PicketLink Federation Common Server Bindings for JBoss AS 2.1.3.1-redhat-1

org.picketlink.identity.federation.bindings.jboss.auth.mapping
Class STSGroupMappingProvider

java.lang.Object
  extended by org.picketlink.identity.federation.bindings.jboss.auth.mapping.STSGroupMappingProvider
All Implemented Interfaces:
org.jboss.security.mapping.MappingProvider<org.jboss.security.identity.RoleGroup>

public class STSGroupMappingProvider
extends Object
implements org.jboss.security.mapping.MappingProvider<org.jboss.security.identity.RoleGroup>

This mapping provider looks at the role attributes in the Assertion and returns corresponding JBoss RoleGroup objects for insertion into the Subject.

Configuration

 <application-policy name="saml-issue-token">
   <authentication>
     <login-module code="org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
       <module-option name="configFile">/sts-client.properties</module-option>
       <module-option name="password-stacking">useFirstPass</module-option>
     </login-module>
   </authentication>
   <mapping>
     <mapping-module code="org.picketlink.identity.federation.bindings.jboss.auth.mapping.STSPrincipalMappingProvider" type="principal"/>
     <mapping-module code="org.picketlink.identity.federation.bindings.jboss.auth.mapping.STSGroupMappingProvider" type="role">
       <module-option name="token-role-attribute-name">role</module-option>
     </mapping-module>
   </mapping>
 </application-policy>
 
 
As demonstrated above, this mapping provider is typically configured for an STS Login Module to extract user roles from the STS token and supply them for insertion into the JAAS Subject. This mapping provider looks for a multi-valued Attribute in the Assertion, where each value is a user role. The name of this attribute defaults to SAML20TokenRoleAttributeProvider.DEFAULT_TOKEN_ROLE_ATTRIBUTE_NAME but may be set to any value through the "token-role-attribute-name" module option.

Author:
Babak Mozaffari

Constructor Summary
STSGroupMappingProvider()
           
 
Method Summary
 void init(Map<String,Object> contextMap)
           
 void performMapping(Map<String,Object> contextMap, org.jboss.security.identity.RoleGroup Group)
           
 void setMappingResult(org.jboss.security.mapping.MappingResult<org.jboss.security.identity.RoleGroup> mappingResult)
           
 boolean supports(Class<?> p)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

STSGroupMappingProvider

public STSGroupMappingProvider()
Method Detail

init

public void init(Map<String,Object> contextMap)
Specified by:
init in interface org.jboss.security.mapping.MappingProvider<org.jboss.security.identity.RoleGroup>

performMapping

public void performMapping(Map<String,Object> contextMap,
                           org.jboss.security.identity.RoleGroup Group)
Specified by:
performMapping in interface org.jboss.security.mapping.MappingProvider<org.jboss.security.identity.RoleGroup>

setMappingResult

public void setMappingResult(org.jboss.security.mapping.MappingResult<org.jboss.security.identity.RoleGroup> mappingResult)
Specified by:
setMappingResult in interface org.jboss.security.mapping.MappingProvider<org.jboss.security.identity.RoleGroup>

supports

public boolean supports(Class<?> p)
Specified by:
supports in interface org.jboss.security.mapping.MappingProvider<org.jboss.security.identity.RoleGroup>
See Also:
MappingProvider.supports(Class)

PicketLink Federation Common Server Bindings for JBoss AS 2.1.3.1-redhat-1

Copyright © 2012 JBoss Inc.. All Rights Reserved.