Examine comes with a built-in Security Token Service (STS) that can be setup by each individual Examine user to issue SAML 2.0 tokens through a WS-Trust response. The STS service is based on the JBoss PicketLink Federation project and integrates the PicketLink STS seamlessly with the Examine framework to provide an easy to setup and configure token provider. Anyone who has ever worked on setting up an STS to issue SAML tokens knows the intricacies involved in configuring and running the STS. Often this is a difficult and time-consuming task especially when you need to quickly obtain a SAML 2.0 token for testing purposes. We hope that the Picketlink STS integration will help with your testing needs.

The STS is available as a web service that can be enabled or disabled by each individual user who has an account in the Examine server. By default the STS endpoint is inactive until is configured and activated by an user.

The STS configuration involves two main sections:

  • Setting up the main configuration for the core STS itself

  • Configuring the WS-Security settings for the STS endpoint - this is inturn divided into Request and Response security configurations

Note

One of the current limitations of the built-in STS is that it only handles the "Issue" WS-Trust binding and can only issue SAML 2.0 tokens through a WS-Trust Request Security Token Response (RSTR). Issuing SAML 1.1 tokens is expected to be implemented in a future release.

loading table of contents...