0 Replies Latest reply on Jan 17, 2012 5:00 AM by Oved Ourfali

    Using jboss login modules with picketlink

    Oved Ourfali Newbie

      Hey all,


      I'm trying to create a SSO environment between web applications in Jboss AS7.

      I read the documentation on doing that on Jboss AS7, deployed the examples, and it worked properly.


      Now, trying to use it in my application, I made the IDP work with a customized login module I wrote.

      In that login module I delegate the login procedure to one of my EJBs, and get a valid response.

      From this response I create a new Principal (also a customized principal, implementing the Principal interface), with the required roles.


      The authentication procedure works well, but, I expect to get my customized principal at the service providers I'm using, but I get a GenericPrincipal instead.

      The username+roles are indeed correct, but all the other information (members I have in my customized principal) is lost.


      I did some digging and debugging, and I found out that both the SPPostFormAuthenticator, and the SPRedirectFormAuthenticator, create a new generic principal, but they don't pass the principal object there.

                  //Map to JBoss specific principal

                  if ((new ServerDetector()).isJboss() || jbossEnv)


                     //Push a context

                     ServiceProviderSAMLContext.push(username, roles);

                     principal = context.getRealm().authenticate(username, password);





                     //tomcat env   

                     principal = spUtil.createGenericPrincipal(request, username, roles);



      SPUtil does:

         public Principal createGenericPrincipal(Request request, String username, List<String> roles)


            Context ctx = request.getContext();

            return new GenericPrincipal(ctx.getRealm(), username, null, roles);



      However, even if I changed the code to pass the principal, it is again not my customized principal, but some inner class created in picketlink.


      How can I preserve this user data?

      Is there another way to pass this customized user data to the different SPs?


      Thank you,