[jboss-user] [Security & JAAS/JBoss] - Re: How is JBoss SSO SAML token been validated?
sohil.shah@jboss.com
do-not-reply at jboss.com
Thu Jul 10 11:18:48 EDT 2008
Yes this flow of events is correct
Just to elaborate:
anonymous wrote :
| 3. The federation server at site2 validates the SAML token and setups the authentication status at site2 using the username presented in the SAML token.
|
the SAML token validation between site2 and site1 involves a Trust callback between the federation servers of site1 and site2.
anonymous wrote :
| And how is the token validated when a 3rd party federation server is involved?
|
The protocol/communication mechanism for the Trust callback is pluggable using a component called TrustPlugin, with the JBossSSOTrustPlugin shipping out-of-the-box
To support thirdparty Federation servers, you just need to create a TrustPlugin for that and plug it in.
btw- this functionality is not included in the CR1 release. Its currently implemented on the trunk, and will be part of the next release
Thanks
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4163641#4163641
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4163641
More information about the jboss-user
mailing list