How to configure PicketLink 2.0.2 with JBoss AS 7.1.1

Objective

 

     This article describes how to correctly configure the JBoss AS 7.1.1 in order to use PicketLink.

     JBoss AS 7.1.1 is shipped with PicketLink 2.0.2.Final, but some users experienced some problems when using it with this version of the JBoss AS. For more information, see https://community.jboss.org/message/726183#726183.


     This article also works for newer versions of PicketLink. Just replace the jar files and update the module.xml with the correct file names.

 

Configuring the module org.picketlink    

 

     The JBoss AS 7.1.1 is shipped with a PicketLink's module. This module is located in:

 

               ${jboss.home.dir}/modules/org/picketlink

 

     This directory contains another one called main, related with the default PicketLink's configuration and jar files used by the JBoss AS. The version 7.1.1 of the JBoss AS uses by default the PicketLink 2.0.2 version.

 

     To update the PicketLink's module configuration do the following:

 

          1) Backup first the ${jboss.home.dir}/modules/org/picketlink/main directory;

 

          2) cd ${jboss.home.dir}/modules/org/picketlink/main;

 

          3) Edit the module.xml file like this (you can also download an updated module.xml from this thread https://community.jboss.org/message/726104?tstart=0#726104):

 

                    <module xmlns="urn:jboss:module:1.1" name="org.picketlink">

                             <resources>

                                      <resource-root path="picketlink-fed-2.0.2.Final.jar"/>

                                      <resource-root path="picketlink-bindings-2.0.2.Final.jar"/>

                                      <resource-root path="picketlink-bindings-jboss-2.0.2.Final.jar"/>

                                      <resource-root path="picketlink-trust-jbossws-2.0.2.Final.jar"/>

                             </resources>

                             <dependencies>

                                      <module name="javax.api"/>

                                      <module name="javax.security.auth.message.api"/>

                                      <module name="javax.security.jacc.api"/>

                                      <module name="javax.transaction.api"/>

                                      <module name="javax.xml.bind.api"/>

                                      <module name="javax.xml.stream.api"/>

                                      <module name="javax.servlet.api"/>

                                      <module name="org.jboss.common-core"/>

                                      <module name="org.jboss.logging"/>

                                      <module name="org.jboss.as.web"/>

                                      <module name="org.jboss.security.xacml"/>

                                      <module name="org.picketbox"/>

                                      <module name="javax.xml.ws.api"/>

                                      <module name="org.apache.log4j"/>

                                      <!-- <module name="org.apache.santuario.xmlsec"/> --> <!-- Comment this line out -->

                                      <module name="sun.jdk"/> <!-- Add this new module dependency -->

                             </dependencies>

                    </module>

 

          4) You also need to update the sun.jdk module definition. To that, please edit the module.xml and add the following configuration (you can also download an updated module.xml from this thread https://community.jboss.org/message/726104?tstart=0#726104):

 

                    <module xmlns="urn:jboss:module:1.1" name="sun.jdk">

                         <resources>

                              ...

                         </resources>

                         <dependencies>

                              <system export="true">

                                   <paths>

                                        ...

                                        <!-- Add this lines -->

                                        <path name="javax/xml/crypto/dsig"/>

                                        <path name="javax/xml/crypto"/>

                                        <path name="javax/xml/crypto/dsig/dom"/>

                                        <path name="javax/xml/crypto/dsig/keyinfo"/>

                                        <path name="com/sun/org/apache/xml/internal/security/transforms/implementations"/>

                                        <path name="org/jcp/xml/dsig/internal/dom"/>                                       

                                   </paths>

                              </system>

                         </dependencies>

                    </module>                   

 

Backward compatibility with older versions

 

     Please follow the instructions described in https://community.jboss.org/wiki/HowToConfigureJBossAS71xToBackwardCompatibilityWithOlderVersions.