users@glassfish.java.net

Re: Combining SAML and <security-constraint>

From: Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Sat, 20 Mar 2010 15:56:31 +0530

glassfish_at_javadesktop.org wrote:
> Hello all,
>
> I'm hoping for some pointers. I've got a problem of which I'm sure there is a solution out there, but I can't seem to find it. I've got some web applications where the security constraints are defined in the web.xml (<security-constraint>). This is the way I would like it, so all is fine.
>
> Now I need to switch to an external Identity Provider, which is talking SAML 2.0. I suppose the way to go about it is to write a ServerAuthModule that does the SAML conversation (?), but I can't believe that there is no standard solution for this. Anyone know one (or am I on the wrong track altogether?)
>
It depends on what protocols you need to use etc. You may find support
for your usecase in OpenSSO. Otherwise you can ofcourse make use of a
ServerAuthModule and it seems the right way to go (from what i understood).

See if this helps :
http://weblogs.java.net/blog/kumarjayanti/archive/2008/09/support_for_pro.html

> Groeten,
>
> Friso
> [Message sent by forum member 'friso']
>
> http://forums.java.net/jive/thread.jspa?messageID=392742
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>