Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. With Fediz, authentication is externalized from your web application to an identity provider installed as a dedicated server component. Apache CXF Fediz supports both WS-Federation Passive Requestor Profile and the SAML Web Browser SSO Profile. Fediz supports Claims Based Access Control beyond Role Based Access Control (RBAC).


Here are some of the features supported by Fediz:

  • WS-Federation 1.0/1.1/1.2
  • SAML SSO (IdP and the all of the plugins apart from websphere from the 1.4.5 release)
  • Support for SAML 1.1/2.0 tokens, encrypted SAML Tokens, Holder-Of-Key Subject Confirmation Method.
  • Custom token Support
  • Support to publish WS-Federation and SAML SSO Metadata documents
  • Support for Tomcat, Jetty, Websphere, Spring Security and CXF plugins
  • A new REST API for the IdP (1.2)
  • Support for logout in both the RP and IdP (1.2)
  • Support for logging on to the IdP via Kerberos and TLS client authentication (1.2)
  • Support to use the IdP as an identity broker with a remote IdP. SAML SSO, Open Id Connect, Facebook and WS-Federation protocols supported.


  • No labels