I want to allow .Net applications to call my Apache CFX web service
using a bearer token that was obtained from an ADFS token server.
I have successfully tested the OAuth2 SSO example that uses the Spring
extension plugin configured to use ADFS as the Authentication server,
however I can find no documentation on how to configure CFX Fediz to
call ADFS to validate a token.
My first guess would be to use an org.apache.cxf.fediz.core.TokenValidator
I checked the endpoints in the federationmetadata.xml file that I
obtained from the ADFS server but nothing is obvious.
I suppose I can watch the requests made from a .Net web service to the
ADFS STS but configuring that into CFX is another story.
For CFX to be adopted in enterprise companies I have to believe that it
needs to be able to use commercial STS services like Ping Federate and
ADFS beside the IDP and STS that come with CFX. But there doesn't appear
to be any documentation for these platforms.
The closest I have come so far is a 2 year old blog at:
http://cxf.547215.n5.nabble.com/CXF-supporting-scope-td5680855i20.html
Thanks for any help you can provide.
Tom Soranno
