[security-dev] IDM: Support for XML configuration

Pedro Igor Silva psilva at redhat.com
Thu Jan 17 07:49:47 EST 2013 

I remember some discussion about reviewing the PicketLink Federation parsing API. Is this still required ?

----- Original Message -----
From: "Marek Posolda" <mposolda at redhat.com>
To: "Anil Saldhana" <Anil.Saldhana at redhat.com>
Cc: security-dev at lists.jboss.org
Sent: Thursday, January 17, 2013 8:59:06 AM
Subject: Re: [security-dev] IDM: Support for XML configuration

On 17/01/13 01:16, Anil Saldhana wrote:
> Marek,
>     we need an xml configuration for IDM. We have not started with it.
> We will be using Stax parsing (and not JAXB).  The xml configuration
> will be used by users if they incorporate idm (and nothing else from the
> PL stack).
Sure, I also though about possibility to have unified configuration file 
for whole picketlink. And obviously using Stax for parsing.

In attachment is possible configuration example. I've added new element 
PicketlinkIDM with IDM configuration used in existing Picketlink 
configuration file with some federation configuration (like SAML 
Handlers and SAML SP configuration).

So it seems that in this case we will need to extract all Parser classes 
and all BlaBlaType classes (like 
"org.picketlink.identity.federation.core.config.PicketlinkType" and 
basically all other classes from package 
"org.picketlink.identity.federation.core.config") into this 
picketlink/xml-config module and other modules like 
picketlink/federation and picketlink/idm/impl will be dependent on this 
module. Am I correct?

In this case class PicketlinkType will need another field "idmType" to 
existing, so it could be like:

public class PicketLinkType {
     private ProviderType idpOrSP;
     private Handlers handlers;
     private STSType stsType;
     private boolean enableAudit;
     private IDMType idmType;

     ....
}

For the format of IDM configuration itself (content of PicketlinkIDM 
element), it's still not final. It seems that I will need to add more 
things (especially realms and tiers is what I am missing now). Let me 
know if you have more ideas or if you think that format should be different.

Thanks for the feedback!
Marek
>
> For the project PicketLink, we need one xml configuration file (if an
> user wants) - authentication,authorization,federation,social, idm etc
> can be configured in one file. For this, we will be extending the
> federation 2.1 stax parsing to encompass the other components. We have
> picketlink.xml as the config file in 2.x
>
> Integrating projects such as RESTEasy, JBoss AS, GateIn etc will have
> their own configuration that deals with the IDM configuration API directly.
>
> Regards,
> Anil
>
> On 01/16/2013 05:03 PM, Marek Posolda wrote:
>> Hi,
>>
>> I am seeing in IDM testsuites that currently there is support only for
>> programmatic IDM configuration. Is there some plan to build IDM
>> IdentityManager also from XML configuration? Maybe I can start on it
>> if nobody else is working on it?
>>
>> I am adding some example configuration file into attachment with some
>> proposal how it could possibly looks like. Note that nothing is final
>> and some things are still missing (especially configuration of realms,
>> tiers etc.)
>>
>> What do you think?
>>
>> Thanks,
>> Marek
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev


_______________________________________________
security-dev mailing list
security-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev

More information about the security-dev mailing list