[jboss-dev-forums] [Design of Security on JBoss] - Re: SecurityContext
anil.saldhana@jboss.com
do-not-reply at jboss.com
Wed Aug 30 12:33:14 EDT 2006
"scott.stark at jboss.org" wrote :
| We need to workout the trust usecase workflows to define the spi. I don't think its best embeded in the authentication call, but I"m not sure. How would 196 deal with a saml identity assertion?
|
JSR-196 does not handle it now explicitly. There is support via:
a) Access to the Http Request (means access to the SAML Token). The server runtime can do back-door communication via SOAP with a Identity Server for the additional attributes associated with the saml identity.
b) Server Runtime can hold state such that there is back and forth communication with the client runtime. Similar to the SPNEGO requirements.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3968424#3968424
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3968424
More information about the jboss-dev-forums
mailing list