JBoss Community Archive (Read Only)

PicketLink

Security Token Service Configuration

images/www.jboss.org/dms/picketlink/images/picketlink-banner-1180px0.png  

SecurityToken Service Configuration (PicketLinkSTS Element)

To issue/renew/cancel/validate SAML tokens, the IDP relies on the PicketLink STS API and configuration. This configurations define how the tokens should be used by the IDP.

This PicketLinkSTS element defines the basic configuration for the Security Token Service. The table bellow provides more information about the attributes supported by this element:

Name

Description

Value

STSName

Name for this STS configuration.

Name for this Security Token Service.

TokenTimeout  

Defines the token timeout in miliseconds.

Defaults to 3600 miliseconds.

ClockSkew

Defines the clock skew, or timing skew, for the token timeout.

Defaults to 2000 miliseconds.

SignToken

Indicates if the tokens should be signed.

Values: true|false. Defaults to false.

EncryptToken

Indicates if the tokens should be encrypted.

Values: true|false. Defaults to false.

CanonicalizationMethod

Sets the canonicalization method.

Defaults to http://www.w3.org/2001/10/xml-exc-c14n#WithComments

Security Token Providers (TokenProviders/TokenProvider elements)

The PicketLink STS defines the concept of Security Token Providers. This tokens providers are implementations of the interface org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider.

The purpose of providers is to plug any implementation for a specific token type. PicketLink provides default implementations for the following token type:

  • SAML v2.0org.picketlink.identity.federation.core.saml.v2.providers.SAML20AssertionTokenProvider

  • WS-Trust  : org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider

Each provider is linked to a specific TokenType and TokenElementNS, both attributes of the TokenProvider element.

You can always provide your own implementation for a specific TokenType or customize the behaviour for one of the built-in providers.

JBoss.org Content Archive (Read Only), exported from JBoss Community Documentation Editor at 2020-03-11 12:18:11 UTC, last content change 2012-07-05 20:36:42 UTC.