1 Reply Latest reply on Apr 4, 2013 2:41 PM by anil.saldhana

    PicketLink Subsystem Domain Model

    pcraveiro

      Introduction

       

      The PicketLink Subsytem needs a domain model that should be used to provide the configuration for the PicketLink-related services.

       

      The subsystem was initially created focusing on the Federation (SAML) services (before PicketLink v3).  Given that, we already have a domain model that needs to be changed to accomodate other PicketLink projects such as the IDM.

       

      <subsystem xmlns="urn:jboss:picketlink:1.0">

       

      <federation alias="federation-with-signatures">

          <key-store passwd="changeit" sign-key-alias="localhost" sign-key-passwd="changeit" url="/jbid_test_keystore.jks" />

       

          <saml token-timeout="4000" clock-skew="0" />

       

          <identity-provider alias="idp-sig.war" security-domain="idp" supportsSignatures="true" url="http://localhost:8080/idp-sig/" strict-post-binding="false">

              <trust>

                  <trust-domain name="localhost" cert-alias="localhost" />

                  <trust-domain name="127.0.0.1" cert-alias="localhost" />

              </trust>

          </identity-provider>

       

          <service-providers>

              <service-provider alias="sales-post-sig.war" post-binding="true" security-domain="sp" url="http://localhost:8080/sales-post-sig/" supportsSignatures="true" />

              <service-provider alias="sales-redirect-sig.war" post-binding="false" security-domain="sp" url="http://localhost:8080/sales-redirect-sig/" supportsSignatures="true" strict-post-binding="false" />

          </service-providers>

       

      </federation>

       

      </subsystem>

       

      References

       

          Initial Requirements and Discussions about the PicketLink Subsystem

       

      Source Code (Temporary branch)

       

         https://github.com/pedroigor/as-subsystem/tree/idm

       

      Initial Proposal

       

      <subsystem xmlns="urn:jboss:picketlink:1.0">  

       

          <!-- Identity Management Configuration -->

          <identity-management jndi-name="java:jboss/picketlink/my-idm-jpa">

               <jpa-store realms="..." tiers="...">

       

                  <features supportsAll="true|false">

                       <feature group="user" operation="read" />

                       <feature group="user" operation="create" />

                       ....

                   </features>

       

                  <relationships supportsAll="true|false">

                      <relationship class="CustomRelationship" />

                  </relationships>

       

               </jpa-store>

          </identity-management>

       

          <identity-management jndi-name="java:jboss/picketlink/my-idm-ldap">

              <ldap-store />

          </identity-management>

       

          <identity-management jndi-name="java:jboss/picketlink/my-idm-file">

              <file-store />

          </identity-management>

       

          <!-- PicketLink Federation Configuration -->

          <federation ...>

       

          </federation>

       

      </subsystem>