2 Replies Latest reply: Jun 15, 2011 1:23 PM by Anil Saldhana RSS

PicketLink STS: Binary Tokens into SAML 2 Assertions

Anil Saldhana Master

I would like to start this discussion thread for this important functionality.

 

Use Case: 

A request is sent to the PicketLink STS to issue a SAMLv2 token.  The ws-trust request includes a binary token. The STS will take the binary token and reissue a SAMLv2 token.

 

Where is this applicable?

 

The primary use case, I am thinking about is the SPNego binary header.  This will be passed from the JBoss Negotiation interception in the web layer to the STS (Via the PL Trust login module). Once the PL STS gets the binary token for SPNego, it works with the Active Directory/Kerberos Domain Controller to get the user details (name, attributes etc).  After the user details are gathered, the STS can issue a SAMLv2 assertion.