2 Replies Latest reply on Mar 23, 2015 4:48 PM by Mason Clear

    picketlink idm with idp

    Olivier Sabatier Newbie



      i understood how to create and use an idp with the loginModules provided by Jboss eap6


      I understood the examples of IDM authentification.


      But i can't make the link between an IDM  and the security-domain in the Jboss server config used in my IDP ?


      Does i need to make an custom loginModule to use the idm configuration ??





        • 1. Re: picketlink idm with idp
          Pedro Igor Master

          Hey Olivier,


              You are right. Right now, we don't have a OOTB loginmodule supporting PicketLink IDM. However, a IDM loginmodule should be something simple to achieve. Did you do something around that ?


              I think that would be much more easier to achieve using the PicketLink IDM Subsystem [1]. So you just need to grab the PartitionManager from JNDI and query the stores.


          Pedro Igor

          • 2. Re: picketlink idm with idp
            Mason Clear Newbie

            pcraveiro I'm looking to do something similar to what this discussion speaks about, I am posting here because of your references to making a custom LoginModule, which I believe is what I need for my solution. Please let me know if I should open my own thread, if so I apologize.

            Could you provide any insight about this subject, as I believe this would solve my desired setup.


            The application server I am using is WildFly 8.2 Final, with Single Sign On enabled. I'm trying to get PicketLink to honor the containers SSO rules. I have only change two sections in the Standalone.xml file, Undertow and Security.

            I want to use a full IDM setup, as I need to have Group, Roles and Permissions, my deploy has multiple WARs each containing the same JAR that contains the PicketLink security configuration. PicketLink doesn't pickup on the SSO setting, therefore doesn't create the JSESSIONIDSSO cookie. When I AUTH throw a basic WAR (no PL config) that creates the SSO cookie, PicketLink ignores this cookie and results in a AUTH prompt.


                        <server name="default-server">
                            <ajp-listener name="default.ajp" socket-binding="ajp"/>
                            <http-listener name="default" socket-binding="http"/>
                            <host name="default-host" alias="localhost">
                                <location name="/" handler="welcome-content"/>
                                <filter-ref name="request-dumper"/>
                                <filter-ref name="server-header"/>
                                <filter-ref name="x-powered-by-header"/>
                                <single-sign-on path="/"/>


                            <security-domain name="sso" cache-type="default">
                                    <login-module code="UsersRoles" flag="required">
                                        <module-option name="usersProperties" value="users.properties"/>
                                        <module-option name="rolesProperties" value="roles.properties"/>