You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by 杨华杰 <yh...@gmail.com> on 2012/08/13 05:30:25 UTC
Does fediz support ws-federation
Hi
I saw fediz support saml 1.x an saml 2. I am new to these claim based
authentication, but I think it's quite useful technology.
I found sharepoint 2012 support claim based authentication, it's so popular
that I have work with that platform. I would like to know whether fediz
can have this kind of integration or not.
About sharepoint claim based authentication:
http://msdn.microsoft.com/en-us/library/hh446525.aspx
Regards,
Hua JIe
RE: Does fediz support ws-federation
Posted by Oliver Wulff <ow...@talend.com>.
Hi there
When you sniffer the network you can grab the SAML token within the wresult form parameter. The Fediz plugin prevents you to send the same SAML token twice as the token is cached to prevent replay attacks but if you're running in a clustered environment you might be able to send the request to the other instance in the cluster as Fediz doesn't support that yet. Right now, Fediz supports a basic in-memory cache or ehcache. I was thinking to add a new option with hazelcast.
The other issue is that you can see what kind of permissions users have.
You won't be able to change it because the SAML assertion is signed and the signature is trusted.
HTH
------
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
________________________________________
From: 杨华杰 [yhjhoo@gmail.com]
Sent: 21 August 2012 05:17
To: users@cxf.apache.org
Subject: Re: Does fediz support ws-federation
Thank you Oli
I make it works already. By the way, can we config the IDP and SP without
ssl? What's the impact if we do so? I know it's unsecure, but I am in
intranet. How unsecure is it?
Regards,
Hua Jie
On Tue, Aug 21, 2012 at 4:57 AM, Oliver Wulff <ow...@talend.com> wrote:
> Hi Hua JIe
>
> Fediz support ws-federation passive requestor profile as share point does.
> Share point uses Microsoft WIF to add federation support and a tomcat
> application uses the fediz plugin.
>
> In addition, fediz provides an IDP which can be used for tomcat/fediz and
> asp.net/wif. The latter is described here:
> http://owulff.blogspot.ch/2012/02/configure-fediz-idp-and-aspnet-using.html
>
> Some customers use the fediz idp for their ASP.NET based applications.
>
> Thanks
> Oli
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com
> Solution Architect
> http://coders.talend.com
>
> Talend Application Integration Division http://www.talend.com
>
> ________________________________________
> From: 杨华杰 [yhjhoo@gmail.com]
> Sent: 13 August 2012 05:30
> To: users@cxf.apache.org
> Subject: Does fediz support ws-federation
>
> Hi
>
> I saw fediz support saml 1.x an saml 2. I am new to these claim based
> authentication, but I think it's quite useful technology.
>
> I found sharepoint 2012 support claim based authentication, it's so popular
> that I have work with that platform. I would like to know whether fediz
> can have this kind of integration or not.
>
> About sharepoint claim based authentication:
> http://msdn.microsoft.com/en-us/library/hh446525.aspx
>
>
>
>
> Regards,
> Hua JIe
>
Re: Does fediz support ws-federation
Posted by 杨华杰 <yh...@gmail.com>.
Thank you Oli
I make it works already. By the way, can we config the IDP and SP without
ssl? What's the impact if we do so? I know it's unsecure, but I am in
intranet. How unsecure is it?
Regards,
Hua Jie
On Tue, Aug 21, 2012 at 4:57 AM, Oliver Wulff <ow...@talend.com> wrote:
> Hi Hua JIe
>
> Fediz support ws-federation passive requestor profile as share point does.
> Share point uses Microsoft WIF to add federation support and a tomcat
> application uses the fediz plugin.
>
> In addition, fediz provides an IDP which can be used for tomcat/fediz and
> asp.net/wif. The latter is described here:
> http://owulff.blogspot.ch/2012/02/configure-fediz-idp-and-aspnet-using.html
>
> Some customers use the fediz idp for their ASP.NET based applications.
>
> Thanks
> Oli
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com
> Solution Architect
> http://coders.talend.com
>
> Talend Application Integration Division http://www.talend.com
>
> ________________________________________
> From: 杨华杰 [yhjhoo@gmail.com]
> Sent: 13 August 2012 05:30
> To: users@cxf.apache.org
> Subject: Does fediz support ws-federation
>
> Hi
>
> I saw fediz support saml 1.x an saml 2. I am new to these claim based
> authentication, but I think it's quite useful technology.
>
> I found sharepoint 2012 support claim based authentication, it's so popular
> that I have work with that platform. I would like to know whether fediz
> can have this kind of integration or not.
>
> About sharepoint claim based authentication:
> http://msdn.microsoft.com/en-us/library/hh446525.aspx
>
>
>
>
> Regards,
> Hua JIe
>
RE: Does fediz support ws-federation
Posted by Oliver Wulff <ow...@talend.com>.
Hi Hua JIe
Fediz support ws-federation passive requestor profile as share point does. Share point uses Microsoft WIF to add federation support and a tomcat application uses the fediz plugin.
In addition, fediz provides an IDP which can be used for tomcat/fediz and asp.net/wif. The latter is described here:
http://owulff.blogspot.ch/2012/02/configure-fediz-idp-and-aspnet-using.html
Some customers use the fediz idp for their ASP.NET based applications.
Thanks
Oli
------
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
________________________________________
From: 杨华杰 [yhjhoo@gmail.com]
Sent: 13 August 2012 05:30
To: users@cxf.apache.org
Subject: Does fediz support ws-federation
Hi
I saw fediz support saml 1.x an saml 2. I am new to these claim based
authentication, but I think it's quite useful technology.
I found sharepoint 2012 support claim based authentication, it's so popular
that I have work with that platform. I would like to know whether fediz
can have this kind of integration or not.
About sharepoint claim based authentication:
http://msdn.microsoft.com/en-us/library/hh446525.aspx
Regards,
Hua JIe