You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2015/04/28 12:47:16 UTC

svn commit: r949468 - in /websites/production/cxf/content: cache/main.pageCache fediz-downloads.html fediz.html

Author: buildbot
Date: Tue Apr 28 10:47:16 2015
New Revision: 949468

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/main.pageCache
    websites/production/cxf/content/fediz-downloads.html
    websites/production/cxf/content/fediz.html

Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/fediz-downloads.html
==============================================================================
--- websites/production/cxf/content/fediz-downloads.html (original)
+++ websites/production/cxf/content/fediz-downloads.html Tue Apr 28 10:47:16 2015
@@ -108,7 +108,7 @@ Apache CXF -- Fediz Downloads
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="FedizDownloads-Releases">Releases</h1><h2 id="FedizDownloads-1.1.2">1.1.2</h2><p>The 1.1.2 release is our latest release. For more information please see the <a shape="rect" class="external-link" href="https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=blob_plain;f=release_notes.txt;hb=62b7250d76674b8c6571c766a2028e54f93f80a4">release notes</a> and the <a shape="rect" href="migration-guide-11.html">migration guide</a>.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>MD5</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>SHA1</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>PGP</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Binary distribution</p></td><td colspan="1" rowspan="1" class="confluen
 ceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/cxf/fediz/1.1.2/apache-fediz-1.1.2.zip">apache-fediz-1.1.2.zip</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.1.2/apache-fediz-1.1.2.zip.md5">apache-fediz-1.1.2.zip.md5</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.1.2/apache-fediz-1.1.2.zip.sha1">apache-fediz-1.1.2.zip.sha1</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.1.2/apache-fediz-1.1.2.zip.asc">apache-fediz-1.1.2.zip.asc</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org
 /dyn/closer.cgi?path=/cxf/fediz/1.1.2/fediz-1.1.2-source-release.zip">fediz-1.1.2-source-release.zip</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.1.2/fediz-1.1.2-source-release.zip.md5">fediz-1.1.2-source-release.zip.md5</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.1.2/fediz-1.1.2-source-release.zip.sha1">fediz-1.1.2-source-release.zip.sha1</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.1.2/fediz-1.1.2-source-release.zip.asc">fediz-1.1.2-source-release.zip.asc</a></p></td></tr></tbody></table></div><h2 id="FedizDownloads-1.0.4">1.0.4</h2><p>The 1.0.4 release is our latest patch release for 1.0. For more information please see the <a shape="rect" class="external-link" href="https://git
 -wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=blob_plain;f=release_notes.txt;hb=22686242998f89d6bbc0e96167eed1453c5350e6">release notes</a>.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>MD5</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>SHA1</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>PGP</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Binary distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/cxf/fediz/1.0.4/apache-fediz-1.0.4.zip">apache-fediz-1.0.4.zip</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.0.4/apache-fediz-1
 .0.4.zip.md5">apache-fediz-1.0.4.zip.md5</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.0.4/apache-fediz-1.0.4.zip.sha1">apache-fediz-1.0.4.zip.sha1</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.0.4/apache-fediz-1.0.4.zip.asc">apache-fediz-1.0.4.zip.asc</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/cxf/fediz/1.0.4/fediz-1.0.4-source-release.zip">fediz-1.0.4-source-release.zip</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.0.4/fediz-1.0.4-source-release.zip.md5">fediz-1.0.4-source-release.zip.md5</
 a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.0.4/fediz-1.0.4-source-release.zip.sha1">fediz-1.0.4-source-release.zip.sha1</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.0.4/fediz-1.0.4-source-release.zip.asc">fediz-1.0.4-source-release.zip.asc</a></p></td></tr></tbody></table></div><h2 id="FedizDownloads-VerifyingReleases">Verifying Releases</h2><p>When downloading from a mirror please check the MD5 and SHA1 checksums as well as verifying the OpenPGP compatible signature available from the main Apache site. The <a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/KEYS">KEYS</a> file contains the public keys used for signing release. It is recommended that a web of trust is used to confirm the identity of these keys.</p><p>You can check the OpenPGP signature with:<
 /p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<div id="ConfluenceContent"><h1 id="FedizDownloads-Releases">Releases</h1><h2 id="FedizDownloads-1.2.0">1.2.0</h2><p>The 1.2.0 release is our latest release. For more information please see the <a shape="rect" class="external-link" href="https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=blob;f=release_notes.txt;h=dddcb64a283b635f6ca618ae3dd608625987030e;hb=6b2460973ea42c72eaff53eef2e4dc9a86d7714b">release notes</a>.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>MD5</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>SHA1</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>PGP</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Binary distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="extern
 al-link" href="http://www.apache.org/dyn/closer.cgi?path=/cxf/fediz/1.2.0/apache-fediz-1.2.0.zip">apache-fediz-1.2.0.zip</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.2.0/apache-fediz-1.2.0.zip.md5">apache-fediz-1.2.0.zip.md5</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.2.0/apache-fediz-1.2.0.zip.sha1">apache-fediz-1.2.0.zip.sha1</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.2.0/apache-fediz-1.2.0.zip.asc">apache-fediz-1.2.0.zip.asc</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/cxf/fediz/1.2.0/
 fediz-1.2.0-source-release.zip">fediz-1.2.0-source-release.zip</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.2.0/fediz-1.2.0-source-release.zip.md5">fediz-1.2.0-source-release.zip.md5</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.2.0/fediz-1.2.0-source-release.zip.sha1">fediz-1.2.0-source-release.zip.sha1</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.2.0/fediz-1.2.0-source-release.zip.asc">fediz-1.2.0-source-release.zip.asc</a></p></td></tr></tbody></table></div><h2 id="FedizDownloads-1.1.2">1.1.2</h2><p>The 1.1.2 release is our latest patch release of 1.1.x. For more information please see the <a shape="rect" class="external-link" href="https://git-wip-us.apache.org/repos/asf?p=cxf-fe
 diz.git;a=blob_plain;f=release_notes.txt;hb=62b7250d76674b8c6571c766a2028e54f93f80a4">release notes</a> (and the <a shape="rect" href="migration-guide-11.html">migration guide</a> from Fediz 1.0.x).</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>MD5</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>SHA1</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>PGP</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Binary distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/cxf/fediz/1.1.2/apache-fediz-1.1.2.zip">apache-fediz-1.1.2.zip</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="
 http://www.apache.org/dist/cxf/fediz/1.1.2/apache-fediz-1.1.2.zip.md5">apache-fediz-1.1.2.zip.md5</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.1.2/apache-fediz-1.1.2.zip.sha1">apache-fediz-1.1.2.zip.sha1</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.1.2/apache-fediz-1.1.2.zip.asc">apache-fediz-1.1.2.zip.asc</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/cxf/fediz/1.1.2/fediz-1.1.2-source-release.zip">fediz-1.1.2-source-release.zip</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.1.2/fediz-1.1.2-sou
 rce-release.zip.md5">fediz-1.1.2-source-release.zip.md5</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.1.2/fediz-1.1.2-source-release.zip.sha1">fediz-1.1.2-source-release.zip.sha1</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/fediz/1.1.2/fediz-1.1.2-source-release.zip.asc">fediz-1.1.2-source-release.zip.asc</a></p></td></tr></tbody></table></div><h2 id="FedizDownloads-VerifyingReleases">Verifying Releases</h2><p>When downloading from a mirror please check the MD5 and SHA1 checksums as well as verifying the OpenPGP compatible signature available from the main Apache site. The <a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/KEYS">KEYS</a> file contains the public keys used for signing release. It is recommended that a web of trust is used to confirm the identity of the
 se keys.</p><p>You can check the OpenPGP signature with:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[gpg --verify apache-fediz-*.zip.asc
 ]]></script>
 </div></div><p>You can check the MD5 checksum with:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
@@ -124,7 +124,7 @@ Apache CXF -- Fediz Downloads
                             <p>These are snapshot builds - untested builds provided for your convenience. They have not been tested, and are not official releases of the Apache CXF Fediz project or the Apache Software Foundation.</p>
                     </div>
     </div>
-<p>1.1.2 <a shape="rect" class="external-link" href="https://repository.apache.org/content/groups/snapshots/org/apache/cxf/fediz/apache-fediz/1.1.1-SNAPSHOT/">https://repository.apache.org/content/groups/snapshots/org/apache/cxf/fediz/apache-fediz/1.1.2-SNAPSHOT/</a></p><h1 id="FedizDownloads-Maven2Repositories">Maven 2 Repositories</h1><p>If you use Maven 2 for building your applications, Apache CXF Fediz artifacts are available from the following repository URLS:</p><h3 id="FedizDownloads-Releases:">Releases:</h3><p>All supported CXF releases are synced into the Maven central repository: <a shape="rect" class="external-link" href="http://repo1.maven.org/maven2/" rel="nofollow">http://repo1.maven.org/maven2/</a></p><h3 id="FedizDownloads-Snapshots:">Snapshots:</h3><p>Snapshots are available in Apache's Maven snapshot repository: <a shape="rect" class="external-link" href="http://repository.apache.org/snapshots">http://repository.apache.org/snapshots</a></p></div>
+<p>1.2.1 <a shape="rect" class="external-link" href="https://repository.apache.org/content/groups/snapshots/org/apache/cxf/fediz/apache-fediz/1.2.1-SNAPSHOT/">https://repository.apache.org/content/groups/snapshots/org/apache/cxf/fediz/apache-fediz/1.2.1-SNAPSHOT/</a></p><h1 id="FedizDownloads-Maven2Repositories">Maven 2 Repositories</h1><p>If you use Maven 2 for building your applications, Apache CXF Fediz artifacts are available from the following repository URLS:</p><h3 id="FedizDownloads-Releases:">Releases:</h3><p>All supported CXF releases are synced into the Maven central repository: <a shape="rect" class="external-link" href="http://repo1.maven.org/maven2/" rel="nofollow">http://repo1.maven.org/maven2/</a></p><h3 id="FedizDownloads-Snapshots:">Snapshots:</h3><p>Snapshots are available in Apache's Maven snapshot repository: <a shape="rect" class="external-link" href="http://repository.apache.org/snapshots">http://repository.apache.org/snapshots</a></p></div>
            </div>
            <!-- Content -->
          </td>

Modified: websites/production/cxf/content/fediz.html
==============================================================================
--- websites/production/cxf/content/fediz.html (original)
+++ websites/production/cxf/content/fediz.html Tue Apr 28 10:47:16 2015
@@ -99,7 +99,7 @@ Apache CXF -- Fediz
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="Fediz-ApacheCXFFediz:AnOpen-SourceWebSecurityFramework">Apache CXF Fediz: An Open-Source Web Security Framework</h1><h2 id="Fediz-Overview">Overview</h2><p>Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. With Fediz, authentication is externalized from your web application to an identity provider installed as a dedicated server component. The supported standard is <a shape="rect" class="external-link" href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002" rel="nofollow">WS-Federation Passive Requestor Profile</a>. Fediz supports <a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Claims-based_identity" rel="nofollow">Claims Based Access Control</a> beyond Role Based Access Control (RBAC).</p><h2 id="Fediz-News">News</h2><p>*October 21, 2014 - Apache CXF Fediz 1.1.2 re
 leased!</p><p>Apache CXF Fediz 1.1.2 has been released. It features an update to CXF 2.7.13, as well as support for an easy to use claim mapping support in the STS, kerberos authentication support in the IdP, as well as some minor bug fixes. For more information, please go <a shape="rect" href="fediz-downloads.html">here</a>.</p><h2 id="Fediz-Features">Features</h2><p>The following features are supported by Fediz 1.1</p><ul><li>WS-Federation 1.0/1.1/1.2</li><li>SAML 1.1/2.0 Tokens</li><li>Support for encrypted SAML Tokens (Release 1.1)</li><li>Support for Holder-Of-Key SubjectConfirmationMethod (1.1)</li><li>Custom token Support</li><li>Publish WS-Federation Metadata document</li><li>Role information encoded as AttributeStatement in SAML 1.1/2.0 tokens</li><li>Claims information provided by FederationPrincipal Interface</li><li>Support for Tomcat, Jetty, Websphere, Spring Security and CXF (1.1)</li><li>Fediz IDP supports "Resource IDP" role as well (1.1)</li></ul><p>The following fe
 atures are planned for the next release:</p><ul><li>support for other protocols like SAML-P, OAuth</li></ul><p>You can get the current status of the enhancements <a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/FEDIZ">here </a>.</p><h2 id="Fediz-Architecture">Architecture</h2><p>The Fediz architecture is described in more detail <a shape="rect" href="fediz-architecture.html">here</a>.</p><h2 id="Fediz-Download">Download</h2><p>See <a shape="rect" href="fediz-downloads.html">here</a>.</p><h2 id="Fediz-Gettingstarted">Getting started</h2><p>The WS-Federation specification defines the following parties involved during a web login:</p><ul><li>Browser</li><li>Identity Provider (IDP)<br clear="none"> The IDP is a centralized, application independent runtime component which implements the protocol defined by WS-Federation. You can use any open source or commercial product that supports WS-Federation 1.1/1.2 as your IDP. It's recommended to use the Fediz IDP
  for testing as it allows for testing your web application in a sandbox without having all infrastructure components available. The Fediz IDP consists of two WAR components. The Security Token Service (STS) does most of the work including user authentication, claims/role data retrieval and creating the SAML token. The IDP WAR translates the response to an HTML response allowing a browser to process it.</li><li>Relying Party (RP)<br clear="none"> The RP is a web application that needs to be protected. The RP must be able to implement the protocol as defined by WS-Federation. This component is called "Fediz Plugin" in this project which consists of container agnostic module/jar and a container specific jar. When an authenticated request is detected by the plugin it redirects to the IDP for authentication. The browser sends the response from the IDP to the RP after successful authentication. The RP validates the response and creates the container security context.</li></ul><p>It's reco
 mmended to deploy the IDP and the web application (RP) into different container instances as in a production deployment. The container with the IDP can be used during development and testing for multiple web applications needing security.</p><h3 id="Fediz-SettinguptheIDP">Setting up the IDP</h3><p>The installation and configuration of the IDP is documented <a shape="rect" href="fediz-idp-11.html">here</a></p><h3 id="Fediz-SetuptheRelyingPartyContainer">Set up the Relying Party Container</h3><p>The Fediz plugin needs to be deployed into the Relying Party (RP) container. The security mechanism is not specified by JEE. Even though it is very similar in each servlet container there are some differences which require a dedicated Fediz plugin for each servlet container implementation. Most of the configuration goes into a Servlet container independent configuration file which is described <a shape="rect" href="fediz-configuration.html">here</a></p><p>The following lists shows the supporte
 d containers and the location of the installation and configuration page.</p><ul><li><a shape="rect" href="fediz-tomcat.html">Tomcat 7 </a></li><li><a shape="rect" href="fediz-jetty.html">Jetty 7/8 (1.1)</a></li><li><a shape="rect" href="fediz-spring.html">Spring Security 3.1 (1.1)</a></li><li><a shape="rect" href="fediz-websphere.html">Websphere 7/8 (1.1)</a></li><li><a shape="rect" href="fediz-cxf.html">CXF (1.1) </a></li></ul><h2 id="Fediz-Samples">Samples</h2><p>The examples directory contains two sample relying party applications. They are independent of each other, so it is not necessary to deploy both at once.</p><p>Each sample is described in a <code>README.txt</code> file located in the base directory of each sample.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Sample</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenc
 eTd"><p><strong>simpleWebapp</strong></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>a simple web application which is protected by the Fediz IDP. The FederationServlet illustrates how to get security information using the standard APIs.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>wsclientWebapp</strong></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>a protected web application that calls a web service that uses the Fediz STS to validate credentials. Here, the same STS is used for token issuance (indirectly, by the web application through use of the Fediz IDP) and validation. The FederationServlet illustrates how to securely call a web service.</p></td></tr></tbody></table></div><p><span class="confluence-anchor-link" id="Fediz-building"></span></p><h2 id="Fediz-Building">Building</h2><p>Check out the code from here:</p><ul><li>git clone -v <a shape="rect" class="external-link" href="https://git-wip-us.apache.org/repos/asf/c
 xf-fediz.git">https://git-wip-us.apache.org/repos/asf/cxf-fediz.git</a></li></ul><p>Then follow the <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/fediz/trunk/BUILDING.txt?view=markup">BUILDING.txt</a> file in the Fediz download for full build instructions.</p><h5 id="Fediz-SettingupEclipse:">Setting up Eclipse:</h5><p>See <a shape="rect" href="http://cxf.apache.org/setting-up-eclipse.html">this page</a> for information on using the Eclipse IDE with the Fediz source code. This page is created for CXF but the same commands are applicable for Fediz too.</p></div>
+<div id="ConfluenceContent"><h1 id="Fediz-ApacheCXFFediz:AnOpen-SourceWebSecurityFramework">Apache CXF Fediz: An Open-Source Web Security Framework</h1><h2 id="Fediz-Overview">Overview</h2><p>Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. With Fediz, authentication is externalized from your web application to an identity provider installed as a dedicated server component. The supported standard is <a shape="rect" class="external-link" href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002" rel="nofollow">WS-Federation Passive Requestor Profile</a>. Fediz supports <a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Claims-based_identity" rel="nofollow">Claims Based Access Control</a> beyond Role Based Access Control (RBAC).</p><h2 id="Fediz-News">News</h2><p>*April 28, 2015 - Apache CXF Fediz 1.2.0 rele
 ased!</p><p>Apache CXF Fediz 1.2.0 has been released. It contains an update to use Apache CXF 3.0.4 as well as a host of new features (see below). For more information, please go <a shape="rect" href="fediz-downloads.html">here</a>.</p><h2 id="Fediz-Features">Features</h2><p>The following features are supported by Fediz 1.2</p><ul><li>WS-Federation 1.0/1.1/1.2</li><li>SAML 1.1/2.0 Tokens</li><li>Support for encrypted SAML Tokens (Release 1.1)</li><li>Support for Holder-Of-Key SubjectConfirmationMethod (1.1)</li><li>Custom token Support</li><li>Publish WS-Federation Metadata document</li><li>Role information encoded as AttributeStatement in SAML 1.1/2.0 tokens</li><li>Claims information provided by FederationPrincipal Interface</li><li>Support for Tomcat, Jetty, Websphere, Spring Security and CXF (1.1)</li><li>Fediz IDP supports "Resource IDP" role as well (1.1)</li><li>A new REST API for the IdP (1.2)</li><li>Support for logout in both the RP and IdP (1.2)</li><li>Support for loggin
 g on to the IdP via Kerberos and TLS client authentication (1.2)</li><li>A new container-independent CXF plugin for WS-Federation (1.2)</li><li>Support to use the IdP as an identity broker with a remote SAML SSO IdP (1.2)</li></ul><p>The following features are planned for the next release:</p><ul><li>support for other protocols like OAuth</li></ul><p>You can get the current status of the enhancements <a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/FEDIZ">here </a>.</p><h2 id="Fediz-Architecture">Architecture</h2><p>The Fediz architecture is described in more detail <a shape="rect" href="fediz-architecture.html">here</a>.</p><h2 id="Fediz-Download">Download</h2><p>See <a shape="rect" href="fediz-downloads.html">here</a>.</p><h2 id="Fediz-Gettingstarted">Getting started</h2><p>The WS-Federation specification defines the following parties involved during a web login:</p><ul><li>Browser</li><li>Identity Provider (IDP)<br clear="none"> The IDP is a centr
 alized, application independent runtime component which implements the protocol defined by WS-Federation. You can use any open source or commercial product that supports WS-Federation 1.1/1.2 as your IDP. It's recommended to use the Fediz IDP for testing as it allows for testing your web application in a sandbox without having all infrastructure components available. The Fediz IDP consists of two WAR components. The Security Token Service (STS) does most of the work including user authentication, claims/role data retrieval and creating the SAML token. The IDP WAR translates the response to an HTML response allowing a browser to process it.</li><li>Relying Party (RP)<br clear="none"> The RP is a web application that needs to be protected. The RP must be able to implement the protocol as defined by WS-Federation. This component is called "Fediz Plugin" in this project which consists of container agnostic module/jar and a container specific jar. When an authenticated request is detecte
 d by the plugin it redirects to the IDP for authentication. The browser sends the response from the IDP to the RP after successful authentication. The RP validates the response and creates the container security context.</li></ul><p>It's recommended to deploy the IDP and the web application (RP) into different container instances as in a production deployment. The container with the IDP can be used during development and testing for multiple web applications needing security.</p><h3 id="Fediz-SettinguptheIDP">Setting up the IDP</h3><p>The installation and configuration of the IDP is documented <a shape="rect" href="fediz-idp-11.html">here</a></p><h3 id="Fediz-SetuptheRelyingPartyContainer">Set up the Relying Party Container</h3><p>The Fediz plugin needs to be deployed into the Relying Party (RP) container. The security mechanism is not specified by JEE. Even though it is very similar in each servlet container there are some differences which require a dedicated Fediz plugin for each
  servlet container implementation. Most of the configuration goes into a Servlet container independent configuration file which is described <a shape="rect" href="fediz-configuration.html">here</a></p><p>The following lists shows the supported containers and the location of the installation and configuration page.</p><ul><li><a shape="rect" href="fediz-tomcat.html">Tomcat 7 </a></li><li><a shape="rect" href="fediz-jetty.html">Jetty 7/8 (1.1)</a></li><li><a shape="rect" href="fediz-spring.html">Spring Security 3.1 (1.1)</a></li><li><a shape="rect" href="fediz-websphere.html">Websphere 7/8 (1.1)</a></li><li><a shape="rect" href="fediz-cxf.html">CXF (1.1) </a></li></ul><h2 id="Fediz-Samples">Samples</h2><p>The examples directory contains two sample relying party applications. They are independent of each other, so it is not necessary to deploy both at once.</p><p>Each sample is described in a <code>README.txt</code> file located in the base directory of each sample.</p><div class="tabl
 e-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Sample</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>simpleWebapp</strong></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>a simple web application which is protected by the Fediz IDP. The FederationServlet illustrates how to get security information using the standard APIs.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>wsclientWebapp</strong></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>a protected web application that calls a web service that uses the Fediz STS to validate credentials. Here, the same STS is used for token issuance (indirectly, by the web application through use of the Fediz IDP) and validation. The FederationServlet illustrates how to securely call a web service.</p></td></tr></tbody></table></div><p><span
  class="confluence-anchor-link" id="Fediz-building"></span></p><h2 id="Fediz-Building">Building</h2><p>Check out the code from here:</p><ul><li>git clone -v <a shape="rect" class="external-link" href="https://git-wip-us.apache.org/repos/asf/cxf-fediz.git">https://git-wip-us.apache.org/repos/asf/cxf-fediz.git</a></li></ul><p>Then follow the <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/fediz/trunk/BUILDING.txt?view=markup">BUILDING.txt</a> file in the Fediz download for full build instructions.</p><h5 id="Fediz-SettingupEclipse:">Setting up Eclipse:</h5><p>See <a shape="rect" href="http://cxf.apache.org/setting-up-eclipse.html">this page</a> for information on using the Eclipse IDE with the Fediz source code. This page is created for CXF but the same commands are applicable for Fediz too.</p></div>
            </div>
            <!-- Content -->
          </td>