Bug 1121155 - PicketLink SP application configuration is ignored when it is also added to PicketLink subsystem
Summary: PicketLink SP application configuration is ignored when it is also added to P...
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: PicketLink
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: DR11
: EAP 6.4.0
Assignee: Peter Skopek
QA Contact: Pavel Slavicek
Depends On: 1164220
TreeView+ depends on / blocked
Reported: 2014-07-18 13:53 UTC by Ondrej Lukas
Modified: 2019-08-19 12:49 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2019-08-19 12:49:10 UTC
Type: Bug

Attachments (Terms of Use)

Description Ondrej Lukas 2014-07-18 13:53:03 UTC
If PicketLink SP application contains picketlink.xml, this xml file is ignored when application is also added to PicketLink subsystem. Instead of that configuration from domain model is used. This contradicts the note in table in section 12.6. Federation states for WEB-INF/picketlink.xml: "If present it will be considered instead of the configurations defined in the domain model." [1] 

There is no documentation of PL subsystem for EAP, hence I come out from project documentation [1].  

Configuration from jboss-web.xml is also ignored when the configuration is present in PicketLink subsystem.

How to reproduce:
1) Create PicketLink SP application (e.g. use employee.war from quickstarts)
2) Configure PicketLink subystem for federation, set IDP and use something like:
<service-provider name="employee.war" security-domain="sp" url="" post-binding="false" support-signatures="false"/>
3) Set different IDP url in picketlink.xml of employee.war then IDP URL in PicketLink subsystem IDP
4) Run application, it will take IDP URL from PicketLink subystem. 

[1] http://docs.jboss.org/picketlink/2/latest/reference/html-single

Comment 2 Pedro Igor 2014-10-23 21:04:03 UTC
This issue requires to backport changes from upstream. The changes can be backported to product branch.

Comment 3 Kabir Khan 2014-10-24 12:10:41 UTC
Setting back to ASSIGNED, subsystem changes are done, but will need a PL upgrade

Comment 6 Pedro Igor 2014-10-30 19:41:20 UTC
Backported from upstream.



Comment 8 Ondrej Lukas 2014-11-27 14:53:18 UTC
Current version correctly uses IDP URL from deployment configuration when redirects from SP to IDP before authentication. 

However after authentication when IDP tries to redirect back into SP it uses SP URL defined in PicketLink Federation Subsystem instead of URL defined in deployment configuration.

For that reason I have to fail QA in EAP 6.4.0.DR11.

Note You need to log in before you can comment on or make changes to this bug.