| Apache CXF Fediz 1.1.0 Release Notes |
| ------------------------------------ |
| |
| 1. Overview |
| |
| The 1.1.x versions of Apache CXF Fediz provide the following features: |
| |
| * WS-Federation 1.0/1.1/1.2 |
| * SAML 1.1/2.0 Tokens |
| * Custom token support |
| * Publish WS-Federation Metadata document for RP and IDP |
| * Role information encoded as AttributeStatement in SAML 1.1/2.0 tokens |
| * Claims information provided by FederationPrincipal interface |
| * Fediz IDP supports Resource and Requestor IDP role, Home Realm Discovery Service, ... |
| * Support for Jetty, Tomcat, Websphere and Spring Security 2.0/3.1 |
| |
| |
| 2. Installation Prerequisites |
| |
| Before installing Apache CXF Fediz, make sure the following products, |
| with the specified versions, are installed on your system: |
| |
| * Java 6 or 7 Development Kit |
| * Apache Maven 3.x to build the samples |
| |
| 3. Installation Procedures |
| |
| Follow the Getting Started instructions at |
| http://cxf.apache.org/fediz.html#Fediz-Gettingstarted for information |
| on installing the Fediz IDP and IDP STS. |
| |
| 4. Building the Samples |
| |
| Building the samples included in the binary distribution is easy. Change to |
| the examples directory and follow the build instructions in the README.txt file |
| included with each sample. |
| |
| 5. Replacing provided keystores |
| |
| The sample keystores provided are fine for development and prototyping use |
| but make sure to replace them for any production use, see |
| see examples/samplekeys/HowToGenerateKeysREADME.html for key generation |
| information. |
| |
| 6. Reporting Problems |
| |
| If you have any problems or want to send feedback of any kind, please e-mail the |
| CXF user list, users@cxf.apache.org. You can also file issues in JIRA at: |
| |
| http://issues.apache.org/jira/browse/FEDIZ |
| |
| |
| 7. Migration notes: |
| |
| N.A. |
| |
| |
| 8. Specific issues, features, and improvements fixed in this version |
| |
| Release Notes - CXF-Fediz - Version 1.1.1 |
| |
| Bug |
| |
| [FEDIZ-70] - Missing support for Web Services Policy 1.2 (http://schemas.xmlsoap.org/ws/2004/09/policy) |
| [FEDIZ-83] - wfreshparser incorrectly treats a freshness of 0 as negative |
| |
| Improvement |
| |
| [FEDIZ-79] - Encoding of SignInResponse configurable |
| [FEDIZ-84] - Support wreq parameter in SP/IdP |
| |
| |
| |
| Release Notes - CXF-Fediz - Version 1.1.0 |
| |
| New Feature |
| |
| [FEDIZ-2] - Support encrypted tokens in plugin |
| [FEDIZ-3] - Support the role "Resource IDP" in IDP |
| [FEDIZ-4] - Support SAML token with Holder-Of-Key SubjectConfirmationMethod |
| [FEDIZ-5] - Provide adapter for Jetty |
| [FEDIZ-9] - Provide plugin for CXF |
| [FEDIZ-36] - Http Form Based Login |
| [FEDIZ-38] - Integrate Fediz Plugin with Spring Security framework (Pre-Authentication) |
| [FEDIZ-39] - Spring Security Federation Authenticator |
| [FEDIZ-52] - Support wauth parameter in initial request to RP |
| [FEDIZ-53] - Browser can pass the home realm to the Fediz plugin |
| [FEDIZ-58] - Support LDAP groups for Maven profile ldap |
| [FEDIZ-59] - Support audit log in STS |
| [FEDIZ-61] - Support for Websphere WAS 7 / 8 |
| [FEDIZ-62] - Customize SignIn Query |
| [FEDIZ-63] - Support PEM format for certificate store |
| |
| Bug |
| |
| [FEDIZ-40] - Can CXF Fediz IDP & RP work with SAML1.1 ? |
| [FEDIZ-45] - Do not convert a SAML Attribute with an empty AttributeValue into a Role |
| [FEDIZ-47] - OnBehalfOf Token does not expire in the IdP |
| [FEDIZ-49] - Support using wfresh parameter in the IdP for TTL |
| [FEDIZ-55] - Claims from LDAP can't be retrieved |
| |
| Improvement |
| |
| [FEDIZ-14] - Make the TokenReplayCache implementation configurable in the Fediz configuration |
| [FEDIZ-31] - Fix example package structure |
| [FEDIZ-37] - Dynamically assign ports for unit testing to avoid port conflict |
| [FEDIZ-41] - Fediz IDP refactored with Spring Web Flow |
| [FEDIZ-43] - No dependency on TCP port of IDP container in fedizidp.war |
| [FEDIZ-44] - Rename IDP + STS wars to use hypens (fediz-idp + fediz-idp-sts) and update documentation |
| [FEDIZ-48] - Support wfresh properly in the IdP |
| [FEDIZ-54] - Provide Maven profile to build STS with LDAP backend |
| [FEDIZ-64] - Add Callback support for the Realm (WTRealm) protocol property |
| [FEDIZ-66] - Token expiration validation configurable |
| [FEDIZ-67] - Use same Canonicalization Method for Signatures for Metadata document as for SAML tokens |
| |
| Wish |
| |
| [FEDIZ-15] - Support the publish of the WS-Federation Metadata document |
| [FEDIZ-35] - Allow to use a custom CXF bus for IdpSTSClient |
| |
| |
| |
| |
| Release Notes - CXF-Fediz - Version 1.0.3 |
| |
| Bug |
| |
| [FEDIZ-40] - Can CXF Fediz IDP & RP work with SAML1.1 ? |
| [FEDIZ-45] - Do not convert a SAML Attribute with an empty AttributeValue into a Role |
| [FEDIZ-49] - Support using wfresh parameter in the IdP for TTL |
| |
| Improvement |
| |
| [FEDIZ-14] - Make the TokenReplayCache implementation configurable in the Fediz configuration |
| [FEDIZ-31] - Fix example package structure |
| [FEDIZ-44] - Rename IDP + STS wars to use hypens (fediz-idp + fediz-idp-sts) and update documentation |
| [FEDIZ-48] - Support wfresh properly in the IdP |
| |
| Task |
| |
| [FEDIZ-42] - Upgrade to use CXF 2.6.6 |
| |
| Wish |
| |
| [FEDIZ-35] - Allow to use a custom CXF bus for IdpSTSClient |
| |
| Release Notes - CXF-Fediz - Version 1.0.2 |
| |
| ** Bug |
| * [FEDIZ-26] - SAMLTokenValidator throws a NPE when an Attribute of the Assertion does not have a NameFormat |
| |
| ** Improvement |
| * [FEDIZ-18] - Make supported claims configurable in FileClaimsHandler |
| * [FEDIZ-20] - IDP should maintain authentication state |
| * [FEDIZ-17] - Current Fediz STS exposes SOAP 1.1 end point |
| * [FEDIZ-25] - Look for fediz_config.xml in catalina base too |
| |
| ** New Feature |
| * [FEDIZ-30] - Relying Party can enforce re-authentication using wfresh parameter |
| * [FEDIZ-28] - Logout capability in IDP |
| |
| ** Task |
| * [FEDIZ-29] - Migrate to CXF 2.6.3 |
| |
| ** Test |
| |
| |
| Release Notes - CXF-Fediz - Version 1.0.1 |
| |
| ** Bug |
| * [FEDIZ-24] - maximumClockSkew is not optional |
| |
| ** Improvement |
| * [FEDIZ-22] - Improved support for other claims encoding in SAML attributes |
| |
| ** New Feature |
| |
| ** Task |
| |
| ** Test |
| |
| |