content/fediz-extensions.html - cxf-site - Git at Google


 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--

     Licensed to the Apache Software Foundation (ASF) under one or more
     contributor license agreements.  See the NOTICE file distributed with
     this work for additional information regarding copyright ownership.
     The ASF licenses this file to You under the Apache License, Version 2.0
     (the "License"); you may not use this file except in compliance with
     the License.  You may obtain a copy of the License at

        http://www.apache.org/licenses/LICENSE-2.0

     Unless required by applicable law or agreed to in writing, software
     distributed under the License is distributed on an "AS IS" BASIS,
     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     See the License for the specific language governing permissions and
     limitations under the License.
 -->
 <html>
   <head>

 <link type="text/css" rel="stylesheet" href="/resources/site.css">
 <script src='/resources/space.js'></script>

 <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
 <meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
 <meta name="description" content="Apache CXF, Services Framework - Fediz Extensions">


 <link type="text/css" rel="stylesheet" href="/resources/highlighter/styles/shCoreCXF.css">
 <link type="text/css" rel="stylesheet" href="/resources/highlighter/styles/shThemeCXF.css">

 <script src='/resources/highlighter/scripts/shCore.js'></script>
 <script src='/resources/highlighter/scripts/shBrushBash.js'></script>
 <script src='/resources/highlighter/scripts/shBrushJava.js'></script>
 <script>
   SyntaxHighlighter.defaults['toolbar'] = false;
   SyntaxHighlighter.all();
 </script>


     <title>
 Apache CXF -- Fediz Extensions
     </title>
   </head>
 <body onload="init()">


 <table width="100%" cellpadding="0" cellspacing="0">
   <tr>
     <td id="cell-0-0" colspan="2">&nbsp;</td>
     <td id="cell-0-1">&nbsp;</td>
     <td id="cell-0-2" colspan="2">&nbsp;</td>
   </tr>
   <tr>
     <td id="cell-1-0">&nbsp;</td>
     <td id="cell-1-1">&nbsp;</td>
     <td id="cell-1-2">
       <!-- Banner -->
 <div class="banner" id="banner"><div><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
 <a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
 </td><td align="right" colspan="1" nowrap>
 <a shape="rect" href="http://www.apache.org/" title="The Apache Software Foundation"><img width="214px" height="88" border="0" alt="ASF Logo" src="https://apache.org/img/asf_logo.png"></a>
 </td></tr></table></div></div>
       <!-- Banner -->
       <div id="top-menu">
         <table border="0" cellpadding="1" cellspacing="0" width="100%">
           <tr>
             <td>
               <div align="left">
                 <!-- Breadcrumbs -->
 <a href="index.html">Index</a>&nbsp;&gt;&nbsp;<a href="fediz.html">Fediz</a>&nbsp;&gt;&nbsp;<a href="fediz-extensions.html">Fediz Extensions</a>
                 <!-- Breadcrumbs -->
               </div>
             </td>
             <td>
               <div align="right">
                 <!-- Quicklinks -->
 <div id="quicklinks"><p><a shape="rect" href="download.html">Download</a> | <a shape="rect" href="http://cxf.apache.org/docs/index.html">Documentation</a></p></div>
                 <!-- Quicklinks -->
               </div>
             </td>
           </tr>
         </table>
       </div>
     </td>
     <td id="cell-1-3">&nbsp;</td>
     <td id="cell-1-4">&nbsp;</td>
   </tr>
   <tr>
     <td id="cell-2-0" colspan="2">&nbsp;</td>
     <td id="cell-2-1">
       <table>
         <tr valign="top">
           <td height="100%">
             <div id="wrapper-menu-page-right">
               <div id="wrapper-menu-page-top">
                 <div id="wrapper-menu-page-bottom">
                   <div id="menu-page">
                     <!-- NavigationBar -->
 <div id="navigation"><h3 id="Navigation-ApacheCXF"><a shape="rect" href="index.html">Apache CXF</a></h3><ul class="alternate"><li><a shape="rect" href="index.html">Home</a></li><li><a shape="rect" href="download.html">Download</a></li><li><a shape="rect" href="people.html">People</a></li><li><a shape="rect" href="project-status.html">Project Status</a></li><li><a shape="rect" href="roadmap.html">Roadmap</a></li><li><a shape="rect" href="mailing-lists.html">Mailing Lists</a></li><li><a shape="rect" class="external-link" href="http://issues.apache.org/jira/browse/CXF">Issue Reporting</a></li><li><a shape="rect" href="special-thanks.html">Special Thanks</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/licenses/">License</a></li><li><a shape="rect" href="security-advisories.html">Security Advisories</a></li></ul><h3 id="Navigation-Users">Users</h3><ul class="alternate"><li><a shape="rect" href="http://cxf.apache.org/docs/index.html">User's Guide</a></li><li><a shape="rect" href="support.html">Support</a></li><li><a shape="rect" href="faq.html">FAQ</a></li><li><a shape="rect" href="resources-and-articles.html">Resources and Articles</a></li></ul><h3 id="Navigation-Search">Search</h3><form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse"><div> <input type="hidden" name="cx" value="002890367768291051730:o99qiwa09y4"> <input type="hidden" name="ie" value="UTF-8"> <input type="text" name="q" size="21"> <input type="submit" name="sa" value="Search"> </div> </form> <script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en"></script> <h3 id="Navigation-Developers">Developers</h3><ul class="alternate"><li><a shape="rect" href="http://cxf.apache.org/docs/cxf-architecture.html">Architecture Guide</a></li><li><a shape="rect" href="source-repository.html">Source Repository</a></li><li><a shape="rect" href="building.html">Building</a></li><li><a shape="rect" href="automated-builds.html">Automated Builds</a></li><li><a shape="rect" href="testing-debugging.html">Testing-Debugging</a></li><li><a shape="rect" href="coding-guidelines.html">Coding Guidelines</a></li><li><a shape="rect" href="getting-involved.html">Getting Involved</a></li><li><a shape="rect" href="release-management.html">Release Management</a></li></ul><h3 id="Navigation-Subprojects">Subprojects</h3><ul class="alternate"><li><a shape="rect" href="distributed-osgi.html">Distributed OSGi</a></li><li><a shape="rect" href="xjc-utils.html">XJC Utils</a></li><li><a shape="rect" href="build-utils.html">Build Utils</a></li><li><a shape="rect" href="fediz.html">Fediz</a></li></ul><h3 id="Navigation-ASF"><a shape="rect" class="external-link" href="http://www.apache.org">ASF</a></h3><ul class="alternate"><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/how-it-works.html">How Apache Works</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/">Foundation</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/sponsorship.html">Sponsor Apache</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/thanks.html">Thanks</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/security/">Security</a></li></ul><p>&#160;</p><p><a shape="rect" class="external-link" href="http://www.apache.org/events/current-event.html"><span class="confluence-embedded-file-wrapper"><img class="confluence-embedded-image confluence-external-resource" src="http://www.apache.org/events/current-event-125x125.png" data-image-src="http://www.apache.org/events/current-event-125x125.png"></span></a></p></div>
                     <!-- NavigationBar -->
                   </div>
               </div>
             </div>
           </div>
          </td>
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><h1 id="FedizExtensions-FedizExtensions">Fediz Extensions</h1><p>This page describes the extension points in Fediz to enrich its functionality further.</p><h3 id="FedizExtensions-CallbackHandler">Callback Handler</h3><p>The Sign-In request to the IDP contains several parameters to customize the sign in process. Some parameters are configured statically in the <a shape="rect" href="fediz-configuration.html">Fediz configuration file</a>, some others can be resolved at runtime when the initial request is received by the Fediz plugin.</p><p><strong>Configuration values common to both WS-Federation and SAML SSO</strong></p><p>The following table gives an overview of the parameters which can be resolved at runtime for either the WS-Federation or SAML SSO protocols. </p><div class="table-wrap"><table class="confluenceTable"><colgroup span="1"><col span="1"><col span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>XML element</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Callback class</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>issuer</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>IDPCallback</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">logoutRedirectToConstraint</td><td colspan="1" rowspan="1" class="confluenceTd">ReplyConstraintCallback</td></tr></tbody></table></div><p><strong><br clear="none"></strong></p><p><strong>WS-Federation</strong></p><p>The following table gives an overview of the parameters which can be resolved at runtime for the WS-Federation protocol. It contains the XML element name of the Fediz configuration file, the query parameter name of the sign-in request to the IDP as well as the Callback class.</p><div class="table-wrap"><table class="confluenceTable"><colgroup span="1"><col span="1"><col span="1"><col span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>XML element</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Query parameter</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Callback class</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>authenticationType</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>wauth</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>WAuthCallback</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>homeRealm</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>whr</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>HomeRealmCallback</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>freshness</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>wfresh</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>FreshnessCallback</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>realm</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>wtrealm</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>RealmCallback</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>signInQuery</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>any</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>SignInQueryCallback</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">signOutQuery</td><td colspan="1" rowspan="1" class="confluenceTd">any</td><td colspan="1" rowspan="1" class="confluenceTd">SignOutQueryCallback</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">request</td><td colspan="1" rowspan="1" class="confluenceTd">wreq</td><td colspan="1" rowspan="1" class="confluenceTd">WReqCallback</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">reply</td><td colspan="1" rowspan="1" class="confluenceTd">wreply</td><td colspan="1" rowspan="1" class="confluenceTd">ReplyCallback</td></tr></tbody></table></div><p>If you configure a class which implements the interface <code>javax.security.auth.callback.CallbackHandler</code> you get the corresponding Callback object where you must set the value which is then added to the query parameter. The Callback object provides the <code>HttpServletRequest</code> object which might give you the required information to resolve the value.</p><p>Here is a snippet of the configuration to configure a CallbackHandler:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default">...
         &lt;protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="federationProtocolType" version="1.2"&gt;
             ...
             &lt;homeRealm type="Class" value="MyCallbackHandler " /&gt;
             ...
         &lt;/protocol&gt;
 ...
 </pre>
 </div></div><p>And a sample implementation of the CallbackHandler:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default">public class MyCallbackHandler implements CallbackHandler {

     public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
         for (int i = 0; i &lt; callbacks.length; i++) {
             if (callbacks[i] instanceof HomeRealmCallback) {
                 HomeRealmCallback callback = (HomeRealmCallback) callbacks[i];
                 HttpServletRequest request = callback.getRequest();
                 String homeRealm = ...
                 callback.setHomeRealm(homeRealm);
             } else {
                 throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
             }
         }
     }
 }
 </pre>
 </div></div><h3 id="FedizExtensions-CustomTokenValidator">Custom Token Validator</h3><p>It is possible to plug in a custom Token Validator for either protocol as well using the "tokenValidators" configuration parameter. This takes a list of Strings, each of which correspond to the class name of a <a shape="rect" class="external-link" href="https://github.com/apache/cxf-fediz/blob/master/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidator.java" rel="nofollow">TokenValidator</a> instance. For example:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default">...
         &lt;protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="federationProtocolType" version="1.2"&gt;
             ...
             &lt;tokenValidators&gt;
                 &lt;validator&gt;org.apache.cxf.fediz.core.federation.CustomValidator&lt;/validator&gt;
             &lt;/tokenValidators&gt;
             ...
         &lt;/protocol&gt;
 ...
 </pre>
 </div></div></div>
            </div>
            <!-- Content -->
          </td>
         </tr>
       </table>
    </td>
    <td id="cell-2-2" colspan="2">&nbsp;</td>
   </tr>
   <tr>
    <td id="cell-3-0">&nbsp;</td>
    <td id="cell-3-1">&nbsp;</td>
    <td id="cell-3-2">
      <div id="footer">
        <!-- Footer -->
        <div id="site-footer">
          <a href="http://cxf.apache.org/privacy-policy.html">Privacy Policy</a> -
          (<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=27848884">edit page</a>)
 	 (<a href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=27848884&amp;showComments=true&amp;showCommentArea=true#addcomment">add comment</a>)<br>
 	Apache CXF, CXF, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
         All other marks mentioned may be trademarks or registered trademarks of their respective owners.
        </div>
        <!-- Footer -->
      </div>
    </td>
    <td id="cell-3-3">&nbsp;</td>
    <td id="cell-3-4">&nbsp;</td>
   </tr>
   <tr>
     <td id="cell-4-0" colspan="2">&nbsp;</td>
     <td id="cell-4-1">&nbsp;</td>
     <td id="cell-4-2" colspan="2">&nbsp;</td>
   </tr>
 </table>

 <script type="text/javascript">
 var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
 document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
 </script>
 <script type="text/javascript">
 try {
 var pageTracker = _gat._getTracker("UA-4458903-1");
 pageTracker._trackPageview();
 } catch(err) {}</script>

 </body>
 </html>

	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
	<!--

	Licensed to the Apache Software Foundation (ASF) under one or more
	contributor license agreements. See the NOTICE file distributed with
	this work for additional information regarding copyright ownership.
	The ASF licenses this file to You under the Apache License, Version 2.0
	(the "License"); you may not use this file except in compliance with
	the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->
	<html>
	<head>

	<link type="text/css" rel="stylesheet" href="/resources/site.css">
	<script src='/resources/space.js'></script>

	<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
	<meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
	<meta name="description" content="Apache CXF, Services Framework - Fediz Extensions">


	<link type="text/css" rel="stylesheet" href="/resources/highlighter/styles/shCoreCXF.css">
	<link type="text/css" rel="stylesheet" href="/resources/highlighter/styles/shThemeCXF.css">

	<script src='/resources/highlighter/scripts/shCore.js'></script>
	<script src='/resources/highlighter/scripts/shBrushBash.js'></script>
	<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
	<script>
	SyntaxHighlighter.defaults['toolbar'] = false;
	SyntaxHighlighter.all();
	</script>


	<title>
	Apache CXF -- Fediz Extensions
	</title>
	</head>
	<body onload="init()">


	<table width="100%" cellpadding="0" cellspacing="0">
	<tr>
	<td id="cell-0-0" colspan="2"> </td>
	<td id="cell-0-1"> </td>
	<td id="cell-0-2" colspan="2"> </td>
	</tr>
	<tr>
	<td id="cell-1-0"> </td>
	<td id="cell-1-1"> </td>
	<td id="cell-1-2">
	<!-- Banner -->
	<div class="banner" id="banner"><div><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
	<a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
	</td><td align="right" colspan="1" nowrap>
	<a shape="rect" href="http://www.apache.org/" title="The Apache Software Foundation"><img width="214px" height="88" border="0" alt="ASF Logo" src="https://apache.org/img/asf_logo.png"></a>
	</td></tr></table></div></div>
	<!-- Banner -->
	<div id="top-menu">
	<table border="0" cellpadding="1" cellspacing="0" width="100%">
	<tr>
	<td>
	<div align="left">
	<!-- Breadcrumbs -->
	<a href="index.html">Index</a> > <a href="fediz.html">Fediz</a> > <a href="fediz-extensions.html">Fediz Extensions</a>
	<!-- Breadcrumbs -->
	</div>
	</td>
	<td>
	<div align="right">
	<!-- Quicklinks -->
	<div id="quicklinks"><p><a shape="rect" href="download.html">Download</a> \| <a shape="rect" href="http://cxf.apache.org/docs/index.html">Documentation</a></p></div>
	<!-- Quicklinks -->
	</div>
	</td>
	</tr>
	</table>
	</div>
	</td>
	<td id="cell-1-3"> </td>
	<td id="cell-1-4"> </td>
	</tr>
	<tr>
	<td id="cell-2-0" colspan="2"> </td>
	<td id="cell-2-1">
	<table>
	<tr valign="top">
	<td height="100%">
	<div id="wrapper-menu-page-right">
	<div id="wrapper-menu-page-top">
	<div id="wrapper-menu-page-bottom">
	<div id="menu-page">
	<!-- NavigationBar -->
	<div id="navigation"><h3 id="Navigation-ApacheCXF"><a shape="rect" href="index.html">Apache CXF</a></h3><ul class="alternate"><li><a shape="rect" href="index.html">Home</a></li><li><a shape="rect" href="download.html">Download</a></li><li><a shape="rect" href="people.html">People</a></li><li><a shape="rect" href="project-status.html">Project Status</a></li><li><a shape="rect" href="roadmap.html">Roadmap</a></li><li><a shape="rect" href="mailing-lists.html">Mailing Lists</a></li><li><a shape="rect" class="external-link" href="http://issues.apache.org/jira/browse/CXF">Issue Reporting</a></li><li><a shape="rect" href="special-thanks.html">Special Thanks</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/licenses/">License</a></li><li><a shape="rect" href="security-advisories.html">Security Advisories</a></li></ul><h3 id="Navigation-Users">Users</h3><ul class="alternate"><li><a shape="rect" href="http://cxf.apache.org/docs/index.html">User's Guide</a></li><li><a shape="rect" href="support.html">Support</a></li><li><a shape="rect" href="faq.html">FAQ</a></li><li><a shape="rect" href="resources-and-articles.html">Resources and Articles</a></li></ul><h3 id="Navigation-Search">Search</h3><form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse"><div> <input type="hidden" name="cx" value="002890367768291051730:o99qiwa09y4"> <input type="hidden" name="ie" value="UTF-8"> <input type="text" name="q" size="21"> <input type="submit" name="sa" value="Search"> </div> </form> <script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script> <h3 id="Navigation-Developers">Developers</h3><ul class="alternate"><li><a shape="rect" href="http://cxf.apache.org/docs/cxf-architecture.html">Architecture Guide</a></li><li><a shape="rect" href="source-repository.html">Source Repository</a></li><li><a shape="rect" href="building.html">Building</a></li><li><a shape="rect" href="automated-builds.html">Automated Builds</a></li><li><a shape="rect" href="testing-debugging.html">Testing-Debugging</a></li><li><a shape="rect" href="coding-guidelines.html">Coding Guidelines</a></li><li><a shape="rect" href="getting-involved.html">Getting Involved</a></li><li><a shape="rect" href="release-management.html">Release Management</a></li></ul><h3 id="Navigation-Subprojects">Subprojects</h3><ul class="alternate"><li><a shape="rect" href="distributed-osgi.html">Distributed OSGi</a></li><li><a shape="rect" href="xjc-utils.html">XJC Utils</a></li><li><a shape="rect" href="build-utils.html">Build Utils</a></li><li><a shape="rect" href="fediz.html">Fediz</a></li></ul><h3 id="Navigation-ASF"><a shape="rect" class="external-link" href="http://www.apache.org">ASF</a></h3><ul class="alternate"><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/how-it-works.html">How Apache Works</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/">Foundation</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/sponsorship.html">Sponsor Apache</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/thanks.html">Thanks</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/security/">Security</a></li></ul><p> </p><p><a shape="rect" class="external-link" href="http://www.apache.org/events/current-event.html"><span class="confluence-embedded-file-wrapper"><img class="confluence-embedded-image confluence-external-resource" src="http://www.apache.org/events/current-event-125x125.png" data-image-src="http://www.apache.org/events/current-event-125x125.png"></span></a></p></div>
	<!-- NavigationBar -->
	</div>
	</div>
	</div>
	</div>
	</td>
	<td height="100%">
	<!-- Content -->
	<div class="wiki-content">
	<div id="ConfluenceContent"><h1 id="FedizExtensions-FedizExtensions">Fediz Extensions</h1><p>This page describes the extension points in Fediz to enrich its functionality further.</p><h3 id="FedizExtensions-CallbackHandler">Callback Handler</h3><p>The Sign-In request to the IDP contains several parameters to customize the sign in process. Some parameters are configured statically in the <a shape="rect" href="fediz-configuration.html">Fediz configuration file</a>, some others can be resolved at runtime when the initial request is received by the Fediz plugin.</p><p><strong>Configuration values common to both WS-Federation and SAML SSO</strong></p><p>The following table gives an overview of the parameters which can be resolved at runtime for either the WS-Federation or SAML SSO protocols. </p><div class="table-wrap"><table class="confluenceTable"><colgroup span="1"><col span="1"><col span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>XML element</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Callback class</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>issuer</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>IDPCallback</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">logoutRedirectToConstraint</td><td colspan="1" rowspan="1" class="confluenceTd">ReplyConstraintCallback</td></tr></tbody></table></div><p><strong><br clear="none"></strong></p><p><strong>WS-Federation</strong></p><p>The following table gives an overview of the parameters which can be resolved at runtime for the WS-Federation protocol. It contains the XML element name of the Fediz configuration file, the query parameter name of the sign-in request to the IDP as well as the Callback class.</p><div class="table-wrap"><table class="confluenceTable"><colgroup span="1"><col span="1"><col span="1"><col span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>XML element</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Query parameter</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Callback class</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>authenticationType</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>wauth</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>WAuthCallback</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>homeRealm</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>whr</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>HomeRealmCallback</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>freshness</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>wfresh</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>FreshnessCallback</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>realm</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>wtrealm</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>RealmCallback</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>signInQuery</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>any</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>SignInQueryCallback</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">signOutQuery</td><td colspan="1" rowspan="1" class="confluenceTd">any</td><td colspan="1" rowspan="1" class="confluenceTd">SignOutQueryCallback</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">request</td><td colspan="1" rowspan="1" class="confluenceTd">wreq</td><td colspan="1" rowspan="1" class="confluenceTd">WReqCallback</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">reply</td><td colspan="1" rowspan="1" class="confluenceTd">wreply</td><td colspan="1" rowspan="1" class="confluenceTd">ReplyCallback</td></tr></tbody></table></div><p>If you configure a class which implements the interface <code>javax.security.auth.callback.CallbackHandler</code> you get the corresponding Callback object where you must set the value which is then added to the query parameter. The Callback object provides the <code>HttpServletRequest</code> object which might give you the required information to resolve the value.</p><p>Here is a snippet of the configuration to configure a CallbackHandler:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
	<pre class="brush: java; gutter: false; theme: Default">...
	<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="federationProtocolType" version="1.2">
	...
	<homeRealm type="Class" value="MyCallbackHandler " />
	...
	</protocol>
	...
	</pre>
	</div></div><p>And a sample implementation of the CallbackHandler:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
	<pre class="brush: java; gutter: false; theme: Default">public class MyCallbackHandler implements CallbackHandler {

	public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
	for (int i = 0; i < callbacks.length; i++) {
	if (callbacks[i] instanceof HomeRealmCallback) {
	HomeRealmCallback callback = (HomeRealmCallback) callbacks[i];
	HttpServletRequest request = callback.getRequest();
	String homeRealm = ...
	callback.setHomeRealm(homeRealm);
	} else {
	throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
	}
	}
	}
	}
	</pre>
	</div></div><h3 id="FedizExtensions-CustomTokenValidator">Custom Token Validator</h3><p>It is possible to plug in a custom Token Validator for either protocol as well using the "tokenValidators" configuration parameter. This takes a list of Strings, each of which correspond to the class name of a <a shape="rect" class="external-link" href="https://github.com/apache/cxf-fediz/blob/master/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidator.java" rel="nofollow">TokenValidator</a> instance. For example:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
	<pre class="brush: java; gutter: false; theme: Default">...
	<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="federationProtocolType" version="1.2">
	...
	<tokenValidators>
	<validator>org.apache.cxf.fediz.core.federation.CustomValidator</validator>
	</tokenValidators>
	...
	</protocol>
	...
	</pre>
	</div></div></div>
	</div>
	<!-- Content -->
	</td>
	</tr>
	</table>
	</td>
	<td id="cell-2-2" colspan="2"> </td>
	</tr>
	<tr>
	<td id="cell-3-0"> </td>
	<td id="cell-3-1"> </td>
	<td id="cell-3-2">
	<div id="footer">
	<!-- Footer -->
	<div id="site-footer">
	<a href="http://cxf.apache.org/privacy-policy.html">Privacy Policy</a> -
	(<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=27848884">edit page</a>)
	(<a href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=27848884&showComments=true&showCommentArea=true#addcomment">add comment</a>)<br>
	Apache CXF, CXF, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
	All other marks mentioned may be trademarks or registered trademarks of their respective owners.
	</div>
	<!-- Footer -->
	</div>
	</td>
	<td id="cell-3-3"> </td>
	<td id="cell-3-4"> </td>
	</tr>
	<tr>
	<td id="cell-4-0" colspan="2"> </td>
	<td id="cell-4-1"> </td>
	<td id="cell-4-2" colspan="2"> </td>
	</tr>
	</table>

	<script type="text/javascript">
	var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
	document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
	</script>
	<script type="text/javascript">
	try {
	var pageTracker = _gat._getTracker("UA-4458903-1");
	pageTracker._trackPageview();
	} catch(err) {}</script>

	</body>
	</html>