[
https://issues.apache.org/jira/browse/FEDIZ-3?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13637818#comment-13637818
]
Oliver Wulff commented on FEDIZ-3:
----------------------------------
An IDP requires two caches:
One cached for all trusted IDPs where he caches their tokens per wauth. We
can't use a cached token if the wauth requirements are not met. (application
requires certificate based authentication whereas the cached token is based on
username/password authentication)
The other cache is for tokens the IDP issued itself. These tokens must also be
cached based on wauth.
With respect to wauth, ADFS redirects the signin request (keeping the query
parameters) to a different URI depending on wauth. This works pretty well with
spring security as well as you can define different spring security beans per
URI.
A Fediz IDP instance should be able to host several IDP. Imagine a company with
different security domains/realms like more than one LDAP directory.
Proposal for URL semantic:
https://<fediz-host>:<fediz-port>/fediz-idp/<IDP URI>/login/<wauth URI>/
If no differentiation is required for authentication this defaults to
/fediz-idp/<IDP URI>/login/default
Thoughts?
> Support the role "Resource IDP" in IDP
> --------------------------------------
>
> Key: FEDIZ-3
> URL: https://issues.apache.org/jira/browse/FEDIZ-3
> Project: CXF-Fediz
> Issue Type: New Feature
> Components: IDP
> Reporter: Oliver Wulff
> Attachments: patch.txt, SignInRequest.png, SignInResponse.png
>
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
