When using PicketLink SAML Support, both IDP and SP need to be configured with Handlers. This handlers help the IDP and SP Authenticators to process SAML requests and responses.
The handlers are basically an implementation of the Chain of Responsibility pattern (Gof). Each handler provides a specific logic about how to process SAML requests and responses.
The handlers are configures inside the picketlink.xml file. Here is how it looks like:
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" />
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
</Handlers>
This element defines a list of Handler elements.
|
Name |
Description |
Value |
|
ChainClass |
Defines the name of a class that implements the org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain interface. |
Defaults to org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerChain. |
This element defines a specific Handler.
|
Name |
Description |
|
class |
Defines the name of a class that implements the _org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler _interface. |
PicketLink provide ways to you create your own handlers. Just create a class that implements the org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler interface.
Before create your own implementations, please take a look at the built-in handlers. They can help you a lot.
PicketLink as part of the SAMLv2 support has a number of handlers that need to be configured.
The Handlers are: