public class STSGroupMappingProvider extends Object implements MappingProvider<RoleGroup>
This mapping provider looks at the role attributes in the Assertion and returns corresponding JBoss RoleGroup objects for insertion into the Subject.
<application-policy name="saml-issue-token">
<authentication>
<login-module code="org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required">
<module-option name="configFile">/sts-client.properties</module-option>
<module-option name="password-stacking">useFirstPass</module-option>
</login-module>
</authentication>
<mapping>
<mapping-module code="org.picketlink.identity.federation.bindings.jboss.auth.mapping.STSPrincipalMappingProvider" type="principal"/>
<mapping-module code="org.picketlink.identity.federation.bindings.jboss.auth.mapping.STSGroupMappingProvider" type="role">
<module-option name="token-role-attribute-name">role</module-option>
</mapping-module>
</mapping>
</application-policy>
As demonstrated above, this mapping provider is typically configured for an STS Login Module to extract user roles from the
STS token and supply them for insertion into the JAAS Subject.
This mapping provider looks for a multi-valued Attribute in the Assertion, where each value is a user role. The name of this
attribute defaults to SAML20TokenRoleAttributeProvider.DEFAULT_TOKEN_ROLE_ATTRIBUTE_NAME
but may be set to any value
through the "token-role-attribute-name" module option.
Constructor and Description |
---|
STSGroupMappingProvider() |
Modifier and Type | Method and Description |
---|---|
void |
init(Map<String,Object> contextMap)
Initialize the provider with the configured module options
|
void |
performMapping(Map<String,Object> contextMap,
RoleGroup Group)
Map the passed object
|
void |
setMappingResult(MappingResult<RoleGroup> mappingResult)
Injected by the MappingContext
|
boolean |
supports(Class<?> p)
Whether this mapping provider supports
mapping T
|
public void init(Map<String,Object> contextMap)
MappingProvider
init
in interface MappingProvider<RoleGroup>
public void performMapping(Map<String,Object> contextMap, RoleGroup Group)
MappingProvider
performMapping
in interface MappingProvider<RoleGroup>
contextMap
- A read-only contextual map that can provide information to the providerGroup
- an Object on which the mapping will be appliedpublic void setMappingResult(MappingResult<RoleGroup> mappingResult)
MappingProvider
setMappingResult
in interface MappingProvider<RoleGroup>
public boolean supports(Class<?> p)
MappingProvider
supports
in interface MappingProvider<RoleGroup>
MappingProvider.supports(Class)
Copyright © 2020 JBoss by Red Hat. All rights reserved.