Software AG Infrasructure 10.7 | Setting Up Security | Predefined Login Modules | SAMLArtifactLoginModule
 
SAMLArtifactLoginModule
Use SAMLArtifactLoginModule to verify credentials received as SAML artifacts. The module uses the opensaml library and supports SAML version 1.1. It sends a request and validates the SAML artifact against a SAML endpoint, which is the authority issuer of the artifact. The authentication is successful only if the endpoint validates the SAML artifact successfully. The result of the validation is a SAML response that contains information about the owner of the artifact. A part of this response is the user name. If configured in the JAAS configuration file, the login module can overwrite the user name in the SagUserPrincipal with the one that is received in the SAML response.
The following table outlines the parameters of SAMLArtifactLoginModule.
Parameter
Description
saml_identity_ provider_url
URL of the SAML authority that validates the artifact.
overwrite_ username
Optional. Boolean. Whether to overwrite the user name with the one that is received in the SAML artifact validation process. Valid values are true (default) or false.
The following sample outlines SAMLArtifactLoginModule and the corresponding configuration that is included in a login context of a JAAS configuration file. In this example, the login context reads the saml_identity_provider_url parameter from the Java system parameters. Note that every Java system parameter that is included in the JAAS configuration file must have a value that differs from NULL or empty string. Failure to do so may cause an exception on the system.
/** Login Configuration for the SAMLArtifactLoginModule **/
SAMLArtifactLogin {
com.softwareag.security.jaas.login.modules.SAMLArtifactLoginModule required
saml_identity_provider_url="${com.sample.security.saml.samlendpoint}"
overwrite_username=true;
};