[jboss-user] [Security & JAAS/JBoss] - Re: How is JBoss SSO SAML token been validated?

sohil.shah@jboss.com do-not-reply at jboss.com
Thu Jul 10 11:18:48 EDT 2008

Yes this flow of events is correct

Just to elaborate:
anonymous wrote : 
  | 3. The federation server at site2 validates the SAML token and setups the authentication status at site2 using the username presented in the SAML token. 

the SAML token validation between site2 and site1 involves a Trust callback between the federation servers of site1 and site2. 

anonymous wrote : 
  | And how is the token validated when a 3rd party federation server is involved? 

The protocol/communication mechanism for the Trust callback is pluggable using a component called TrustPlugin, with the JBossSSOTrustPlugin shipping out-of-the-box

To support thirdparty Federation servers, you just need to create a TrustPlugin for that and plug it in.

btw- this functionality is not included in the CR1 release. Its currently implemented on the trunk, and will be part of the next release


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4163641#4163641

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4163641

More information about the jboss-user mailing list