This article will list out all the differences that have been introduced into PicketLink v2.1 as compared to v2.0
PicketLink v2.1 comes with some improvements in the configuration of Identity Providers and Service Providers. One of the main objectives in this version is made PicketLink even more easier to use.
Previously, PicketLink configuration was done in multiple configuration files:
- WEB-INF/picketlink-idfed.xml: PicketLink IDP/SP configurations.
- WEB-INF/picketlink-handlers.xml : PicketLink handlers. Additional processing of SAML requests and responses.
- WEB-INF/picketlink-sts.xml: Security Token Service and SAML configurations.
Now, you can just use one configuration file:
- WEB-INF/picketlink.xml: Consolidated configuration file.
Basically, the picketlink.xml file groups all the configurations files in one single file. Bellow is an example of a picketlink.xml file used to configure an IDP:
Now, let's look how a Service Provider configuration looks like:
|Note that the PicketLink configuration namespace has changed to 2.1. Eg.: urn:picketlink:identity-federation:config:2.1.|
Unique Valve at the Service Provider (org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator)
Previously we had four flavors of Service Provider authenticators:
- org.picketlink.identity.federation.bindings.tomcat.sp.SPPostFormAuthenticator : SAML HTTP POST Binding
- org.picketlink.identity.federation.bindings.tomcat.sp.SPPostSignatureFormAuthenticator: SAML HTTP POST Binding with Signature Support
- org.picketlink.identity.federation.bindings.tomcat.sp.SPRedirectFormAuthenticator : SAML HTTP Redirect Binding
- org.picketlink.identity.federation.bindings.tomcat.sp.SPRedirectSignatureAuthenticator : SAML HTTP Redirect Binding with Signature Support
Now, you can just use one single authenticator:
Now, the only configuration you need in jboss-web.xml is:
|For JBoss AS5 and Apache Tomcat 6 this configuration is located in the context.xml file.|
Yes. The previously configuration is supported, but it is now marked as DEPRECATED.
Please, prefer the new configuration for upgrading or creating new projects using PicketLink.