THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. With Fediz, authentication is externalized from your web application to an identity provider installed as a dedicated server component. The supported standard is WS-Federation Passive Requestor Profile. Fediz supports Claims Based Access Control beyond Role Based Access Control (RBAC).
News
November 30, 2017 - Apache CXF Fediz 1.4.3 and 1.3.3 released
Apache CXF Fediz 1.4.3 and 1.3.3 have been released. A new security advisory has been released for an issue that was fixed in these releases:
- CVE-2017-12631: CSRF vulnerabilities in the Apache CXF Fediz Spring plugins.
For more information and to download the new release, please go here.
September 15, 2017 - Apache CXF Fediz 1.4.2 released
...
- CVE-2017-7661: The Apache CXF Fediz Jetty and Spring plugins are vulnerable to CSRF attacks.
- CVE-2017-7662: The Apache CXF Fediz OIDC Client Registration Service is vulnerable to CSRF attacks.
Please upgrade to the latest releases as soon as possible.
April 28, 2017 - Apache CXF Fediz 1.4.0, 1.3.2 and 1.2.4 released
Apache CXF Fediz 1.4.0, 1.3.2 and 1.2.4 have been released.
...
- .
Features
The following features are supported by Fediz 1.2
...