[security-dev] PicketLink Usecase: SAML/GWT/REST Authentication
Anil Saldhana
Anil.Saldhana at redhat.com
Wed Jun 26 14:18:29 EDT 2013
Hi All,
this is a use case solved by Eric Wittman of Project Overlord using
PicketLink.
Final Solution in Eric's words:
Use-case is: GWT UI app is protected by SAML SSO. The UI makes GWT RPC
calls back to itself. The UI RPC servlets (server-side) then make REST
calls to a set of REST services hosted in another web application, using
SAML tokens for authentication.
JIRA: https://issues.jboss.org/browse/DTGOV-11
Background:
Eric had gotten his GWT UI App to use SAML SSO using PicketLink. He was
looking for ways to now make calls from the GWT app to REST services on
RESTEasy without re-authentication.He needed to get this usecase working
with PicketLink and RESTEasy bundled in EAP6. During discussions and
future plan, it was decided to use OAuth for REST services and look at
SAML Bearer Token Profile for guidance.
Solution:
Since RESTEasy authentication can use JAAS authentication, Eric wrote a
login module for SAML bearer tokens.
https://github.com/Governance/overlord-commons/blob/master/overlord-commons-auth/src/main/java/org/overlord/commons/auth/jboss7/SAMLBearerTokenLoginModule.java
I created a JIRA issue in PicketLink to migrate this login module:
https://issues.jboss.org/browse/PLINK-165
This login module will be available in PicketLink v2.5.0
https://github.com/anilsaldhana/picketlink-bindings/blob/0808a9916093af6095430447e6899172fe19e86a/picketlink-jbas-common/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLBearerTokenLoginModule.java
I wanted to open a thread for discussion on this. I am unsure if other
projects have similar needs but this use case is pretty awesome to share
here.
Regards,
Anil
More information about the security-dev
mailing list