[jboss-user] [Security & JAAS/JBoss] - Re: JBoss SSO not able to build the src folder..

nikhilg do-not-reply at jboss.com
Tue Aug 4 17:38:28 EDT 2009

Hi Anil,

Thanks for the update for this feature. I will wait for this feature. It will really help me.

I was debugging the working setup of IDP and SP.
I could not follow the code flow. Do you have any document for class diagram or activity diagram to show it?

My understanding is:
On idp side...
1. User logged in in the system using login password(at idp server)
2. It creates AuthResponse in file SSOTokenManager>JBossSingleSignOn/generateAuthResponse
3. It uses Trust/generateSecret method to creates secret(hash code for login id) in step 2.
4.Then it try to validate this secret. It seems it is storing the same secret(created in step 2) at two places one in request parameter and second in map variable 'secretTokens' in file Trust.java. It is comparing the same thing. How is it validating? Please clarify it.
Now when we click on SP link:
1. It again creates the response and secret as above.
2. Try to validate by comparing the same secret stored at two location(request params and map variable).
On SP side it should compare the secret created on IDP side to validate the secret.

I am not understanding the last step in both at IDP and SP side.
In between, methods from sso.cfg.xml are called. what is importance of these methods in whole codeflow?

Kindly clarify it.

I have written a new servlet in sso-federation-server.ear and using some hard coded SAML1.0 stuff to validate it. I am seeing some positive results.
but not understanding the whole code flow. 


View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4247987#4247987

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4247987

More information about the jboss-user mailing list