There are several threads on how Seam Security's LDAP Documentation is incomplete (eg. >>), so I'll focus on trying to formulate what have been its main lagoons for me, in order to see if someone can help us here.
First of all, when delegating any configuration except Seam's JPAIdentityStore to PicketLink's Documentation >>
I'm missing indications about where are we supposed to tell Seam which implementation to use, since, apparently, that's not PicketLink's issue.
I suppose there might exist some kind of tag available for beans.xml, similar to JPAIdentityStore's >> but for LDAP?
All PicketLink documents is a file called idm-config.xml >>. How to configure it in detail is clear, however, where should such a file go? Somewhere in our server? Don't think so... In our app at least, but where exactly? The given example uses java.io.File to load it into the IdentityConfigurationImpl, which I consider to be a bad practice since it allows the file to be practically anywhere (except in our WAR, if it's compressed...). Anyway, that's not a matter for this forum but for PicketLink's...
I would expect, though, some information from Seam about the relation between this file and the framework.
Which leads us to my second question that is, where will Seam's IdentityConfigurationMetaData load its data from?
There is also a section on how to deploy it as a datasource on JBoss 5 >>, which would be ideal. But the given suffix -jboss-idm.xml isn't recognized by JBoss 6, not to talk about JBoss7 which doesn't use deployment descriptors at all. So, is this supported on newer versions at all? (I know this one isn't strictly Seam related, I'll post it elsewhere if necessary)
In sum, I'm lacking documentation from Seam to know how to tell it to use its LDAP implementation and from PicketLink to know where to place its configuration files.
Right now I have programmed a workaround where I instantiate an IdentitySessionFactory once in an ApplicationScoped bean, which delivers IdentitySessions from a producer method, therefore, 'imitating' what should be the embedded implementation - indeed, I have to inject them with a qualifer to distinguish my IdentitySession from the regular one, which gives me the impression it could be a lot simpler. It's here if you wanna take a look >> (it's in Spanish, but you can take a quick look at the code)
Thanks in advance for any feedback.