WildFly Picketlink SAML 2.0 POST-Binding AuthnRequest

Question

I have to implement an SAML 2.0 identity provider with an WildFly server and picketlink, but I stuck at the authentication process. I followed the picketlink guide and also looked at the quickstarts on github but I still not get it working.

The problem is that my service provider sends an POST AuthnRequest to the wildfly server which redirects via a GET request to the login.jsp and then my SAMLRequest attribute is gone and then after a successful login the IDPFilter can't get the SAMLRequest attribute. Because of that the user is not authenticated on the service provider or redirected back to it.

I'm using a very basic FORM authentication which I configured in the web.xml of my identity provider project.

WildFly Version: 8.1.0-FINAL

Picketlink Version: 2.7.1.Final

firefox network monitoring:

picketlink.xml

<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">      
    <PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:2.1" SupportsSignatures="true"
        AttributeManager="org.picketlink.identity.federation.bindings.wildfly.idp.UndertowAttributeManager"
        RoleGenerator="org.picketlink.identity.federation.bindings.wildfly.idp.UndertowRoleGenerator">

        <IdentityURL>${idp.url::http://localhost:7080/idp}</IdentityURL>

        <Trust>
            <Domains>locahost</Domains>
        </Trust>

        <KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
            <Auth Key="KeyStoreURL" Value="/jbid_test_keystore.jks" />
            <Auth Key="KeyStorePass" Value="changeit" />
            <Auth Key="SigningKeyPass" Value="changeit" />
            <Auth Key="SigningKeyAlias" Value="wildfly" />

            <ValidatingAlias Key="localhost" Value="wildfly" />
            <ValidatingAlias Key="127.0.0.1" Value="wildfly" />
        </KeyProvider>

        <MetaDataProvider ClassName="org.picketlink.identity.federation.core.saml.md.providers.FileBasedEntityMetadataProvider">
           <Option Key="FileName" Value="/WEB-INF/classes/test_sp_metadata.xml"/>
        </MetaDataProvider>
    </PicketLinkIDP>

    <Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" />
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2EncryptionHandler" />
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler" />
    </Handlers>
</PicketLink>

web.xml

...

<display-name>PicketLink Identity Provider</display-name>

<description>PicketLink Identity Provider Using a Servlet Filter</description>

<listener>
    <listener-class>org.picketlink.identity.federation.web.listeners.IDPHttpSessionListener</listener-class>
</listener>

<filter>
    <filter-name>IDPFilter</filter-name>
    <filter-class>org.picketlink.identity.federation.web.filters.IDPFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>IDPFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

...

I hope you can help me with this problem...

Greetings, Chris