1 of 1 people found this helpful
1. This is actually not possible with PicketLink. However, it is possible with the new Seam 3 Security module (which is still under development, but there are already some working sample applications you could try and explore). It's in fact the successor of the PicketLink Seam module. That makes it possible to create Seam 3 applications that act as a SAML IDP or OpenID provider. More details can be found on http://www.sfwk.org/Seam3/SecurityModule.
2. Probably you can, but you need to so it yourself when using Seam 2: the PicketLink/Seam module only has service provider (relying party) support and doesn't include IDM. Seam 3 Security contains PicketLink IDM integration.
Thanks for your answer Marcel,
1. I am actually not thinking in creating a Seam 2 application type as SAML IDP, it would be a plain normal web application, as in the examples. The SP would be a Seam 2 application type, that will connect to SAML IDP application, is this not possible anyway?
2. I am actually trying to set the the JBossIdentityIDMLoginModule application policy within my own IDP to authenticate against IDM model, and also provide identities management, with this am i in a possible correct way?
- In the earlier days when I developed the Seam module for PicketLink, I tested by using a PicketLink based IDP connected to a PicketLink Seam SP. But after some time I decided to test with IDPs not provided by JBoss, because I wanted to focus more on interoperability, and because those IDPs had some features that were not there in the PicketLink IDP. So yes, what you want should be possible, but I don't know how to do this in the latest version of PicketLink. I'm only doing the Seam stuff.
- Sounds like a feasible approach.