This is definitely a much needed contribution that we'd love to have.... On Wednesday 23 February 2011 7:46:32 AM Anubhav Sharma wrote: > Hello Everyone, > > I would like to contribute an STS provider framework to the CXF project. > The idea would be to implement a provider based STS service, the obvious > reason being that it can support both WS Trust 1.3 and 1.4 versions. The > invoke method of this provider would convert the request into > corresponding JAXB objects and delegate the call to the right > implementation. The implementation of operations like Issue, Renew etc. > would be configured in spring. The users would just need to implement > their business logic for these operations and configure the implementation > class in spring.
Sure. That works. We may want to figure out a non-spring way to configure or create an STS (like via API's and/or subclassing), but a spring way is a good starting point. > As an example I would also like to contribute a sample implementation for > the Issue operation. This sample would accept UsernameToken and X509Token > as inputs, use local file system for authentication and return back a SAML > Token. I would propose to support both, SAML 1.1 and SAML 2.0. In the RST, > user can use TokenType attribute to request either a SAML 1.1 or 2.0 > token. That would be awesome. Longer term, we could think about using JAAS or SpringSecurity or Apache Shiro or similar, but again, we need a starting point. :-) > This would give the CXF users an opportunity to use and test the sts client > against the sample STS implementation, extend the STS with their business > implementations and in future we can enhance STS with a more sophisticated > and complete implementation. > > Would appreciate your views and inputs on this. I'd love to see it. There is a JIRA for this: https://issues.apache.org/jira/browse/CXF-1940 and attaching it there would be a great start. -- Daniel Kulp [email protected] http://dankulp.com/blog Talend - http://www.talend.com
