Table of Contents
It is possible to use different Configuration Providers at the IDP and SP. The configuration providers will then be the sole configuration leaders (instead of picketlink.xml)
Configuration providers are very useful when you need to load the configuration for your IdP or SP from a different location other than from picketlink.xml file. You can use them to load configuration from a database, from multiple files or any other way you want to.
Create a Configuration Provider
A configuration provider is basically a class that implements the org.picketlink.identity.federation.web.util.SAMLConfigurationProvider.
public interface SAMLConfigurationProvider {
/**
* Get the {@link IDPType} configuration
*
* @return
*
* @throws ProcessingException
*/
IDPType getIDPConfiguration() throws ProcessingException;
/**
* Get the {@l SPType} configuration
*
* @return
*
* @throws ProcessingException
*/
SPType getSPConfiguration() throws ProcessingException;
/**
* Get the {@l SPType} configuration
*
* @return
*
* @throws ProcessingException
*/
PicketLinkType getPicketLinkConfiguration() throws ProcessingException;
}
This interface provides some methods that you can override in order to provide your own logic to load a specific configuration type. The configuration for both IdP and SP are represented by the org.picketlink.config.federation.IDPType and org.picketlink.config.federation.SPType, respectively.
The org.picketlink.config.federation.PicketLinkType is a specific type that represents all the configuration defined in a picketlink.xml file.
Setting Up a Configuration Provider
To enable your configuration provider you just need to provide an additional parameter in your jboss-web.xml. If you are using JBoss Enterprise Application Platform 6.
<valve>
<class-name>org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve</class-name>
<!-- SAML Metadata support is configured by defining a specific ConfigurationProvider that knows how to load the IdP configuration by reading a SAML Metadata XML file. -->
<param>
<param-name>configProvider</param-name>
<param-value>org.picketlink.identity.federation.web.config.IDPMetadataConfigurationProvider</param-value>
</param>
</valve>
Here we used the configProvider parameter to specify the full qualified name of a class implementing the org.picketlink.identity.federation.web.util.SAMLConfigurationProvider interface.
Configuration providers at the IDP
Configuration Providers at the SP
SPPostMetadataConfigurationProvider
Fully Qualified Name: org.picketlink.identity.federation.web.config.SPPostMetadataConfigurationProvider
Binding Supported: SAML2/HTTP-POST
How does it work?
You will need to provide the metadata file inside sp-metadata.xml and put it in the SP web application classpath. Put it in WEB-INF/classes directory.
Remember, in the case of SP, the metadata file should have a IDPSSODescriptor as well as a SPSSODescriptor.