ApacheCon NA 2013

Portland, Oregon

February 26th – 28th, 2013

Register Now!

Tuesday 4:15 p.m.–5:15 p.m.

SSO and fine grained authorization in the cloud

oliver wulff

Cloud Crowd
Audience level:


Deploying applications in the cloud and Single Sign On requirement is challenging. It is even more difficult if fine grained authorization is required as well. Apache CXF Fediz shows how to implement a standard based solution using Apache projects.


Apache Fediz is a subproject of the CXF project which provides a Web Services standard with wide range on WS-* support in the security space. Fediz on the one hand provides Web SSO for application deployed on-premise or in the cloud and on the other hand integrates with the Web Services security layer. This allows to support impersonation end-to-end based on industry standards. Apache Fediz supports the Passive Requestor Profile of WS-Federation and leverages the WS-Trust Security Token Service for both the Web Application SSO and impersonation on the Web Services layer. The solution simplifies to provide user information to a Web Application as the user data doesn't have to be replicated into other systems which can cause security flaws for cloud deployments. This session explains the solution and shows customer use cases where applications with fine grained authorization requirements are deployed in the cloud.