Description
In release 1.1, the Fediz IDP doesn't support other protocols than WS-Federation for a Trusted IDP. Due to the usage of Spring Web Flow, the flow can still be customized but it has a bigger impact and later migration to new release require more effort.
This is a proposal to add support for custom protocols for Trusted IDPs:
- Introduce Interface "SSOProtocolBridge" which is able to transform a WS-Federation SignIn Request to another SignIn Request (ex. SAML-P AuthRequest) and to transform another SignIn Response (ex. SAML-P AuthResponse) to a WS-Federation SignIn Response.
- Processing logic is part of the main IDP web flow which chooses a protocol depending on the configuration of the TrustedIdp
- New protocol implementations can be found due to spring annotations scanning and injecting the beans in the core processing logic
public interface SSOProtocolBridge { boolean canHandleRequest(HttpServletRequest request); String getProtocol(); // ActionState before redirectToTrustedIDP end-state to define SignIn URL // Note: Only supports HTTP GET SignIn Requests URL mapSignInRequest(RequestContext context); // Hook in <action-state id="validateToken"> of federation-signin-response.xml // ValidateTokenAction class delegates to an implementation of mapSignInResponse() according to the current protocol in the conversation SecurityToken mapSignInResponse(RequestContext context); }
Attachments
Issue Links
- is depended upon by
-
FEDIZ-74 Support Google Login for Trusted IDP
-
- Closed
-
-
FEDIZ-8 Add support for OAuth2 Authorization and Access Token Service
-
- Open
-
-
-
- Open
-
-
-
- Closed
-
-
-
- Closed
-