Hello all,
Using picketlink 2.1.5-FINAL and jboss 7.1.
I have a project that needs to use both picketlink and a local store as authentication providers for different sets of users.
In trying to fullfill the above, I built the following security domain, which i think sould do what I need:
<security-domain name="sp" cache-type=" <authentication> <login-module code="Remoting" flag="optional"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> <login-module code="RealmUsersRoles" flag="sufficient"> <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/> <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/> <module-option name="realm" value="ApplicationRealm"/> <module-option name="password-stacking" value="useFirstPass"/> </login-module> <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="sufficient"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> </authentication> <audit> <provider-module code="org.picketlink.identity.federation.core.audit.PicketLinkAuditProvider"/> </audit> </security-domain>
I designed a test application with a private area that automatically triggers the picketlink to send the appropriate request to the IDP (the picketlink part is working)
In order to allow a different login method, I created a login form and custom servlet that calls request.login(username,password) with credentials that are accepted by my local user store.
If I remove the picketlink valve from jboss-web.xml, my custom login operates as expected. If I leave the picketlink valve, the call to request.login() succeds, but the next request will return me a null principal. From what I am seeing, I think that picketlink's valve or some other code is clearing the authentication cache, even if a valid JAAS principal exists.
Is there any way to get picketlink to play well with other authentication modules?
TIA