0 Replies Latest reply on Mar 9, 2015 11:19 AM by Brigitta Hajdu Ráfis

    Securing Webservices in Wildfly using SAML with PicketLink STS

    Brigitta Hajdu Ráfis Newbie

      Versions: Wildfly 8.2.0Final, PicketLink 2.0.7.CR3


      I have successful deployed the sample WS-Trust Security Token Service ("sample EAP-6.3.0\jboss-eap-6.3.0.GA-quickstarts\picketlink-sts") implementation on the Wildfly AS, and I can get SAML assertion, too.

      I developled a pojo WebService, I called its method from SOAP UI (insert the generated SAML assertion into the request header).

      I have added 2 handler into the webservice handler chain:

      1. Writing SOAPHandler that sets soap:mustUnderstand in Security tag to false

      2. Adding picketlink SAML2Handler programatically to the handler chain

      After that I was able to get the right principal from the webservice method.


      I have checked in the Wildfly's modules directory and also in the picketlink installer (ant script), that in case of wildfly there wont be install the picketlink-jbas7-2.7.0.CR3.jar containing the

      org.picketlink.trust.jbossws.handler.SAML2Handler class, it will be installed only in case of jboss. So I have to add this jar (and also some others) to my project manually, as org.picketlink module doesn't contain it.


      But my main problem is, that in the standalone.xml I have to config a security domain using org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule, and this class is also in picketlink-jbas7-2.7.0.CR3.jar.


      Could anyone tell me, why theese classes (org.picketlink.trust.jbossws.handler.SAML2Handler, org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule) are not in the picketlink module of the Wildfly AS?


      Is there a good sample to secure EJB WebService (with @RolesAllowed annotation) using SAML assertion in Wildfly AS? Or there is only support for it in JBoss AS?


      I have used theese articles:

      SAML Enabled POJO Web Services



      Thanks a lot in advance!