-
Bug
-
Resolution: Won't Do
-
Critical
-
7.0.6.GA
-
None
Description of problem:
It is not possible to configure the SAML2STSLoginModule by using module options instead of configFile:
<security-domain name="sts" cache-type="default">
<authentication>
<login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule"
flag="required" module="org.picketlink">
<module-option name="serviceName" value="PicketLinkSTS"/>
<module-option name="portName" value="PicketLinkSTSPort"/>
<module-option name="endpointAddress" value="http://localhost:8080/picketlink-sts/PicketLinkSTS"/>
<module-option name="username" value="admin"/>
<module-option name="password" value="admin"/>
The issue appears to be caused by the following check:
diff --git picketlink-jbas-common/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSCommonLoginModule.java picketlink-jbas-common/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSCommonLoginModule.java
index bdadc40..deeef62 100644
— picketlink-jbas-common/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSCommonLoginModule.java
+++ picketlink-jbas-common/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML2STSCommonLoginModule.java
@@ -346,10 +346,6 @@ public abstract class SAML2STSCommonLoginModule extends SAMLTokenFromHttpRequest
} else {
logger.trace("Local Validation is disabled. Verifying with STS");
- // sts config file has to be present to call STS (using sts client)
- if (this.stsConfigurationFile == null)
- throw logger.authSTSConfigFileNotFound();
-
// send the assertion to the STS for validation.
STSClient client = this.getSTSClient();
try { @@ -555,4 +551,4 @@ public abstract class SAML2STSCommonLoginModule extends SAMLTokenFromHttpRequest protected abstract TimeCacheExpiry getCacheExpiry() throws Exception; -}\ No newline at end of file
+}
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1. Configure JBoss EAP 6.4.12 as described here: https://docs.jboss.org/author/display/PLINK/Protecting+EJB+Endpoints
2. Configure the SAML2STSLoginModule the module-option approach shown above (not the 'configFile' approach)
3. Deploy an ejb that is protected by the "ejb-remoting-sts" security-domain
4. Hit the ejb
Actual results:
Authentication fails
Expected results:
Authentication is successful
Additional info:
- clones
-
JBEAP-13855 [GSS](7.1.z) SAML2STSLoginModule cannot be configured with module options instead of configFile
- Closed