Hi Alrick If you want to terminate the session at the IDP, you can add ?logout to the url. There is one thing to keep in mind. If the browser caches the authorization header, you are still not challenged to enter a new user/pw. To enforce a redirect to the idp you must invaliate the session on the application side as well.
We are working on a new IDP for version 1.1 which supports form based authentication as well. The current 1.1.0 snapshot works already: https://repository.apache.org/content/groups/snapshots/org/apache/cxf/fediz/fediz-idp/1.1.0-SNAPSHOT/ HTH ------ Oliver Wulff Blog: http://owulff.blogspot.com Solution Architect http://coders.talend.com Talend Application Integration Division http://www.talend.com ________________________________________ From: Alrick Telfer [[email protected]] Sent: 10 January 2013 08:51 To: [email protected] Subject: Re: Changing the user/role data source for Fediz IdP running on Tomcat 7 to a dynamic source Basically, I need a way to log the user out. On Mon, Jan 7, 2013 at 3:59 PM, Oliver Wulff <[email protected]> wrote: > Hi there > > Currently Fediz IDP/STS supports files and ldap. It is documented here > (section "configure ldap directory) what to do to configure an LDAP > directory: > http://cxf.apache.org/fediz-idp.html > > Two classes were required to add LDAP support and similar implementations > you need for a datasource backend: > - JAAS LoginModule for the database (which does the authentication piece) > - ClaimsHandler for the database (which provides the role and other claims > information) > > Then you have to configure the JAAS login module similar to the > LdapLoginModule: > mysource { > com.sun.security.auth.module.LdapLoginModule REQUIRED > userProvider=ldap://ldap.mycompany.org:389/OU=Users,DC=mycompany,DC=org"; > authIdentity="cn={USERNAME},OU=Users,DC=mycompany,DC=org" > useSSL=false > debug=true; > }; > > And configure the datasource claims handler implementation: > <bean id="dsClaimsHandler" > class="MyDatasourceClaimsHandler"> > <property name="whatever" > value="value" /> > </bean> > > That's all. HTH > > ------ > > Oliver Wulff > > Blog: http://owulff.blogspot.com > Solution Architect > http://coders.talend.com > > Talend Application Integration Division http://www.talend.com > > ________________________________________ > From: Alrick Telfer [[email protected]] > Sent: 07 January 2013 17:57 > To: [email protected] > Subject: Changing the user/role data source for Fediz IdP running on > Tomcat 7 to a dynamic source > > Hey guys, > > CXF version: 2.7.1 > Fediz version: 1.0.2 > > I'm relatively new to CXF and Fediz, so please bare with me and my > ignorance. > > I'm trying to set up the Fediz IdP server to use a custom class or database > as it's source of identity and role info. Right now you guys have a few xml > files that provide that data, but we need the data to be dynamic. Can you > guys lead me in the right direction to setting this up correctly? Remember, > I'm pretty new, so please give me as much info as you are able to give. > > Thanks much! > > -- > *Alrick Telfer* -- *Alrick Telfer* | Managing Director | 1.876.357.9719 Unihost Caribbean Limited unihost.com.jm
