forked from apache/cxf-fediz
-
Notifications
You must be signed in to change notification settings - Fork 0
/
release_notes.txt
606 lines (403 loc) · 21.6 KB
/
release_notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
Apache CXF Fediz 1.6.0 Release Notes
------------------------------------
1. Overview
Apache CXF Fediz provide the following features:
* WS-Federation 1.0/1.1/1.2
* SAML 1.1/2.0 Tokens
* Custom token support
* Publish WS-Federation Metadata document for RP and IDP
* Role information encoded as AttributeStatement in SAML 1.1/2.0 tokens
* Claims information provided by FederationPrincipal interface
* Fediz IdP supports Resource and Requestor IDP role, Home Realm Discovery Service, ...
* Support for Jetty, Tomcat, Websphere and Spring Security 4.x
* Support for logout in the RP and IdP
* Support for logging on to the IdP via UsernamePassword, Kerberos and TLS
client authentication
* A container independent CXF plugin for WS-Federation
* A REST API for the IDP
* Support to use the IDP as an identity broker with a remote SAML SSO IdP
* Support to use the IDP as an identity broker with a remote OpenId Connect IdP
* SAML SSO support in the IdP
* OpenId Connect (OIDC)
2. Installation Prerequisites
Before installing Apache CXF Fediz, make sure the following products,
with the specified versions, are installed on your system:
* Java 8 Development Kit or higher
* Apache Maven 3.x to build the samples
3. Installation Procedures
Follow the Getting Started instructions at
http://cxf.apache.org/fediz.html#Fediz-Gettingstarted for information
on installing the Fediz IDP and IdP STS.
4. Building the Samples
Building the samples included in the binary distribution is easy. Change to
the examples directory and follow the build instructions in the README.txt file
included with each sample.
5. Replacing provided keystores
The sample keystores provided are fine for development and prototyping use
but make sure to replace them for any production use, see
see examples/samplekeys/HowToGenerateKeysREADME.html for key generation
information.
6. Reporting Problems
If you have any problems or want to send feedback of any kind, please e-mail the
CXF user list, users@cxf.apache.org. You can also file issues in JIRA at:
http://issues.apache.org/jira/browse/FEDIZ
7. Migration notes:
N.A.
8. Specific issues, features, and improvements fixed in this version
Release Notes - CXF-Fediz - Version 1.6.0
Improvement
[FEDIZ-255] - Switch to Log4J2 for the webapps
Dependency upgrade
[FEDIZ-250] - Migrate to Spring 5 & Spring Security 5
Release Notes - CXF-Fediz - Version 1.5.1
Improvement
[FEDIZ-251] - Support SAML token signature without KeyInfo
[FEDIZ-252] - Extend 'signinQuery' functionality to SAML SSO protocol
Release Notes - CXF-Fediz - Version 1.5.0
Bug
[FEDIZ-232] - 'wctx' parameter mandatory but protocol does not require
[FEDIZ-234] - Escape logging output in LoginHintHomeRealmDiscovery
[FEDIZ-235] - Set unique=true for the OpenJPA Index values
[FEDIZ-239] - Add an underscore prefix to the SAML Ids to make them schema compliant
[FEDIZ-243] - Fediz tomcat valve is broken with recent tomcat version
New Feature
[FEDIZ-245] - OIDC: Client Update
Improvement
[FEDIZ-242] - Remove Swagger UI from IdP
[FEDIZ-244] - Update to Tomcat 9.0.35
[FEDIZ-248] - OIDC UI: shared stylesheet
Task
[FEDIZ-204] - Drop Tomcat7, Jetty8, Spring Sec 2, 3 containers
[FEDIZ-230] - Support Jetty 9.4
[FEDIZ-231] - Upgrade to Tomcat 9
[FEDIZ-246] - Update IdP to use Spring Security 4
[FEDIZ-247] - Add support for EncryptedAssertions for SAML SSO
Release Notes - CXF-Fediz - Version 1.4.6
Bug
[FEDIZ-232] - 'wctx' parameter mandatory but protocol does not require
[FEDIZ-234] - Escape logging output in LoginHintHomeRealmDiscovery
[FEDIZ-236] - Geeting HTTP 401 error on first login using SAML
[FEDIZ-239] - Add an underscore prefix to the SAML Ids to make them schema compliant
Release Notes - CXF-Fediz - Version 1.4.5
Bug
[FEDIZ-220] - http 400 when logout with redirect to constraint
[FEDIZ-224] - Saml SSO spring plugin does not work
[FEDIZ-226] - authnRequestBuilder cofiguration property for samlProtocolType ignored
New Feature
[FEDIZ-158] - Support Fediz OIDC Login for Trusted IDP
[FEDIZ-223] - Support custom claim handler within Fediz Plugin
Task
[FEDIZ-221] - Support SAML SSO Logout in the IdP
[FEDIZ-222] - Support SAML SSO Logout in the RP
[FEDIZ-225] - Add support to specify the AssertionConsumerService URL via the "reply" configuration parameter for SAML SSO
[FEDIZ-227] - Support SAML SSO in the Jetty plugin
[FEDIZ-228] - Add the "jti" claim in FedizSubjectCreator
[FEDIZ-229] - Provide a way to map JWT claims into SAML attributes when converting a third party JWT token into a SAML Token
Release Notes - CXF-Fediz - Version 1.4.4
Bug
[FEDIZ-217] - SAML authentication fails in plugin
New Feature
[FEDIZ-7] - Add support for SAML-P in the plugin
Improvement
[FEDIZ-216] - Support different signature algorithms for the SAML SSO Redirect Binding
[FEDIZ-219] - Add support for SAML SSO to the Tomcat 8 RP implementation
Release Notes - CXF-Fediz - Version 1.4.3
Bug
[FEDIZ-211] - Local IdP redirection (after token expiry) is not working
[FEDIZ-212] - Multiple OIDC logout return to login page
[FEDIZ-213] - Spring plugins don't handle token expiration properly
[FEDIZ-214] - OIDC generated already expired id_token
Improvement
[FEDIZ-210] - Limit IdP request parameter size
Release Notes - CXF-Fediz - Version 1.4.2
Improvement
[FEDIZ-206] - Revert FedizSubjectCreator changes
[FEDIZ-209] - Make FedizResponse properly serializable
Release Notes - CXF-Fediz - Version 1.4.1
Bug
[FEDIZ-201] - Spring3 plugin does not include jars in the distribution
[FEDIZ-202] - OIDC war files are being included in the plugin directories in the distribution
Improvement
[FEDIZ-205] - Support creating IdP Metadata for SAML SSO
New Feature
[FEDIZ-203] - Support "roles" scope
Release Notes - CXF-Fediz - Version 1.4.0
Bug
[FEDIZ-185] - Make one of passiveRequestorEndpoint or passiveRequestorEndpointConstraint mandatory in the IDP
[FEDIZ-189] - Add support for absolute URLs in the logoutRedirectTo parameter
[FEDIZ-191] - The HomeRealmReminder cookie is not deleted after logout in the IdP
[FEDIZ-192] - SAML customSTSParameter not propagated when using form-login
Improvement
[FEDIZ-155] - Move .java components out of idp webapp and into a separate JAR
[FEDIZ-175] - Refactor STS configuration to make the Fediz STS easier to customize.
[FEDIZ-176] - Refactor IdP configuration to make the Fediz IdP easier to customize.
[FEDIZ-177] - Upgrade dbcp to 2.1.1
[FEDIZ-178] - Update Webflow to 2.4.x
[FEDIZ-179] - Update IdP to Spring Security 3.2
[FEDIZ-180] - Support WS-Federation Trusted Third Party IdPs for the SAML SSO interface in the IdP
[FEDIZ-181] - Support SAML SSO Trusted Third Party IdPs for the SAML SSO interface in the IdP
[FEDIZ-182] - Support OIDC Trusted Third Party IdPs for the SAML SSO interface in the IdP
[FEDIZ-183] - Support logging out in the plugins via the "wa" parameter
[FEDIZ-184] - Remove OGNL parser from the IdP
[FEDIZ-186] - Add new logoutRedirectToConstraint plugin configuration parameter
[FEDIZ-188] - Make "Reply" a CallbackType in the Fediz plugin configuration
[FEDIZ-190] - Make the logoutRedirectToConstraint a CallbackType
[FEDIZ-193] - Add a way to support additional top level domains when registering OIDC clients
[FEDIZ-195] - OIDC: propagate URI fragment during authentication
[FEDIZ-197] - STSClientAction shouldn't change wsdlLocation when no port is set
[FEDIZ-199] - Update the Spring plugin to spring security 4
[FEDIZ-200] - Make one of logoutEndpoint or logoutEndpointConstraint mandatory in the IDP
New Feature
[FEDIZ-187] - Initial OIDC Logout Support
Task
[FEDIZ-196] - Add support for Apache Tomcat 8.5.x
Release Notes - CXF-Fediz - Version 1.3.2
Bug
[FEDIZ-185] - Make one of passiveRequestorEndpoint or passiveRequestorEndpointConstraint mandatory in the IDP
[FEDIZ-189] - Add support for absolute URLs in the logoutRedirectTo parameter
[FEDIZ-191] - The HomeRealmReminder cookie is not deleted after logout in the IdP
[FEDIZ-194] - NPE when restarting Fediz OIDC after using dynamic registration
Improvement
[FEDIZ-173] - Cors support for js OIDC Implicit Flow
[FEDIZ-183] - Support logging out in the plugins via the "wa" parameter
[FEDIZ-186] - Add new logoutRedirectToConstraint plugin configuration parameter
[FEDIZ-193] - Add a way to support additional top level domains when registering OIDC clients
[FEDIZ-200] - Make one of logoutEndpoint or logoutEndpointConstraint mandatory in the IDP
Task
[FEDIZ-174] - Update CXF version to 3.1.8-SNAPSHOT
Release Notes - CXF-Fediz - Version 1.2.4
Bug
[FEDIZ-185] - Make one of passiveRequestorEndpoint or passiveRequestorEndpointConstraint mandatory in the IDP
[FEDIZ-191] - The HomeRealmReminder cookie is not deleted after logout in the IdP
Improvement
[FEDIZ-186] - Add new logoutRedirectToConstraint plugin configuration parameter
[FEDIZ-200] - Make one of logoutEndpoint or logoutEndpointConstraint mandatory in the IDP
Release Notes - CXF-Fediz - Version 1.2.3
Bug
[FEDIZ-161] - FederationConfigImpl.init() calls loadConfig(File) which fails for war files with special characters in its name
[FEDIZ-164] - IdP default flow doesn't support multiple realms
[FEDIZ-169] - Enforce mandatory requested claims on the RP side
[FEDIZ-170] - Load keystore/truststore resources in the container plugins
Improvement
[FEDIZ-154] - Example 'simpleWebapp' needs proper configuration of the FederationEntryPoint in IDP realm-b
[FEDIZ-159] - whr propagation can be disabled
[FEDIZ-168] - Support SAML Token without Audience Restriction
Release Notes - CXF-Fediz - Version 1.3.1
Bug
[FEDIZ-161] - FederationConfigImpl.init() calls loadConfig(File) which fails for war files with special characters in its name
[FEDIZ-164] - IdP default flow doesn't support multiple realms
[FEDIZ-165] - SAML SSO redirection on ForceAuthn or token expiry not working
[FEDIZ-166] - "No message body writer" error for OAuthError in the OIDC IdP
[FEDIZ-169] - Enforce mandatory requested claims on the RP side
[FEDIZ-170] - Load keystore/truststore resources in the container plugins
Improvement
[FEDIZ-160] - Replace Hibernate with Apache BVal
[FEDIZ-162] - Make it possible to disable the requirement for a Signature when validating a SAML SSO AuthnRequest in the IdP
[FEDIZ-163] - Default to disabling Deflate Encoding for the SAML SSO response
[FEDIZ-168] - Support SAML Token without Audience Restriction
[FEDIZ-171] - Add a configuration option to add the "Authenticated" role to the list of roles of the authenticated user
[FEDIZ-172] - OIDC DataProvider should support client_credentials clients
New Feature
[FEDIZ-76] - Support Facebook Login for Trusted IDP
Release Notes - CXF-Fediz - Version 1.3.0
Sub-task
[FEDIZ-74] - Support Google Login for Trusted IDP
Bug
[FEDIZ-118] - Allow securing root context applications
[FEDIZ-125] - Logout is not working in Fediz websphere plugin and cookie name is not configurable
[FEDIZ-128] - Parent POM dependencies wrong in Websphere artifacts
[FEDIZ-132] - Encoding Error by generated JAXB classes
[FEDIZ-139] - cxf-fediz plugin osgi export
[FEDIZ-140] - IDP caches outdated SAML Tokens
[FEDIZ-142] - TrustedIdpSAMLProtocolHandler.REQUIRE_KEYINFO does not work
[FEDIZ-146] - wtrealm should not be mandatory for 3rd party signin response
[FEDIZ-147] - IDP will be listed in HomeRealm Selection view, even if it should not be used directly
[FEDIZ-151] - Session Conflict with Cookies
[FEDIZ-156] - SAMLRequest ID must not start with a Number
[FEDIZ-157] - SAMLResponse Handler uses URL instead of Realm name for issuer validation
Improvement
[FEDIZ-113] - Support SAML SSO Metadata in the IdP
[FEDIZ-119] - Customizable Login-Page
[FEDIZ-120] - IDP Encoding of SignInResponse configurable
[FEDIZ-121] - Upgrade to Spring 4
[FEDIZ-122] - Replace Apache bval with Hibernate
[FEDIZ-123] - Update certificates to 2048 bits
[FEDIZ-130] - Add a Jetty 9 plugin
[FEDIZ-131] - Add JAXRS based demos
[FEDIZ-133] - Improve logout page customizability
[FEDIZ-135] - CXF plugin should let the initial successful sign in request proceed
[FEDIZ-141] - POST Binding for SAML SSO Remote IDP
[FEDIZ-145] - Swagger REST API Support
[FEDIZ-152] - Disable URL rewrites with SessionID to avoid session hijacking
[FEDIZ-154] - Example 'simpleWebapp' needs proper configuration of the FederationEntryPoint in IDP realm-b
[FEDIZ-159] - whr propagation can be disabled
New Feature
[FEDIZ-126] - Systests for websphere plugin
[FEDIZ-127] - Webshere example application doesn't fit to systemtests and is not buildable as ear file
[FEDIZ-143] - Home Realm Discovery based on OIDC login_hint
[FEDIZ-144] - HomeRealm Discovery Service based on Spring EL
[FEDIZ-153] - Support OpenId Connect bridging in the Fediz IdP
Question
[FEDIZ-124] - Fediz-plugin for Tomcat 8
Task
[FEDIZ-114] - Remove X509TokenValidator and DefaultSubjectProvider in the STS
Release Notes - CXF-Fediz - Version 1.2.2
Sub-task
[FEDIZ-106] - Spring plugin support for configurable token validation
[FEDIZ-107] - CXF plugin support for configurable token validation
[FEDIZ-108] - Jetty plugin support for configurable token validation
[FEDIZ-110] - Update Plugin Configuration Documentation
Bug
[FEDIZ-117] - Race condition in CXF plugin related to request restoration after redirect
[FEDIZ-125] - Logout is not working in Fediz websphere plugin and cookie name is not configurable
[FEDIZ-128] - Parent POM dependencies wrong in Websphere artifacts
[FEDIZ-129] - Default values in the schema are not actually used
[FEDIZ-139] - cxf-fediz plugin osgi export
[FEDIZ-140] - IDP caches outdated SAML Tokens
[FEDIZ-142] - TrustedIdpSAMLProtocolHandler.REQUIRE_KEYINFO does not work
[FEDIZ-146] - wtrealm should not be mandatory for 3rd party signin response
[FEDIZ-147] - IDP will be listed in HomeRealm Selection view, even if it should not be used directly
[FEDIZ-151] - Session Conflict with Cookies
Improvement
[FEDIZ-104] - Configurable (fediz_config.xml) token expiration validation
[FEDIZ-152] - Disable URL rewrites with SessionID to avoid session hijacking
New Feature
[FEDIZ-126] - Systests for websphere plugin
[FEDIZ-127] - Webshere example application doesn't fit to systemtests and is not buildable as ear file
[FEDIZ-144] - HomeRealm Discovery Service based on Spring EL
Release Notes - CXF-Fediz - Version 1.2.1
Bug
[FEDIZ-118] - Allow securing root context applications
Improvement
[FEDIZ-113] - Support SAML SSO Metadata in the IdP
[FEDIZ-120] - IDP Encoding of SignInResponse configurable
[FEDIZ-123] - Update certificates to 2048 bits
Task
[FEDIZ-114] - Remove X509TokenValidator and DefaultSubjectProvider in the STS
Release Notes - CXF-Fediz - Version 1.2.0
Sub-task
[FEDIZ-105] - Websphere plugin support for configurable token validation
[FEDIZ-109] - Tomcat plugin support for configurable token validation
Bug
[FEDIZ-70] - Missing support for Web Services Policy 1.2 (http://schemas.xmlsoap.org/ws/2004/09/policy)
[FEDIZ-83] - wfreshparser incorrectly treats a freshness of 0 as negative
[FEDIZ-88] - wreply parameter must be optional
[FEDIZ-96] - Nullpointer exception if logout is called before login
[FEDIZ-97] - Plugin configuration property naming conflict with WebSphere 8.5
[FEDIZ-99] - Wrong Address in PassiveRequestorEndpoint for ApplicationServiceType
[FEDIZ-100] - Wrong Value in EndpointReference for ApplicationServiceType
[FEDIZ-111] - NPE when ChainTrust is configured + no Subject is provided
[FEDIZ-112] - Race condition in tomcat plugin related to request restoration after redirect
Improvement
[FEDIZ-23] - Support different authentication mechanism
[FEDIZ-69] - Support starting IDP with jetty maven plugin
[FEDIZ-71] - Enable use of Apache CXF Fediz IDP with external third-party WS-Trust STS
[FEDIZ-72] - Make Trusted IDP protocol customizable
[FEDIZ-78] - Provide a configurable mechanism to load the DB initially
[FEDIZ-79] - Encoding of SignInResponse configurable
[FEDIZ-84] - Support wreq parameter in SP/IdP
[FEDIZ-93] - Provide correct fediz_config.xml to match with fedizhelloworld demo
[FEDIZ-94] - Provide correct fediz_config.xml to match with fedizhelloworld demo
[FEDIZ-95] - Moving Spring-Security configuration to central location
[FEDIZ-98] - Dynamic STS Realm Parser
[FEDIZ-101] - audienceUris as TargetScope in MetadataDocument
[FEDIZ-102] - Direct Logout at IDP with wsignoutcleanup1.0 action
New Feature
[FEDIZ-19] - Single Sign Out
[FEDIZ-27] - Support signout/cleanup message in Fediz plugin
[FEDIZ-46] - WS-FederationSupport for CXF JAX-RS
[FEDIZ-53] - Browser can pass the home realm to the Fediz plugin
[FEDIZ-65] - REST interface for IDP
[FEDIZ-73] - Support SAML-P protocol for Trusted IDP
[FEDIZ-77] - RBAC Support for REST Interface
[FEDIZ-89] - Kerberos/SPNEGO Authentication Support
[FEDIZ-90] - Identity Federation via Claim Mappings
Task
[FEDIZ-86] - Add support for Metadata to other plugins
Release Notes - CXF-Fediz - Version 1.1.2
Bug
[FEDIZ-88] - wreply parameter must be optional
New Feature
[FEDIZ-89] - Kerberos/SPNEGO Authentication Support
[FEDIZ-90] - Identity Federation via Claim Mappings
Release Notes - CXF-Fediz - Version 1.1.1
Bug
[FEDIZ-70] - Missing support for Web Services Policy 1.2 (http://schemas.xmlsoap.org/ws/2004/09/policy)
[FEDIZ-83] - wfreshparser incorrectly treats a freshness of 0 as negative
Improvement
[FEDIZ-79] - Encoding of SignInResponse configurable
[FEDIZ-84] - Support wreq parameter in SP/IdP
Release Notes - CXF-Fediz - Version 1.1.0
New Feature
[FEDIZ-2] - Support encrypted tokens in plugin
[FEDIZ-3] - Support the role "Resource IDP" in IDP
[FEDIZ-4] - Support SAML token with Holder-Of-Key SubjectConfirmationMethod
[FEDIZ-5] - Provide adapter for Jetty
[FEDIZ-9] - Provide plugin for CXF
[FEDIZ-36] - Http Form Based Login
[FEDIZ-38] - Integrate Fediz Plugin with Spring Security framework (Pre-Authentication)
[FEDIZ-39] - Spring Security Federation Authenticator
[FEDIZ-52] - Support wauth parameter in initial request to RP
[FEDIZ-53] - Browser can pass the home realm to the Fediz plugin
[FEDIZ-58] - Support LDAP groups for Maven profile ldap
[FEDIZ-59] - Support audit log in STS
[FEDIZ-61] - Support for Websphere WAS 7 / 8
[FEDIZ-62] - Customize SignIn Query
[FEDIZ-63] - Support PEM format for certificate store
Bug
[FEDIZ-40] - Can CXF Fediz IDP & RP work with SAML1.1 ?
[FEDIZ-45] - Do not convert a SAML Attribute with an empty AttributeValue into a Role
[FEDIZ-47] - OnBehalfOf Token does not expire in the IdP
[FEDIZ-49] - Support using wfresh parameter in the IdP for TTL
[FEDIZ-55] - Claims from LDAP can't be retrieved
Improvement
[FEDIZ-14] - Make the TokenReplayCache implementation configurable in the Fediz configuration
[FEDIZ-31] - Fix example package structure
[FEDIZ-37] - Dynamically assign ports for unit testing to avoid port conflict
[FEDIZ-41] - Fediz IDP refactored with Spring Web Flow
[FEDIZ-43] - No dependency on TCP port of IDP container in fedizidp.war
[FEDIZ-44] - Rename IDP + STS wars to use hypens (fediz-idp + fediz-idp-sts) and update documentation
[FEDIZ-48] - Support wfresh properly in the IdP
[FEDIZ-54] - Provide Maven profile to build STS with LDAP backend
[FEDIZ-64] - Add Callback support for the Realm (WTRealm) protocol property
[FEDIZ-66] - Token expiration validation configurable
[FEDIZ-67] - Use same Canonicalization Method for Signatures for Metadata document as for SAML tokens
Wish
[FEDIZ-15] - Support the publish of the WS-Federation Metadata document
[FEDIZ-35] - Allow to use a custom CXF bus for IdpSTSClient
Release Notes - CXF-Fediz - Version 1.0.3
Bug
[FEDIZ-40] - Can CXF Fediz IDP & RP work with SAML1.1 ?
[FEDIZ-45] - Do not convert a SAML Attribute with an empty AttributeValue into a Role
[FEDIZ-49] - Support using wfresh parameter in the IdP for TTL
Improvement
[FEDIZ-14] - Make the TokenReplayCache implementation configurable in the Fediz configuration
[FEDIZ-31] - Fix example package structure
[FEDIZ-44] - Rename IDP + STS wars to use hypens (fediz-idp + fediz-idp-sts) and update documentation
[FEDIZ-48] - Support wfresh properly in the IdP
Task
[FEDIZ-42] - Upgrade to use CXF 2.6.6
Wish
[FEDIZ-35] - Allow to use a custom CXF bus for IdpSTSClient
Release Notes - CXF-Fediz - Version 1.0.2
** Bug
* [FEDIZ-26] - SAMLTokenValidator throws a NPE when an Attribute of the Assertion does not have a NameFormat
** Improvement
* [FEDIZ-18] - Make supported claims configurable in FileClaimsHandler
* [FEDIZ-20] - IDP should maintain authentication state
* [FEDIZ-17] - Current Fediz STS exposes SOAP 1.1 end point
* [FEDIZ-25] - Look for fediz_config.xml in catalina base too
** New Feature
* [FEDIZ-30] - Relying Party can enforce re-authentication using wfresh parameter
* [FEDIZ-28] - Logout capability in IDP
** Task
* [FEDIZ-29] - Migrate to CXF 2.6.3
** Test
Release Notes - CXF-Fediz - Version 1.0.1
** Bug
* [FEDIZ-24] - maximumClockSkew is not optional
** Improvement
* [FEDIZ-22] - Improved support for other claims encoding in SAML attributes
** New Feature
** Task
** Test