Dear list,
Federation of IDPs in multiple realms (realm-a, realm-b) is shown in the
'simpleWebapp' example of fediz.
Basically the trust-relations in this example are like this:
- RP-service trusts IDP/STS of Realm-A (operated within the same
security realm)
- IDP/STS-A trusts IDP/STS-B
Extending the example with another IDP/STS of let's say Realm-C is straight
forward in such way, that HRDS offers 3 choices (Realm-A, Realm-B, Realm-C).
However, the resulting trust relation is IDP/STS-A has two trusted IDP's (B
and C). It is unclear if and how another setting of trust relations can be
realized, where A and C have no direct trust relation but instead B takes
the role of a trust-broker. So this is the targeted scenario:
- IDP/STS-A and RP-Service are situated in the same security domain (realm).
- IDP/STS-B is a trusted IDP of A
- IDP/STS-C is a trusted IDP of B and not known by IDP/STS-A
- IDP/STS-B acts as a broker (eventually doing claims mapping) between
Realm-C and Realm-A
Does anyone know if this setup is feasible with fediz?
--
View this message in context:
http://cxf.547215.n5.nabble.com/cxf-fediz-advanced-IDP-federation-of-multiple-realms-possible-tp5766065.html
Sent from the cxf-user mailing list archive at Nabble.com.
