Hi Ermanno For clarification reasons, you mentioned FederationFilter. Do you mean the FederationServlet which is configured in web.xml or the FederationAuthenticator which is configured in servlet/context.xml?
I think I know what you mean. You would like to control the authentication type (basic auth, form based, certificates, ...) within your application. This is meaningful requirement to provide different options. One of the rational of Federation for Web Applications is to externalize the authentication completely which means that application doesn't have to deal with different kind of authentication as you would have to implement that in all your applications. The authentication is externalized to the IDP and STS. If you would like to support form based authentication, I'd recommend to add it in the IDP. If you need control in your web application to enforce a certain authentication type, the WS-Federation spec defines the "wauth" parameter which allows an application to tell the IDP. I'm working on some extensions for the federation plugin where you can configure the wauth parameter or configure a CallbackHandler implementation which can figure out the wauth value at runtime based on the incoming request. This should be done by the end of next week. Support for wauth for the IDP must be done also. Does this approach make sense to you? HTH ------ Oliver Wulff Blog: http://owulff.blogspot.com Solution Architect http://coders.talend.com Talend Application Integration Division http://www.talend.com ________________________________________ Von: ermanno.travaglino [[email protected]] Gesendet: Freitag, 13. April 2012 12:24 Bis: [email protected] Betreff: Enable/Disable STS Authentication Hi everybody, I use http://owulff.blogspot.it/2011/11/configure-tomcat-for-federation-part.html Federation plugin in my app, and the STS authentication works great. In my web.xml i've in addition to the FederationFilter other kind of filters, for different authentication schema, like HTTP basic (with a login.jsp page). I've a configuration file from which I take the authentication type, then in every filter I can check this and "disable" the filter if doesn't match. So, I observed that the problem is in web.xml, because it contains the security-constraint "Protected Area". This implies that even if it is of basic authentication, the browser redirects the client still on STS, and after authentication appears the login.jsp page. I hope I have expressed well my problem. thanks in advance, Ermanno -- View this message in context: http://cxf.547215.n5.nabble.com/Enable-Disable-STS-Authentication-tp5637879p5637879.html Sent from the cxf-user mailing list archive at Nabble.com.
