Apache CXF
Fediz 1.2.2 has been
released. The issues fixed can be seen
here. Highlights include:
- The core Apache CXF dependency is updated to the recent 3.0.8 release.
- A new HomeRealm Discovery Service based on Spring EL is available in the IdP.
- Support for configurable token expiration validation in the plugins has been added.
- Various fixes for the websphere container plugin have been added.
A new feature in 1.2.2 is the ability to specify a constraint in the IdP on the acceptable 'wreply' value for a given service. When the IdP successfully authenticates the end user, it will issue the WS-Federation response to the value specified in the initial request in the 'wreply' parameter. However, this could be exploited by a malicious third party to redirect the end user to a custom address, where the issued token could be retrieved. In 1.2.2, there is a new property associated with the Application in the IdP called 'passiveRequestorEndpointConstraint'. This is a regular expression on the acceptable value for the 'wreply' endpoint associated with this Application. If this property is not specified, a warning is logged in the IdP. For example:
No comments:
Post a Comment