Examples of org.picketlink.identity.federation.core.wstrust.auth.AbstractSTSLoginModule

Package org.picketlink.identity.federation.core.wstrust.auth

Examples of org.picketlink.identity.federation.core.wstrust.auth.AbstractSTSLoginModule

org.picketlink.identity.federation.core.wstrust.auth.AbstractSTSLoginModule
Abstract JAAS LoginModule for JBoss STS (Security Token Service).
Subclasses are required to implement {@link #invokeSTS(STSClient)()} to perform their specific actions.
Configuration
Concrete implementations specify from where the username and credentials should be read from.
Callback handler, {@link NameCallback} and {@link PasswordCallback}.
From the login modules options configuration.
From the login modules earlier in the login modules stack.

Configuration example

 {@code    /sts-client.properties   }

 {@code    /sts-client.properties true   }

 {@code    /sts-client.properties useFirstPass   }

Password stacking

4. Mapping Provider configuration:

 {@code    /sts-client.properties useFirstPass       }

Mapping Providers

Subclasses can define more configuration options by overriding initialize. Also note that subclasses are not forced to put configuration options in a file. They can all be set as options just like the 'configFile' is specified above.

Additional Configuration

roleKey: By default, the saml attributes with key "Role" are assumed to represent user roles. You can configure a comma separated list of string values to represent the attribute names for user roles.

cache.invalidation: set it to true if you require invalidation of JBoss Auth Cache at SAML Principal expiration.

jboss.security.security_domain: name of the security domain where this login module is configured. This is only required if the cache.invalidation option is configured.

inject.callerprincipal: set it to true if you want to add a group principal called "CallerPrincipal" with the roles from the assertion, into the subject

Daniel Bevenius

    public void setUp() {
        stsClient = mock(STSClient.class);
    }


    public void testOptionsConfig() {
        final AbstractSTSLoginModule loginModule = new FakeSTSLoginModule(null, stsClient);
        final Map<String, String> sharedState = new HashMap<String, String>();
        final Map<String, String> options = Util.allOptions();
        options.put(AbstractSTSLoginModule.OPTIONS_CREDENTIALS, "true");


        loginModule.initialize(new Subject(), null, sharedState, options);


        assertTrue(loginModule.isUseOptionsConfig());
        assertFalse(loginModule.isUsePasswordStacking());
        assertFalse(loginModule.isUseFirstPass());
    }

        assertFalse(loginModule.isUsePasswordStacking());
        assertFalse(loginModule.isUseFirstPass());
    }


    public void testOptionsConfigWithPasswordStacking() throws Exception {
        final AbstractSTSLoginModule loginModule = new FakeSTSLoginModule(Util.createSamlToken(), stsClient);
        final Map<String, String> sharedState = new HashMap<String, String>();
        final Map<String, String> options = Util.allOptions();
        options.put(AbstractSTSLoginModule.OPTIONS_CREDENTIALS, "true");
        options.put(AbstractSTSLoginModule.OPTIONS_PW_STACKING, "true");


        loginModule.initialize(new Subject(), null, sharedState, options);


        assertTrue(loginModule.isUseOptionsConfig());
        assertTrue(loginModule.isUsePasswordStacking());
        assertFalse(loginModule.isUseFirstPass());


        loginModule.login();


        assertEquals("user1", loginModule.getSharedUsername());
        assertEquals("pass1", new String(loginModule.getSharedPassword()));
    }

        assertEquals("user1", loginModule.getSharedUsername());
        assertEquals("pass1", new String(loginModule.getSharedPassword()));
    }


    public void testCallback() {
        final AbstractSTSLoginModule loginModule = new FakeSTSLoginModule(null, stsClient);
        final Map<String, String> sharedState = new HashMap<String, String>();
        final Map<String, String> options = Util.allOptions();
        TestCallbackHandler callbackHandler = new TestCallbackHandler("Mr.Poon", "rosen");


        loginModule.initialize(new Subject(), callbackHandler, sharedState, options);


        assertFalse(loginModule.isUseOptionsConfig());
        assertFalse(loginModule.isUsePasswordStacking());
        assertFalse(loginModule.isUseFirstPass());
    }

        assertFalse(loginModule.isUsePasswordStacking());
        assertFalse(loginModule.isUseFirstPass());
    }


    public void testCallbackWithPasswordStacking() throws Exception {
        final AbstractSTSLoginModule loginModule = new FakeSTSLoginModule(Util.createSamlToken(), stsClient);
        final Map<String, String> sharedState = new HashMap<String, String>();
        final Map<String, String> options = Util.allOptions();
        options.put(AbstractSTSLoginModule.OPTIONS_PW_STACKING, "true");
        final String username = "Mr.Poon";
        final String password = "rosen";


        TestCallbackHandler callbackHandler = new TestCallbackHandler(username, password);


        loginModule.initialize(new Subject(), callbackHandler, sharedState, options);


        assertFalse(loginModule.isUseOptionsConfig());
        assertTrue(loginModule.isUsePasswordStacking());
        assertFalse(loginModule.isUseFirstPass());


        loginModule.login();


        assertEquals(username, loginModule.getSharedUsername());
        assertEquals(password, new String(loginModule.getSharedPassword()));
    }