Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.overlord.commons.auth.jboss7
Class SAMLBearerTokenLoginModule

java.lang.Object
  extended by org.jboss.security.auth.spi.AbstractServerLoginModule
      extended by org.overlord.commons.auth.jboss7.SAMLBearerTokenLoginModule
All Implemented Interfaces:
LoginModule
public class SAMLBearerTokenLoginModule
extends org.jboss.security.auth.spi.AbstractServerLoginModule

A login module that consumes a SAML Assertion passed via the password piece of a Basic authentication request. In other words, the SAML Assertion should be passed as the password (with a username of "SAML-BEARER-TOKEN") in a BASIC auth style request. The Authorization HTTP header would look like a normal BASIC auth version (e.g. "Basic U0FNTC1CRUFSRVItVE9LRU46PHNhbWw6QXNz="), but the Base64 Decoded Credentials will look like: 

   SAML-BEARER-TOKEN:...

This class will validate the SAML Assertion and then consume it, making the JAAS principal the same as the SAML subject. JAAS role information is pulled from a multi-value SAML Attribute called "Role".

Author:
eric.wittmann@redhat.com

Field Summary
 
Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, log, loginOk, options, principalClassName, sharedState, subject, trace, unauthenticatedIdentity, useFirstPass
 
Constructor Summary
SAMLBearerTokenLoginModule()
          Constructor.
 
Method Summary
protected  Principal getIdentity()
           
protected  Group[] getRoleSets()
           
 void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
           
 boolean login()
           
 
Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
abort, commit, createGroup, createIdentity, getCallerPrincipalGroup, getUnauthenticatedIdentity, getUseFirstPass, logout
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SAMLBearerTokenLoginModule

public SAMLBearerTokenLoginModule()
Constructor.

Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map<String,?> sharedState,
                       Map<String,?> options)
Specified by:
initialize in interface LoginModule
Overrides:
initialize in class org.jboss.security.auth.spi.AbstractServerLoginModule
See Also:
AbstractServerLoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)

login

public boolean login()
              throws LoginException
Specified by:
login in interface LoginModule
Overrides:
login in class org.jboss.security.auth.spi.AbstractServerLoginModule
Throws:
LoginException
See Also:
AbstractServerLoginModule.login()

getIdentity

protected Principal getIdentity()
Specified by:
getIdentity in class org.jboss.security.auth.spi.AbstractServerLoginModule
See Also:
AbstractServerLoginModule.getIdentity()

getRoleSets

protected Group[] getRoleSets()
                       throws LoginException
Specified by:
getRoleSets in class org.jboss.security.auth.spi.AbstractServerLoginModule
Throws:
LoginException
See Also:
AbstractServerLoginModule.getRoleSets()
Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2013 JBoss, a division of Red Hat. All Rights Reserved.