12.5.4.5. Service Provider Security Domain

Prev
PicketLink Reference Documentation
Next

⁠12.5.4.5. Service Provider Security Domain

⁠12.5.4.5.1. Configuring a security domain

In order to handle the SAML assertions returned by the Identity Provider, the Service Provider needs to be configured with the properly security domain configuration. This is done by defining a <security-domain> element in jboss-web.xml.

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>    
    <security-domain>sp</security-domain>
    <valve>
        <class-name>org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator</class-name>
    </valve>
</jboss-web>

In order to use the security domain above, you need to configure it in your server. For JBoss AS7 you just need to add the following configuration to standalone.xml:

<subsystem xmlns="urn:jboss:domain:security:1.1">
    <security-domains>
        <security-domain name="sp" cache-type="default">
            <authentication>
                <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="required"/>
            </authentication>
    </security-domain>

    ...

</subsystem>

Report a bug