Cheatsheet: PicketLink and JBoss AS

    Latest version of PicketLink can be downloaded from

    JBoss Application Server v7.1.1

    PicketLink v2.0.2.Final is included in the server.

    The zipped package of all the web applications are available from


    JBoss Application Server v7.1.0

    PicketLink is included in the server.   If you want to bump it to latest version, then download the latest PicketLink version from  and then replace the jars in the PicketLink module in JBoss AS 7.1.0

    You may want to get the latest zip file of the web apps at


    JBoss Application Server v7.0


    Important Note about JBoss AS 7.x

    JBoss AS 7.x has a new architecture in comparison to older versions of the JBoss AS such as 6.x etc. 


    Jar Files:

    Typically server integration jars exist in the modules directory.  Hence the PicketLink jars that are shipped with JBoss AS 7.x are stored under modules/org/picketlink/main

    The .jandex files are typically generated during the AS7 build process. So if you are replacing the jars in this directory by a newer version of PicketLink, just ignore the .jandex files.


    War Files:

    AS7.x does not ship with any default web applications. So you will need to download the PicketLink war files.  The behavior of the PicketLink web applications is similar to what it was on AS6.x




    JBoss Application Server v6.0 or v5.x



    Step 1.  Download JBoss Application Server v5.1.0 or v6.0 (Chose the zip file)


    Step 2: Unzip the in your home directory.


    Step 3: Download  (Full Distribution) from


    Step 4. Unzip the in the $HOME/jboss-5.1.0.GA/server/default/deploy directory


    After unzipping,  you should have a picketlink directory in the deploy directory.



    /jboss-6.0.0.Final/server/default/deploy/picketlink$ ls
    claims.war             idp.war                               sales-post.war
    employee-post-sig.war  openid4java-nodeps-0.9.5.jar                  picketlink-sp-jboss-beans.xml      sales-saml11.war
    employee-post.war      pdp.war                                       picketlink-sts-jboss-beans.xml     sales.war
    employee.war         picketlink-sts.war
    idp-sig.war    sales-post-sig.war


    Step 5:  Start JBoss AS 5.1/6.0 in the bin directory.


    Step 6: Go to browser  and enter:  http://localhost:8080/sales/


    Step 7: When redirected to login, enter:  username: tomcat    password:  tomcat


    Step 8: You should see the sales page.


    Step 9: Open a new tab in the browser:    http://localhost:8080/employee/


    You should see the employee page.


    Step 10: You can click the logout link and you should have global log out.

    Step 11: Doing a refresh should take you to the IDP login page.


    The above steps are for testing SAML Http/Redirect Binding. 

    If you are interested in seeing the SAML Http/Post Binding.

    Step 12:  sales:   http://localhost:8080/sales-post/

    Step 13: employee:  http://localhost:8080/employee-post/


    • If you passed anything to -b  except for localhost (i.e. you intend to use this on anything BUT localhost) you need to go edit every xml file in WEB-INF and change localhost to the value of -b (or whatever you're going to in the browser should work)
    • Do not forget to configure security domain "idp"  that is a copy paste of "other" or anything you want.