Realm handling in the SAMLTokenValidator

Realm handling in the SAMLTokenValidator - 8.0

Talend ESB STS User Guide

Version

8.0

Language

English

Product

Talend Data Fabric

Talend Data Services Platform

Talend ESB

Talend MDM Platform

Talend Open Studio for ESB

Talend Real-Time Big Data Platform

Module

Talend ESB

Talend Runtime

Content

Design and Development

Installation and Upgrade

Last publication date

2023-09-14

Recall that the SAMLTokenValidator has the following method:

void setSamlRealmCodec(SAMLRealmCodec samlRealmCodec) - Set the SAMLRealmCodec instance to use to return a realm from a validated token.

The SAMLRealmCodec has a single method:

String getRealmFromToken(AssertionWrapper assertion) - Get the realm associated with the (SAML Assertion) parameter.

No SAMLRealmCodec implementation is set by default on the SAMLTokenValidator, hence no realm is returned in TokenValidatorResponse. If an implemention is specified, then the SAMLTokenValidator will retrieve a realm from theSAMLRealmCodec implementation corresponding to the validated Assertion. If a cache is configured, and the Assertion was already stored in the cache, then the realm is compared to the realm of the cached token, stored under the org.apache.cxf.sts.token.realm tag. If they do not match then validation fails.