2 Replies Latest reply on Apr 1, 2011 1:48 PM by anil.saldhana

PicketLink chained authentication

toddstory Mar 30, 2011 9:00 AM

Is something like below possible? We're trying to support guest users or authentication from another source. When I'm trying to work this, it seems that when I try to authenticate through a freezone, the picketlink redirects are still kicking in. So, is there a way to provide guest access to the areas that can also be served by logged-in (via PicketLink)? In other words, the first part isn't necessarily required, just would be a nice to have as this is how chained authenticatino in JBoss is described.

<application-policy xmlns="urn:jboss:security-beans:1.0" name="sp">

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"

flag="sufficient">

<module-option name="usersProperties">props/jmx-console-users.properties</module-option>

<module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>

</login-module>

<login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule"

flag="sufficient">

<module-option name="unauthenticatedIdentity">anonymous</module-option>

</login-module>

</authentication>

</application-policy>

</deployment>

1. PicketLink chained authentication

anil.saldhana Mar 31, 2011 10:35 AM (in response to toddstory)

Todd, I will get back to you in a day or two. Under the weather => inability to think.
Actions
2. PicketLink chained authentication

anil.saldhana Apr 1, 2011 1:48 PM (in response to anil.saldhana)

Its not possible. Either you protect the web resource (url) which PL takes over or you do not.
Actions

Go to original post