5.6.3. Configure Identity Provider

The Identity Provider (IDP) is a JBoss EAP server instance.

Procedure 5.1. Configure Identity Provider (IDP)

  1. Configure the web application security for the IDP

    Configure a web application as the Identity provider.

    Note

    The use of FORM based web application security is recommended as it gives you the ability to customize the login page.
    The following is an example of the web.xml configuration

    Example 5.6. web.xml Configuration for IDP

    <display-name>IDP</display-name>
    <description>IDP</description>
    <!-- Define a security constraint that gives unlimited access to images -->
    <security-constraint>
      <web-resource-collection>
      <web-resource-name>Images</web-resource-name>
      <url-pattern>/images/*</url-pattern>
    </web-resource-collection>
    </security-constraint>
    <!-- Define a Security Constraint on this Application -->
    <security-constraint>
      <web-resource-collection>
      <web-resource-name>IDP</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
      <auth-constraint>
      <role-name>manager</role-name>
    </auth-constraint>
    </security-constraint>
    <!-- Define the Login Configuration for this Application -->
    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>IDP Application</realm-name>
      <form-login-config>
        <form-login-page>/jsp/login.jsp</form-login-page>
        <form-error-page>/jsp/loginerror.jsp</form-error-page>
      </form-login-config>
    </login-config>
    <!-- Security roles referenced by this web application -->
    <security-role>
     <description>
      The role that is required to log in to the IDP Application
     </description>
     <role-name>manager</role-name>
    </security-role>
    </web-app>
    
    
  2. Configure the IDP Valves

    Create a context.xml file in the WEB-INF directory of your IDP web application to configure the valves for the IDP. The following is an example of context.xml file.

    Example 5.7. context.xml File Configuration for IDP Valves

    <context>
      <Valve className="org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve"/>
    </context>
    
    
  3. Configure the PicketLink Configuration File (picketlink.xml)

    Configure picketlink.xml in the WEB-INF directory of your IDP web application. In this configuration file you provide the URL that gets added as the issuer in the outgoing SAML2 assertions to the service providers and the IDP. The following is an example of picketlink.xml configuration.

    Example 5.8. picketlink-idfed.xml Configuration

    <PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
            <PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:2.1">
                    <IdentityURL>http://localhost:8080/idp/</IdentityURL>
            </PicketLinkIDP>
            <Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
                    <Handler
                            class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" />
                    <Handler
                            class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
                    <Handler
                            class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
                    <Handler
                            class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
            </Handlers>
    </PicketLink>