JBoss Community Archive (Read Only)

PicketLink

SAML2EncryptionHandler

Objective

Handles SAML Assertions Encryption and Signature Generation. This handler uses the configuration provided in the KeyProvider to encrypt and sign SAML Assertions.

Fully Qualified Name

org.picketlink.identity.federation.web.handlers.saml2.SAML2EncryptionHandler

Restrictions

  • This handler should be used only when configuring Identity Providers. 

  • For Service Providers, the decryption of SAML Assertion is already done by the authenticators.

  • When using this handler, make sure that your service providers are also configured with the SAML2SignatureGenerationHandler and the SAML2SignatureValidationHandler handlers.

  • Do not use this handler with the SAML2SignatureGenerationHandler configured in the same chain. Otherwise SAML messages will be signed several times.

Configuration

Should be configured in WEB-INF/picketlink.xml:

Example:

<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
    <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" />
    <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
    <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
    <Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
    <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2EncryptionHandler" />
    <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler"/>
</Handlers>

Configuration Parameters

#

Name

Type

Objective

Default Value

SP/IDP

Since Version

JBoss.org Content Archive (Read Only), exported from JBoss Community Documentation Editor at 2020-03-11 12:17:59 UTC, last content change 2012-07-05 21:47:38 UTC.