[ https://issues.jboss.org/browse/TEIID-2819?page=com.atlassian.jira.plugin... ] Ramesh Reddy commented on TEIID-2819: ------------------------------------- Related discussion about SAML Bearer with CXF is towards end of this thread http://cxf.547215.n5.nabble.com/OAuth-1-0-Client-example-td5751952.html#a... If you are using PicketLink SP: Pedro: you can get the assertion from user's http session as a DOM instance. You can configure the SAML2AuthenticationHandler to specify the attribute name where the assertion will be stored [1]. Or you can just use the default attribute name, which is "ASSERTION_SESSION_ATTRIBUTE_NAME". [1] https://docs.jboss.org/author/display/PLINK/SAML2AuthenticationHandler Ramesh: The only place it is reachable is SAML2AuthenticationHandler where it is shoving into HttpSession. I could not find how ServiceProviderSAMLContext is populated in this scenario either. Looks like I need to get it into ServiceProviderSAMLContext then I can access in LoginModule. Pedro: You can use JACC API for that. That way you can get the HttpServletRequest and extract the SAMLResponse parameter from there. Maybe something like that [1]. [1] https://github.com/EricWittmann/security-eval/blob/master/security-eval-j... Ramesh: IMO, JACC API will not work depending upon the changing thread contexts, the only thing that might work is writing a filter and hijacking the SAMLResponse from there before it hits the SP. -- This message was sent by Atlassian JIRA (v6.3.11#6341)