Include the following entry in the web.xml file of the application:
<filter> <filter-name>TokenValidator</filter-name> <filter-class>org.wso2.solutions.identity.relyingparty.servletfilter.RelyingPartyFilter</filter-class> <init-param> <param-name> ................ </param-name> <param-value> ............... </param-value> </init-param> <init-param> ...................... </init-param> ...................... ...................... </filter> <filter-mapping> <filter-name>TokenValidator</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
ParameterName | Required | Description |
---|---|---|
Keystore | Yes | Relative path to the keystore holding private key |
StorePass | Yes | Password to the keystore holding private key |
KeyAlias | Yes | Private key alias |
KeyPass | Yes | Private key pass |
StoreType | Yes | Store type of the keystore holding private key - e.g. JDK |
TrustedIdP.KeyStore | Relative path to the trusted keystore | |
TrustedIdP.StorePass | If TokenValidationPolicy is NOT Promiscuous | Trust store password |
TrustedIdP.StoreType | If TokenValidationPolicy is NOT Promiscuous | Trust store type |
MultiValueClaimsPolicy | No - default applied | Must be either MultiValueClaimsAllowed or MultiValueClaimsNotAllowed. Default is MultiValueClaimsNotAllowed |
IssuerPolicy | No - default applied | Must be one of SelfAndManaged, SelfOnly, ManagedOnly. Default is self and managed |
TokenValidationPolicy | No - default applied | Must be one of Promiscuous, WhiteList, BlackList, CertValidate. Default is CertValidate. Please read more about this below. |
WhiteList | Yes, if TokenValidationPolicy is WhiteList | This is required to indicate the list of allowed DNs. If not specified in WhiteList mode none of the users can login |
BlackList | Yes, if TokenValidationPolicy is BlackList | This is required to indicate the list of rejected DNs. If not specified in BlackList mode all users who pass CertValidity can login |
There are 4 modes of token validations.
<form name="frm" id="frm" method="post" action="InfoCardLogin.action"> <input type="hidden" name="InfoCardSignin" value="Log in" /><br/> <OBJECT type="application/x-informationCard" name="xmlToken"> <PARAM Name="tokenType" Value="urn:oasis:names:tc:SAML:1.0:assertion"> <PARAM Name="requiredClaims" Value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier"> <PARAM Name="issuer" value="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self"> </OBJECT> </form>The object tag here is the standard information card object as defined here. It is important that you include the hidden field called "InfoCardSignin" with the value "Log in". The filter will process the HTTP POST request to extract the token sent when this request parameter is available.