org.picketlink.identity.federation.bindings.jboss.auth.mapping
Class STSGroupMappingProvider
java.lang.Object
org.picketlink.identity.federation.bindings.jboss.auth.mapping.STSGroupMappingProvider
- All Implemented Interfaces:
- org.jboss.security.mapping.MappingProvider<org.jboss.security.identity.RoleGroup>
public class STSGroupMappingProvider
- extends Object
- implements org.jboss.security.mapping.MappingProvider<org.jboss.security.identity.RoleGroup>
This mapping provider looks at the role attributes in the Assertion and returns corresponding JBoss RoleGroup objects for
insertion into the Subject.
Configuration
<application-policy name="saml-issue-token">
<authentication>
<login-module code="org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
<module-option name="configFile">/sts-client.properties</module-option>
<module-option name="password-stacking">useFirstPass</module-option>
</login-module>
</authentication>
<mapping>
<mapping-module code="org.picketlink.identity.federation.bindings.jboss.auth.mapping.STSPrincipalMappingProvider" type="principal"/>
<mapping-module code="org.picketlink.identity.federation.bindings.jboss.auth.mapping.STSGroupMappingProvider" type="role">
<module-option name="token-role-attribute-name">role</module-option>
</mapping-module>
</mapping>
</application-policy>
As demonstrated above, this mapping provider is typically configured for an STS Login Module to extract user roles from the
STS token and supply them for insertion into the JAAS Subject.
This mapping provider looks for a multi-valued Attribute in the Assertion, where each value is a user role. The name of this
attribute defaults to SAML20TokenRoleAttributeProvider.DEFAULT_TOKEN_ROLE_ATTRIBUTE_NAME
but may be set to any value
through the "token-role-attribute-name" module option.
- Author:
- Babak Mozaffari
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
STSGroupMappingProvider
public STSGroupMappingProvider()
init
public void init(Map<String,Object> contextMap)
- Specified by:
init
in interface org.jboss.security.mapping.MappingProvider<org.jboss.security.identity.RoleGroup>
performMapping
public void performMapping(Map<String,Object> contextMap,
org.jboss.security.identity.RoleGroup Group)
- Specified by:
performMapping
in interface org.jboss.security.mapping.MappingProvider<org.jboss.security.identity.RoleGroup>
setMappingResult
public void setMappingResult(org.jboss.security.mapping.MappingResult<org.jboss.security.identity.RoleGroup> mappingResult)
- Specified by:
setMappingResult
in interface org.jboss.security.mapping.MappingProvider<org.jboss.security.identity.RoleGroup>
supports
public boolean supports(Class<?> p)
- Specified by:
supports
in interface org.jboss.security.mapping.MappingProvider<org.jboss.security.identity.RoleGroup>
- See Also:
MappingProvider.supports(Class)
Copyright © 2012 JBoss Inc.. All Rights Reserved.