Hi Oli I do read this a lot of times. But I still can not understand why should I generate so many certs and what's the purpose of each cert.
Regards, Hua Jie On Fri, Oct 19, 2012 at 7:11 PM, Oliver Wulff <[email protected]> wrote: > Hi Hua Jie > > The certificates are used for different purposes. On the one hand, there > are web server certificates for https (idp, application) and on the other > hand the signer certificate for the SAML token. > > Glen did a great job in giving the background where which certificate is > used: > > http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html?view=co > > Oli > > ________________________________________ > From: 杨华杰 [[email protected]] > Sent: 19 October 2012 03:31 > To: [email protected] > Subject: Re: Updated Fediz roadmap > > Hi Oliver > > I have make Fediz working long time ago. But I still can not figured out > why do I need to generate so many SSL certs. How do you explain this when > you are facing the people like me. Any document improvement release? > > > > Regards, > Hua Jie > > On Fri, Oct 19, 2012 at 2:02 AM, Oliver Wulff <[email protected]> wrote: > > > Hi all > > > > The following issues were fixed: > > FEDIZ-17 Current Fediz STS exposes SOAP 1.1 end point > > FEDIZ-18 Make supported claims configurable in FileClaimsHandler > > FEDIZ-25 Look for fediz_config.xml in catalina base too > > FEDIZ-20 Maintain authentication state (Prevents using the same Fediz > > IDP for different RPs) > > FEDIZ-28 Logout capability in IDP > > > > I'd like to prepare the release for 1.0.2 which is a significant > > improvement especially of the idp/sts. > > > > Then, I'd create a fixes branch for 1.0 and move trunk to 1.1. > > > > Thoughts? > > > > > > > > ------ > > > > Oliver Wulff > > > > Blog: http://owulff.blogspot.com > > Solution Architect > > http://coders.talend.com > > > > Talend Application Integration Division http://www.talend.com > > > > ________________________________________ > > From: Oliver Wulff [[email protected]] > > Sent: 04 October 2012 21:59 > > To: [email protected] > > Subject: Updated Fediz roadmap > > > > Hi all > > > > What do you think about the following roadmap? > > > > Release 1.0.2 (include CXF STS 2.6.3) > > > > FEDIZ-17 Current Fediz STS exposes SOAP 1.1 end point > > FEDIZ-18 Make supported claims configurable in FileClaimsHandler > > FEDIZ-25 Look for fediz_config.xml in catalina base too > > FEDIZ-20 Maintain authentication state (Prevents using the same Fediz > > IDP for different RPs) > > FEDIZ-27 Signout in RP (only support processing signout requests, > don't > > support redirect signout to IDP) > > FEDIZ-28 Logout capability in IDP > > > > > > Release 1.1 (planned release end of year) > > --------------- > > > > FEDIZ-5 > > Support Jetty container (will support then TESB with WAR deployment) > > > > FEDIZ-9 CXF Plugin > > - add jaxrs interceptor which adapts fediz-core to support WS-Federation > > for JAX-RS > > - add FederationFilter, SecurityTokenThreadLocal, > > ThreadLocalCallbackHandler from examples" > > > > FEDIZ-2 Support encrypted tokens > > Support encrypted tokens > > "Initial redesign of IDP... > > custom functionality can be plugged in as ServletFilters (small state > > machine in IDP) > > configuration design (configs per wtrealm, url to metadata or everything > > local, not all information can be retrieved from metadata document)" > > > > FEDIZ-23 Support different authentication mechanism > > > > FEDIZ-15 Support that IDP publishes Metadata document (which covers > > SAML-P as well) > > > > FEDIZ-16 Instead configure required claims per wtrealm in RPClaims.xml > > configure the metadata url > > > > FEDIZ-19 "IDP must provide a webpage where the user can click logout > > (login if requested explicitly) > > All signed in apps must be cached > > After signout click, IDP returns html page which downloads a resource > from > > each RP > > > > Support for wfresh (reauthenticate) > > Pseudonym Service support > > > > > > Release 1.2 (planned release Q1 of 2013) > > --------------- > > > > FEDIZ-3 "Support RP-IDP/STS > > add basic home realm discovery service (whr provided by RP), default RP > > and maybe dependent on source ip, http header, query parameter > (expression > > language)" > > > > FEDIZ-4 "Support for HOK > > > > FEDIZ-7 Support for SAML-P > > > > > > Looking forward for your feedback, ideas and as always welcome - patches > > ;-) > > > > Thanks > > Oli > > > > > > > > > > ------ > > > > Oliver Wulff > > > > Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/> > > Solution Architect > > http://coders.talend.com > > > > <http://coders.talend.com>Talend Application Integration Division > > http://www.talend.com > > >
