0 Replies Latest reply on Nov 27, 2012 2:13 PM by pacodelucia

    Pass SAML Token from Webapp to EJB

    pacodelucia Newbie

      Hi

       

      I've successfully set up the sale-post examples on JBoss 7.1.1 and after some classpath fixing it worked. I call the sales-post webapp, i'm redirected to the IDP, I authenticate and I'm coming back to sales-post with a SAML-Assertion.

       

      As I understand it in this example the SPPostFormAuthenticator passes the SAML-Assertion contained in the HTTP-POST-Request using some ThreadLocal "magic" to the SAML2LoginModule. This LoginModule then creates a SimplePrincipal.

       

      However I would prefer to have a SamlPrincipal as it is done in the STSIssuingLoginModule. My goal is to access the original SAML-Assertion as it was issued by the IDP in my Application (e.g. an EJB).

       

      The article here

       

      https://community.jboss.org/wiki/IssuingAndPropagatingSAMLAssertionsWithinJBossAS

       

      explains how to set up something similar but with the difference that the "end-user" authenticates with username/password. It seems that in this scenario the saml assertion is passed from the web container to the ejb container.

       

      Any hints or ideas?

      Regards

      Oliver