Hi there When you sniffer the network you can grab the SAML token within the wresult form parameter. The Fediz plugin prevents you to send the same SAML token twice as the token is cached to prevent replay attacks but if you're running in a clustered environment you might be able to send the request to the other instance in the cluster as Fediz doesn't support that yet. Right now, Fediz supports a basic in-memory cache or ehcache. I was thinking to add a new option with hazelcast.
The other issue is that you can see what kind of permissions users have. You won't be able to change it because the SAML assertion is signed and the signature is trusted. HTH ------ Oliver Wulff Blog: http://owulff.blogspot.com Solution Architect http://coders.talend.com Talend Application Integration Division http://www.talend.com ________________________________________ From: 杨华杰 [[email protected]] Sent: 21 August 2012 05:17 To: [email protected] Subject: Re: Does fediz support ws-federation Thank you Oli I make it works already. By the way, can we config the IDP and SP without ssl? What's the impact if we do so? I know it's unsecure, but I am in intranet. How unsecure is it? Regards, Hua Jie On Tue, Aug 21, 2012 at 4:57 AM, Oliver Wulff <[email protected]> wrote: > Hi Hua JIe > > Fediz support ws-federation passive requestor profile as share point does. > Share point uses Microsoft WIF to add federation support and a tomcat > application uses the fediz plugin. > > In addition, fediz provides an IDP which can be used for tomcat/fediz and > asp.net/wif. The latter is described here: > http://owulff.blogspot.ch/2012/02/configure-fediz-idp-and-aspnet-using.html > > Some customers use the fediz idp for their ASP.NET based applications. > > Thanks > Oli > > ------ > > Oliver Wulff > > Blog: http://owulff.blogspot.com > Solution Architect > http://coders.talend.com > > Talend Application Integration Division http://www.talend.com > > ________________________________________ > From: 杨华杰 [[email protected]] > Sent: 13 August 2012 05:30 > To: [email protected] > Subject: Does fediz support ws-federation > > Hi > > I saw fediz support saml 1.x an saml 2. I am new to these claim based > authentication, but I think it's quite useful technology. > > I found sharepoint 2012 support claim based authentication, it's so popular > that I have work with that platform. I would like to know whether fediz > can have this kind of integration or not. > > About sharepoint claim based authentication: > http://msdn.microsoft.com/en-us/library/hh446525.aspx > > > > > Regards, > Hua JIe >
