tags:

views:

96

answers:

1
Q: 

Example of a SAML LoginModule for JAAS

Has anyone had any experience creating a JAAS LoginModule that uses SAML to authenticate and authorize a user? As I understand JAAS, this would likely require a custom CallbackHandler that understand and can parse a SAML message.

In my case, the authorization is defined as a set of roles in a database, but like your typical Database Login Module. There are, however, no passwords stored in this system. Instead users are authenticated on another site and a SAML exchange is used to pass that authentication event to our system.

My hope is to enable our application code to not have to deal with SAML directly and to be able to leverage standards JAAS techniques for managing permissions/roles/etc.

An example would be most welcome, but any links you may have found would also be wonderful.

+2  A: 

The main issue you'll run in to is that there is no standard way to send the user's credentials to the IdP. In the SAML Web SSO flow you have the browser so the IdP can just put up a page asking for the credentials. In the ECP flow, which does not assume browser, does not provide a standard way for delivering the credentials. HTTP BASIC auth? WS-Security? Something else?

So, before you go further you'll need to know which SAML profiles the IdPs support and, if ECP is supported, which mechanisms are available for accepting the user's credentials.

Chad  2010-08-25 19:55:11
+1 for the response, thanks. I know what you mean about JAAS not requiring a Web front end, but in my case it will always be the case. It seems to me that it should be possible to receive a SAML token via HTTP, parse it within a JAAS module, and create the necessary principals from the result. Any examples of this being done that you know about?
raiglstorfer  2010-08-26 15:18:42
raiglstofer, I don't quite understand what you mean. Are you saying that you're using JAAS only in a web environment or never in a web environment?You might look at the SWITCH SLCS server (http://www.switch.ch/grid/slcs/index.html). Part of what it does is to get SAML assertions using the WebSSO profile but its a command line tool. The stuff it does after that to get an X.509 cert is probably not useful for you.
Chad  2010-08-26 19:36:30

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java