org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule
Daniel Bevenius
Calls the configured STS and validates an available security token.
A call to STS typically requires authentication. This LoginModule uses credentials from one of the following sources:
Its properties file, if the useOptionsCredentials module-option is set to true
Previous login module credentials if the password-stacking module-option is set to useFirstPass
From the configured CallbackHandler by supplying a Name and Password Callback
Upon successful authentication, the SamlCredential is inserted in the Subject's public credentials if one with the same Assertion is not found to be already present there.
New features included since 1.0.4 based on PLFED-87:
If a Principal MappingProvider is configured, retrieves and inserts the Principal into the Subject
If a RoleGroup MappingProvider is configured, retrieves and inserts the user roles into the Subject
Roles can only be returned if they are included in the Security Token. Configure your STS to return roles through an AttributeProvider