You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 69 Next »

Apache CXF Fediz: An Open-Source Web Security Framework

Overview

Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. With Fediz, authentication is externalized from your web application to an identity provider installed as a dedicated server component. Apache CXF Fediz supports both WS-Federation Passive Requestor Profile and the SAML Web Browser SSO Profile. Fediz supports Claims Based Access Control beyond Role Based Access Control (RBAC).

News

November 30, 2017 - Apache CXF Fediz 1.4.3 and 1.3.3 released

Apache CXF Fediz 1.4.3 and 1.3.3 have been released. A new security advisory has been released for an issue that was fixed in these releases:

  • CVE-2017-12631: CSRF vulnerabilities in the Apache CXF Fediz Spring plugins.

For more information and to download the new release, please go here.

September 15, 2017 - Apache CXF Fediz 1.4.2 released

Apache CXF Fediz 1.4.2 has been released.

For more information and to download the new release, please go here.

August 18, 2017 - Apache CXF Fediz 1.4.1 released

Apache CXF Fediz 1.4.1 has been released.

For more information and to download the new release, please go here.

May 16, 2017 - Two new security advisories for Apache CXF Fediz are released

Two new security advisories have been released for issues that are fixed in the latest releases (1.4.0, 1.3.2 and 1.2.4):

  • CVE-2017-7661: The Apache CXF Fediz Jetty and Spring plugins are vulnerable to CSRF attacks.
  • CVE-2017-7662: The Apache CXF Fediz OIDC Client Registration Service is vulnerable to CSRF attacks

Download

See here.

Project Source

The Apache CXF Fediz sources are hosted at Apache gitbox. This includes a full two way sync with github. As github provides the nicer user interface we now recommend to directly work on the github cxf repo.

CXF committers can directly commit to github after doing the Apache gitbox setup. Be aware that the sync might take half an hour before you are added to the CXF github group.

  • Forking and Pull Requests: See Getting Involved
  • Building the Source: Follow the BUILDING.txt file in the Fediz download for full build instructions.
  • Eclipse: See this page for information on using the Eclipse IDE with the Fediz source code. This page is created for CXF but the same commands are applicable for Fediz too.

Apache CXF Fediz user guide


  • No labels