2 Replies Latest reply on Mar 20, 2012 12:33 PM by l.fugaro

PicketLink authentication via LDAP and authorization via database

l.fugaro Mar 16, 2012 6:41 AM

Hi all,

as the subject suggests, is it possible with picketlink to have an hybrid authentication&authorization mechanism?

What I'd like to do is authenticate a user against OpenLDAP, but authorize him/her against database.

At the moment I can authenticate via LDAP and via database as well.

Any ideas, suggestion, howtos, guides?

Thanks in advance,

Luigi

1. Re: PicketLink authentication via LDAP and authorization via database

pcraveiro Mar 19, 2012 9:33 AM (in response to l.fugaro)

Hi Luigi,

    Do you want to authenticate users using LDAP and load the roles from a database, is that correct ?

    If so, take a look at this thread https://community.jboss.org/message/721375#721375.

    To load the roles from the database use a custom AttributeManager implementation, like pointed out in the thread above.

    The roles will be inserted in the SAML Assertion as attributes, after that you can do the authorization based on them.

Regards.
Pedro Igor
1 of 1 people found this helpful
Actions
2. Re: PicketLink authentication via LDAP and authorization via database

l.fugaro Mar 20, 2012 12:33 PM (in response to pcraveiro)

Thanks for your reply, I'll try that and I'll let you know!

Thanks again,
Luigi
Actions