* >>>>> *Twitter: @rmannibucau* >>>>> *Blog: http://rmannibucau.wordpress.****com< >>>>> >>>> http://rmannibucau.wordpress.**com <http://rmannibucau.wordpress.com>> >>> >>>> * >>>>> >>>>> >>>>> >>>> -- >>>> Sergey Beryozkin >>>> >>>> Talend Community Coders >>>> http://coders.talend.com/ >>>> >>>> Blog: http://sberyozkin.blogspot.com >>>> >>>> >>> >>
