I'm developing a test application with Fediz to test the functionality and iron out the configuration details before rolling it into one of my actual applications.
I'm using Fediz-1.1.0-SNAPSHOT and FEDIZ-SPRING-1.1.0-SNAPSHOT. I'm using Tomcat-6.X for my server, and I'd rather keep all of the configuration with my application than modify my server specifically for Fediz. Following the examples I've been able to get it to redirect to my IDP but it once the request comes back, Spring sees n anonymous Username/password token and not the FederatedIdenity token. Am I allowed to hit /myAlaska and just redirect back to the same page? Also what exactly does using Spring-Security buy me? My actual applications are developed with the Wicket (http://wicket.apache.org/) and one of the things I've configured is the security mechanism, that runs before each page is created. Depending on how much magic Spring-Security adds I think it might be easier for me to hook in to that mechanism instead. Especially since once I get the Fediz/ADFS configured I'll have my LDAP user accounts to setup as well. Also I have different dev/production environments. My applications is currently configured to check the current server on deploy and grabs the appropriate DB connection from there. Once it has the database All other values are configured from there, is there a way to programmatically set the Issuer, realm, audienceItem, etc? Thank you for any help, Tom Burton
