0 Replies Latest reply on Oct 6, 2011 6:20 PM by hibernal

    Behavior of security module-option-flag

    hibernal Newbie

      Here's an unhappy mix:

      1) A legacy application that handles it's own user authentication code-side

      2) A service that uses the legacy application and that when required provides SAML managed by the container

      3) A desire to port this to JBOSS, use a domain model, and avoid if possible re-rolling domain profiles to toggle SAML on or off


      I was thinking I might do this by setting the module option flag for the picketlink section to a variable that could be toggled between "required" and "optional" via a properties file attached to each profile ( so I could just change that rather than change the whole profile if I needed to toggle SAML on or off for some specific case ), but in the schema docs I read this:


      "If no required or requisite LoginModules are configured for an application, then at least one sufficient or optional LoginModule must succeed."


      This leaves me confused about how things will behave if I have a login module for picketlink with option module flag set to "optional" and a SAML fail case ( because the client does not present a SAML artifact ). Will JBOSS send back an HTTP 401, or will the client browse through to the login page for application-managed auth?