Using jboss login modules with picketlink
oourfali Jan 17, 2012 5:00 AMHey all,
I'm trying to create a SSO environment between web applications in Jboss AS7.
I read the documentation on doing that on Jboss AS7, deployed the examples, and it worked properly.
Now, trying to use it in my application, I made the IDP work with a customized login module I wrote.
In that login module I delegate the login procedure to one of my EJBs, and get a valid response.
From this response I create a new Principal (also a customized principal, implementing the Principal interface), with the required roles.
The authentication procedure works well, but, I expect to get my customized principal at the service providers I'm using, but I get a GenericPrincipal instead.
The username+roles are indeed correct, but all the other information (members I have in my customized principal) is lost.
I did some digging and debugging, and I found out that both the SPPostFormAuthenticator, and the SPRedirectFormAuthenticator, create a new generic principal, but they don't pass the principal object there.
//Map to JBoss specific principal
if ((new ServerDetector()).isJboss() || jbossEnv)
{
//Push a context
ServiceProviderSAMLContext.push(username, roles);
principal = context.getRealm().authenticate(username, password);
ServiceProviderSAMLContext.clear();
}
else
{
//tomcat env
principal = spUtil.createGenericPrincipal(request, username, roles);
}
SPUtil does:
public Principal createGenericPrincipal(Request request, String username, List<String> roles)
{
Context ctx = request.getContext();
return new GenericPrincipal(ctx.getRealm(), username, null, roles);
}
However, even if I changed the code to pass the principal, it is again not my customized principal, but some inner class created in picketlink.
How can I preserve this user data?
Is there another way to pass this customized user data to the different SPs?
Thank you,
Oved