THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. Authentication With Fediz, authentication is externalized from your web application to an identity provider which is installed as a dedicated server component. The supported standard is WS-Federation 1.2 Passive Requestor Profile. Fediz supports Claims based Based Access control Control beyond Role Based Access Control (RBAC).
...
The WS-Federation specification defines the following parties involved during the a web login:
- Browser
- Identity Provider (IDP)
The IDP is a centralized, application independent runtime component which implements the protocol defined by WS-Federation. You can use any open source or commercial product as your IDP which that supports WS-Federation 1.1/1.2 as your IDP. It's recommended to use the Fediz IDP for testing as it allows to test for testing your web application in a sandbox without having all infrastructure components available. The Fediz IDP consists of two WAR components. The Security Token Service (STS) is doing does most of the part like authenticating the user, retrieve work including user authentication, claims/role data retrieval and create creating the SAML token. The IDP WAR translates the response to a an HTML response thus allowing a browser can to process it. - Relying Party (RP)
The RP is the a web application which should that needs to be protected. The RP must be able to implement the protocol as defined by WS-Federation. This component is called "Fediz Plugin" in this project which consists of container agnostic module/jar and a container specific jar. When an authenticated request is detected by the plugin it redirects to the IDP or for authentication. The browser sends the response from the IDP to the RP after successful authentication. The RP validates the response and creates the container security context.
It's recommended to deploy the IDP and the web application (RP) into different container instances as in a production deployment. The container with the IDP can be used during development and testing for any multiple web applicationapplications needing security.
Setting up the IDP
The installation and configuration of the IDP is documented here
Set up the Relying Party Container
The Fediz plugin is needs to be deployed into the Relying Party (RP) container. The security mechanism is not specified by JEE. Even though it is very similar in each Servlet Container servlet container there are some differences which requires require a dedicated Fediz plugins plugin for each Servlet Container servlet container implementation. Most of the configuration is container independent and described here
...