Does fediz support ws-federation

[杨华杰 <yh...@gmail.com>]

Hi

I saw fediz support saml 1.x an saml 2.  I am new to these claim based
authentication, but I think it's quite useful technology.

I found sharepoint 2012 support claim based authentication, it's so popular
that I have work with that platform.  I would like to know whether fediz
can have this kind of integration or not.

About sharepoint claim based authentication:
http://msdn.microsoft.com/en-us/library/hh446525.aspx




Regards,
Hua JIe

RE: Does fediz support ws-federation

[Oliver Wulff <ow...@talend.com>]

Hi there

When you sniffer the network you can grab the SAML token within the wresult form parameter. The Fediz plugin prevents you to send the same SAML token twice as the token is cached to prevent replay attacks but if you're running in a clustered environment you might be able to send the request to the other instance in the cluster as Fediz doesn't support that yet. Right now, Fediz supports a basic in-memory cache or ehcache. I was thinking to add a new option with hazelcast.

The other issue is that you can see what kind of permissions users have.

You won't be able to change it because the SAML assertion is signed and the signature is trusted.

HTH


------

Oliver Wulff

Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com

Talend Application Integration Division http://www.talend.com

________________________________________
From: 杨华杰 [yhjhoo@gmail.com]
Sent: 21 August 2012 05:17
To: users@cxf.apache.org
Subject: Re: Does fediz support ws-federation

Thank you Oli

I make it works already. By the way, can we config the IDP and SP without
ssl? What's the impact if we do so? I know it's unsecure, but I am in
intranet. How unsecure is it?



Regards,
Hua Jie

On Tue, Aug 21, 2012 at 4:57 AM, Oliver Wulff <ow...@talend.com> wrote:

> Hi Hua JIe
>
> Fediz support ws-federation passive requestor profile as share point does.
> Share point uses Microsoft WIF to add federation support and a tomcat
> application uses the fediz plugin.
>
> In addition, fediz provides an IDP which can be used for tomcat/fediz and
> asp.net/wif. The latter is described here:
> http://owulff.blogspot.ch/2012/02/configure-fediz-idp-and-aspnet-using.html
>
> Some customers use the fediz idp for their ASP.NET based applications.
>
> Thanks
> Oli
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com
> Solution Architect
> http://coders.talend.com
>
> Talend Application Integration Division http://www.talend.com
>
> ________________________________________
> From: 杨华杰 [yhjhoo@gmail.com]
> Sent: 13 August 2012 05:30
> To: users@cxf.apache.org
> Subject: Does fediz support ws-federation
>
> Hi
>
> I saw fediz support saml 1.x an saml 2.  I am new to these claim based
> authentication, but I think it's quite useful technology.
>
> I found sharepoint 2012 support claim based authentication, it's so popular
> that I have work with that platform.  I would like to know whether fediz
> can have this kind of integration or not.
>
> About sharepoint claim based authentication:
> http://msdn.microsoft.com/en-us/library/hh446525.aspx
>
>
>
>
> Regards,
> Hua JIe
>

Re: Does fediz support ws-federation

[杨华杰 <yh...@gmail.com>]

Thank you Oli

I make it works already. By the way, can we config the IDP and SP without
ssl? What's the impact if we do so? I know it's unsecure, but I am in
intranet. How unsecure is it?



Regards,
Hua Jie

On Tue, Aug 21, 2012 at 4:57 AM, Oliver Wulff <ow...@talend.com> wrote:

> Hi Hua JIe
>
> Fediz support ws-federation passive requestor profile as share point does.
> Share point uses Microsoft WIF to add federation support and a tomcat
> application uses the fediz plugin.
>
> In addition, fediz provides an IDP which can be used for tomcat/fediz and
> asp.net/wif. The latter is described here:
> http://owulff.blogspot.ch/2012/02/configure-fediz-idp-and-aspnet-using.html
>
> Some customers use the fediz idp for their ASP.NET based applications.
>
> Thanks
> Oli
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com
> Solution Architect
> http://coders.talend.com
>
> Talend Application Integration Division http://www.talend.com
>
> ________________________________________
> From: 杨华杰 [yhjhoo@gmail.com]
> Sent: 13 August 2012 05:30
> To: users@cxf.apache.org
> Subject: Does fediz support ws-federation
>
> Hi
>
> I saw fediz support saml 1.x an saml 2.  I am new to these claim based
> authentication, but I think it's quite useful technology.
>
> I found sharepoint 2012 support claim based authentication, it's so popular
> that I have work with that platform.  I would like to know whether fediz
> can have this kind of integration or not.
>
> About sharepoint claim based authentication:
> http://msdn.microsoft.com/en-us/library/hh446525.aspx
>
>
>
>
> Regards,
> Hua JIe
>

RE: Does fediz support ws-federation

[Oliver Wulff <ow...@talend.com>]

Hi Hua JIe

Fediz support ws-federation passive requestor profile as share point does. Share point uses Microsoft WIF to add federation support and a tomcat application uses the fediz plugin.

In addition, fediz provides an IDP which can be used for tomcat/fediz and asp.net/wif. The latter is described here:
http://owulff.blogspot.ch/2012/02/configure-fediz-idp-and-aspnet-using.html

Some customers use the fediz idp for their ASP.NET based applications.

Thanks
Oli

------

Oliver Wulff

Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com

Talend Application Integration Division http://www.talend.com

________________________________________
From: 杨华杰 [yhjhoo@gmail.com]
Sent: 13 August 2012 05:30
To: users@cxf.apache.org
Subject: Does fediz support ws-federation

Hi

I saw fediz support saml 1.x an saml 2.  I am new to these claim based
authentication, but I think it's quite useful technology.

I found sharepoint 2012 support claim based authentication, it's so popular
that I have work with that platform.  I would like to know whether fediz
can have this kind of integration or not.

About sharepoint claim based authentication:
http://msdn.microsoft.com/en-us/library/hh446525.aspx




Regards,
Hua JIe