Identity assertions with trust validation

If you want an application or system provider to perform an identity assertion with trust validation, it can be accomplished by use of the Java Authentication and Authorization Service (JAAS) login framework, where trust validation is performed in one login module and credential creation in another. These two custom login modules are used to create a JAAS login configuration that performs a login to an identity assertion.

Two custom login module are required:

IdentityAssertionLoginModule searches for the trust information in the shared state property, This is a map that contains the trust status and the identity used to login. The map includes the following:

A WSLoginFailedException is returned if the state, trust, or identity information is missing. The login module then performs a login of the identity. The subject now contains the new identity.

Related concepts
Authentication protocol for EJB security Related tasks
Enabling identity assertion with trust validation