You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by chris snow <ch...@gmail.com> on 2013/05/01 20:33:11 UTC

fediz: IDP deployed in DMZ, STS deployed behind firewall

I am thinking of deploying the Fediz IDP and the RP in the DMZ, and hiding
the STS behind the firewall.  STS will be deployed behind the firewall
because it has access to the credential store and deserves another layer of
protection.

It appears that only the IDP needs to communicate with the STS and that is
through the WS-TRUST web service?

Is this an expected deployment architecture for Fediz?

Many thanks,

Chris

RE: fediz: IDP deployed in DMZ, STS deployed behind firewall

Posted by Oliver Wulff <ow...@talend.com>.

Absolutely, you might only need access to the STS if you expose business web services to other companies which are protected by a token issued by your STS.

Oli

________________________________________
From: chris snow [chsnow123@gmail.com]
Sent: 01 May 2013 20:33
To: users@cxf.apache.org
Subject: fediz: IDP deployed in DMZ, STS deployed behind firewall

I am thinking of deploying the Fediz IDP and the RP in the DMZ, and hiding
the STS behind the firewall.  STS will be deployed behind the firewall
because it has access to the credential store and deserves another layer of
protection.

It appears that only the IDP needs to communicate with the STS and that is
through the WS-TRUST web service?

Is this an expected deployment architecture for Fediz?

Many thanks,

Chris