[jira] [Resolved] (FEDIZ-72) Make Trusted IDP protocol customizable

Sat, 11 Apr 2015 06:02:36 -0700 

     [ 
https://issues.apache.org/jira/browse/FEDIZ-72?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Colm O hEigeartaigh resolved FEDIZ-72.
--------------------------------------
    Resolution: Fixed


Marking as resolved, as this is now working with SAML SSO.

> Make Trusted IDP protocol customizable
> --------------------------------------
>
>                 Key: FEDIZ-72
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-72
>             Project: CXF-Fediz
>          Issue Type: Improvement
>          Components: IDP
>    Affects Versions: 1.1.0
>            Reporter: Oliver Wulff
>            Assignee: Oliver Wulff
>             Fix For: 1.2.0
>
>
> In release 1.1, the Fediz IDP doesn't support other protocols than 
> WS-Federation for a Trusted IDP. Due to the usage of Spring Web Flow, the 
> flow can still be customized but it has a bigger impact and later migration 
> to new release require more effort.
> This is a proposal to add support for custom protocols for Trusted IDPs:
> - Introduce Interface "SSOProtocolBridge" which is able to transform a 
> WS-Federation SignIn Request to another SignIn Request (ex. SAML-P 
> AuthRequest) and to transform another SignIn Response (ex. SAML-P 
> AuthResponse) to a WS-Federation SignIn Response.
> - Processing logic is part of the main IDP web flow which chooses a protocol 
> depending on the configuration of the TrustedIdp
> - New protocol implementations can be found due to spring annotations 
> scanning and injecting the beans in the core processing logic
> {code}
> public interface SSOProtocolBridge {
>     
>     boolean canHandleRequest(HttpServletRequest request);
>     String getProtocol();
>     // ActionState before redirectToTrustedIDP end-state to define SignIn URL
>     // Note: Only supports HTTP GET SignIn Requests
>     URL mapSignInRequest(RequestContext context);
>     
>     // Hook in <action-state id="validateToken"> of 
> federation-signin-response.xml
>     // ValidateTokenAction class delegates to an implementation of 
> mapSignInResponse() according to the current protocol in the conversation
>     SecurityToken mapSignInResponse(RequestContext context);
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to