Versions: Wildfly 8.2.0Final, PicketLink 2.0.7.CR3
I have successful deployed the sample WS-Trust Security Token Service ("sample EAP-6.3.0\jboss-eap-6.3.0.GA-quickstarts\picketlink-sts") implementation on the Wildfly AS, and I can get SAML assertion, too.
I developled a pojo WebService, I called its method from SOAP UI (insert the generated SAML assertion into the request header).
I have added 2 handler into the webservice handler chain:
1. Writing SOAPHandler that sets soap:mustUnderstand in Security tag to false
2. Adding picketlink SAML2Handler programatically to the handler chain
After that I was able to get the right principal from the webservice method.
I have checked in the Wildfly's modules directory and also in the picketlink installer (ant script), that in case of wildfly there wont be install the picketlink-jbas7-2.7.0.CR3.jar containing the
org.picketlink.trust.jbossws.handler.SAML2Handler class, it will be installed only in case of jboss. So I have to add this jar (and also some others) to my project manually, as org.picketlink module doesn't contain it.
But my main problem is, that in the standalone.xml I have to config a security domain using org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule, and this class is also in picketlink-jbas7-2.7.0.CR3.jar.
Could anyone tell me, why theese classes (org.picketlink.trust.jbossws.handler.SAML2Handler, org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule) are not in the picketlink module of the Wildfly AS?
Is there a good sample to secure EJB WebService (with @RolesAllowed annotation) using SAML assertion in Wildfly AS? Or there is only support for it in JBoss AS?
I have used theese articles:
Thanks a lot in advance!