The ClaimsManager is defined in the default STS configuration here: https://github.com/apache/cxf-fediz/blob/master/services/sts/src/main/webapp/WEB-INF/fediz-sts.xml#L106
Where the default ClaimsHandlers read in some claims from a file: https://github.com/apache/cxf-fediz/blob/master/services/sts/src/main/webapp/WEB-INF/data/userClaims.xml For LDAP, we have a LDAPClaimsHandler in CXF, the Fediz configuration for that is here: https://github.com/apache/cxf-fediz/blob/master/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml If you only require the role claims for your login scenario, I think you can get away with writing a custom ClaimsHandler implementation, and get the roles from the authenticated principal. Colm. On Mon, Sep 25, 2017 at 4:56 PM, Matthew Broadhead < [email protected]> wrote: > hi, > > i already have a working jaas.config setup with a custom LoginModule > MyLoginModule { > uk.me.kissy.jaas.MyLoginModule required debug=false dbPort="3306" > dbName="directory" dbUsername="directoryUser" dbPassword="<password>"; > }; > > MyLoginModule is based off this tutorial http://docs.oracle.com/javase/ > 7/docs/technotes/guides/security/jaas/tutorials/GeneralAcnOnly.html and > is basically one step up from a DataSourceRealm using 2 tables: > 1. user > - username > - password > 2. userrole > - username > - rolename > > in fediz-1.4.2/services/sts/src/main/webapp/WEB-INF/endpoints i create a > file jaas.xml and created an endpoint > <beans ...> > <jaxws:endpoint id="transportSTS1" implementor="#transportSTSProviderBean" > address="/REALMA/STSServiceTransportUT" > wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl" > xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; > serviceName="ns1:SecurityTokenService" > endpointName="ns1:TransportUT_Port"> > <jaxws:properties> > <entry key="ws-security.ut.validator"> > <bean class="org.apache.wss4j.dom.va > lidate.JAASUsernameTokenValidator"> > <property name="contextName" value="MyLoginModule" /> > </bean> > </entry> > </jaxws:properties> > </jaxws:endpoint> > </beans> > > now the stacktrace says it needs a claimHandlerList and claimsManager. > could someone point me to an example of how to do that? > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
