3 Replies Latest reply on Feb 4, 2014 11:26 PM by anil.saldhana

    Federation Identity in PicketLink with multiple IDP/JAAS




      I can't find a clear answer whether Picket Link supports a true federation identity when users might want to login into a site via different IDP or built-in into JBoss JAAS login modules with for example Form Based Authentication.


      The business case:

      1. We have an existed site that control access with JAAS DatabaseServerLoginModule(Form Based Authentication)
      2. Selected users want to SSO from remote IDP(SalesForce) but at the same time we need to preserve ability to connect directly since not everyone registered on the remote IDP


      I understand that to take care of the 2nd item, I might configure local PicketLink idp.war that would point to the same DatabaseServerLoginModule and adjust my application to pay a SP role and being pointed to local IDP. But how to configure federation between my idp.war and remote IDP that someone could SSO from Sales Force?


      The documented 3rd party integration sample like https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Salesforce+as+SP only present 1(SP)-to-1(IDP) relation.