On 20/08/12 22:17, Romain Manni-Bucau wrote:
two distinct RP webapps (let say in different tomcat).
currently it almost works because with 401 the client (browser) will
cache authorization header so it will seem it work but since you change the
way you login (and the user/pass is no more in
well i thought of some distributed solutions but for me that's not a
solution since you keep the password instead of keeping the token, i think
the current logic flow is not matching this requirement (but is it a fediz
requirement?)
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog:
Hi
On 21/08/12 11:42, Romain Manni-Bucau wrote:
well i thought of some distributed solutions but for me that's not a
solution since you keep the password instead of keeping the token, i think
the current logic flow is not matching this requirement (but is it a fediz
requirement?)
My
from what i saw (IdpServlet) it doesn't keep it and need the password (but
i maybe missed sthg):
http://svn.apache.org/repos/asf/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog:
not sure i get it,
currently if you come from another rp that the one which logged in the user
it need the password *again*
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.com*
2012/8/21 Sergey Beryozkin sberyoz...@gmail.com
On 21/08/12 11:53, Romain
On 21/08/12 12:05, Romain Manni-Bucau wrote:
not sure i get it,
currently if you come from another rp that the one which logged in the user
it need the password *again*
I guess it confirms IdpServlet is not managing its state yet,
however, as I said, if the next RP application were sharing
sounds closer to what i was expecting ;)
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.com*
2012/8/21 Sergey Beryozkin sberyoz...@gmail.com
On 21/08/12 12:05, Romain Manni-Bucau wrote:
not sure i get it,
currently if you come from another rp that the
The Apache CXF team is proud to announce the availability of the latest
patches: 2.6.2, 2.5.5, and 2.4.7.
Apache CXF is an open source services framework. CXF helps you build and
develop services using front end programming APIs, like JAX-WS and JAX-RS.
These services can speak a variety of
It's correct that the IDP should manage the state and not request
username/password again. I'd like to avoid to cache passwords in a session for
security reasons ;-)
What do you think about this proposal. For the first login, you request a SAML
token from the STS which is application agnostic.
I think I know what caused this and just committed a fix. Should be in
tomorrows 2.6.3-SNAPSHOT.
Basically, to support m2e, we started sending all the warnings and errors into
the BuildContext object that m2e will provide. That way, the warnings and
errors and such can properly be marked
Just to let everyone know, the CXF distribution area
(http://www.apache.org/dist/cxf) has now been flipped over to using svnpubsub
instead of the rsync from people.apache.org. The only real impact is that
release managers have a different process now to get the releases put there.
Instead
11 matches
Mail list logo
