SAML20TokenRoleAttributeProvider.java

package org.picketlink.identity.federation.bindings.jboss.auth;

import org.picketlink.identity.federation.bindings.jboss.auth.SAML20CommonTokenRoleAttributeProvider;

/**
 * <p>
 * An implementation of the SAML20TokenAttributeProvider for JBoss which looks at the authenticated Subject and creates an
 * Attribute containing the user's roles.
 * </p>
 *
 * <h3>Configuration</h3>
 *
 * <pre>
 * {@code
 *  <TokenProviders>
 *    <TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider"
 *        TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
 *        TokenElement="Assertion"
 *        TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion">
 *      <Property Key="AttributeProvider" Value="org.picketlink.identity.federation.bindings.jboss.auth.SAML20TokenRoleAttributeProvider"/>
 *      <Property Key="org.picketlink.identity.federation.bindings.jboss.auth.SAML20TokenRoleAttributeProvider.tokenRoleAttributeName" Value="role"/>
 *    </TokenProvider>
 *  </TokenProviders>
 * }
 * </pre>
 *
 * When configured, this attribute provider will be called by the {@code SAML20TokenProvider} to return an
 * {@code AttributeStatement} from the STS token and supply them for insertion into the JAAS Subject. This returns a
 * multi-valued Attribute to be included in the Assertion, where each value of the attribute is a JBoss user role. The name of
 * this attribute defaults to {@code DEFAULT_TOKEN_ROLE_ATTRIBUTE_NAME} but may be set to any value through an optional property
 * as shown above.
 *
 * @author <a href="mailto:Babak@redhat.com">Babak Mozaffari</a>
 */
public class SAML20TokenRoleAttributeProvider extends SAML20CommonTokenRoleAttributeProvider {
}