Version 5
Created by anil.saldhana on Jul 13, 2011 3:57 PM. Last modified by anil.saldhana on Jul 15, 2011 11:48 AM.

    This is a rough draft for the SAML Enabled JBoss Web Services using PicketLink.

     

     

    In the ideal case, you would create a jaxws handler xml file and then define it via the @HandlerChain annotation on the WS endpoint.

    But if you are insistent on using the JBossWS specific @EndpointConfig annotation, then follow the instrictions below:

     

    JBossWS JAXWS Configuration Blocks

    File: server/default/deployers/jbossws.deployer/META-INF/standard-jaxws-endpoint-config.xml

     

     

     <endpoint-config>
    <config-name>SAML WSSecurity Endpoint</config-name>
    <post-handler-chains>
      <javaee:handler-chain>
        <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings>
        <javaee:handler>
          <javaee:handler-name>SAML2 Handler</javaee:handler-name>
          <javaee:handler-class>org.picketlink.trust.jbossws.handler.SAML2Handler</javaee:handler-class>
        </javaee:handler>
        <javaee:handler>
          <javaee:handler-name>Recording Handler</javaee:handler-name>
          <javaee:handler-class>org.jboss.wsf.framework.invocation.RecordingServerHandler</javaee:handler-class>
        </javaee:handler>
      </javaee:handler-chain>
    </post-handler-chains>
  </endpoint-config>



  <endpoint-config>
    <config-name>SAML WSSecurity POJO Endpoint</config-name>
    <pre-handler-chains>
      <javaee:handler-chain>
        <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings>
        <javaee:handler>
          <javaee:handler-name>WSAuthorization Handler</javaee:handler-name>
          <javaee:handler-class>org.picketlink.trust.jbossws.handler.WSAuthorizationHandler</javaee:handler-class>
        </javaee:handler>
        <javaee:handler>
          <javaee:handler-name>WSAuthentication Handler</javaee:handler-name>
          <javaee:handler-class>org.picketlink.trust.jbossws.handler.WSAuthenticationHandler</javaee:handler-class>
        </javaee:handler>
        <javaee:handler>
          <javaee:handler-name>SAML2 Handler</javaee:handler-name>
          <javaee:handler-class>org.picketlink.trust.jbossws.handler.SAML2Handler</javaee:handler-class>
        </javaee:handler>
        <javaee:handler>
          <javaee:handler-name>Recording Handler</javaee:handler-name>
          <javaee:handler-class>org.jboss.wsf.framework.invocation.RecordingServerHandler</javaee:handler-class>
        </javaee:handler>
      </javaee:handler-chain>
    </pre-handler-chains>
  </endpoint-config>

     

    Note:  For the POJO endpoint, the handlers are installed as "pre-handler-chains"

     

     

    File:  server/default/deployers/jbossws.deployer/META-INF/standard-jaxws-client-config.xml

     

      <client-config>
    <config-name>SAML WSSecurity Client</config-name>
    <post-handler-chains>
      <javaee:handler-chain>
        <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings>
        <javaee:handler>
          <javaee:handler-name>SAML2Handler</javaee:handler-name>
          <javaee:handler-class>org.picketlink.trust.jbossws.handler.SAML2Handler</javaee:handler-class>
        </javaee:handler>
      </javaee:handler-chain>
    </post-handler-chains>
  </client-config>

     

     

     

    If you have used the "SECURITY_DOMAIN" as the login config for your web application such that you can configure the PicketLinkAuthenticator, then

     

    File:  server/default/deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml

     

     <entry>
               <key>NONE</key>
               <value>org.apache.catalina.authenticator.NonLoginAuthenticator</value>
            </entry>
            <entry>
               <key>SECURITY_DOMAIN</key>
               <value>org.picketlink.identity.federation.bindings.tomcat.PicketLinkAuthenticator</value>
            </entry>

     

    Note that we have added the SECURITY_DOMAIN block