1 Reply Latest reply on Sep 30, 2011 8:37 AM by mstanski

SAML Assertion with roles in PicketLink STS

mstanski Sep 29, 2011 10:04 AM

Hi,

I'm using PicketLink STS, and I managed to configure it with user identities, which works fine.

Is there a way to configure PicketLinkSTS, so that Roles were attached to SAML Assertion ?

Then, is it possible to make org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule make use of that roles ?

Thanks in advance.

Maricn Stański

1. Re: SAML Assertion with roles in PicketLink STS

mstanski Sep 30, 2011 8:37 AM (in response to mstanski)

Ok, I found the solution
All you need to do is to add AttributeProvider to picketlink-sts.xml

<TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider"
                TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
            TokenElement="Assertion"
            TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion">
            <Property Key="AttributeProvider" Value="org.picketlink.identity.federation.bindings.jboss.auth.SAML20TokenRoleAttributeProvider"/>
            <Property Key="org.picketlink.identity.federation.bindings.jboss.auth.SAML20TokenRoleAttributeProvider.tokenRoleAttributeName" Value="Role"/>
        </TokenProvider>
Actions