[security-dev] PicketLink Usecase: SAML/GWT/REST Authentication

Anil Saldhana Anil.Saldhana at redhat.com
Wed Jun 26 14:18:29 EDT 2013

Hi All,
   this is a use case solved by Eric Wittman of Project Overlord using 

Final Solution in Eric's words:
Use-case is:  GWT UI app is protected by SAML SSO.  The UI makes GWT RPC 
calls back to itself.  The UI RPC servlets (server-side) then make REST 
calls to a set of REST services hosted in another web application, using 
SAML tokens for authentication.

JIRA: https://issues.jboss.org/browse/DTGOV-11

Eric had gotten his GWT UI App to use SAML SSO using PicketLink. He was 
looking for ways to now make calls from the GWT app to REST services on 
RESTEasy without re-authentication.He needed to get this usecase working 
with PicketLink and RESTEasy bundled in EAP6. During discussions and 
future plan, it was decided to use OAuth for REST services and look at 
SAML Bearer Token Profile for guidance.

Since RESTEasy authentication can use JAAS authentication,  Eric wrote a 
login module for SAML bearer tokens.

I created a JIRA issue in PicketLink to migrate this login module: 

This login module will be available in PicketLink v2.5.0

I wanted to open a thread for discussion on this. I am unsure if other 
projects have similar needs but this use case is pretty awesome to share 


More information about the security-dev mailing list