Hi guys
I've attached an initial version of the patch for the following bugzilla task: https://issues.apache.org/bugzilla/show_bug.cgi?id=51334 I'd like to initiate a discussion how to bundle and integrate this into tomcat. I've added a comment to the attachment which is listed at the bottom of this mail. The maven module wsfed-tomcat contains a custom authenticator called FederationAuthenticator. There are more information in docs/readme.txt how to configure it. To test this piece of functionality you need a third party component which is the IDP. Technically, the IDP is a web application. There some more information on the IDP here: http://owulff.blogspot.com/2011/10/configure-and-deploy-identity-provider.html (There is a unit test to test the federation logic in wsfed-core which doesn't need a servlet container up and running in wsfed-core/src/test/java/..../FederationProcessorTest.java). The IDP is just a servlet which delegates main of the functionality to the STS (SecurityTokenService) which is capable to issue any kind of security tokens like SAML 2.0. The IDP is completely apache licensed (CXF 2.5 STS, WSS4J, OpenSAML). I need your advice what the options are to provide the IDP because it should not be part of the tomcat distribution itself. Maybe a separate downloadable file or just a blog? I also see an opportunity that the IDP could be enhanced further thus it can be used within enterprises and support more authentication options than just username/password (ex. kerberos). Looking forward for your feedback. Regards Oliver >>> I've attached a complete maven project which consists of the following modules: - wsfed-core this is the core federation funtionality which is servlet container agnostic - wsfed-tomcat this is the adaption of the wsfed-core component for tomcat implemented as an authenticator - wsfed-tomcat-example this is the sample web application where federation is enabled. This example must be deployed into a tomcat container which contains the above library and dependencies in wsfed-core and wsfed-tomcat. WS-Federation depends on a third party security component called Identity Provider (IDP). I've posted a blog which explains this in more detail. The Identity Provider is responsible to authenticate a user and a security token which is handled by an STS. The following two modules provide the IDP functionality: - wsfed-idp this is the IDP component which is required for a web application which has federation enabled. For more information check this out: http://owulff.blogspot.com/2011/10/configure-and-deploy-identity-provider.html - wsfed-idp-sts this is the STS component which is used by the idp. For more information check this out: http://owulff.blogspot.com/2011/10/configure-and-deploy-cxf-25-sts-part-i.html >>>
