Service Provider JEE Servlet Filter

Introduction

This page describes how to configure a Service Provider using a JEE Servlet Filter. PicketLink provides a standard JEE Security Filter that can be used to enable SAML processing to a service provider. The configuration is pretty simple and only requires a few changes to the web deployment descriptor of your application.

This configuration is an alternative to the default PicketLink Authenticators which are based on a specific web container such as Tomcat or JBoss Web.

Configuration

A service provider can be configured using the org.picketlink.identity.federation.web.filters.SPFilter. For that, add to your web deployment descriptor the following configuration:

    <!-- You must register this listener to properly initialize your application as a SAML Service Provider-->
    <listener>
        <listener-class>org.picketlink.identity.federation.web.filters.ServiceProviderContextInitializer</listener-class>
    </listener>

    <!-- The SPFilter is responsible for enabling all SAML processing. -->
    <filter>
        <filter-name>SPFilter</filter-name>
        <filter-class>org.picketlink.identity.federation.web.filters.SPFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>SPFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

Please, notice that you must always configure the org.picketlink.identity.federation.web.filters.ServiceProviderContextInitializer listener to properly initialize your web application as a service provider.