11.4. Domain Model
The subsystem provides a domain model that allows you to configure the PicketLink Federation and Identity Management services using the
standalone/domain.xml inside your EAP installation. The domain model is very easy to understand if you are already familiar with the PicketLink configuration.
<subsystem xmlns="urn:jboss:domain:picketlink:1.0"> <!-- An example of the PicketLink Federation configuration --> <federation alias="federation-with-signatures"> <saml token-timeout="4000" clock-skew="0"/> <key-store url="/jbid_test_keystore.jks" passwd="changeit" sign-key-alias="localhost" sign-key-passwd="changeit"/> <identity-provider url="http://localhost:8080/idp-sig/" alias="idp-sig.war" security-domain="idp" supportsSignatures="true" strict-post-binding="false"> <trust> <trust-domain name="localhost" cert-alias="localhost"/> <trust-domain name="127.0.0.1" cert-alias="localhost"/> </trust> </identity-provider> <service-providers> <service-provider alias="sales-post-sig.war" security-domain="sp" url="http://localhost:8080/sales-post-sig/" post-binding="true" supportsSignatures="true"/> <service-provider alias="sales-redirect-sig.war" security-domain="sp" url="http://localhost:8080/sales-redirect-sig/" post-binding="false" supportsSignatures="true" strict-post-binding="false"/> </service-providers> </federation> <!-- An example of the PicketLink Identity Management configuration --> <identity-management jndi-name="picketlink/JPAPartitionManager" alias="jpa.partition.manager"> <identity-configuration name="jpa.store.config"> <jpa-store data-source="jboss/datasources/ExampleDS"> <supportedTypes supportsAll="true"/> </jpa-store> </identity-configuration> </identity-management> </subsystem>
Note
The domain model XML schema can be obtained from https://github.com/picketlink/picketlink-as-subsystem/blob/master/src/main/resources/schema/jboss-picketlink_1_0.xsd.