1 Reply Latest reply on Sep 26, 2011 10:54 AM by spyhunter99

    How to handle authentication (e.g. ws-security) w/ picketlink STS

    dcarniel Newbie

      Hi all,

       

      I'm working a solution for I'd need to provide an STS to a third party so they can authenticate. I came across PicketLink STS and was quickly able to setup an STS that provides SAML 2.0 tokens, exactly what I need.

       

      Now I'm facing a problem with the authentication part... I've looked into many possible solutions (ws-security header, claims), but I do not manage to get the credentials I need to check anywhere in my STS, and therefore I cannot check them before letting the SAML token be issued.

       

      I'm not sure if I'm missing something here as I'm new to ws-trust, but any experience or pointers you could give would be very much appreciated...

       

      Thanks for you help

      Denis

       

      PS: If anyone is interested I've got PL STS running on Tomcat out of a maven project... ;-)

        • 1. Re: How to handle authentication (e.g. ws-security) w/ picketlink STS
          spyhunter99 Novice

          Correct me if I'm wrong, but here is the way WS-Trust and STS's are suppose to work.

           

          You access a web page that is protected

          Your browser is redirected to a logon page

          Enter credentials click submit

          Credentials are verified by the STS and added to the session object for you

          You're redirected back to the original page

           

          The credentials part is suppose to be arbitrary, any authentication method should work so long as the STS can verify it. This works for web services too, only you go directly to the STS first and authentication, then use the token to invoke the target web service.

           

          This probably doesn't help you solve the problem, but hopefully it adds some clarity to the situation.