1 Reply Latest reply on Sep 26, 2011 10:54 AM by spyhunter99

How to handle authentication (e.g. ws-security) w/ picketlink STS

dcarniel Sep 22, 2011 3:16 PM

Hi all,

I'm working a solution for I'd need to provide an STS to a third party so they can authenticate. I came across PicketLink STS and was quickly able to setup an STS that provides SAML 2.0 tokens, exactly what I need.

Now I'm facing a problem with the authentication part... I've looked into many possible solutions (ws-security header, claims), but I do not manage to get the credentials I need to check anywhere in my STS, and therefore I cannot check them before letting the SAML token be issued.

I'm not sure if I'm missing something here as I'm new to ws-trust, but any experience or pointers you could give would be very much appreciated...

Thanks for you help

Denis

PS: If anyone is interested I've got PL STS running on Tomcat out of a maven project... ;-)

1. Re: How to handle authentication (e.g. ws-security) w/ picketlink STS

spyhunter99 Sep 26, 2011 10:54 AM (in response to dcarniel)

Correct me if I'm wrong, but here is the way WS-Trust and STS's are suppose to work.

You access a web page that is protected
Your browser is redirected to a logon page
Enter credentials click submit
Credentials are verified by the STS and added to the session object for you
You're redirected back to the original page

The credentials part is suppose to be arbitrary, any authentication method should work so long as the STS can verify it. This works for web services too, only you go directly to the STS first and authentication, then use the token to invoke the target web service.

This probably doesn't help you solve the problem, but hopefully it adds some clarity to the situation.
Actions