1 Reply Latest reply on Aug 27, 2014 2:22 PM by hodrigohamalho

    [Picketlink-Federation-SAML] IDP SessionID on SP

    hodrigohamalho
    hodrigohamalho Aug 22, 2014 4:19 PM

      Hi folks,

      I'm using Picketlink SAML to SSO purposes.

       

      Is any way to get the IDP's sessionID from a ServletFilter on SP ?

        • 1. Re: [Picketlink-Federation-SAML] IDP SessionID on SP
          hodrigohamalho
          hodrigohamalho Aug 27, 2014 2:22 PM (in response to hodrigohamalho)

          Hum... finally I got it, in this case I used SAML2AttributeHandler to get the sessionID, but can be any attribute.

           

          On picketlink.xml (IDP side):

           

          <Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
  <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AttributeHandler">
  <Option Key="ATTRIBUTE_MANAGER" Value="org.picketlink.handler.SAML2CustomAttributeManager"></Option>
  <Option Key="ATTRIBUTE_KEYS" Value="sessionID" />
  </Handler>
  <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" />
  <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
  <Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
  <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
</Handlers>

           

          Note: AttributeHandler MUST be on the beginning.

           

          ====================================================================================

           

          Create this class on IDP:

          public class SAML2CustomAttributeManager implements AttributeManager{
  @Override
  public Map<String, Object> getAttributes(Principal userPrincipal, List<String> attributeKeys) {
    Map<String, Object> m = new HashMap<String, Object>();

    try{
      HttpServletRequest request = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
  m.put("sessionID", request.getSession().getId());
    }catch(Exception e){
      e.printStackTrace();
    }

  return m;
  }
}

          ====================================================================================

           

          SP side:

          picketlink.xml

          <Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
  <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
  <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
  <Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
  <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
  <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AttributeHandler" />
</Handlers>

           

          The attribute can be retrieved this way:

           

          session.getAttribute("SESSION_ATTRIBUTE_MAP")

           

          I put a complete example on my github: hodrigohamalho/picketlink-sp-communication · GitHub

            • Actions