Hi there I was working in the last 5 months in enabling tomcat for federation and propagate the security context of the browser user to the back end web services using the CXF STS.
I just committed this code to the cxf sandbox: http://svn.apache.org/viewvc/cxf/sandbox/fediz/ This project contains 5 modules: A) Identity provider (IDP), authentication server * fediz-idp This module is more or less a servlet which processes and transforms the incoming federation message for an STS request more information can be found here: http://owulff.blogspot.com/2011/10/configure-and-deploy-identity-provider.html * fediz-idp-sts The CXF sts is responsible to issue a SAML token and adding the claims (firstname, lastname, email, roles) to the SAML token more information can be found here: http://owulff.blogspot.com/2011/10/configure-and-deploy-cxf-25-sts-part-i.html B) Federation plugin for application server * fediz-core This module contains the core logic to validate the federation sign in message. It validates the SAML token. The whole processing is application server agnostic. * fediz-tomcat This module implements the Tomcat authenticator and adapts the core federation logic to the Tomcat specific authenticator and establish the jee security context more information can be found here: http://owulff.blogspot.com/2011/11/configure-tomcat-for-federation-part.html C) Sample application I've planned to add support for Websphere and Pax Web. What do you think about this? Thanks Oli
