1 Reply Latest reply on Sep 30, 2011 8:37 AM by Marcin Stański

    SAML Assertion with roles in PicketLink STS

    Marcin Stański Newbie

      Hi,

       

      I'm using PicketLink STS, and I managed to configure it with user identities, which works fine.

       

      Is there a way to configure PicketLinkSTS, so that Roles were attached to SAML Assertion ?

      Then, is it possible to make org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule  make use of that roles ?

       

      Thanks in advance.

      Maricn Stański

        • 1. Re: SAML Assertion with roles in PicketLink STS
          Marcin Stański Newbie

          Ok, I found the solution

          All you need to do is to add AttributeProvider to picketlink-sts.xml

           

          <TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider"

                          TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"

                      TokenElement="Assertion"

                      TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion">

                      <Property Key="AttributeProvider" Value="org.picketlink.identity.federation.bindings.jboss.auth.SAML20TokenRoleAttributeProvider"/>           

                      <Property Key="org.picketlink.identity.federation.bindings.jboss.auth.SAML20TokenRoleAttributeProvider.tokenRoleAttributeName" Value="Role"/>

                  </TokenProvider>