+1 from me. Colm.
On Wed, May 9, 2012 at 10:33 PM, Sergey Beryozkin <sberyoz...@gmail.com> wrote: > Hi > > Colm and myself have been working recently on the initial support for the > SAML-based Web SSO support on the Service Provider (SP) side. > > What we've got at the moment is the filters which can enforce the security > context and redirect via GET or POST to the IDP, validate SAMLResponse and > set the security context. > > There's still a bit of work that needs to be completed, to do with the > better security context population on the actual application path, more > sophisticated support for the session management, supporting the delegation > of the SAMLResponse validation. Then going forward we can think about the > logout support, artifact resolution support, etc, etc... > > Right now, the code lives in rt/rs/security/xml, I started prototyping the > code there simply because it already contained the support for SAML-based > validation of SAML assertions, etc. > > However, given a number of enhancements that are expected to be added for > the SSO-based support, we thought with Colm that it would make sense to move > the relevant code to its own dedicated module. As I said earlier I believe > this code should work with different IDPs, so for now I'm not sure that it > should be moved to the Fediz sub-project. I guess the possibility of moving > to Fediz can be reviewed later on again, but right now I'd suggest creating > a module such as > > cxf-rt-rs-security-sso-saml > > under rt/rs/security/sso/saml > > with the idea that perhaps some other SSO techologies will be supported at > the CXF RS level in the future > > > Comments are welcome. > > Cheers, Sergey -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
