[jboss-user] [Security & JAAS/JBoss] - Re: How is JBoss SSO SAML token been validated?

sohil.shah@jboss.com do-not-reply at jboss.com
Wed Jul 16 01:57:50 EDT 2008


The receiving federation server knows the partner that is propagating/issued the SAML token by looking at the Referer header of the request that is received by the receiving federation server

Here is the small code snippet to clariy

  | // Validate the incoming token with the partner that issued
  | // this token
  | // Basically perform a Trust Handshake with the partner to
  | // make sure
  | // The partner in fact successfully authenticated this user
  | String referer = request.getHeader("Referer");
  | Partner partner = this.findPartner(referer);
  | boolean isTokenValid = partner.getTrustPlugin().validateTrust(token, partner);


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4164649#4164649

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4164649

More information about the jboss-user mailing list