0 Replies Latest reply on Jul 29, 2016 2:24 PM by srahaingoson

    External configuration with picketlink saml federation

    srahaingoson
    srahaingoson Jul 29, 2016 2:24 PM

      I'm using picketlink as a sp provider on wildfly 10.

      I'm looking for information on how to externalize the picketlink configuration files/objects such as the following :


      picketlink.xml

      the sp-metadata

      the idp-metadata

      the keystore

       

      Update :

      So I found out that you can add a subsystem in the stanalone.xml or domain.xml but no info on externalizing the metadata.

       

      Adding handlers was a pain as neither the xsd nor the error messages allow for understanding clearly what are the required attributes.

      So for anyone else who is doing it :

       

      The handler bloc looks like this :

       

      <handlers>
   <handler name="" class-name="" code="">
       <handler-parameter name="" value="" />
   </handler>
</handlers>

       

      You define the handler by giving the name and *either* the class-name or the code, not both. If you define all three attributes then you'll get the message :

       

      "WFLYPL0014: Invalid attribute [code] definition for [\"handler\" => \"theNameYouHaveGiven\"]. Only one of the following attributes are allowed: [class-name, code]."

       

      If you don't set the name because you don't know what it corresponds to, the the value "name" is silently set for the attribute. If you define only one handler it works (even thought the xsd describes "name" as mandatory),

      If you have several, it fails because you can't have duplicate names. And having the name attribute set by default as "name" will leave you scratching your head at the next error messages.

       

      Long story short, here is an example of what works (without parameters) :

       

      <handlers>
  <handler name="SAML2AuthenticationHandler" class-name="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
  <handler name="SAML2AttributeHandler" class-name="org.picketlink.identity.federation.web.handlers.saml2.SAML2AttributeHandler" />
  <handler name="SAML2SignatureGenerationHandler" class-name="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler" />
  <handler name="SAML2SignatureValidationHandler" class-name="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler" />
</handlers>

       

      As stated above, I'm still looking for some info on the metadata by the way