Abstract JAAS LoginModule for JBoss STS (Security Token Service).
Subclasses are required to implement
#invokeSTS(STSClient)() to perform their specific actions.
Concrete implementations specify from where the username and credentials should be read from.
PasswordCallback. From the login modules options
From the login modules earlier in the login modules stack.
1. Callbackhandler configuration:
2. Login module options configuration:
3. Password stacking configuration:
Password stacking can be configured which means that a Login module configured with
'password-stacking' set to 'true' will set the username and password in the shared state map. Login modules that
can set 'password-stacking' to 'useFirstPass' which means that that login module will use the username and password
4. Mapping Provider configuration:
Principal and Role mapping providers may be configured on subclasses of this login module and be leveraged to
JAAS Subject with appropriate user id and roles. The token is made available to the mapping providers so that
information may be extracted.
Subclasses can define more configuration options by overriding initialize. Also note that subclasses are not forced
configuration options in a file. They can all be set as options just like the 'configFile' is specified above.
roleKey: By default, the saml attributes with key "Role" are assumed to represent user roles. You can configure a
separated list of string values to represent the attribute names for user roles.
cache.invalidation: set it to true if you require invalidation of JBoss Auth Cache at SAML Principal expiration.
jboss.security.security_domain: name of the security domain where this login module is configured. This is only
the cache.invalidation option is configured.
inject.callerprincipal: set it to true if you want to add a group principal called "CallerPrincipal" with the roles
assertion, into the subject