You are right. Right now, we don't have a OOTB loginmodule supporting PicketLink IDM. However, a IDM loginmodule should be something simple to achieve. Did you do something around that ?
I think that would be much more easier to achieve using the PicketLink IDM Subsystem . So you just need to grab the PartitionManager from JNDI and query the stores.
pcraveiro I'm looking to do something similar to what this discussion speaks about, I am posting here because of your references to making a custom LoginModule, which I believe is what I need for my solution. Please let me know if I should open my own thread, if so I apologize.
Could you provide any insight about this subject, as I believe this would solve my desired setup.
The application server I am using is WildFly 8.2 Final, with Single Sign On enabled. I'm trying to get PicketLink to honor the containers SSO rules. I have only change two sections in the Standalone.xml file, Undertow and Security.
I want to use a full IDM setup, as I need to have Group, Roles and Permissions, my deploy has multiple WARs each containing the same JAR that contains the PicketLink security configuration. PicketLink doesn't pickup on the SSO setting, therefore doesn't create the JSESSIONIDSSO cookie. When I AUTH throw a basic WAR (no PL config) that creates the SSO cookie, PicketLink ignores this cookie and results in a AUTH prompt.
<server name="default-server"> <ajp-listener name="default.ajp" socket-binding="ajp"/> <http-listener name="default" socket-binding="http"/> <host name="default-host" alias="localhost"> <location name="/" handler="welcome-content"/> <filter-ref name="request-dumper"/> <filter-ref name="server-header"/> <filter-ref name="x-powered-by-header"/> <single-sign-on path="/"/> </host> </server>
<security-domain name="sso" cache-type="default"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="usersProperties" value="users.properties"/> <module-option name="rolesProperties" value="roles.properties"/> </login-module> </authentication> </security-domain>