Similar to the SPNEGO authentication sequence because the trust decision (if using SAML)
can involve http redirects before the correct saml token arrives with the necessary
information (the other alternative is the backdoor soap interaction). That was my
reference wrt JASPI.
For the trust spi, how does the following look:
| /**
| Principal can be null. The Contextual map can contain additional subjectInfo plus
other info including a SAML Token assertion/domainInfo from the source application
domain
| */
| Principal getTargetIdentity(Principal p, Map contextualMap);
|
If there is a need to know additional information about the target identity (like roles),
then we will need another method in the authorization manager (The AM implementation will
have to query for the attributes of the identity from an external application domain):
| Group getTargetRoles(Principal targetIdentity, Map contextualMap)
|
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3968450#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...