Software

How to Add an User to an Identity Manager in PicketLink

import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.PartitionManager;
import org.picketlink.idm.config.IdentityConfigurationBuilder;
import org.picketlink.idm.internal.DefaultPartitionManager;
import org.picketlink.idm.model.basic.User;

public class PicketLinkSample {

  public static void main(String[] args) {
    IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder();

    builder.named("default").stores().file()...jpa()...ldap()...add(SampleIdentityStoreConfiguration.class, SampleIdentityStoreConfigurationBuilder.class).supportAllFeatures();

    PartitionManager partitionManager = new DefaultPartitionManager(builder.buildAll());

    IdentityManager identityManager = partitionManager.createIdentityManager();

    User user = new User("user");

    identityManager.add(user);
  }

}
Software

How to Create an Identity/Attribute/Credential/Partition Store for PicketLink

SampleIdentityStore.java

import org.picketlink.idm.internal.AbstractIdentityStore;
import org.picketlink.idm.model.AttributedType;
import org.picketlink.idm.model.IdentityType;
import org.picketlink.idm.model.Relationship;
import org.picketlink.idm.query.IdentityQuery;
import org.picketlink.idm.query.RelationshipQuery;
import org.picketlink.idm.spi.IdentityContext;

public class SampleIdentityStore extends AbstractIdentityStore<SampleIdentityStoreConfiguration> {

  @Override
  protected void addAttributedType(IdentityContext context, AttributedType attributedType) {
  }

  @Override
  public <V extends IdentityType> int countQueryResults(IdentityContext context, IdentityQuery<V> identityQuery) {
    return null;
  }

  @Override
  public <V extends Relationship> int countQueryResults(IdentityContext context, RelationshipQuery<V> query) {
    return null;
  }

  @Override
  public <V extends IdentityType> List<V> fetchQueryResults(IdentityContext context, IdentityQuery<V> identityQuery) {
    return null;
  }

  @Override
  public <V extends Relationship> List<V> fetchQueryResults(IdentityContext context, RelationshipQuery<V> query) {
    return null;
  }

  @Override
  protected void removeAttributedType(IdentityContext context, AttributedType attributedType) {
  }

  @Override
  protected void updateAttributedType(IdentityContext context, AttributedType attributedType) {
  }

}

SampleIdentityStoreConfiguration.java

import java.util.List;
import java.util.Map;
import java.util.Set;

import org.picketlink.idm.config.AbstractIdentityStoreConfiguration;
import org.picketlink.idm.credential.handler.CredentialHandler;
import org.picketlink.idm.model.AttributedType;
import org.picketlink.idm.spi.ContextInitializer;

public class SampleIdentityStoreConfiguration extends AbstractIdentityStoreConfiguration {

  protected SampleIdentityStoreConfiguration(Map<Class<? extends AttributedType>, Set<IdentityOperation>> supportedTypes, Map<Class<? extends AttributedType>, Set<IdentityOperation>> unsupportedTypes, List<ContextInitializer> contextInitializers, Map<String, Object> credentialHandlerProperties, Set<Class<? extends CredentialHandler>> credentialHandlers, boolean supportsAttribute, boolean supportsCredential) {
    super(supportedTypes, unsupportedTypes, contextInitializers, credentialHandlerProperties, credentialHandlers, supportsAttribute, supportsCredential);
  }

  @Override
  protected void initConfig() {
  }

}

SampleIdentityStoreConfigurationBuilder.java

import org.picketlink.idm.config.IdentityStoreConfigurationBuilder;
import org.picketlink.idm.config.IdentityStoresConfigurationBuilder;

public class SampleIdentityStoreConfigurationBuilder extends IdentityStoreConfigurationBuilder<SampleIdentityStoreConfiguration, SampleIdentityStoreConfigurationBuilder> {

  public SampleIdentityStoreConfigurationBuilder(IdentityStoresConfigurationBuilder builder) {
    super(builder);
  }

  @Override
  protected SampleIdentityStoreConfiguration create() {
    return null;
  }

}

SampleAttributeStore.java

import java.io.Serializable;
import java.util.List;

import org.picketlink.idm.internal.AbstractIdentityStore;
import org.picketlink.idm.model.Attribute;
import org.picketlink.idm.model.AttributedType;
import org.picketlink.idm.model.IdentityType;
import org.picketlink.idm.model.Relationship;
import org.picketlink.idm.query.IdentityQuery;
import org.picketlink.idm.query.RelationshipQuery;
import org.picketlink.idm.spi.AttributeStore;
import org.picketlink.idm.spi.IdentityContext;

public class SampleAttributeStore extends AbstractIdentityStore<SampleAttributeStoreConfiguration> implements AttributeStore<SampleAttributeStoreConfiguration> {

  @Override
  protected void addAttributedType(IdentityContext context, AttributedType attributedType) {
  }

  @Override
  public <V extends IdentityType> int countQueryResults(IdentityContext context, IdentityQuery<V> identityQuery) {
    return null;
  }

  @Override
  public <V extends Relationship> int countQueryResults(IdentityContext context, RelationshipQuery<V> query) {
    return null;
  }

  @Override
  public <V extends IdentityType> List<V> fetchQueryResults(IdentityContext context, IdentityQuery<V> identityQuery) {
    return null;
  }

  @Override
  public <V extends Relationship> List<V> fetchQueryResults(IdentityContext context, RelationshipQuery<V> query) {
    return null;
  }

  @Override
  public <V extends Serializable> Attribute<V> getAttribute(IdentityContext context, AttributedType type, String attributeName) {
    return null;
  }

  @Override
  public void loadAttributes(IdentityContext context, AttributedType attributedType) {
  }

  @Override
  public void removeAttribute(IdentityContext context, AttributedType type, String attributeName) {
  }

  @Override
  protected void removeAttributedType(IdentityContext context, AttributedType attributedType) {
  }

  @Override
  public void setAttribute(IdentityContext context, AttributedType type, Attribute<? extends Serializable> attribute) {
  }

  @Override
  protected void updateAttributedType(IdentityContext context, AttributedType attributedType) {
  }

}

SampleAttributeStoreConfiguration.java

import java.util.List;
import java.util.Map;
import java.util.Set;

import org.picketlink.idm.config.AbstractIdentityStoreConfiguration;
import org.picketlink.idm.credential.handler.CredentialHandler;
import org.picketlink.idm.model.AttributedType;
import org.picketlink.idm.spi.ContextInitializer;

public class SampleAttributeStoreConfiguration extends AbstractIdentityStoreConfiguration {

  protected SampleAttributeStoreConfiguration(Map<Class<? extends AttributedType>, Set<IdentityOperation>> supportedTypes, Map<Class<? extends AttributedType>, Set<IdentityOperation>> unsupportedTypes, List<ContextInitializer> contextInitializers, Map<String, Object> credentialHandlerProperties, Set<Class<? extends CredentialHandler>> credentialHandlers, boolean supportsAttribute, boolean supportsCredential) {
    super(supportedTypes, unsupportedTypes, contextInitializers, credentialHandlerProperties, credentialHandlers, supportsAttribute, supportsCredential);
  }

  @Override
  protected void initConfig() {
  }

}

SampleAttributeStoreConfigurationBuilder.java

import org.picketlink.idm.config.IdentityStoreConfigurationBuilder;
import org.picketlink.idm.config.IdentityStoresConfigurationBuilder;

public class SampleAttributeStoreConfigurationBuilder extends IdentityStoreConfigurationBuilder<SampleAttributeStoreConfiguration, SampleAttributeStoreConfigurationBuilder> {

  public SampleAttributeStoreConfigurationBuilder(IdentityStoresConfigurationBuilder builder) {
    super(builder);
  }

  @Override
  protected SampleAttributeStoreConfiguration create() {
  }

}

SampleCredentialStore.java

import java.util.List;

import org.picketlink.idm.credential.storage.CredentialStorage;
import org.picketlink.idm.internal.AbstractIdentityStore;
import org.picketlink.idm.model.Account;
import org.picketlink.idm.model.AttributedType;
import org.picketlink.idm.model.IdentityType;
import org.picketlink.idm.model.Relationship;
import org.picketlink.idm.query.IdentityQuery;
import org.picketlink.idm.query.RelationshipQuery;
import org.picketlink.idm.spi.CredentialStore;
import org.picketlink.idm.spi.IdentityContext;

public class SampleCredentialStore extends AbstractIdentityStore<SampleCredentialStoreConfiguration> implements CredentialStore<SampleCredentialStoreConfiguration> {

  @Override
  protected void addAttributedType(IdentityContext context, AttributedType attributedType) {
  }

  @Override
  public <V extends IdentityType> int countQueryResults(IdentityContext context, IdentityQuery<V> identityQuery) {
    return null;
  }

  @Override
  public <V extends Relationship> int countQueryResults(IdentityContext context, RelationshipQuery<V> query) {
    return null;
  }

  @Override
  public <V extends IdentityType> List<V> fetchQueryResults(IdentityContext context, IdentityQuery<V> identityQuery) {
    return null;
  }

  @Override
  public <V extends Relationship> List<V> fetchQueryResults(IdentityContext context, RelationshipQuery<V> query) {
    return null;
  }

  @Override
  protected void removeAttributedType(IdentityContext context, AttributedType attributedType) {
  }

  @Override
  public <T extends CredentialStorage> List<T> retrieveCredentials(IdentityContext context, Account account, Class<T> storageClass) {
    return null;
  }

  @Override
  public <T extends CredentialStorage> T retrieveCurrentCredential(IdentityContext context, Account account, Class<T> storageClass) {
    return null;
  }

  @Override
  public void storeCredential(IdentityContext context, Account account, CredentialStorage storage) {
  }

  @Override
  protected void updateAttributedType(IdentityContext context, AttributedType attributedType) {
  }

}

SampleCredentialStoreConfiguration.java

import java.util.List;
import java.util.Map;
import java.util.Set;

import org.picketlink.idm.config.AbstractIdentityStoreConfiguration;
import org.picketlink.idm.credential.handler.CredentialHandler;
import org.picketlink.idm.model.AttributedType;
import org.picketlink.idm.spi.ContextInitializer;

public class SampleCredentialStoreConfiguration extends AbstractIdentityStoreConfiguration {

  protected SampleCredentialStoreConfiguration(Map<Class<? extends AttributedType>, Set<IdentityOperation>> supportedTypes, Map<Class<? extends AttributedType>, Set<IdentityOperation>> unsupportedTypes, List<ContextInitializer> contextInitializers, Map<String, Object> credentialHandlerProperties, Set<Class<? extends CredentialHandler>> credentialHandlers, boolean supportsAttribute, boolean supportsCredential) {
    super(supportedTypes, unsupportedTypes, contextInitializers, credentialHandlerProperties, credentialHandlers, supportsAttribute, supportsCredential);
  }

  @Override
  protected void initConfig() {
  }

}

SampleCredentialStoreConfigurationBuilder.java

import org.picketlink.idm.config.IdentityStoreConfigurationBuilder;
import org.picketlink.idm.config.IdentityStoresConfigurationBuilder;

public class SampleCredentialStoreConfigurationBuilder extends IdentityStoreConfigurationBuilder<SampleCredentialStoreConfiguration, SampleCredentialStoreConfigurationBuilder> {

  public SampleCredentialStoreConfigurationBuilder(IdentityStoresConfigurationBuilder builder) {
    super(builder);
  }

  @Override
  protected SampleCredentialStoreConfiguration create() {
    return null;
  }

}

SamplePartitionStore.java

import java.util.List;

import org.picketlink.idm.internal.AbstractIdentityStore;
import org.picketlink.idm.model.AttributedType;
import org.picketlink.idm.model.IdentityType;
import org.picketlink.idm.model.Partition;
import org.picketlink.idm.model.Relationship;
import org.picketlink.idm.query.IdentityQuery;
import org.picketlink.idm.query.RelationshipQuery;
import org.picketlink.idm.spi.IdentityContext;
import org.picketlink.idm.spi.PartitionStore;

public class SamplePartitionStore extends AbstractIdentityStore<SamplePartitionStoreConfiguration> implements PartitionStore<SamplePartitionStoreConfiguration> {

  @Override
  public void add(IdentityContext identityContext, Partition partition, String configurationName) {
  }

  @Override
  protected void addAttributedType(IdentityContext context, AttributedType attributedType) {
  }

  @Override
  public <V extends IdentityType> int countQueryResults(IdentityContext context, IdentityQuery<V> identityQuery) {
    return null;
  }

  @Override
  public <V extends Relationship> int countQueryResults(IdentityContext context, RelationshipQuery<V> query) {
    return null;
  }

  @Override
  public <V extends IdentityType> List<V> fetchQueryResults(IdentityContext context, IdentityQuery<V> identityQuery) {
    return null;
  }

  @Override
  public <V extends Relationship> List<V> fetchQueryResults(IdentityContext context, RelationshipQuery<V> query) {
    return null;
  }

  @Override
  public <P extends Partition> List<P> get(IdentityContext identityContext, Class<P> partitionClass) {
    return null;
  }

  @Override
  public <P extends Partition> P get(IdentityContext identityContext, Class<P> partitionClass, String name) {
    return null;
  }

  @Override
  public String getConfigurationName(IdentityContext identityContext, Partition partition) {
    return null;
  }

  @Override
  public <P extends Partition> P lookupById(IdentityContext context, Class<P> partitionClass, String id) {
    return null;
  }

  @Override
  public void remove(IdentityContext identityContext, Partition partition) {
  }

  @Override
  protected void removeAttributedType(IdentityContext context, AttributedType attributedType) {
  }

  @Override
  public void update(IdentityContext identityContext, Partition partition) {
  }

  @Override
  protected void updateAttributedType(IdentityContext context, AttributedType attributedType) {
  }

}

SamplePartitionStoreConfiguration.java

import java.util.List;
import java.util.Map;
import java.util.Set;

import org.picketlink.idm.config.AbstractIdentityStoreConfiguration;
import org.picketlink.idm.credential.handler.CredentialHandler;
import org.picketlink.idm.model.AttributedType;
import org.picketlink.idm.spi.ContextInitializer;

public class SamplePartitionStoreConfiguration extends AbstractIdentityStoreConfiguration {

  protected SamplePartitionStoreConfiguration(Map<Class<? extends AttributedType>, Set<IdentityOperation>> supportedTypes, Map<Class<? extends AttributedType>, Set<IdentityOperation>> unsupportedTypes, List<ContextInitializer> contextInitializers, Map<String, Object> credentialHandlerProperties, Set<Class<? extends CredentialHandler>> credentialHandlers, boolean supportsAttribute, boolean supportsCredential) {
    super(supportedTypes, unsupportedTypes, contextInitializers, credentialHandlerProperties, credentialHandlers, supportsAttribute, supportsCredential);
  }

  @Override
  protected void initConfig() {
  }

}

SamplePartitionStoreConfigurationBuilder.java

import org.picketlink.idm.config.IdentityStoreConfigurationBuilder;
import org.picketlink.idm.config.IdentityStoresConfigurationBuilder;

public class SamplePartitionStoreConfigurationBuilder extends IdentityStoreConfigurationBuilder<SamplePartitionStoreConfiguration, SamplePartitionStoreConfigurationBuilder> {

  public SamplePartitionStoreConfigurationBuilder(IdentityStoresConfigurationBuilder builder) {
    super(builder);
  }

  @Override
  protected SamplePartitionStoreConfiguration create() {
    return null;
  }

}

A sample is available here.

Software

How to Create a Configuration Provider for PicketLink

import org.picketlink.identity.federation.core.config.IDPType;
import org.picketlink.identity.federation.core.config.PicketLinkType;
import org.picketlink.identity.federation.core.config.SPType;
import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider;

public class SampleConfigurationProvider implements SAMLConfigurationProvider {

  public IDPType getIDPConfiguration() {
    return null;
  }

  public SPType getSPConfiguration() {
    return null;
  }

  public PicketLinkType getPicketLinkConfiguration() {
    return null;
  }

}
Software

How to Create a Role Validator for PicketLink

import java.security.Principal;
import java.util.List;
import java.util.Map;

import org.picketlink.identity.federation.web.interfaces.IRoleValidator;

public class SampleRoleValidator implements IRoleValidator {

  public void intialize(Map<String, String> options) {
  }

  public boolean userInRole(Principal userPrincipal, List<String> roles) {
    return false;
  }

}
Software

How to Setup a PicketLink Cluster in JBoss EAP 6

Identity Provider

1) Configure the virtual server:

/profile=<ha | full-ha>/subsystem=web/virtual-server=<Virtual Server Name>/sso=configuration:add(cache-container="web",cache-name="sso",reauthenticate="false",domain=<Domain Name>)

2) Change the web.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
  <distributable />
</web-app>

3) Change the jboss-web.xml file if needed:

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
  <valve>
    <class-name>org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn</class-name>
  </valve>
</jboss-web>

4) Change the persistence.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<persistence xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd" version="2.0">
  <persistence-unit name="picketlink-sts">
    <class>org.picketlink.identity.federation.core.sts.registry.RevokedToken</class>
    <class>org.picketlink.identity.federation.core.sts.registry.SecurityToken</class>
  </persistence-unit>
</persistence>

5) Change the picketlink.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
  <PicketLinkIDP>
    <IdentityURL>http://host/picketlinksampleidp-1.0/</IdentityURL> <!-- load balancer URL -->
  </PicketLinkIDP>
  <PicketLinkSTS>
    <TokenProviders>
      <TokenProvider ProviderClass="org.picketlink.identity.federation.core.saml.v2.providers.SAML20AssertionTokenProvider">
        <Property Key="RevocationRegistry" Value="JPA" />
        <Property Key="TokenRegistry" Value="org.picketlink.identity.federation.core.sts.registry.JPABasedTokenRegistry" />
      </TokenProvider>
    </TokenProviders>
  </PicketLinkSTS>
</PicketLink>

Service Provider

1) Change the picketlink.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
  <PicketLinkSP>
    <IdentityURL>http://host/picketlinksample-idp-1.0/</IdentityURL> <!-- load balancer URL -->
  </PicketLinkSP>
</PicketLink>
Software

How to Use the JPA-Based Revocation Registry in PicketLink

picketlink.xml

<?xml version="1.0" encoding="UTF-8"?>
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
  ...
  <PicketLinkSTS>
    <TokenProviders>
      <TokenProvider ProviderClass="org.picketlink.identity.federation.core.saml.v2.providers.SAML20AssertionTokenProvider">
        <Property Key="RevocationRegistry" Value="JPA" />
      </TokenProvider>
    </TokenProviders>
  </PicketLinkSTS>
</PicketLink>

persistence.xml

<?xml version="1.0" encoding="UTF-8"?>
<persistence xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd" version="2.0">
  <persistence-unit name="picketlink-sts">
    <class>org.picketlink.identity.federation.core.sts.registry.RevokedToken</class>
  </persistence-unit>
</persistence>
Software

How to Create a Revocation Registry for PicketLink

SampleRevocationRegistry.java

import org.picketlink.identity.federation.core.sts.registry.RevocationRegistry;

public class SampleRevocationRegistry implements RevocationRegistry {

  @Override
  public boolean isRevoked(String tokenType, String id) {
    return false;
  }

  @Override
  public void revokeToken(String tokenType, String id) {
  }

}

picketlink.xml

<?xml version="1.0" encoding="UTF-8"?>
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
  ...
  <PicketLinkSTS>
    <TokenProviders>
      <TokenProvider ProviderClass="org.picketlink.identity.federation.core.saml.v2.providers.SAML20AssertionTokenProvider">
        <Property Key="RevocationRegistry" Value="SampleRevocationRegistry" />
      </TokenProvider>
    </TokenProviders>
  </PicketLinkSTS>
  ...
</PicketLink>
Software

How to Use the JPA-Based Token Registry in PicketLink

picketlink.xml

<?xml version="1.0" encoding="UTF-8"?>
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
  ...
  <PicketLinkSTS>
    <TokenProviders>
      <TokenProvider ProviderClass="org.picketlink.identity.federation.core.saml.v2.providers.SAML20AssertionTokenProvider">
        <Property Key="TokenRegistry" Value="org.picketlink.identity.federation.core.sts.registry.JPABasedTokenRegistry" />
      </TokenProvider>
    </TokenProviders>
  </PicketLinkSTS>
</PicketLink>

persistence.xml

<?xml version="1.0" encoding="UTF-8"?>
<persistence xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd" version="2.0">
  <persistence-unit name="picketlink-sts">
    <class>org.picketlink.identity.federation.core.sts.registry.SecurityToken</class>
  </persistence-unit>
</persistence>