Hi Sergey, Thanks for your response.
I'm looking forward to seeing the new filter in action. In the meantime, I'll try your alternatives. Is there a defect (or a feature request) opened for this, so it could be possible to track the progress? Regards, Danijel On Mon, Mar 9, 2015 at 11:26 AM, Sergey Beryozkin <[email protected]> wrote: > Hi > > This filter has not been made capable of supporting a FORM-based login - a > long pending issue exists. This is a second question in the last couple of > months about using the filter with FORM-based logins, I'll actually give a > try and see if I can make it work for CXF 3.0.5. > > Here are the alternatives: > - Use a servlet level FORM based support > - Consider SAML Web SSO - we support it > > OpendIdConnect SSO work is in progress - we have a utility code in place - > I can point to it if it might make sense in your case. > > But as I said, I'll see if I can support a filter supporting a form login, > that would definitely simplify the simple SSO management in some cases... > Thanks, Sergey > > > On 08/03/15 21:37, Basic Danijel wrote: > >> Hi all, >> >> I'm currently developing web app running on karaf. The app has the >> frontend >> written in Angular JS and the backend is REST webservice (CXF JAX-RS). >> >> The requirement is that all pages have to be secured. I decided to go with >> FORM based authentication (configured in web.xml). >> For CXF REST webservice I >> use org.apache.cxf.jaxrs.security.JAASAuthenticationFilter (configured in >> blueprint.xml). >> >> Both parts are configured to use the same realm. >> >> The problem is the following: when I try to access a protected page, I >> need >> to log in twice (server and cxf authentication). >> >> How can I get rid of this problem, ie. to have only server authentication >> (and automatically be authenticated on REST part)? >> >> Btw, if I use BASIC authentication, then one login appears and everything >> is working as expected. >> >> Regards, >> Danijel >> >> >
