This content has been marked as final.
Show 1 reply
-
1. Re: [Picketlink-Federation-SAML] IDP SessionID on SP
hodrigohamalho Aug 27, 2014 2:22 PM (in response to hodrigohamalho)Hum... finally I got it, in this case I used SAML2AttributeHandler to get the sessionID, but can be any attribute.
On picketlink.xml (IDP side):
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1"> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AttributeHandler"> <Option Key="ATTRIBUTE_MANAGER" Value="org.picketlink.handler.SAML2CustomAttributeManager"></Option> <Option Key="ATTRIBUTE_KEYS" Value="sessionID" /> </Handler> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" /> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" /> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" /> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" /> </Handlers>
Note: AttributeHandler MUST be on the beginning.
====================================================================================
Create this class on IDP:
public class SAML2CustomAttributeManager implements AttributeManager{ @Override public Map<String, Object> getAttributes(Principal userPrincipal, List<String> attributeKeys) { Map<String, Object> m = new HashMap<String, Object>(); try{ HttpServletRequest request = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest"); m.put("sessionID", request.getSession().getId()); }catch(Exception e){ e.printStackTrace(); } return m; } }
====================================================================================
SP side:
picketlink.xml
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1"> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" /> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" /> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" /> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" /> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AttributeHandler" /> </Handlers>
The attribute can be retrieved this way:
session.getAttribute("SESSION_ATTRIBUTE_MAP")
I put a complete example on my github: hodrigohamalho/picketlink-sp-communication · GitHub