Uploaded image for project: 'CXF-Fediz'
  1. CXF-Fediz
  2. FEDIZ-72

Make Trusted IDP protocol customizable

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.1.0
    • 1.2.0
    • IDP
    • None

    Description

      In release 1.1, the Fediz IDP doesn't support other protocols than WS-Federation for a Trusted IDP. Due to the usage of Spring Web Flow, the flow can still be customized but it has a bigger impact and later migration to new release require more effort.

      This is a proposal to add support for custom protocols for Trusted IDPs:

      • Introduce Interface "SSOProtocolBridge" which is able to transform a WS-Federation SignIn Request to another SignIn Request (ex. SAML-P AuthRequest) and to transform another SignIn Response (ex. SAML-P AuthResponse) to a WS-Federation SignIn Response.
      • Processing logic is part of the main IDP web flow which chooses a protocol depending on the configuration of the TrustedIdp
      • New protocol implementations can be found due to spring annotations scanning and injecting the beans in the core processing logic
      public interface SSOProtocolBridge {
          
          boolean canHandleRequest(HttpServletRequest request);
      
          String getProtocol();
      
          // ActionState before redirectToTrustedIDP end-state to define SignIn URL
          // Note: Only supports HTTP GET SignIn Requests
          URL mapSignInRequest(RequestContext context);
          
          // Hook in <action-state id="validateToken"> of federation-signin-response.xml
          // ValidateTokenAction class delegates to an implementation of mapSignInResponse() according to the current protocol in the conversation
          SecurityToken mapSignInResponse(RequestContext context);
      }
      

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            owulff Oliver Wulff
            owulff Oliver Wulff
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment