Good morning guys, I moved the password encoder to commons module, that makes more sense if we're planning to add new algorithms.

This change also enable users to specify their own password encoder or use another algorithm with PicketLink.

I've added 1 unit test for it, but let me know if you guys are missing something.

See https://github.com/picketlink/picketlink-bindings/pull/45

Add constructor to IDPWebRequestUtil that uses the retreived SAML_BINDING and if not available the request.getMethod() to determine is the saml request was a bind or a post.

Picketlink 2.6.1 has a bug that can't pass attributes to SP when SP submits another authentication for SSO after a user has been authenticated on IDP.

This class org.picketlink.identity.federation.web.handlers.saml2.SAML2AttributeHandler needs to be modified. Line 134 -- 139: Map<String, Object> attribs = (Map<String, Object>) session.getAttribute(GeneralConstants.ATTRIBUTES); if (attribs == null) { attribs = this.attribManager.getAttributes(userPrincipal, attributeKeys); request.addOption(GeneralConstants.ATTRIBUTES, attribs); session.setAttribute(GeneralConstants.ATTRIBUTES, attribs); }

Change to: Map<String, Object> attribs = (Map<String, Object>) session.getAttribute(GeneralConstants.ATTRIBUTES); if (attribs == null) { attribs = this.attribManager.getAttributes(userPrincipal, attributeKeys); session.setAttribute(GeneralConstants.ATTRIBUTES, attribs); } request.addOption(GeneralConstants.ATTRIBUTES, attribs);

Changes in this PR are limited to PL HTTP Security API and is meant to provide test cases to CORS Authorization. It is however, surprising why it is resulting in test case failures in federation module [https://picketlink.ci.cloudbees.com/job/picketlink/333/].

Without this class being excluded it is not possible to use standard

 @Inject
 private Principal principal;

The error message is:

 Ambiguous dependencies for type Principal with qualifiers @Default
 Possible dependencies:

 Built-in Bean [java.security.Principal] with qualifiers [@Default],
 Managed Bean [class org.picketlink.social.standalone.fb.FacebookPrincipal] with qualifiers [@Any @Default]

Without Vetoed it is not possible to use standard

@Inject
private Principal principal;

The error message is:

Ambiguous dependencies for type Principal with qualifiers @Default Possible dependencies:

• Built-in Bean [java.security.Principal] with qualifiers [@Default],
• Managed Bean [class org.picketlink.social.standalone.fb.FacebookPrincipal] with qualifiers [@Any @Default]

Basically, the changes are:

- Added an exception to indicate that the user is already logged in when trying to logging with the same credentials

- Added an exception to indicate that the user is locked + specific event.

- Changed the SecurityException to be a unchecked exception.

- Changing the DefaultIdentity to always throw a AuthenticationException or one of its subclasses.

- Created two protected methods on DefaultIdentity to handle successful and unsuccessful login attempts. The idea is centralize how both cases are handled and provide more flexibility for custom implementations.

- Added a initial test for authentication using the default authenticator, IdmAuthenticator.

When persisting any relationship to the relationship manager, I was getting this error:

org.picketlink.idm.config.OperationNotSupportedException: PLIDM000604: No identity store configuration found for requested type operation [class path.to.MyRelationshipEntity.create].

I found that while the relationship object's user and group properties were being queried for their partition, no matching users or groups were found because the search criteria was not allowing child classes of IdentityType. This solves the problem.

A workaround is to add configurationBuilder.supportGlobalRelationship(org.picketlink.idm.model.Relationship.class); or configurationBuilder.supportAllFeatures(); to your configuration.

make sure correct LogOutPage used at line https://github.com/picketlink/picketlink-bindings/blob/master/picketlink-wildfly-common/src/main/java/org/picketlink/identity/federation/bindings/wildfly/sp/SPFormAuthenticationMechanism.java#L538