6 Replies Latest reply on Aug 23, 2017 5:09 PM by jasonperrone

Externalizing PicketLink configuration? How?

pipo1000 Jul 6, 2010 9:22 AM

Hello,

Our application is being installed on multiple servers by consultants and customers. The current way of configuring SAML with PicketLink consists of changing the picklink-idfed.xml which is within the WAR file. However we need a way to configure the IdentityURL, ServiceURL and trusts etc. from our own property file or other external source, but not by changing a file within the WAR file. How can I do this, is there a programmatic interface within PicketLink to do this?

Thanks in advance,

Edwin

1. Re: Externalizing PicketLink configuration? How?

anil.saldhana Jul 6, 2010 12:26 PM (in response to pipo1000)

Edwin, we have not yet dealt with that. I know that this is a challenge at deployment. Since this is open source, I suggest that you can start a discussion around this in the PicketLink Discussion forum and we will gladly give you commit rights to bring in the changes (that we agree on in the discussion forum).
Actions
2. Re: Externalizing PicketLink configuration? How?

pipo1000 Oct 27, 2010 6:40 AM (in response to anil.saldhana)

I have changed the class org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator so it will first check for a system property before reading the WEB-INF/picketlink-idfed.xml file.

private void processStart() throws LifecycleException
{
    Handlers handlers = null;

    ServletContext servletContext = context.getServletContext();

    InputStream is = null;
    String filenaam = System.getProperty("SSOConfig");
    if (filenaam != null)
    {
        try
        {
            is = new FileInputStream(filenaam);
        }
        catch (java.io.FileNotFoundException e)
        {
            // nothing
        }

        if (is == null) throw new RuntimeException(filenaam + " missing");
    } else
    {
        is = servletContext.getResourceAsStream(configFile);
        if (is == null) throw new RuntimeException(configFile + " missing");
    }

....
....
Actions
3. Re: Externalizing PicketLink configuration? How?

anil.saldhana Nov 1, 2010 10:04 AM (in response to pipo1000)

The last release of PL has externalizing configuration feature. Take a look.
Actions
4. Re: Externalizing PicketLink configuration? How?

pipo1000 Nov 1, 2010 10:47 AM (in response to anil.saldhana)

Can you point me in the right direction? Do you mean the trunk or release 1.04? I just checked out your commits to the trunk and I could not find any configuration changes.
Actions
5. Re: Externalizing PicketLink configuration? How?

anil.saldhana Nov 1, 2010 10:52 AM (in response to pipo1000)

Sorry Edwin. The STS configuration is pluggagle.

http://community.jboss.org/wiki/PicketLinkSTS-PluggableConfigurationHandlers

I wanted to do the same for the IDP/SP, but was not motivated enough to do it for 1.0.4 Will punt it for 1.0.5
Actions
6. Re: Externalizing PicketLink configuration? How?

jasonperrone Aug 23, 2017 5:09 PM (in response to pipo1000)

Has this ever been resolved? I have implemented a ZERO code solution in my Tomcat app for this, meaning I am only using PL to forward to an IdentityURL and that forwards back to me with a SAML response. I don't want to get into subclassing anything. I only want to be able to make the config changes to the Tomcat web.xml, not my app's web.xml.
Actions

Go to original post