| Apache CXF Fediz 1.4.6 Release Notes |
| ------------------------------------ |
| |
| 1. Overview |
| |
| Apache CXF Fediz provide the following features: |
| |
| * WS-Federation 1.0/1.1/1.2 |
| * SAML 1.1/2.0 Tokens |
| * Custom token support |
| * Publish WS-Federation Metadata document for RP and IDP |
| * Role information encoded as AttributeStatement in SAML 1.1/2.0 tokens |
| * Claims information provided by FederationPrincipal interface |
| * Fediz IdP supports Resource and Requestor IDP role, Home Realm Discovery Service, ... |
| * Support for Jetty, Tomcat, Websphere and Spring Security 2.0/3.1 |
| * Support for logout in the RP and IdP |
| * Support for logging on to the IdP via UsernamePassword, Kerberos and TLS |
| client authentication |
| * A container independent CXF plugin for WS-Federation |
| * A REST API for the IDP |
| * Support to use the IDP as an identity broker with a remote SAML SSO IdP |
| * Support to use the IDP as an identity broker with a remote OpenId Connect IdP |
| * SAML SSO support in the IdP |
| |
| |
| 2. Installation Prerequisites |
| |
| Before installing Apache CXF Fediz, make sure the following products, |
| with the specified versions, are installed on your system: |
| |
| * Java 7 Development Kit or higher |
| * Apache Maven 3.x to build the samples |
| |
| 3. Installation Procedures |
| |
| Follow the Getting Started instructions at |
| http://cxf.apache.org/fediz.html#Fediz-Gettingstarted for information |
| on installing the Fediz IDP and IdP STS. |
| |
| 4. Building the Samples |
| |
| Building the samples included in the binary distribution is easy. Change to |
| the examples directory and follow the build instructions in the README.txt file |
| included with each sample. |
| |
| 5. Replacing provided keystores |
| |
| The sample keystores provided are fine for development and prototyping use |
| but make sure to replace them for any production use, see |
| see examples/samplekeys/HowToGenerateKeysREADME.html for key generation |
| information. |
| |
| 6. Reporting Problems |
| |
| If you have any problems or want to send feedback of any kind, please e-mail the |
| CXF user list, users@cxf.apache.org. You can also file issues in JIRA at: |
| |
| http://issues.apache.org/jira/browse/FEDIZ |
| |
| |
| 7. Migration notes: |
| |
| N.A. |
| |
| |
| 8. Specific issues, features, and improvements fixed in this version |
| |
| Release Notes - CXF-Fediz - Version 1.4.6 |
| |
| Bug |
| |
| [FEDIZ-232] - 'wctx' parameter mandatory but protocol does not require |
| [FEDIZ-234] - Escape logging output in LoginHintHomeRealmDiscovery |
| [FEDIZ-236] - Geeting HTTP 401 error on first login using SAML |
| [FEDIZ-239] - Add an underscore prefix to the SAML Ids to make them schema compliant |
| |
| |
| Release Notes - CXF-Fediz - Version 1.4.5 |
| |
| Bug |
| |
| [FEDIZ-220] - http 400 when logout with redirect to constraint |
| [FEDIZ-224] - Saml SSO spring plugin does not work |
| [FEDIZ-226] - authnRequestBuilder cofiguration property for samlProtocolType ignored |
| |
| New Feature |
| |
| [FEDIZ-158] - Support Fediz OIDC Login for Trusted IDP |
| [FEDIZ-223] - Support custom claim handler within Fediz Plugin |
| |
| Task |
| |
| [FEDIZ-221] - Support SAML SSO Logout in the IdP |
| [FEDIZ-222] - Support SAML SSO Logout in the RP |
| [FEDIZ-225] - Add support to specify the AssertionConsumerService URL via the "reply" configuration parameter for SAML SSO |
| [FEDIZ-227] - Support SAML SSO in the Jetty plugin |
| [FEDIZ-228] - Add the "jti" claim in FedizSubjectCreator |
| [FEDIZ-229] - Provide a way to map JWT claims into SAML attributes when converting a third party JWT token into a SAML Token |
| |
| Release Notes - CXF-Fediz - Version 1.4.4 |
| |
| Bug |
| |
| [FEDIZ-217] - SAML authentication fails in plugin |
| |
| New Feature |
| |
| [FEDIZ-7] - Add support for SAML-P in the plugin |
| |
| Improvement |
| |
| [FEDIZ-216] - Support different signature algorithms for the SAML SSO Redirect Binding |
| [FEDIZ-219] - Add support for SAML SSO to the Tomcat 8 RP implementation |
| |
| |
| Release Notes - CXF-Fediz - Version 1.4.3 |
| |
| Bug |
| |
| [FEDIZ-211] - Local IdP redirection (after token expiry) is not working |
| [FEDIZ-212] - Multiple OIDC logout return to login page |
| [FEDIZ-213] - Spring plugins don't handle token expiration properly |
| [FEDIZ-214] - OIDC generated already expired id_token |
| |
| Improvement |
| |
| [FEDIZ-210] - Limit IdP request parameter size |
| |
| |
| Release Notes - CXF-Fediz - Version 1.4.2 |
| |
| Improvement |
| |
| [FEDIZ-206] - Revert FedizSubjectCreator changes |
| [FEDIZ-209] - Make FedizResponse properly serializable |
| |
| Release Notes - CXF-Fediz - Version 1.4.1 |
| |
| Bug |
| |
| [FEDIZ-201] - Spring3 plugin does not include jars in the distribution |
| [FEDIZ-202] - OIDC war files are being included in the plugin directories in the distribution |
| |
| Improvement |
| |
| [FEDIZ-205] - Support creating IdP Metadata for SAML SSO |
| |
| New Feature |
| |
| [FEDIZ-203] - Support "roles" scope |
| |
| |
| Release Notes - CXF-Fediz - Version 1.4.0 |
| |
| Bug |
| |
| [FEDIZ-185] - Make one of passiveRequestorEndpoint or passiveRequestorEndpointConstraint mandatory in the IDP |
| [FEDIZ-189] - Add support for absolute URLs in the logoutRedirectTo parameter |
| [FEDIZ-191] - The HomeRealmReminder cookie is not deleted after logout in the IdP |
| [FEDIZ-192] - SAML customSTSParameter not propagated when using form-login |
| |
| Improvement |
| |
| [FEDIZ-155] - Move .java components out of idp webapp and into a separate JAR |
| [FEDIZ-175] - Refactor STS configuration to make the Fediz STS easier to customize. |
| [FEDIZ-176] - Refactor IdP configuration to make the Fediz IdP easier to customize. |
| [FEDIZ-177] - Upgrade dbcp to 2.1.1 |
| [FEDIZ-178] - Update Webflow to 2.4.x |
| [FEDIZ-179] - Update IdP to Spring Security 3.2 |
| [FEDIZ-180] - Support WS-Federation Trusted Third Party IdPs for the SAML SSO interface in the IdP |
| [FEDIZ-181] - Support SAML SSO Trusted Third Party IdPs for the SAML SSO interface in the IdP |
| [FEDIZ-182] - Support OIDC Trusted Third Party IdPs for the SAML SSO interface in the IdP |
| [FEDIZ-183] - Support logging out in the plugins via the "wa" parameter |
| [FEDIZ-184] - Remove OGNL parser from the IdP |
| [FEDIZ-186] - Add new logoutRedirectToConstraint plugin configuration parameter |
| [FEDIZ-188] - Make "Reply" a CallbackType in the Fediz plugin configuration |
| [FEDIZ-190] - Make the logoutRedirectToConstraint a CallbackType |
| [FEDIZ-193] - Add a way to support additional top level domains when registering OIDC clients |
| [FEDIZ-195] - OIDC: propagate URI fragment during authentication |
| [FEDIZ-197] - STSClientAction shouldn't change wsdlLocation when no port is set |
| [FEDIZ-199] - Update the Spring plugin to spring security 4 |
| [FEDIZ-200] - Make one of logoutEndpoint or logoutEndpointConstraint mandatory in the IDP |
| |
| New Feature |
| |
| [FEDIZ-187] - Initial OIDC Logout Support |
| |
| Task |
| |
| [FEDIZ-196] - Add support for Apache Tomcat 8.5.x |
| |
| |
| Release Notes - CXF-Fediz - Version 1.3.2 |
| |
| Bug |
| |
| [FEDIZ-185] - Make one of passiveRequestorEndpoint or passiveRequestorEndpointConstraint mandatory in the IDP |
| [FEDIZ-189] - Add support for absolute URLs in the logoutRedirectTo parameter |
| [FEDIZ-191] - The HomeRealmReminder cookie is not deleted after logout in the IdP |
| [FEDIZ-194] - NPE when restarting Fediz OIDC after using dynamic registration |
| |
| Improvement |
| |
| [FEDIZ-173] - Cors support for js OIDC Implicit Flow |
| [FEDIZ-183] - Support logging out in the plugins via the "wa" parameter |
| [FEDIZ-186] - Add new logoutRedirectToConstraint plugin configuration parameter |
| [FEDIZ-193] - Add a way to support additional top level domains when registering OIDC clients |
| [FEDIZ-200] - Make one of logoutEndpoint or logoutEndpointConstraint mandatory in the IDP |
| |
| Task |
| |
| [FEDIZ-174] - Update CXF version to 3.1.8-SNAPSHOT |
| |
| |
| Release Notes - CXF-Fediz - Version 1.2.4 |
| |
| Bug |
| |
| [FEDIZ-185] - Make one of passiveRequestorEndpoint or passiveRequestorEndpointConstraint mandatory in the IDP |
| [FEDIZ-191] - The HomeRealmReminder cookie is not deleted after logout in the IdP |
| |
| Improvement |
| |
| [FEDIZ-186] - Add new logoutRedirectToConstraint plugin configuration parameter |
| [FEDIZ-200] - Make one of logoutEndpoint or logoutEndpointConstraint mandatory in the IDP |
| |
| |
| Release Notes - CXF-Fediz - Version 1.2.3 |
| |
| Bug |
| |
| [FEDIZ-161] - FederationConfigImpl.init() calls loadConfig(File) which fails for war files with special characters in its name |
| [FEDIZ-164] - IdP default flow doesn't support multiple realms |
| [FEDIZ-169] - Enforce mandatory requested claims on the RP side |
| [FEDIZ-170] - Load keystore/truststore resources in the container plugins |
| |
| Improvement |
| |
| [FEDIZ-154] - Example 'simpleWebapp' needs proper configuration of the FederationEntryPoint in IDP realm-b |
| [FEDIZ-159] - whr propagation can be disabled |
| [FEDIZ-168] - Support SAML Token without Audience Restriction |
| |
| |
| Release Notes - CXF-Fediz - Version 1.3.1 |
| |
| Bug |
| |
| [FEDIZ-161] - FederationConfigImpl.init() calls loadConfig(File) which fails for war files with special characters in its name |
| [FEDIZ-164] - IdP default flow doesn't support multiple realms |
| [FEDIZ-165] - SAML SSO redirection on ForceAuthn or token expiry not working |
| [FEDIZ-166] - "No message body writer" error for OAuthError in the OIDC IdP |
| [FEDIZ-169] - Enforce mandatory requested claims on the RP side |
| [FEDIZ-170] - Load keystore/truststore resources in the container plugins |
| |
| Improvement |
| |
| [FEDIZ-160] - Replace Hibernate with Apache BVal |
| [FEDIZ-162] - Make it possible to disable the requirement for a Signature when validating a SAML SSO AuthnRequest in the IdP |
| [FEDIZ-163] - Default to disabling Deflate Encoding for the SAML SSO response |
| [FEDIZ-168] - Support SAML Token without Audience Restriction |
| [FEDIZ-171] - Add a configuration option to add the "Authenticated" role to the list of roles of the authenticated user |
| [FEDIZ-172] - OIDC DataProvider should support client_credentials clients |
| |
| New Feature |
| |
| [FEDIZ-76] - Support Facebook Login for Trusted IDP |
| |
| |
| Release Notes - CXF-Fediz - Version 1.3.0 |
| |
| Sub-task |
| |
| [FEDIZ-74] - Support Google Login for Trusted IDP |
| |
| Bug |
| |
| [FEDIZ-118] - Allow securing root context applications |
| [FEDIZ-125] - Logout is not working in Fediz websphere plugin and cookie name is not configurable |
| [FEDIZ-128] - Parent POM dependencies wrong in Websphere artifacts |
| [FEDIZ-132] - Encoding Error by generated JAXB classes |
| [FEDIZ-139] - cxf-fediz plugin osgi export |
| [FEDIZ-140] - IDP caches outdated SAML Tokens |
| [FEDIZ-142] - TrustedIdpSAMLProtocolHandler.REQUIRE_KEYINFO does not work |
| [FEDIZ-146] - wtrealm should not be mandatory for 3rd party signin response |
| [FEDIZ-147] - IDP will be listed in HomeRealm Selection view, even if it should not be used directly |
| [FEDIZ-151] - Session Conflict with Cookies |
| [FEDIZ-156] - SAMLRequest ID must not start with a Number |
| [FEDIZ-157] - SAMLResponse Handler uses URL instead of Realm name for issuer validation |
| |
| Improvement |
| |
| [FEDIZ-113] - Support SAML SSO Metadata in the IdP |
| [FEDIZ-119] - Customizable Login-Page |
| [FEDIZ-120] - IDP Encoding of SignInResponse configurable |
| [FEDIZ-121] - Upgrade to Spring 4 |
| [FEDIZ-122] - Replace Apache bval with Hibernate |
| [FEDIZ-123] - Update certificates to 2048 bits |
| [FEDIZ-130] - Add a Jetty 9 plugin |
| [FEDIZ-131] - Add JAXRS based demos |
| [FEDIZ-133] - Improve logout page customizability |
| [FEDIZ-135] - CXF plugin should let the initial successful sign in request proceed |
| [FEDIZ-141] - POST Binding for SAML SSO Remote IDP |
| [FEDIZ-145] - Swagger REST API Support |
| [FEDIZ-152] - Disable URL rewrites with SessionID to avoid session hijacking |
| [FEDIZ-154] - Example 'simpleWebapp' needs proper configuration of the FederationEntryPoint in IDP realm-b |
| [FEDIZ-159] - whr propagation can be disabled |
| |
| New Feature |
| |
| [FEDIZ-126] - Systests for websphere plugin |
| [FEDIZ-127] - Webshere example application doesn't fit to systemtests and is not buildable as ear file |
| [FEDIZ-143] - Home Realm Discovery based on OIDC login_hint |
| [FEDIZ-144] - HomeRealm Discovery Service based on Spring EL |
| [FEDIZ-153] - Support OpenId Connect bridging in the Fediz IdP |
| |
| Question |
| |
| [FEDIZ-124] - Fediz-plugin for Tomcat 8 |
| |
| Task |
| |
| [FEDIZ-114] - Remove X509TokenValidator and DefaultSubjectProvider in the STS |
| |
| |
| Release Notes - CXF-Fediz - Version 1.2.2 |
| |
| Sub-task |
| |
| [FEDIZ-106] - Spring plugin support for configurable token validation |
| [FEDIZ-107] - CXF plugin support for configurable token validation |
| [FEDIZ-108] - Jetty plugin support for configurable token validation |
| [FEDIZ-110] - Update Plugin Configuration Documentation |
| |
| Bug |
| |
| [FEDIZ-117] - Race condition in CXF plugin related to request restoration after redirect |
| [FEDIZ-125] - Logout is not working in Fediz websphere plugin and cookie name is not configurable |
| [FEDIZ-128] - Parent POM dependencies wrong in Websphere artifacts |
| [FEDIZ-129] - Default values in the schema are not actually used |
| [FEDIZ-139] - cxf-fediz plugin osgi export |
| [FEDIZ-140] - IDP caches outdated SAML Tokens |
| [FEDIZ-142] - TrustedIdpSAMLProtocolHandler.REQUIRE_KEYINFO does not work |
| [FEDIZ-146] - wtrealm should not be mandatory for 3rd party signin response |
| [FEDIZ-147] - IDP will be listed in HomeRealm Selection view, even if it should not be used directly |
| [FEDIZ-151] - Session Conflict with Cookies |
| |
| Improvement |
| |
| [FEDIZ-104] - Configurable (fediz_config.xml) token expiration validation |
| [FEDIZ-152] - Disable URL rewrites with SessionID to avoid session hijacking |
| |
| New Feature |
| |
| [FEDIZ-126] - Systests for websphere plugin |
| [FEDIZ-127] - Webshere example application doesn't fit to systemtests and is not buildable as ear file |
| [FEDIZ-144] - HomeRealm Discovery Service based on Spring EL |
| |
| Release Notes - CXF-Fediz - Version 1.2.1 |
| |
| Bug |
| |
| [FEDIZ-118] - Allow securing root context applications |
| |
| Improvement |
| |
| [FEDIZ-113] - Support SAML SSO Metadata in the IdP |
| [FEDIZ-120] - IDP Encoding of SignInResponse configurable |
| [FEDIZ-123] - Update certificates to 2048 bits |
| |
| Task |
| |
| [FEDIZ-114] - Remove X509TokenValidator and DefaultSubjectProvider in the STS |
| |
| |
| Release Notes - CXF-Fediz - Version 1.2.0 |
| |
| Sub-task |
| |
| [FEDIZ-105] - Websphere plugin support for configurable token validation |
| [FEDIZ-109] - Tomcat plugin support for configurable token validation |
| |
| Bug |
| |
| [FEDIZ-70] - Missing support for Web Services Policy 1.2 (http://schemas.xmlsoap.org/ws/2004/09/policy) |
| [FEDIZ-83] - wfreshparser incorrectly treats a freshness of 0 as negative |
| [FEDIZ-88] - wreply parameter must be optional |
| [FEDIZ-96] - Nullpointer exception if logout is called before login |
| [FEDIZ-97] - Plugin configuration property naming conflict with WebSphere 8.5 |
| [FEDIZ-99] - Wrong Address in PassiveRequestorEndpoint for ApplicationServiceType |
| [FEDIZ-100] - Wrong Value in EndpointReference for ApplicationServiceType |
| [FEDIZ-111] - NPE when ChainTrust is configured + no Subject is provided |
| [FEDIZ-112] - Race condition in tomcat plugin related to request restoration after redirect |
| |
| Improvement |
| |
| [FEDIZ-23] - Support different authentication mechanism |
| [FEDIZ-69] - Support starting IDP with jetty maven plugin |
| [FEDIZ-71] - Enable use of Apache CXF Fediz IDP with external third-party WS-Trust STS |
| [FEDIZ-72] - Make Trusted IDP protocol customizable |
| [FEDIZ-78] - Provide a configurable mechanism to load the DB initially |
| [FEDIZ-79] - Encoding of SignInResponse configurable |
| [FEDIZ-84] - Support wreq parameter in SP/IdP |
| [FEDIZ-93] - Provide correct fediz_config.xml to match with fedizhelloworld demo |
| [FEDIZ-94] - Provide correct fediz_config.xml to match with fedizhelloworld demo |
| [FEDIZ-95] - Moving Spring-Security configuration to central location |
| [FEDIZ-98] - Dynamic STS Realm Parser |
| [FEDIZ-101] - audienceUris as TargetScope in MetadataDocument |
| [FEDIZ-102] - Direct Logout at IDP with wsignoutcleanup1.0 action |
| |
| New Feature |
| |
| [FEDIZ-19] - Single Sign Out |
| [FEDIZ-27] - Support signout/cleanup message in Fediz plugin |
| [FEDIZ-46] - WS-FederationSupport for CXF JAX-RS |
| [FEDIZ-53] - Browser can pass the home realm to the Fediz plugin |
| [FEDIZ-65] - REST interface for IDP |
| [FEDIZ-73] - Support SAML-P protocol for Trusted IDP |
| [FEDIZ-77] - RBAC Support for REST Interface |
| [FEDIZ-89] - Kerberos/SPNEGO Authentication Support |
| [FEDIZ-90] - Identity Federation via Claim Mappings |
| |
| Task |
| |
| [FEDIZ-86] - Add support for Metadata to other plugins |
| |
| |
| Release Notes - CXF-Fediz - Version 1.1.2 |
| |
| Bug |
| |
| [FEDIZ-88] - wreply parameter must be optional |
| |
| New Feature |
| |
| [FEDIZ-89] - Kerberos/SPNEGO Authentication Support |
| [FEDIZ-90] - Identity Federation via Claim Mappings |
| |
| |
| Release Notes - CXF-Fediz - Version 1.1.1 |
| |
| Bug |
| |
| [FEDIZ-70] - Missing support for Web Services Policy 1.2 (http://schemas.xmlsoap.org/ws/2004/09/policy) |
| [FEDIZ-83] - wfreshparser incorrectly treats a freshness of 0 as negative |
| |
| Improvement |
| |
| [FEDIZ-79] - Encoding of SignInResponse configurable |
| [FEDIZ-84] - Support wreq parameter in SP/IdP |
| |
| |
| |
| Release Notes - CXF-Fediz - Version 1.1.0 |
| |
| New Feature |
| |
| [FEDIZ-2] - Support encrypted tokens in plugin |
| [FEDIZ-3] - Support the role "Resource IDP" in IDP |
| [FEDIZ-4] - Support SAML token with Holder-Of-Key SubjectConfirmationMethod |
| [FEDIZ-5] - Provide adapter for Jetty |
| [FEDIZ-9] - Provide plugin for CXF |
| [FEDIZ-36] - Http Form Based Login |
| [FEDIZ-38] - Integrate Fediz Plugin with Spring Security framework (Pre-Authentication) |
| [FEDIZ-39] - Spring Security Federation Authenticator |
| [FEDIZ-52] - Support wauth parameter in initial request to RP |
| [FEDIZ-53] - Browser can pass the home realm to the Fediz plugin |
| [FEDIZ-58] - Support LDAP groups for Maven profile ldap |
| [FEDIZ-59] - Support audit log in STS |
| [FEDIZ-61] - Support for Websphere WAS 7 / 8 |
| [FEDIZ-62] - Customize SignIn Query |
| [FEDIZ-63] - Support PEM format for certificate store |
| |
| Bug |
| |
| [FEDIZ-40] - Can CXF Fediz IDP & RP work with SAML1.1 ? |
| [FEDIZ-45] - Do not convert a SAML Attribute with an empty AttributeValue into a Role |
| [FEDIZ-47] - OnBehalfOf Token does not expire in the IdP |
| [FEDIZ-49] - Support using wfresh parameter in the IdP for TTL |
| [FEDIZ-55] - Claims from LDAP can't be retrieved |
| |
| Improvement |
| |
| [FEDIZ-14] - Make the TokenReplayCache implementation configurable in the Fediz configuration |
| [FEDIZ-31] - Fix example package structure |
| [FEDIZ-37] - Dynamically assign ports for unit testing to avoid port conflict |
| [FEDIZ-41] - Fediz IDP refactored with Spring Web Flow |
| [FEDIZ-43] - No dependency on TCP port of IDP container in fedizidp.war |
| [FEDIZ-44] - Rename IDP + STS wars to use hypens (fediz-idp + fediz-idp-sts) and update documentation |
| [FEDIZ-48] - Support wfresh properly in the IdP |
| [FEDIZ-54] - Provide Maven profile to build STS with LDAP backend |
| [FEDIZ-64] - Add Callback support for the Realm (WTRealm) protocol property |
| [FEDIZ-66] - Token expiration validation configurable |
| [FEDIZ-67] - Use same Canonicalization Method for Signatures for Metadata document as for SAML tokens |
| |
| Wish |
| |
| [FEDIZ-15] - Support the publish of the WS-Federation Metadata document |
| [FEDIZ-35] - Allow to use a custom CXF bus for IdpSTSClient |
| |
| |
| |
| |
| Release Notes - CXF-Fediz - Version 1.0.3 |
| |
| Bug |
| |
| [FEDIZ-40] - Can CXF Fediz IDP & RP work with SAML1.1 ? |
| [FEDIZ-45] - Do not convert a SAML Attribute with an empty AttributeValue into a Role |
| [FEDIZ-49] - Support using wfresh parameter in the IdP for TTL |
| |
| Improvement |
| |
| [FEDIZ-14] - Make the TokenReplayCache implementation configurable in the Fediz configuration |
| [FEDIZ-31] - Fix example package structure |
| [FEDIZ-44] - Rename IDP + STS wars to use hypens (fediz-idp + fediz-idp-sts) and update documentation |
| [FEDIZ-48] - Support wfresh properly in the IdP |
| |
| Task |
| |
| [FEDIZ-42] - Upgrade to use CXF 2.6.6 |
| |
| Wish |
| |
| [FEDIZ-35] - Allow to use a custom CXF bus for IdpSTSClient |
| |
| Release Notes - CXF-Fediz - Version 1.0.2 |
| |
| ** Bug |
| * [FEDIZ-26] - SAMLTokenValidator throws a NPE when an Attribute of the Assertion does not have a NameFormat |
| |
| ** Improvement |
| * [FEDIZ-18] - Make supported claims configurable in FileClaimsHandler |
| * [FEDIZ-20] - IDP should maintain authentication state |
| * [FEDIZ-17] - Current Fediz STS exposes SOAP 1.1 end point |
| * [FEDIZ-25] - Look for fediz_config.xml in catalina base too |
| |
| ** New Feature |
| * [FEDIZ-30] - Relying Party can enforce re-authentication using wfresh parameter |
| * [FEDIZ-28] - Logout capability in IDP |
| |
| ** Task |
| * [FEDIZ-29] - Migrate to CXF 2.6.3 |
| |
| ** Test |
| |
| |
| Release Notes - CXF-Fediz - Version 1.0.1 |
| |
| ** Bug |
| * [FEDIZ-24] - maximumClockSkew is not optional |
| |
| ** Improvement |
| * [FEDIZ-22] - Improved support for other claims encoding in SAML attributes |
| |
| ** New Feature |
| |
| ** Task |
| |
| ** Test |
| |
| |