If your IDP or SP applications are not running on JBoss Application Server or Apache Tomcat, then you can use the standalone mode of PicketLink.
In your web.xml, configure a Section 12.5.13.6, “SPFilter” as shown below as an example:
Example 12.14. web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<description>Sales Standalone Application</description>
<filter>
<description>
The SP Filter intersects all requests at the SP and sees if there is a need to contact the IDP.
</description>
<filter-name>SPFilter</filter-name>
<filter-class>org.picketlink.identity.federation.web.filters.SPFilter</filter-class>
<init-param>
<param-name>ROLES</param-name>
<param-value>sales,manager</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SPFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
After the SAML workflow is completed, the user principal is available in the http session at "picketlink.principal".
Something like,
import org.picketlink.identity.federation.web.constants.GeneralConstants;
Principal userPrincipal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID);