0 Replies Latest reply on Jan 17, 2012 5:00 AM by Oved Ourfali

    Using jboss login modules with picketlink

    Oved Ourfali Newbie

      Hey all,

       

      I'm trying to create a SSO environment between web applications in Jboss AS7.

      I read the documentation on doing that on Jboss AS7, deployed the examples, and it worked properly.

       

      Now, trying to use it in my application, I made the IDP work with a customized login module I wrote.

      In that login module I delegate the login procedure to one of my EJBs, and get a valid response.

      From this response I create a new Principal (also a customized principal, implementing the Principal interface), with the required roles.

       

      The authentication procedure works well, but, I expect to get my customized principal at the service providers I'm using, but I get a GenericPrincipal instead.

      The username+roles are indeed correct, but all the other information (members I have in my customized principal) is lost.

       

      I did some digging and debugging, and I found out that both the SPPostFormAuthenticator, and the SPRedirectFormAuthenticator, create a new generic principal, but they don't pass the principal object there.

                  //Map to JBoss specific principal

                  if ((new ServerDetector()).isJboss() || jbossEnv)

                  {

                     //Push a context

                     ServiceProviderSAMLContext.push(username, roles);

                     principal = context.getRealm().authenticate(username, password);

                     ServiceProviderSAMLContext.clear();

                  }

                  else

                  {

                     //tomcat env   

                     principal = spUtil.createGenericPrincipal(request, username, roles);

                  }

       

      SPUtil does:

         public Principal createGenericPrincipal(Request request, String username, List<String> roles)

         {

            Context ctx = request.getContext();

            return new GenericPrincipal(ctx.getRealm(), username, null, roles);

         }

       

      However, even if I changed the code to pass the principal, it is again not my customized principal, but some inner class created in picketlink.

       

      How can I preserve this user data?

      Is there another way to pass this customized user data to the different SPs?

       

      Thank you,

      Oved