[security-dev] Replacing Seam RunAsOperation (impersonate)

Mike Cirioli mcirioli at redhat.com
Fri Jul 10 09:07:10 EDT 2015

Sean -
I have implemented a user impersonation functionality with PL for the redhat.com's customer facing IdP using picketlink.  Its not what I would call pretty, but it does allow our customer service team to authenticate and access any SAML service providers with the identity of the customer having issues.

I'm not sure if this is the same sort of functionality your looking for, but i'd be happy to describe how we did it if your interested.

-mike cirioli

On 7/10/15 8:27 AM, Pedro Igor Silva wrote:
> Hey Sean,
>      You are right, PL is missing that feature. It was planned but now the PL and KC are merging I'm not sure if we are going to implement it in PL.
>      Regarding your question, there is no easy way to specify your own Identity implementation. However, I'm wondering if you can use a custom CDI scope for that. PicketLink allows you to define a specific scope for the Identity bean.
> Regards.
> Pedro Igor
> ----- Original Message -----
> From: "Sean Flanigan" <sflaniga at redhat.com>
> To: security-dev at lists.jboss.org
> Sent: Friday, July 10, 2015 5:37:51 AM
> Subject: [security-dev] Replacing Seam RunAsOperation (impersonate)
> I was hoping I had missed an impersonation feature[1], but now I'm
> thinking there isn't one in PicketLink.  Assuming I have to subclass and
> @Specialize org.picketlink.internal.DefaultIdentity, how would I go
> about convincing PicketLink to use my implementation?
> org.picketlink.extension.PicketLinkExtension seems to be vetoing my
> implementation.  Is there some way of telling (or overriding)
> IdentityBeanDefinition to use my Identity bean class?
> [1] https://developer.jboss.org/thread/260993
> Regards,
> Sean.

More information about the security-dev mailing list