9 Replies Latest reply on Jun 11, 2010 2:31 PM by Babak Mozaffari

    New features for STS Login Modules

    Babak Mozaffari Newbie

      STSIssuingLoginModule and STSValidatingLoginModule respectively issue and validate tokens being returned from STS. The concept of user roles is not an inherent features of this mechanism but various principals and roles can nonetheless be returned by STS in the form of Attributes of Claims. I suggest the following enhancement to these two login modules:

       

      * Create a pluggable PrincipalProvider model where implementations of the PrincipalProvider interface can be configured on the login module and will be called upon to provide one or more Principal objects given a SAML token. These Principals would be inserted into the Subject by the LoginModule.

       

      The interface could look like this:

       

      public interface SAMLPrincipalProvider
      {
            java.security.Principal[] getPrincipals(org.w3c.dom.Element samlToken );
      }