Apache CXF Fediz: An Open-Source Web Security Framework
Overview
Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. Authentication is externalized from your web application to an identity provider which is a dedicated server component. The supported standard is WS-Federation 1.2 Passive Requestor Profile. Fediz supports Claims based Access control beyond Role Based Access Control (RBAC).
News
Features
The following features are supported by the Fediz plugin 1.0
- WS-Federation 1.1/1.2
- SAML 1.1/2.0 Tokens
- Custom token support
- Publish WS-Federation Metadata document
- Role information encoded as AttributeStatement in SAML 1.1/2.0 tokens
- Claims information provided by FederationPrincipal interface
The following features are planned for the next release:
- Support for Jetty and JBoss
- CXF plugin
- Support for encrypted SAML tokens
- Support for Holder-Of-Key SubjectConfirmationMethod
- "Resource IDP" support for Fediz IDP
- support for other protocols like SAML-P, OAuth
Distribution
tbd
Samples
The examples directory contains two sample projects:
Sample |
Description |
Doc Page |
---|---|---|
simpleWebapp |
a simple web application which is protected by the Fediz IDP. The FederationServlet illustrates how to get security information using the standard APIs. |
|
wsclientWebapp |
a protected web application which calls a web service protected by the Fediz STS. The FederationServlet illustrates how to securely call a web service. |
Sources
Check out the code from http://svn.apache.org/repos/asf/cxf/fediz/trunk
Then build & test using:
mvn clean install
Note: you need to use Maven 2.0.9 or newer and have the following environment variable set: MAVEN_OPTS=-Xmx512m