as the subject suggests, is it possible with picketlink to have an hybrid authentication&authorization mechanism?
What I'd like to do is authenticate a user against OpenLDAP, but authorize him/her against database.
At the moment I can authenticate via LDAP and via database as well.
Any ideas, suggestion, howtos, guides?
Thanks in advance,
Do you want to authenticate users using LDAP and load the roles from a database, is that correct ?
If so, take a look at this thread https://community.jboss.org/message/721375#721375.
To load the roles from the database use a custom AttributeManager implementation, like pointed out in the thread above.
The roles will be inserted in the SAML Assertion as attributes, after that you can do the authorization based on them.
|Retrieving data ...|