July 2, 2012

Apache CXF Fediz

First release of Apache CXF Fediz available

Apache CXF Fediz is a subproject of Apache CXF. Fediz helps you to secure your web applications and delegate security enforcement to the underlying application server. With Fediz, authentication is externalized from your web application to an identity provider installed as a dedicated server component. The supported standard is WS-Federation Passive Requestor Profile.

Fediz supports Claims Based Access Control beyond Role Based Access Control (RBAC).

Fediz supports the following features:

  • WS-Federation 1.0/1.1/1.2
  • SAML 1.1/2.0 Tokens
  • Custom token support
  • Publish WS-Federation Metadata document
  • Role information encoded as AttributeStatement in SAML 1.1/2.0 tokens
  • Claims information provided by FederationPrincipal interface

Release notes are available here.

For more information see:

Features to come in the upcoming releases:
  • Fediz IDP supports RP IDP use case
  • SAML Holder-Of-Key support
  • Support for encrypted SAML tokens
  • Support for Jetty Container
  • Integration with Spring Security
  • Integration with CXF JAX-RS
  • SAML-P support
Feel free to raise enhancement requests and issues here

Thank you for all support and feedback!


  1. Could you suggest by when the "Support for encrypted SAML tokens" feature be made available in Fediz? or to the current release, if I want to add this feature alone, what would be the approach in terms of usage of different libraries or any todo's ?

    1. All libraries are already there. The CXF STS already supports encrypted SAML tokens and the Fediz plugin must be enhanced to support this as well. We plan to release it for 1.1.

      Here is the JIRA:

      Please vote on it and/or send a message to the cxf mailing list.