1 Reply Latest reply on Apr 19, 2016 3:11 AM by zcc39r

Using SAML IDP and SP with IdentityManager on SP.

andrejg Apr 4, 2016 10:34 AM

Hello,

What I would like to have is the following:

1) SSO authentication using SAML for multiple applications

2) Identity object in each application that contains additional user properties (roles, groups, group roles,..) - those properties are loaded from existing database.

I can achieve the first point using the the Picketlink IDP and SP quickstarts (https://github.com/jboss-developer/jboss-picketlink-quickstarts/ )

The problem is however that all I get here is the user that is stored in request ( request.getUserPrincipal().getName() ).

How can I get the Identity object ( org.picketlink.Identity ) associated with the SAML authenticated user and read additional info about the user from database? I only have username and roles in the SAML token, I want additional user info to be loaded separately.

What I want is to be able to use SAML authentication and Identity Manager (read-only on SP side) at the same time, but I have not found any example of that kind on the web.

Best regards,

Andrej

1. Re: Using SAML IDP and SP with IdentityManager on SP.

zcc39r Apr 19, 2016 3:11 AM (in response to andrejg)

If you use your existing database at IdP side, you could implement custom attribute manager (see User-defined SAML Assertion Attributes) and map user properties onto SAML attributes.
Then, at SP side, you can access these attributes via HttpSession - see SAML2AttributeHandler.
Actions