On 20/08/12 22:17, Romain Manni-Bucau wrote:
two distinct RP webapps (let say in different tomcat).
currently it "almost works" because with 401 the client (browser) will
cache authorization header so it will seem it work but since you change the
way you login (and the user/pass is no more in headers) it can't work
anymore (typically a form).
This seems like a state management issue to me. Fediz currently relies
on the servlet container to manage the session state, so if you say have
the single application running on two Tomcat containers then Tomcat has
to be configured to get the state shared between multiple containers, I
recall I saw some material on the web on how to do it,
Alternatively, the state can be managed by Fediz itself (similarly to
the way we do it with Web profile), may be we can support that too once
CXF-centric extensions are added
Cheers, Sergey
The point today is "what's next' in IDP? I mean, does fediz aims to provide
extensibility or will user need to fork the IDP to get some custom features
(i know the answer will not be yes or no ;), but a state is important IMO)?
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.com*
2012/8/20 Oliver Wulff<owu...@talend.com>
Hi Romain
The IDP has a lot of potential for new features. At the very beginning,
the Fediz IDP was intended to mock an IDP and test your application but it
has grown as you can meanwhile attach LDAP for authentication and claims
support.
I'm not sure what you mean by classical SSO between two web apps?
Thanks
Oli
------
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
________________________________________
From: Romain Manni-Bucau [rmannibu...@gmail.com]
Sent: 17 August 2012 15:13
To: dev@cxf.apache.org
Subject: Re: fediz& SSO?
ok, great, so i'll wait some news from fediz ;)
thanks for the answer
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.com*
2012/8/17 Sergey Beryozkin<sberyoz...@gmail.com>
Hi
On 17/08/12 09:11, Romain Manni-Bucau wrote:
Hi,
i didn't see anything in the roadmap of fediz regarding the 'classical'
SSO
(between 2 webapps with GUI).
It doesn't seem to currently work (well that's not a big surprise but
that's a big problem for real applications which have GUI + WS).
Any information about it?
Colm and myself worked on implementing SAML SSO Web Profile at the SP
side
only, currently in CXF, implemented with the help of JAX-RS
filters/endpoints. I hope we can come to some agreement soon enough on
how
to get it linked with Fediz
Another question is the GUI used for the login, a 401 is rarely what an
application wants, any way to use a form or is th eonly way to achieve
it
forking the existing servlets?
The login form is offered by IDP (Fediz in this case). We've chatted with
Oli few months ago on providing CXF-centric Fediz extensions, when we do
it
we will be able to utilize JAX-RS RequestDispatcherProvider which links
the
data with JSP/other view handlers - this is how we do SAML SSO Post
Redirect support too
Cheers, Sergey
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.**com<
http://rmannibucau.wordpress.com>
*
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com