After stuck up for a week to understand this combination in the context of setting up an SP in JBOSS EAP 6 in an IdP initiated SAML with post binding , I still have no idea how just by configurations the saml2loginmodule and signed metadata and response process works.
1]Standalone.xml -> Authentication module is specified as org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule
2]In picketlink.xml org.picketlink.identity.federation.core.impl.KeyStoreKeyManager and FederationHandlers are defined in order
3]domain is already created in JBOSS.
What I am trying to understand is , when the SAML response hits the url https://mySPsite/context-givenin-jbossweb-xml/ what happens to the token received by this url ? It reaches the SAML2logonModule without any specific coding from the developer side ? Is this sufficient to have an SP to support digitally signed response ?
I think I could figure out the flow. The request is intercepted by the Authenticator Module - SAML2Module here - and after validating the assertions , it sets the user's security context. From there application can inherit this module and get the data set in the security context.