We have been using SAMLTokenCertValidatingLoginModule for some time in EAP6. I am attempting to configure it in EAP7 but am having difficulties.
The document here:
How To Set Up SSO with SAML v2
Points out a lot of changes since EAP6, but I cannot get it working with the attached configuration. Initially I was hung up by the change from SECURITY_DOMAIN to FORM in the web.xml, but now with the web.xml using FORM and a series of other configs made to match the suggestions, I'm not sure what handlers should be configured in the picketlink.xml file when using SAMLTokenCertValidatingLoginModule.
Every attempt to hit the secured area of the server ends up redirecting me to IDP like so:
The documentation is all over the place for this and I've sunk a day into just trying to make it work. I have verified with the undertow request dumper that I am sending in a valid SAML assertion
For example, I've found this handler documentation that doesn't tell me much:
I also noticed no reference to the SAMLTokenCertValidatingLoginModule here, but found the class in several wildfly sources
- Red Hat JBoss Enterprise Application Platform
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.