THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
| Wiki Markup |
|---|
{span:style=font-size:2em;font-weight:bold} JAX-RS: SAML Web SSO{span}
{toc}
h1. Introduction
[SSO|http://en.wikipedia.org/wiki/Single_sign-on] is about a user having to sign in only once when interacting with a custom web application which may offer of a number of individual endpoints.
CXF 2.6.1 introduces a comprehensive service provider (SP) support for the SAML Web SSO [profile|http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf]. This [page|http://en.wikipedia.org/wiki/SAML_2.0] also offers a good overview of the [profile|http://en.wikipedia.org/wiki/SAML_2.0#Web_Browser_SSO_Profile].
HTTP Redirect(via GET) and POST bindings are supported. The module has been tested against many IDP providers and is easily configurable.
The following components are required to get SSO supported:
- Identity Provider (IDP) supporting SAML SSO
- Request Assertion Consumer Service (RACS)
- Application Security Filter
- SSO State Provider
The following sections will describe these components in more details
h2. Typical Flow
Typically, the following flow represents the way SAML SSO is enforced:
1. User accesses a custom application for the first time
2. Application Security Filter checks if the security context is available
and redirects the user to IDP with a SAML SSO request
3. IDP challenges the user with the authentication dialog and redirects the user to
Request Assertion Consumer Service (RACS) after the user has authenticated
4. RACS validates the response from IDP, establishes a security context and redirects the user
to the original application endpoint
5. Application Security Filter enforces that a valid security context is available and lets the user
access the custom application.
h1. Maven dependencies
{code:xml}
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-rs-security-sso-saml</artifactId>
<version>2.6.1</version>
</dependency>
{code}
h1. Identity Provider
h1. Request Assertion Security Service
h1. Application Security Filter
h1. SSO State Provider |