First release of Apache CXF Fediz available
Apache CXF Fediz is a subproject of Apache CXF. Fediz helps you to secure your web applications and delegate security enforcement to the underlying application server. With Fediz, authentication is externalized from your web application to an identity provider installed as a dedicated server component. The supported standard is WS-Federation Passive Requestor Profile.
Fediz supports Claims Based Access Control beyond Role Based Access Control (RBAC).
Fediz supports the following features:
- WS-Federation 1.0/1.1/1.2
- SAML 1.1/2.0 Tokens
- Custom token support
- Publish WS-Federation Metadata document
- Role information encoded as AttributeStatement in SAML 1.1/2.0 tokens
- Claims information provided by FederationPrincipal interface
Release notes are available here.
For more information see:
- Download: http://cxf.apache.org/fediz-downloads.html
- Website: http://cxf.apache.org/fediz.html
- Mailing lists: http://cxf.apache.org/mailing-lists.html
Features to come in the upcoming releases:
- Fediz IDP supports RP IDP use case
- SAML Holder-Of-Key support
- Support for encrypted SAML tokens
- Support for Jetty Container
- Integration with Spring Security
- Integration with CXF JAX-RS
- SAML-P support
Thank you for all support and feedback!
Could you suggest by when the "Support for encrypted SAML tokens" feature be made available in Fediz? or to the current release, if I want to add this feature alone, what would be the approach in terms of usage of different libraries or any todo's ?
ReplyDeleteAll libraries are already there. The CXF STS already supports encrypted SAML tokens and the Fediz plugin must be enhanced to support this as well. We plan to release it for 1.1.
DeleteHere is the JIRA:
https://issues.apache.org/jira/browse/FEDIZ-2
Please vote on it and/or send a message to the cxf mailing list.