Google Git
Sign in
apache / cxf-fediz / fediz-1.1.1 / . / release_notes.txt
blob: a359d2b0d57d38f7e37a2a42e863953de83f9bc5 [file] [log] [blame]
Apache CXF Fediz 1.1.0 Release Notes
------------------------------------
1. Overview
The 1.1.x versions of Apache CXF Fediz provide the following features:
* WS-Federation 1.0/1.1/1.2
* SAML 1.1/2.0 Tokens
* Custom token support
* Publish WS-Federation Metadata document for RP and IDP
* Role information encoded as AttributeStatement in SAML 1.1/2.0 tokens
* Claims information provided by FederationPrincipal interface
* Fediz IDP supports Resource and Requestor IDP role, Home Realm Discovery Service, ...
* Support for Jetty, Tomcat, Websphere and Spring Security 2.0/3.1
2. Installation Prerequisites
Before installing Apache CXF Fediz, make sure the following products,
with the specified versions, are installed on your system:
* Java 6 or 7 Development Kit
* Apache Maven 3.x to build the samples
3. Installation Procedures
Follow the Getting Started instructions at
http://cxf.apache.org/fediz.html#Fediz-Gettingstarted for information
on installing the Fediz IDP and IDP STS.
4. Building the Samples
Building the samples included in the binary distribution is easy. Change to
the examples directory and follow the build instructions in the README.txt file
included with each sample.
5. Replacing provided keystores
The sample keystores provided are fine for development and prototyping use
but make sure to replace them for any production use, see
see examples/samplekeys/HowToGenerateKeysREADME.html for key generation
information.
6. Reporting Problems
If you have any problems or want to send feedback of any kind, please e-mail the
CXF user list, users@cxf.apache.org. You can also file issues in JIRA at:
http://issues.apache.org/jira/browse/FEDIZ
7. Migration notes:
N.A.
8. Specific issues, features, and improvements fixed in this version
Release Notes - CXF-Fediz - Version 1.1.1
Bug
[FEDIZ-70] - Missing support for Web Services Policy 1.2 (http://schemas.xmlsoap.org/ws/2004/09/policy)
[FEDIZ-83] - wfreshparser incorrectly treats a freshness of 0 as negative
Improvement
[FEDIZ-79] - Encoding of SignInResponse configurable
[FEDIZ-84] - Support wreq parameter in SP/IdP
Release Notes - CXF-Fediz - Version 1.1.0
New Feature
[FEDIZ-2] - Support encrypted tokens in plugin
[FEDIZ-3] - Support the role "Resource IDP" in IDP
[FEDIZ-4] - Support SAML token with Holder-Of-Key SubjectConfirmationMethod
[FEDIZ-5] - Provide adapter for Jetty
[FEDIZ-9] - Provide plugin for CXF
[FEDIZ-36] - Http Form Based Login
[FEDIZ-38] - Integrate Fediz Plugin with Spring Security framework (Pre-Authentication)
[FEDIZ-39] - Spring Security Federation Authenticator
[FEDIZ-52] - Support wauth parameter in initial request to RP
[FEDIZ-53] - Browser can pass the home realm to the Fediz plugin
[FEDIZ-58] - Support LDAP groups for Maven profile ldap
[FEDIZ-59] - Support audit log in STS
[FEDIZ-61] - Support for Websphere WAS 7 / 8
[FEDIZ-62] - Customize SignIn Query
[FEDIZ-63] - Support PEM format for certificate store
Bug
[FEDIZ-40] - Can CXF Fediz IDP & RP work with SAML1.1 ?
[FEDIZ-45] - Do not convert a SAML Attribute with an empty AttributeValue into a Role
[FEDIZ-47] - OnBehalfOf Token does not expire in the IdP
[FEDIZ-49] - Support using wfresh parameter in the IdP for TTL
[FEDIZ-55] - Claims from LDAP can't be retrieved
Improvement
[FEDIZ-14] - Make the TokenReplayCache implementation configurable in the Fediz configuration
[FEDIZ-31] - Fix example package structure
[FEDIZ-37] - Dynamically assign ports for unit testing to avoid port conflict
[FEDIZ-41] - Fediz IDP refactored with Spring Web Flow
[FEDIZ-43] - No dependency on TCP port of IDP container in fedizidp.war
[FEDIZ-44] - Rename IDP + STS wars to use hypens (fediz-idp + fediz-idp-sts) and update documentation
[FEDIZ-48] - Support wfresh properly in the IdP
[FEDIZ-54] - Provide Maven profile to build STS with LDAP backend
[FEDIZ-64] - Add Callback support for the Realm (WTRealm) protocol property
[FEDIZ-66] - Token expiration validation configurable
[FEDIZ-67] - Use same Canonicalization Method for Signatures for Metadata document as for SAML tokens
Wish
[FEDIZ-15] - Support the publish of the WS-Federation Metadata document
[FEDIZ-35] - Allow to use a custom CXF bus for IdpSTSClient
Release Notes - CXF-Fediz - Version 1.0.3
Bug
[FEDIZ-40] - Can CXF Fediz IDP & RP work with SAML1.1 ?
[FEDIZ-45] - Do not convert a SAML Attribute with an empty AttributeValue into a Role
[FEDIZ-49] - Support using wfresh parameter in the IdP for TTL
Improvement
[FEDIZ-14] - Make the TokenReplayCache implementation configurable in the Fediz configuration
[FEDIZ-31] - Fix example package structure
[FEDIZ-44] - Rename IDP + STS wars to use hypens (fediz-idp + fediz-idp-sts) and update documentation
[FEDIZ-48] - Support wfresh properly in the IdP
Task
[FEDIZ-42] - Upgrade to use CXF 2.6.6
Wish
[FEDIZ-35] - Allow to use a custom CXF bus for IdpSTSClient
Release Notes - CXF-Fediz - Version 1.0.2
** Bug
* [FEDIZ-26] - SAMLTokenValidator throws a NPE when an Attribute of the Assertion does not have a NameFormat
** Improvement
* [FEDIZ-18] - Make supported claims configurable in FileClaimsHandler
* [FEDIZ-20] - IDP should maintain authentication state
* [FEDIZ-17] - Current Fediz STS exposes SOAP 1.1 end point
* [FEDIZ-25] - Look for fediz_config.xml in catalina base too
** New Feature
* [FEDIZ-30] - Relying Party can enforce re-authentication using wfresh parameter
* [FEDIZ-28] - Logout capability in IDP
** Task
* [FEDIZ-29] - Migrate to CXF 2.6.3
** Test
Release Notes - CXF-Fediz - Version 1.0.1
** Bug
* [FEDIZ-24] - maximumClockSkew is not optional
** Improvement
* [FEDIZ-22] - Improved support for other claims encoding in SAML attributes
** New Feature
** Task
** Test