[jboss-user] [Security & JAAS/JBoss] - Re: How is JBoss SSO SAML token been validated?
sohil.shah@jboss.com
do-not-reply at jboss.com
Wed Jul 16 01:57:50 EDT 2008
allie-
The receiving federation server knows the partner that is propagating/issued the SAML token by looking at the Referer header of the request that is received by the receiving federation server
Here is the small code snippet to clariy
| // Validate the incoming token with the partner that issued
| // this token
| // Basically perform a Trust Handshake with the partner to
| // make sure
| // The partner in fact successfully authenticated this user
| String referer = request.getHeader("Referer");
| Partner partner = this.findPartner(referer);
| boolean isTokenValid = partner.getTrustPlugin().validateTrust(token, partner);
|
Thanks
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4164649#4164649
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4164649
More information about the jboss-user
mailing list