PicketLink Subsystem Domain Model
pcraveiro Apr 3, 2013 12:08 PMIntroduction
The PicketLink Subsytem needs a domain model that should be used to provide the configuration for the PicketLink-related services.
The subsystem was initially created focusing on the Federation (SAML) services (before PicketLink v3). Given that, we already have a domain model that needs to be changed to accomodate other PicketLink projects such as the IDM.
<subsystem xmlns="urn:jboss:picketlink:1.0">
<federation alias="federation-with-signatures">
<key-store passwd="changeit" sign-key-alias="localhost" sign-key-passwd="changeit" url="/jbid_test_keystore.jks" />
<saml token-timeout="4000" clock-skew="0" />
<identity-provider alias="idp-sig.war" security-domain="idp" supportsSignatures="true" url="http://localhost:8080/idp-sig/" strict-post-binding="false">
<trust>
<trust-domain name="localhost" cert-alias="localhost" />
<trust-domain name="127.0.0.1" cert-alias="localhost" />
</trust>
</identity-provider>
<service-providers>
<service-provider alias="sales-post-sig.war" post-binding="true" security-domain="sp" url="http://localhost:8080/sales-post-sig/" supportsSignatures="true" />
<service-provider alias="sales-redirect-sig.war" post-binding="false" security-domain="sp" url="http://localhost:8080/sales-redirect-sig/" supportsSignatures="true" strict-post-binding="false" />
</service-providers>
</federation>
</subsystem>
References
Initial Requirements and Discussions about the PicketLink Subsystem
Source Code (Temporary branch)
https://github.com/pedroigor/as-subsystem/tree/idm
Initial Proposal
<subsystem xmlns="urn:jboss:picketlink:1.0">
<!-- Identity Management Configuration -->
<identity-management jndi-name="java:jboss/picketlink/my-idm-jpa">
<jpa-store realms="..." tiers="...">
<features supportsAll="true|false">
<feature group="user" operation="read" />
<feature group="user" operation="create" />
....
</features>
<relationships supportsAll="true|false">
<relationship class="CustomRelationship" />
</relationships>
</jpa-store>
</identity-management>
<identity-management jndi-name="java:jboss/picketlink/my-idm-ldap">
<ldap-store />
</identity-management>
<identity-management jndi-name="java:jboss/picketlink/my-idm-file">
<file-store />
</identity-management>
<!-- PicketLink Federation Configuration -->
<federation ...>
</federation>
</subsystem>