public class STSGroupMappingProvider extends Object implements org.jboss.security.mapping.MappingProvider<org.jboss.security.identity.RoleGroup>
This mapping provider looks at the role attributes in the Assertion and returns corresponding JBoss RoleGroup objects for insertion into the Subject.
<application-policy name="saml-issue-token">
<authentication>
<login-module code="org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
<module-option name="configFile">/sts-client.properties</module-option>
<module-option name="password-stacking">useFirstPass</module-option>
</login-module>
</authentication>
<mapping>
<mapping-module code="org.picketlink.identity.federation.bindings.jboss.auth.mapping.STSPrincipalMappingProvider" type="principal"/>
<mapping-module code="org.picketlink.identity.federation.bindings.jboss.auth.mapping.STSGroupMappingProvider" type="role">
<module-option name="token-role-attribute-name">role</module-option>
</mapping-module>
</mapping>
</application-policy>
As demonstrated above, this mapping provider is typically configured for an STS Login Module to extract user roles from the
STS token and supply them for insertion into the JAAS Subject.
This mapping provider looks for a multi-valued Attribute in the Assertion, where each value is a user role. The name of this
attribute defaults to SAML20TokenRoleAttributeProvider.DEFAULT_TOKEN_ROLE_ATTRIBUTE_NAME
but may be set to any value
through the "token-role-attribute-name" module option.
Constructor and Description |
---|
STSGroupMappingProvider() |
Modifier and Type | Method and Description |
---|---|
void |
init(Map<String,Object> contextMap) |
void |
performMapping(Map<String,Object> contextMap,
org.jboss.security.identity.RoleGroup Group) |
void |
setMappingResult(org.jboss.security.mapping.MappingResult<org.jboss.security.identity.RoleGroup> mappingResult) |
boolean |
supports(Class<?> p) |
public void init(Map<String,Object> contextMap)
init
in interface org.jboss.security.mapping.MappingProvider<org.jboss.security.identity.RoleGroup>
public void performMapping(Map<String,Object> contextMap, org.jboss.security.identity.RoleGroup Group)
performMapping
in interface org.jboss.security.mapping.MappingProvider<org.jboss.security.identity.RoleGroup>
public void setMappingResult(org.jboss.security.mapping.MappingResult<org.jboss.security.identity.RoleGroup> mappingResult)
setMappingResult
in interface org.jboss.security.mapping.MappingProvider<org.jboss.security.identity.RoleGroup>
public boolean supports(Class<?> p)
supports
in interface org.jboss.security.mapping.MappingProvider<org.jboss.security.identity.RoleGroup>
MappingProvider.supports(Class)
Copyright © 2012 JBoss by Red Hat. All Rights Reserved.