Skip to end of metadata
Go to start of metadata


When using PicketLink SAML Support, both IDP and SP need to be configured with Handlers. This handlers help the IDP and SP Authenticators to process SAML requests and responses.

The handlers are basically an implementation of the Chain of Responsibility pattern (Gof). Each handler provides a specific logic about how to process SAML requests and responses.

Configuring Handlers

The handlers are configures inside the picketlink.xml file. Here is how it looks like:

Handlers Element

This element defines a list of Handler elements.

Name Description Value
Defines the name of a class that implements the org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain interface. Defaults to org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerChain.

Handler Element

This element defines a specific Handler.

Name Description
class Defines the name of a class that implements the _org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler _interface.

Custom Handlers

PicketLink provide ways to you create your own handlers. Just create a class that implements the org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler interface.

Before create your own implementations, please take a look at the built-in handlers. They can help you a lot.

Built-in Handlers

PicketLink as part of the SAMLv2 support has a number of handlers that need to be configured. 

The Handlers are:

  1. SAML2AuthenticationHandler
  2. SAML2AttributeHandler
  3. RolesGenerationHandler
  4. SAML2IssuerTrustHandler
  5. SAML2LogOutHandler
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.