Hi
On 21/08/12 11:42, Romain Manni-Bucau wrote:
well i thought of some distributed solutions but for me that's not a
solution since you keep the password instead of keeping the token, i think
the current logic flow is not matching this requirement (but is it a fediz
requirement?)
My understanding that it is only IDP that keeps, indirectly, the
password and the state management at the RP side is all about getting
the login token shared, but I'm not sure yet how Fediz does it, shame I
haven't debugged it yet, need to do it asap :-)
Cheers, Sergey
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.com*
2012/8/21 Sergey Beryozkin<sberyoz...@gmail.com>
On 20/08/12 22:17, Romain Manni-Bucau wrote:
two distinct RP webapps (let say in different tomcat).
currently it "almost works" because with 401 the client (browser) will
cache authorization header so it will seem it work but since you change
the
way you login (and the user/pass is no more in headers) it can't work
anymore (typically a form).
This seems like a state management issue to me. Fediz currently relies on
the servlet container to manage the session state, so if you say have the
single application running on two Tomcat containers then Tomcat has to be
configured to get the state shared between multiple containers, I recall I
saw some material on the web on how to do it,
Alternatively, the state can be managed by Fediz itself (similarly to the
way we do it with Web profile), may be we can support that too once
CXF-centric extensions are added
Cheers, Sergey
The point today is "what's next' in IDP? I mean, does fediz aims to
provide
extensibility or will user need to fork the IDP to get some custom
features
(i know the answer will not be yes or no ;), but a state is important
IMO)?
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com>
*
2012/8/20 Oliver Wulff<owu...@talend.com>
Hi Romain
The IDP has a lot of potential for new features. At the very beginning,
the Fediz IDP was intended to mock an IDP and test your application but
it
has grown as you can meanwhile attach LDAP for authentication and claims
support.
I'm not sure what you mean by classical SSO between two web apps?
Thanks
Oli
------
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
______________________________**__________
From: Romain Manni-Bucau [rmannibu...@gmail.com]
Sent: 17 August 2012 15:13
To: dev@cxf.apache.org
Subject: Re: fediz& SSO?
ok, great, so i'll wait some news from fediz ;)
thanks for the answer
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com>
*
2012/8/17 Sergey Beryozkin<sberyoz...@gmail.com**>
Hi
On 17/08/12 09:11, Romain Manni-Bucau wrote:
Hi,
i didn't see anything in the roadmap of fediz regarding the 'classical'
SSO
(between 2 webapps with GUI).
It doesn't seem to currently work (well that's not a big surprise but
that's a big problem for real applications which have GUI + WS).
Any information about it?
Colm and myself worked on implementing SAML SSO Web Profile at the SP
side
only, currently in CXF, implemented with the help of JAX-RS
filters/endpoints. I hope we can come to some agreement soon enough on
how
to get it linked with Fediz
Another question is the GUI used for the login, a 401 is rarely what
an
application wants, any way to use a form or is th eonly way to achieve
it
forking the existing servlets?
The login form is offered by IDP (Fediz in this case). We've chatted
with
Oli few months ago on providing CXF-centric Fediz extensions, when we do
it
we will be able to utilize JAX-RS RequestDispatcherProvider which links
the
data with JSP/other view handlers - this is how we do SAML SSO Post
Redirect support too
Cheers, Sergey
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.****com<
http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com>>
*
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
