Using the CXF failover feature to authenticate to multiple Apache Syncope...
A couple of years ago, I described a testcase that showed how an Apache CXF web service endpoint could send a username/password received via WS-Security to Apache Syncope for authentication. In this...
View ArticleApache CXF Fediz 1.3.0 released
A new major release (1.3.0) of Apache CXF Fediz was released a few weeks ago. There are some major dependency updates as part of this release:The core Apache CXF dependency is updated from the 3.0.x...
View ArticleAn interop demo between Apache CXF Fediz and Google OpenID Connect
The previous post introduced some of the new features in Apache CXF Fediz 1.3.0. One of the new enhancements is that the Fediz IdP can now delegate WS-Federation (and SAML SSO) authentication requests...
View ArticleAn interop demo between Apache CXF Fediz and Facebook
The previous post showed how to configure the Fediz IdP to interoperate with the Google OpenID Connect provider. In addition to supporting WS-Federation, SAML SSO and OpenID Connect, from the...
View ArticleSAML SSO support in the Fediz 1.3.0 IdP
The Apache CXF Fediz Identity Provider (IdP) has had the ability to talk to third party IdPs using SAML SSO since the 1.2.0 release. However, one of the new features of the 1.3.0 release is the ability...
View ArticleClik here to view.
A new REST interface for the Apache CXF Security Token Service - part I
Apache CXF ships a Security Token Service (STS) that can issue/validate/renew/cancel tokens via the (SOAP based) WS-Trust interface. The principal focus of the STS is to deal with SAML tokens, although...
View ArticleClik here to view.
A new REST interface for the Apache CXF Security Token Service - part II
The previous blog entry introduced the new REST interface of the Apache CXF Security Token Service. It covered issuing, renewing and validating tokens via HTTP GET and POST with a focus on SAML tokens....
View ArticleClik here to view.
Installing the Apache Ranger Admin UI
Apache Ranger 0.6 has been released, featuring new support for securing Apache Atlas and Nifi, as well as a huge amount of bug fixes. It's easiest to get started with Apache Ranger by downloading a big...
View ArticleClik here to view.
Syncing users and groups from LDAP into Apache Ranger
The previous post covered how to install the Apache Ranger Admin service. The Apache Ranger Admin UI supports creating authorization policies for various Big Data components, by giving users and/or...
View ArticleClik here to view.
Installing the Apache Ranger Key Management Server (KMS)
The previous couple of blog entries have looked at how to install the Apache Ranger Admin Service as well as the Usersync Service. In this post we will look at how to install the Apache Ranger Key...
View ArticleClik here to view.
Introducing Apache Syncope 2.0.0
Apache Syncope is a powerful and flexible open-source Identity Management system that has been developed at the Apache Software Foundation for several years now. The Apache Syncope team has been busy...
View ArticleOpenId Connect in Apache CXF Fediz 1.3.0
Previous blog posts have described support for OpenId Connect protocol bridging in the Apache CXF Fediz IdP. What this means is that the Apache CXF Fediz IdP can bridge between the WS-Federation...
View ArticleClik here to view.
Pulling users and groups from LDAP into Apache Syncope 2.0.0
A previous tutorial showed how to synchronize (pull) users and roles into Apache Syncope 1.2.x from an LDAP backend (Apache Directory). Interacting with an LDAP backend appears to be a common use-case...
View ArticleClik here to view.
Integrating Apache Camel with Apache Syncope - part I
Apache Syncope is an open-source Identity Management solution. A key feature of Apache Syncope is the ability to pull Users, Groups and Any Objects from multiple backend resources (such as LDAP, RDMBS,...
View ArticleApache CXF Fediz 1.2.3 and 1.3.1 released
Apache CXF Fediz 1.2.3 and 1.3.1 have been released. The 1.3.1 release contains the following significant features/fixes:An update to use Apache CXF 3.1.7 Support for Facebook Login as a Trusted IdP.A...
View ArticleClik here to view.
Integrating Apache Camel with Apache Syncope - part II
A recent blog post introduced the new Apache Camel provisioning manager that is available in Apache Syncope 2.0.0. It also covered a simple use-case for the new functionality, where the "createUser"...
View ArticleSecuring an Apache Kafka broker - part I
Apache Kafka is a messaging system for the age of big data, with a strong focus on reliability, scalability and message throughput. This is the first part of a short series of posts on how to secure an...
View ArticleSecuring an Apache Kafka broker - part II
In the previous post, we looked at how to configure an Apache Kafka broker to require SSL client authentication. In this post we will add authorization to the example, making sure that only authorized...
View ArticleClik here to view.
Invoking on the Talend ESB STS using SoapUI
Talend ESB ships with a powerful SecurityTokenService (STS) based on the STS that ships with Apache CXF. The Talend Open Studio for ESB contains UI support for creating web service clients that use the...
View ArticleUsing SHA-512 with Apache CXF SOAP web services
XML Signature is used extensively in SOAP web services to guarantee message integrity, non-repudiation, as well as client authentication via PKI. A digest algorithm crops up in XML Signature both as...
View Article