public class SAML2STSLoginModule
extends org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSCommonLoginModule
This LoginModule authenticates clients by validating their SAML assertions with an external security token service
(such as PicketLinkSTS). If the supplied assertion contains roles, these roles are extracted and included in the
Group returned by the getRoleSets method.
This module defines the following module options:
Any properties specified besides the above properties are assumed to be used to configure how the STSClient will
connect to the STS. For example, the JBossWS StubExt.PROPERTY_SOCKET_FACTORY can be specified in order to inform the
socket factory that must be used to connect to the STS. All properties will be set in the request context of the
Dispatch instance used by the STSClient to send requests to the STS.
An example of a configFile can be seen bellow:
serviceName=PicketLinkSTS portName=PicketLinkSTSPort endpointAddress=http://localhost:8080/picketlink-sts/PicketLinkSTS username=JBoss password=JBossThe first three properties specify the STS endpoint URL, service name, and port name. The last two properties specify the username and password that are to be used by the application server to authenticate to the STS and have the SAML assertions validated.
NOTE: Sub-classes can use SAML2STSCommonLoginModule.getSTSClient() method to customize the STSClient class to make calls to
STS/
assertion, credential, enableCacheInvalidation, ENDPOINT_ADDRESS, localTestingOnly, localValidation, localValidationSecurityDomain, options, PASSWORD_KEY, PORT_NAME, principal, rawOptions, roleKey, securityDomain, SERVICE_NAME, STS_CONFIG_FILE, stsConfigurationFile, USERNAME_KEYBASE64_TOKEN_ENCODING, GZIP_TOKEN_ENCODING, logger, NONE_TOKEN_ENCODING, REG_EX_GROUP_KEY, REG_EX_PATTERN_KEY, SAML_TOKEN_HTTP_HEADER_KEY, TOKEN_ENCODING_TYPE_KEY, tokenEncoding, WEB_REQUEST_KEY| Constructor and Description |
|---|
SAML2STSLoginModule() |
| Modifier and Type | Method and Description |
|---|---|
protected org.picketlink.identity.federation.core.factories.JBossAuthCacheInvalidationFactory.TimeCacheExpiry |
getCacheExpiry() |
protected boolean |
localValidation(Element assertionElement) |
abort, commit, getIdentity, getRoleSets, getSTSClient, initialize, login, logoutgetCredentialFromHttpRequest, getSamlTokenHttpHeader, getSamlTokenHttpHeaderRegEx, getSamlTokenHttpHeaderRegExGroup, getTokenEncodingCopyright © 2013. All Rights Reserved.