...
Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. With Fediz, authentication is externalized from your web application to an identity provider installed as a dedicated server component. Apache CXF Fediz supports both WS-Federation Passive Requestor Profile and the SAML Web Browser SSO Profile. Fediz supports Claims Based Access Control beyond Role Based Access Control (RBAC).
News
June 29December 23, 2018 2022 - Apache CXF Fediz 1.46.41 released
Apache CXF Fediz 1.4.4 has been released. A new security advisory has been released for an issue that was fixed in this release:
...
6.1 is released. This is a bugfix release containing upgrades to CXF 3.5.5, amongst other dependency upgrades. See the download page for more information.
February 12, 2022 - Apache CXF Fediz 1.6.0 released
Apache CXF Fediz 1.6.0 is released. This is a new major release containing upgrades to CXF 3.5.x and Spring 5, amongst others. See the download page for more information.
November 30, 2017 2020 - Apache CXF Fediz 1.4.3 and 5.1 released
Apache CXF Fediz 1.35.1 is released. See the download page for more information.
June 23, 2020 - 3 released Apache CXF Fediz 1.4.3 and 5.0 released
Apache CXF Fediz 1.3.3 have been 5.0 is released. A new security advisory has been released for an issue that was fixed in these releases:
- CVE-2017-12631: CSRF vulnerabilities in the Apache CXF Fediz Spring plugins.
This is a major new release with the following issues fixed: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12336848
The main changes are:
- The IdP is updated to use Spring Security 4.
- Support is added for Jetty 9.4 + Tomcat 9 plugins
- A fix for issues that prevented the Tomcat plugin working from versions 8.5.50 and 9.0.30
- The Tomcat 7, Jetty 8, Spring Security 2 + 3 plugins are removed.
See the download page for more information.
Download
See here.
Project Source
...
- Introduction
- Fediz Architecture
- Relying Party Containers
- Fediz IdP
- Fediz IdP 1.0 (deprecated)
- Fediz Metadata
- Fediz Samples
- Fediz Articles
- Fediz History
...