This is a rough draft for the SAML Enabled JBoss Web Services using PicketLink.
In the ideal case, you would create a jaxws handler xml file and then define it via the @HandlerChain annotation on the WS endpoint.
But if you are insistent on using the JBossWS specific @EndpointConfig annotation, then follow the instrictions below:
JBossWS JAXWS Configuration Blocks
File: server/default/deployers/jbossws.deployer/META-INF/standard-jaxws-endpoint-config.xml
<endpoint-config> <config-name>SAML WSSecurity Endpoint</config-name> <post-handler-chains> <javaee:handler-chain> <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings> <javaee:handler> <javaee:handler-name>SAML2 Handler</javaee:handler-name> <javaee:handler-class>org.picketlink.trust.jbossws.handler.SAML2Handler</javaee:handler-class> </javaee:handler> <javaee:handler> <javaee:handler-name>Recording Handler</javaee:handler-name> <javaee:handler-class>org.jboss.wsf.framework.invocation.RecordingServerHandler</javaee:handler-class> </javaee:handler> </javaee:handler-chain> </post-handler-chains> </endpoint-config> <endpoint-config> <config-name>SAML WSSecurity POJO Endpoint</config-name> <pre-handler-chains> <javaee:handler-chain> <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings> <javaee:handler> <javaee:handler-name>WSAuthorization Handler</javaee:handler-name> <javaee:handler-class>org.picketlink.trust.jbossws.handler.WSAuthorizationHandler</javaee:handler-class> </javaee:handler> <javaee:handler> <javaee:handler-name>WSAuthentication Handler</javaee:handler-name> <javaee:handler-class>org.picketlink.trust.jbossws.handler.WSAuthenticationHandler</javaee:handler-class> </javaee:handler> <javaee:handler> <javaee:handler-name>SAML2 Handler</javaee:handler-name> <javaee:handler-class>org.picketlink.trust.jbossws.handler.SAML2Handler</javaee:handler-class> </javaee:handler> <javaee:handler> <javaee:handler-name>Recording Handler</javaee:handler-name> <javaee:handler-class>org.jboss.wsf.framework.invocation.RecordingServerHandler</javaee:handler-class> </javaee:handler> </javaee:handler-chain> </pre-handler-chains> </endpoint-config>
Note: For the POJO endpoint, the handlers are installed as "pre-handler-chains"
File: server/default/deployers/jbossws.deployer/META-INF/standard-jaxws-client-config.xml
<client-config> <config-name>SAML WSSecurity Client</config-name> <post-handler-chains> <javaee:handler-chain> <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings> <javaee:handler> <javaee:handler-name>SAML2Handler</javaee:handler-name> <javaee:handler-class>org.picketlink.trust.jbossws.handler.SAML2Handler</javaee:handler-class> </javaee:handler> </javaee:handler-chain> </post-handler-chains> </client-config>
If you have used the "SECURITY_DOMAIN" as the login config for your web application such that you can configure the PicketLinkAuthenticator, then
File: server/default/deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml
<entry> <key>NONE</key> <value>org.apache.catalina.authenticator.NonLoginAuthenticator</value> </entry> <entry> <key>SECURITY_DOMAIN</key> <value>org.picketlink.identity.federation.bindings.tomcat.PicketLinkAuthenticator</value> </entry>
Note that we have added the SECURITY_DOMAIN block
Comments