Objective
Handles Issuer trust.
Trust decisions are based on the host part of the issuer's URL of the SAML request/response sent to the handler chain.
The following configuration is an example about how to configure an Identity Provider using this handler:
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
<PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:2.1">
<Trust>
<Domains>mycompany.com, mysubdomain.com</Domains>
</Trust>
</PicketLinkIDP>
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" />
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
</Handlers>
</PicketLink>
In the example above we're configuring an Identity Provider to allow messages only from the hosts specified in <Domains/>.
Fully Qualified Name
org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler
Configuration
Should be configured in WEB-INF/picketlink.xml.
Example:
WEB-INF/picketlink-handlers.xml
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:1.0">
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler"/>
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"/>
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler"/>
</Handlers>
Configuration Parameters
|
#
|
Name
|
Type
|
Objective
|
Default Value
|
SP/IDP
|
Since Version
|