This past week, there was a discussion on the Apache CXF developer list about adding an enterprise grade Security Token Service (STS) into CXF. Talend has been developing an STS internally for some of our customers for a while now and we’re pretty excited to be able to contribute the results of that work back to the community. CXF 2.4.0 had a very basic “framework” for developing an STS built into it along with a simple example that showed how to use the framework to setup a very simple STS. However, most of the details of creating and verifying tokens and such was completely left to the user/developer. The new STS, while built on that same framework, has a lot more capabilities “built in” and requires significantly less work to setup.
Colm’s blog definitely covers most of the details about the functionality of the new STS. Over the upcoming weeks, he should be adding more details about how to configure and leverage many of the features he mentions. Keep an eye out on his blog for details.
I’m quite excited about this. One of my personal goals in developing Open Source software is making that software more approachable and usable in enterprise environments. Over the years, CXF has done a great job become the defacto open source services framework by trying to meet the needs of enterprise deployments. This takes it even a step further by providing the first ready made service based on CXF. Hopefully, there will be more to come. Stay tuned!