SAML2STSCommonLoginModule (JBoss Application Server: Build 7.1.2.Final API)

java.lang.Object
- org.jboss.security.auth.spi.AbstractServerLoginModule
- - org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSCommonLoginModule

All Implemented Interfaces:

LoginModule
```
public abstract class SAML2STSCommonLoginModule
extends org.jboss.security.auth.spi.AbstractServerLoginModule
```
This LoginModule authenticates clients by validating their SAML assertions with an external security token service (such as PicketLinkSTS). If the supplied assertion contains roles, these roles are extracted and included in the Group returned by the getRoleSets method.

This module defines the following module options:

Any properties specified besides the above properties are assumed to be used to configure how the STSClient will connect to the STS. For example, the JBossWS StubExt.PROPERTY_SOCKET_FACTORY can be specified in order to inform the socket factory that must be used to connect to the STS. All properties will be set in the request context of the Dispatch instance used by the STSClient to send requests to the STS.

An example of a configFile can be seen bellow:

 serviceName=PicketLinkSTS
 portName=PicketLinkSTSPort
 endpointAddress=http://localhost:8080/picketlink-sts/PicketLinkSTS
 username=JBoss
 password=JBoss

NOTE: Sub-classes can use getSTSClient() method to customize the STSClient class to make calls to STS/

Author:: Stefan Guilhen, Anil.Saldhana@redhat.com

Field Summary

Fields
Modifier and Type	Field and Description
`protected AssertionType`	`assertion`
`protected SamlCredential`	`credential`
`protected boolean`	`enableCacheInvalidation`
`static String`	`ENDPOINT_ADDRESS` Key to specify the end point address
`protected boolean`	`localTestingOnly`
`protected boolean`	`localValidation`
`protected String`	`localValidationSecurityDomain`
`protected static Logger`	`log`
`protected Map<String,Object>`	`options` Options that are computed by this login module.
`static String`	`PASSWORD_KEY` Key to specify the password
`static String`	`PORT_NAME` Key to specify the port name
`protected Principal`	`principal`
`protected Map<String,Object>`	`rawOptions` Original Options that are sent by the JDK JAAS Framework
`protected String`	`roleKey`
`protected String`	`securityDomain`
`static String`	`SERVICE_NAME` Key to specify the service name
`static String`	`STS_CONFIG_FILE` This is an option that should identify the configuration file for WSTrustClient.
`protected String`	`stsConfigurationFile`
`protected boolean`	`trace`
`static String`	`USERNAME_KEY` Key to specify the username

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, loginOk, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass

Constructor Summary

Constructors
Constructor and Description

SAML2STSCommonLoginModule()

Constructors
Constructor and Description
`SAML2STSCommonLoginModule()`

Method Summary

Methods
Modifier and Type	Method and Description
`protected Principal`	`getIdentity()`
`protected Group[]`	`getRoleSets()`
`protected STSClient`	`getSTSClient()` Get the `STSClient` object with which we can make calls to the STS
`void`	`initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)`
`protected abstract boolean`	`localValidation(Element assertionElement)` Locally validate the SAML Assertion element
`boolean`	`login()`

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
abort, addValidOptions, checkOptions, commit, createGroup, createIdentity, getCallerPrincipalGroup, getUnauthenticatedIdentity, getUseFirstPass, logout

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - log
```
protected static Logger log
```
  - trace
```
protected boolean trace
```
  - stsConfigurationFile
```
protected String stsConfigurationFile
```
  - principal
```
protected Principal principal
```
  - credential
```
protected SamlCredential credential
```
  - assertion
```
protected AssertionType assertion
```
  - enableCacheInvalidation
```
protected boolean enableCacheInvalidation
```
  - securityDomain
```
protected String securityDomain
```
  - localValidation
```
protected boolean localValidation
```
  - localValidationSecurityDomain
```
protected String localValidationSecurityDomain
```
  - roleKey
```
protected String roleKey
```
  - options
```
protected Map<String,Object> options
```
    Options that are computed by this login module. Few options are removed and the rest are set in the dispatch sts call
  - rawOptions
```
protected Map<String,Object> rawOptions
```
    Original Options that are sent by the JDK JAAS Framework
  - STS_CONFIG_FILE
```
public static final String STS_CONFIG_FILE
```
    This is an option that should identify the configuration file for WSTrustClient.
    
    See Also:
    Constant Field Values
  - ENDPOINT_ADDRESS
```
public static final String ENDPOINT_ADDRESS
```
    Key to specify the end point address
    
    See Also:
    Constant Field Values
  - PORT_NAME
```
public static final String PORT_NAME
```
    Key to specify the port name
    
    See Also:
    Constant Field Values
  - SERVICE_NAME
```
public static final String SERVICE_NAME
```
    Key to specify the service name
    
    See Also:
    Constant Field Values
  - USERNAME_KEY
```
public static final String USERNAME_KEY
```
    Key to specify the username
    
    See Also:
    Constant Field Values
  - PASSWORD_KEY
```
public static final String PASSWORD_KEY
```
    Key to specify the password
    
    See Also:
    Constant Field Values
  - localTestingOnly
```
protected boolean localTestingOnly
```
- Constructor Detail
  - SAML2STSCommonLoginModule
```
public SAML2STSCommonLoginModule()
```
- Method Detail
  - initialize
```
public void initialize(Subject subject,
              CallbackHandler callbackHandler,
              Map<String,?> sharedState,
              Map<String,?> options)
```
    Specified by:
    
    initialize in interface LoginModule
    
    Overrides:
    
    initialize in class org.jboss.security.auth.spi.AbstractServerLoginModule
  - login
```
public boolean login()
              throws LoginException
```
    Specified by:
    
    login in interface LoginModule
    
    Overrides:
    
    login in class org.jboss.security.auth.spi.AbstractServerLoginModule
    
    Throws:
    
    LoginException
  - getIdentity
```
protected Principal getIdentity()
```
    Specified by:
    
    getIdentity in class org.jboss.security.auth.spi.AbstractServerLoginModule
  - getRoleSets
```
protected Group[] getRoleSets()
                       throws LoginException
```
    Specified by:
    
    getRoleSets in class org.jboss.security.auth.spi.AbstractServerLoginModule
    
    Throws:
    
    LoginException
  - getSTSClient
```
protected STSClient getSTSClient()
```
    Get the STSClient object with which we can make calls to the STS
    
    Returns:
  - localValidation
```
protected abstract boolean localValidation(Element assertionElement)
                                    throws Exception
```
    Locally validate the SAML Assertion element
    
    Parameters:
    assertionElement -
    
    Returns:
    
    Throws:
    
    Exception

Class SAML2STSCommonLoginModule

Field Summary

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

Constructor Summary

Method Summary

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

Methods inherited from class java.lang.Object

Field Detail

log

trace

stsConfigurationFile

principal

credential

assertion

enableCacheInvalidation

securityDomain

localValidation

localValidationSecurityDomain

roleKey

options

rawOptions

STS_CONFIG_FILE

ENDPOINT_ADDRESS

PORT_NAME

SERVICE_NAME

USERNAME_KEY

PASSWORD_KEY

localTestingOnly

Constructor Detail

SAML2STSCommonLoginModule

Method Detail

initialize

login

getIdentity

getRoleSets

getSTSClient

localValidation