public abstract class SAML2STSCommonLoginModule
extends org.jboss.security.auth.spi.AbstractServerLoginModule
This LoginModule
authenticates clients by validating their SAML assertions with an external security token service
(such as PicketLinkSTS). If the supplied assertion contains roles, these roles are extracted and included in the
Group
returned by the getRoleSets
method.
This module defines the following module options:
Any properties specified besides the above properties are assumed to be used to configure how the STSClient
will
connect to the STS. For example, the JBossWS StubExt.PROPERTY_SOCKET_FACTORY
can be specified in order to inform the
socket factory that must be used to connect to the STS. All properties will be set in the request context of the
Dispatch
instance used by the STSClient
to send requests to the STS.
An example of a configFile
can be seen bellow:
serviceName=PicketLinkSTS portName=PicketLinkSTSPort endpointAddress=http://localhost:8080/picketlink-sts/PicketLinkSTS username=JBoss password=JBossThe first three properties specify the STS endpoint URL, service name, and port name. The last two properties specify the username and password that are to be used by the application server to authenticate to the STS and have the SAML assertions validated.
NOTE: Sub-classes can use getSTSClient()
method to customize the STSClient
class to make calls to
STS/
Modifier and Type | Field and Description |
---|---|
protected AssertionType |
assertion |
protected SamlCredential |
credential |
protected boolean |
enableCacheInvalidation |
static String |
ENDPOINT_ADDRESS
Key to specify the end point address
|
protected boolean |
localTestingOnly |
protected boolean |
localValidation |
protected String |
localValidationSecurityDomain |
protected static Logger |
log |
protected Map<String,Object> |
options
Options that are computed by this login module.
|
static String |
PASSWORD_KEY
Key to specify the password
|
static String |
PORT_NAME
Key to specify the port name
|
protected Principal |
principal |
protected Map<String,Object> |
rawOptions
Original Options that are sent by the JDK JAAS Framework
|
protected String |
roleKey |
protected String |
securityDomain |
static String |
SERVICE_NAME
Key to specify the service name
|
static String |
STS_CONFIG_FILE
This is an option that should identify the configuration file for WSTrustClient.
|
protected String |
stsConfigurationFile |
protected boolean |
trace |
static String |
USERNAME_KEY
Key to specify the username
|
Constructor and Description |
---|
SAML2STSCommonLoginModule() |
Modifier and Type | Method and Description |
---|---|
protected Principal |
getIdentity() |
protected Group[] |
getRoleSets() |
protected STSClient |
getSTSClient()
Get the
STSClient object with which we can make calls to the STS |
void |
initialize(Subject subject,
CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options) |
protected abstract boolean |
localValidation(Element assertionElement)
Locally validate the SAML Assertion element
|
boolean |
login() |
protected static Logger log
protected boolean trace
protected String stsConfigurationFile
protected Principal principal
protected SamlCredential credential
protected AssertionType assertion
protected boolean enableCacheInvalidation
protected String securityDomain
protected boolean localValidation
protected String localValidationSecurityDomain
protected String roleKey
protected Map<String,Object> options
protected Map<String,Object> rawOptions
public static final String STS_CONFIG_FILE
public static final String ENDPOINT_ADDRESS
public static final String PORT_NAME
public static final String SERVICE_NAME
public static final String USERNAME_KEY
public static final String PASSWORD_KEY
protected boolean localTestingOnly
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
initialize
in interface LoginModule
initialize
in class org.jboss.security.auth.spi.AbstractServerLoginModule
public boolean login() throws LoginException
login
in interface LoginModule
login
in class org.jboss.security.auth.spi.AbstractServerLoginModule
LoginException
protected Principal getIdentity()
getIdentity
in class org.jboss.security.auth.spi.AbstractServerLoginModule
protected Group[] getRoleSets() throws LoginException
getRoleSets
in class org.jboss.security.auth.spi.AbstractServerLoginModule
LoginException
protected STSClient getSTSClient()
STSClient
object with which we can make calls to the STSCopyright © 2012 JBoss by Red Hat. All Rights Reserved.