This content has been marked as final.
Show 2 replies
-
1. Re: PicketLink STS: Binary Tokens into SAML 2 Assertions
anil.saldhana Jun 15, 2011 12:09 PM (in response to anil.saldhana)For the Kerberos/SPNego usecase, the setup will be as follows:
1) The web app is guarded by JBoss Negotiation.
2) The Login Module will be JBWSTokenIssuingLoginModule. It needs to have an option, handlerChain=binary. This installs the BinaryTokenHandler that can be set to pick http header/cookie to send a WS request to the STS. Also the valueType etc can be set on the ws binary request.
3) The STS receives the WS Trust issue request. If there is a wsse binary token available, look at the value type. If it is kerberos, then do the gss magic to get the user details and issue a samv2 assertion.
-
2. Re: PicketLink STS: Binary Tokens into SAML 2 Assertions
anil.saldhana Jun 15, 2011 1:23 PM (in response to anil.saldhana)Start with https://issues.jboss.org/browse/PLFED-186