THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. Authentication With Fediz, authentication is externalized from your web application to an identity provider which is installed as a dedicated server component. The supported standard is Apache CXF Fediz supports both WS-Federation 1.2 Passive Requestor Profile and the SAML Web Browser SSO Profile. Fediz supports Claims based Based Access control Control beyond Role Based Access Control (RBAC).
News
Features
The following features are supported by the Fediz plugin 1.0
- WS-Federation 1.1/1.2
- SAML 1.1/2.0 Tokens
- Custom token support
- Publish WS-Federation Metadata document
- Role information encoded as AttributeStatement in SAML 1.1/2.0 tokens
- Claims information provided by FederationPrincipal interface
The following features are planned for the next release:
- Support for Jetty and JBoss
- CXF plugin
- Support for encrypted SAML tokens
- Support for Holder-Of-Key SubjectConfirmationMethod
- "Resource IDP" support for Fediz IDP
- support for other protocols like SAML-P, OAuth
You can get the current status of the issues here .
Getting started
The WS-Federation specification defines the following parties involved during the web login:
- Browser
- Identity Provider (IDP)
The IDP is a centralized, application independent runtime component which implements the protocol defined by WS-Federation. You can use any open source or commercial product as your IDP which supports WS-Federation 1.1/1.2. It's recommended to use the Fediz IDP for testing as it allows to test your web application in a sandbox without having all infrastructure components available. The Fediz IDP consists of two WAR components. The Security Token Service (STS) is doing most of the part like authenticating the user, retrieve claims/role data and create the SAML token. The IDP WAR translates the response to a HTML response thus a browser can process it. - Relying Party (RP)
The RP is the web application which should be protected. The RP must be able to implement the protocol as defined by WS-Federation. This component is called "Fediz Plugin" in this project which consists of container agnostic module/jar and a container specific jar. When an authenticated request is detected by the plugin it redirects to the IDP or authentication. The browser sends the response from IDP to the RP after successful authentication. The RP validates the response and creates the container security context.
It's recommended to deploy the IDP and the web application (RP) into different container instances as in a production deployment. The container with the IDP can be used during development and testing for any web application.
Setting up the IDP
The following blog entries describe how to set up the IDP:
Set up the Relying Party Container
An individual plugin is deployed in each container. But most of the configuration is container independent and described Configuration
The following lists shows the supported containers and the location of the installation and configuration page.
Distribution
tbd
Samples
The examples directory contains two sample projects:
Sample | Description | Doc Page |
|---|---|---|
simpleWebapp | a simple web application which is protected by the Fediz IDP. The FederationServlet illustrates how to get security information using the standard APIs. | |
wsclientWebapp | a protected web application which calls a web service protected by the Fediz STS. The FederationServlet illustrates how to securely call a web service. |
Building
Check out the code from here:
- svn
http://svn.apache.org/repos/asf/cxf/fediz/trunk
- git
git://git.apache.org/cxf-fediz.git
Building with Maven
You build the run the tests using the following command:
| Code Block |
|---|
mvn clean install
|
Note: you need to use Maven 2.0.9 or newer and have the following environment variable set: MAVEN_OPTS=-Xmx512m
Setting up Eclipse:
December 23, 2022 - Apache CXF Fediz 1.6.1 released
Apache CXF Fediz 1.6.1 is released. This is a bugfix release containing upgrades to CXF 3.5.5, amongst other dependency upgrades. See the download page for more information.
February 12, 2022 - Apache CXF Fediz 1.6.0 released
Apache CXF Fediz 1.6.0 is released. This is a new major release containing upgrades to CXF 3.5.x and Spring 5, amongst others. See the download page for more information.
November 30, 2020 - Apache CXF Fediz 1.5.1 released
Apache CXF Fediz 1.5.1 is released. See the download page for more information.
June 23, 2020 - Apache CXF Fediz 1.5.0 released
Apache CXF Fediz 1.5.0 is released. This is a major new release with the following issues fixed: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12336848
The main changes are:
- The IdP is updated to use Spring Security 4.
- Support is added for Jetty 9.4 + Tomcat 9 plugins
- A fix for issues that prevented the Tomcat plugin working from versions 8.5.50 and 9.0.30
- The Tomcat 7, Jetty 8, Spring Security 2 + 3 plugins are removed.
See the download page for more information.
Download
See here.
Project Source
The Apache CXF Fediz sources are hosted at Apache gitbox. This includes a full two way sync with github. As github provides the nicer user interface we now recommend to directly work on the github cxf repo.
- Web Browsing: https://github.com/apache/cxf-fediz
- Checking out from GIT: git clone git@github.com:apache/cxf-fediz.git
CXF committers can directly commit to github after doing the Apache gitbox setup. Be aware that the sync might take half an hour before you are added to the CXF github group.
- Forking and Pull Requests: See Getting Involved
- Building the Source: Follow the BUILDING.txt file in the Fediz download for full build instructions.
- Eclipse: See this page for information on using the Eclipse IDE with the Fediz source code. This page is created for CXF but the same commands are applicable for Fediz too.
Apache CXF Fediz user guide
- Introduction
- Fediz Architecture
- Relying Party Containers
- Fediz IdP
- Fediz IdP 1.0 (deprecated)
- Fediz Metadata
- Fediz Samples
- Fediz Articles
- Fediz History