PicketLink provides a wealth of security functionality, including identity management, federation and authorization in various forms. Unfortunately, WildFly 8.2 with PicketLink 2.7.0.Final suffers from integration issues and documentation gap that makes it very hard to deploy PicketLink in a multi-module enterprise application. The issues discussed below are described ad nauseam in PLINK-666.
This guide assumes you have PicketLink installed as a WildFly-scoped module rather than shipping PicketLink libraries in your EAR or WAR lib directory. Since I’m using PicketLink Subsystem for WildFly 8, this is the scenario described here. I have not found any evidence of anyone successfully using PicketLink when JARs were shipped in an EAR lib directory propagating PicketLink to subdeployments.