Author: buildbot
Date: Fri Aug 24 11:57:58 2018
New Revision: 1034376
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/main.pageCache
websites/production/cxf/content/fediz-introduction.html
Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/fediz-introduction.html
==============================================================================
--- websites/production/cxf/content/fediz-introduction.html (original)
+++ websites/production/cxf/content/fediz-introduction.html Fri Aug 24 11:57:58
2018
@@ -99,7 +99,7 @@ Apache CXF -- Fediz Introduction
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><h2
id="FedizIntroduction-Overview">Overview</h2><p>Apache CXF Fediz is a
subproject of CXF. Fediz helps you to secure your web applications and
delegates security enforcement to the underlying application server. With
Fediz, authentication is externalized from your web application to an identity
provider installed as a dedicated server component. Apache CXF Fediz supports
both <a shape="rect" class="external-link"
href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002";
rel="nofollow">WS-Federation Passive Requestor Profile</a> and the <a
shape="rect" class="external-link"
href="https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf";
rel="nofollow">SAML Web Browser SSO Profile</a>. Fediz supports <a shape="rect"
class="external-link" href="http://en.wikipedia.org/wiki/Claims-based_identity";
rel="nofollow">Claims Based Access Control</a> beyond Role Based Access Control
(RBAC).</p><h2 id="Fed
izIntroduction-GettingStarted">Getting Started</h2><p>The WS-Federation
specification defines the following parties involved during a web
login:</p><p>    Browser</p><p>    Identity
Provider (IDP)</p><p>    The IDP is a centralized, application
independent runtime component which implements the protocol defined by
WS-Federation. You can use any open source or commercial product that supports
WS-Federation 1.1/1.2 as your IDP. It's recommended to use the Fediz IDP for
testing as it allows for testing your web application in a sandbox without
having all infrastructure components available. The Fediz IDP consists of two
WAR components. The Security Token Service (STS) does most of the work
including user authentication, claims/role data retrieval and creating the SAML
token. The IDP WAR translates the response to an HTML response allowing a
browser to process it.</p><p>    Relying Party
(RP)</p><p>    The RP is
a web application that needs to be protected. The RP must be able to implement
the protocol as defined by WS-Federation. This component is called "Fediz
Plugin" in this project which consists of container agnostic module/jar and a
container specific jar. When an authenticated request is detected by the plugin
it redirects to the IDP for authentication. The browser sends the response from
the IDP to the RP after successful authentication. The RP validates the
response and creates the container security context.</p><p><br
clear="none"></p><p>It's recommended to deploy the IDP and the web application
(RP) into different container instances as in a production deployment. The
container with the IDP can be used during development and testing for multiple
web applications needing security.</p><p>Features</p><p>The following features
are supported by Fediz 1.2</p><p><br clear="none"></p><p>   
WS-Federation 1.0/1.1/1.2</p><p>    SAML 1.1/2.0
Tokens</p><p> 
   Support for encrypted SAML Tokens (Release
1.1)</p><p>    Support for Holder-Of-Key
SubjectConfirmationMethod (1.1)</p><p>    Custom token
Support</p><p>    Publish WS-Federation Metadata
document</p><p>    Role information encoded as
AttributeStatement in SAML 1.1/2.0 tokens</p><p>    Claims
information provided by FederationPrincipal Interface</p><p>   
Support for Tomcat, Jetty, Websphere, Spring Security and CXF
(1.1)</p><p>    Fediz IDP supports "Resource IDP" role as well
(1.1)</p><p>    A new REST API for the IdP
(1.2)</p><p>    Support for logout in both the RP and IdP
(1.2)</p><p>    Support for logging on to the IdP via Kerberos
and TLS client authentication (1.2)</p><p>    A new
container-independent CXF plugin for WS-Federation
(1.2)</p><p>    Support to use the IdP as an identity
broker with a remote SAML SSO IdP (1.2)</p></div>
+<div id="ConfluenceContent"><h2
id="FedizIntroduction-Overview">Overview</h2><p>Apache CXF Fediz is a
subproject of CXF. Fediz helps you to secure your web applications and
delegates security enforcement to the underlying application server. With
Fediz, authentication is externalized from your web application to an identity
provider installed as a dedicated server component. Apache CXF Fediz supports
both <a shape="rect" class="external-link"
href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002";
rel="nofollow">WS-Federation Passive Requestor Profile</a> and the <a
shape="rect" class="external-link"
href="https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf";
rel="nofollow">SAML Web Browser SSO Profile</a>. Fediz supports <a shape="rect"
class="external-link" href="http://en.wikipedia.org/wiki/Claims-based_identity";
rel="nofollow">Claims Based Access Control</a> beyond Role Based Access Control
(RBAC).</p><h2 id="Fed
izIntroduction-Features">Features</h2><p>Here are some of the features
supported by Fediz:</p><ul><li>WS-Federation 1.0/1.1/1.2</li><li>SAML SSO (IdP
and the Apache Tomcat 8 plugin only thus far)</li><li>Support for SAML 1.1/2.0
tokens, encrypted SAML Tokens, Holder-Of-Key Subject Confirmation
Method.</li><li>Custom token Support</li><li>Support to publish WS-Federation
and SAML SSO Metadata documents</li><li>Support for Tomcat, Jetty, Websphere,
Spring Security and CXF plugins</li><li>A new REST API for the IdP
(1.2)</li><li>Support for logout in both the RP and IdP (1.2)</li><li>Support
for logging on to the IdP via Kerberos and TLS client authentication
(1.2)</li><li>Support to use the IdP as an identity broker with a remote IdP.
SAML SSO, Open Id Connect, Facebook and WS-Federation protocols
supported.</li></ul><p><br clear="none"></p><p>    </p></div>
</div>
<!-- Content -->
</td>
