Show Table of Contents
13.5. Configure STSValidatingLoginModule
The STSValidatingLoginModule uses a TokenCallback to ask the configured CallbackHandler an STS by retrieving a token.
Example 13.5. Configure STSValidatingLoginModule
<security-domain name="saml-validate-token">
<authentication>
<login-module
code="org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule" flag="required">
<module-option name="configFile">./picketlink-sts-client.properties</module-option>
<module-option name="endpointURI">http://security_saml/endpoint</module-option>
</login-module>
</authentication>
<mapping>
<mapping-module
code="org.picketlink.identity.federation.bindings.jboss.auth.mapping.STSPrincipalMappingProvider"
type="principal" />
<mapping-module
code="org.picketlink.identity.federation.bindings.jboss.auth.mapping.STSGroupMappingProvider"
type="role" />
</mapping>
</security-domain>
The configuration cited in the example enables Single Sign-On for your applications and services. A token once issued, either by directly contacting the STS or through a token-issuing login module, can be used to authenticate against multiple applications and services by employing the setup provided in the example. Providing a Principal mapping provider and a RoleGroup mapping provider result in an authenticated Subject being populated that enables coarse-grained and role-based authorization. After authentication, the Security Token is available and can be used to invoke other services by Single Sign-On.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.