[jboss-user] [Security & JAAS/JBoss] - Re: How is JBoss SSO SAML token been validated?

alllle do-not-reply at jboss.com
Thu Jul 10 23:20:52 EDT 2008


Thank you for the detailed explanation.

There is one thing that is still not clear to me: when validating a token, how does it know which partner issued the token? There is a "issuer" element in the SAML xml (in my demo, the token shows Issuer="ssodemo:site1"). But this issuer value is what I specified in the context.xml file:

  | <Valve className="org.jboss.security.valve.SSOTokenManager" assertingParty="ssodemo:site1" />
  | 
And this value would not be visible to the federate server... 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4163745#4163745

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4163745



More information about the jboss-user mailing list