1 of 1 people found this helpful
Look at https://community.jboss.org/wiki/PicketLinkArchitectures, which hints at the STS acting as the center of a trusted heterogeneous system.
The STS is what creates the trust anchor for your system. Every unit in the system relies on the STS for trust.
Thank you very much for helping. I looked at the page and we are currently working to implement calling the Picketlink STS.
I work for a company called Ping Identity and our expertise is SAML. I'd be happy to hear more about the issues you are having and see if there are some ways we can help. Let me know if you have interest. Also, feel free to visit our website www.pingidentity.com for more information. I look forward to your response.
Well this issue is that we are trying to configure our web services to use JBOSS and SAML. So I have reviewed the orignal link that I was referred to. We are using is SOAP and we are trying to see is after we configure SAML using the JARS from http://community.jboss.org/wiki/CheatsheetPicketLinkandJBossAS#cf and xml for the Service Provider and Identity Provider, do we need to put the assertions within our SOAP messages?
Basically, we are trying to find out what components are needed to configure SAML to our services.
What I have located is:
create a picketlink_sts.xml file
configure Sercuirty and Identty Providers
** And...is there an example? I believe we are to add SAML Assertions into our SOAP messages, make the call to the PicketLink STS which will parse the request and marshall the object then send us a response. Is this correct??
Thanks everyone for all the help
You can start with deploying picketlink-sts.war from http://www.jboss.org/picketlink/downloads.html
And then follow the steps provided in http://community.jboss.org/wiki/PicketLinkSTS-WritingaTokenProvider to write your own Token Provider where you can create SAML Assertion as per your needs.
You can have a look at org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider.java from SVN It will give you an idea of how to use picketlink wrapped APIs and utils available for creating a SAML assertion.
Ok, So I am looking at what you said and I and trying to get a clear understanding. If our web services already use SOAP cant we skip over some of this and just use the SAML SOAP bingings to call the PicketLink STS web service?
Is it completely necessary for us to go through all these steps?
The steps i've mentioned earlier are the customizations available for PickteLink server.
If you are talking about client.
"If our web services already use SOAP cant we skip over some of this and just use the SAML SOAP bingings to call the PicketLink STS web service?"
Yes, this is possible. Read through this http://community.jboss.org/thread/150937?tstart=0
I'm trying to achieve a similar functionality.