Version 8


    JBoss Identity Federation contains sample applications that show how JBID can be used to implement SAMLv2 Web Browser SSO. Starting with JBID version 1.0.0-beta1, three sets of applications are supplied: one for any generic web container, one for Tomcat and one for a JBoss AS 5.x server.


    The difference between the apps for generic web container and Tomcat/JBossAS ones are that the generic web container do not involve the servlet spec container authentication.


    Tomcat examples


    The applications should work at least on a Tomcat 6.x server, running Java 1.6. If Java 1.5 is used, you should copy a JAXB 2.x implementation to the lib directory of Tomcat.


    The sample IDP (IDentity Provider) applications can be deployed by copying their war files to Tomcat's lib folder:


    web-rootPackageSigns Outgoing MessagesIgnores Incoming Signatures


    They rely on the security context that has been set up in the application server. The realm should contain the following users and roles:


    salesSales, Employee
    managermanager, Sales, Employee


    The file $TOMCAT_HOME/conf/tomcat-users.xml can be used to configure those users:



      <role rolename="manager"/>

      <role rolename="Sales"/>

      <role rolename="Employee"/>

      <user password="manager" roles="manager,Employee,Sales" username="manager"/>

      <user password="sales" roles="Employee,Sales" username="sales"/>

      <user password="employee" roles="Employee" username="employee"/>



    The sample SP (Service Provider) applications should also be deployed:


    web-rootPackageIDPOutgoing Message BindingAuthorized User Roles
    /salessales.waridpHTTP RedirectSales
    /sales-sigsales-sig.waridp-sigHTTP RedirectSales
    /sales-post-sigsales-post-sig.waridp-sigHTTP PostSales
    /employeeemployee.waridpHTTP RedirectEmployee



    The following files need to be added to Tomcat's lib folder:


    • jboss-identity-bindings-<version>.jar
    • jboss-identity-fed-<version>.jar

    After starting Tomcat, try to login in the different applications, using the different users, and experience the SSO behaviour.




    JBoss AS 5.x examples



    The JBoss AS 5.x examples consist of:


    • an identity provider, implemented as a JSP application that uses the JBID Tomcat valve, and
    • a Seam application that uses the Seam filter to connect to the IDP as a service provider.


    They are packages as the file fed-example.ear, which should be copied to the deploy directory.


    The following JBID files need to be copied to the lib folder of the application server:


    • jboss-identity-bindings-<version>.jar
    • jboss-identity-bindings-jboss-<version>.jar
    • jboss-identity-fed-<version>.jar


    The IDP will use the default login module of JBoss, using a realm with the following users:



    salesSales, Employee
    managermanager, Sales, Employee



    For this to work, you need to create a file in the conf directory of your server instance:






    You also need a in the conf directory:






    After starting JBoss, you can surf to the public page of the Seam application:




    When clicking on a private page, you will be redirected to the IDP to login. After authentication, you will be redirected to the requested private page. It is also possible to start with a clean session and directly request a private page:




    Generic Web Container Applications

    There are two web applications that can be run on any servlet container.  The Web Apps are called idp-standalone.war and sales-standalone.war.   The applications support SAMLv2 HTTP POST Binding of the SAML2 Web Browser SSO Profile.