public class STSClientHelper
extends java.lang.Object
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
STSClientHelper_java_copyright |
Constructor and Description |
---|
STSClientHelper(java.lang.String url,
java.lang.String username,
java.lang.String password,
java.lang.String trustStore,
java.lang.String clientStore,
java.lang.String clientAlias)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
org.w3c.dom.Element |
doSTSExchange(java.lang.String requestType,
java.lang.String tokenType,
java.lang.String issuerAddress,
java.lang.String appliesToAddress,
org.w3c.dom.Element claimsElement,
org.w3c.dom.Element baseToken)
An example of invoking the STSClient helper from a mapping rule:
// The following imports are required.
|
public static final java.lang.String STSClientHelper_java_copyright
public STSClientHelper(java.lang.String url, java.lang.String username, java.lang.String password, java.lang.String trustStore, java.lang.String clientStore, java.lang.String clientAlias)
url
- protocol, host, port and path to make the call tousername
- BA username. Set to null to disable BA.password
- BA password Set to null to disable BA.trustStore
- Trust store for SSL connection.
If null, the default value for the runtime will be used.clientStore
- Client store for client certificate authentication.
Set to null to disable client cert authenticationclientAlias
- Certificate label for client certificat authentcation.
Set to null to disable client cert authenticationpublic org.w3c.dom.Element doSTSExchange(java.lang.String requestType, java.lang.String tokenType, java.lang.String issuerAddress, java.lang.String appliesToAddress, org.w3c.dom.Element claimsElement, org.w3c.dom.Element baseToken) throws STSClientException
// The following imports are required. importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils); importClass(Packages.com.tivoli.am.fim.trustserver.sts.modules.http.stsclient.STSClientHelper); var sts_client = new STSClientHelper("https://127.0.0.1/TrustServerWS/SecurityTokenServiceWST13", "easuser", // Authenticate with BA "hunter2", "rt_profile_keys", // Default trust store null, // No client certificate authentication null); // This example invokes a chain with the following properties: // // Mode: Validate(http://schemas.xmlsoap.org/ws/2005/02/trust/Validate) // Issuer: "urn:issuer"; // AppliesTo: "urn:appliesTo" // // // The chain modules: // // 1. Default STSUU - Validate // 2. Default Map - Map (optional) // 3. Default STSUU - Issue // // It is assumed that the returned STSUU will contain a principal to be used // var req_stsuu = new STSUniversalUser(); req_stsuu.addAttribute( new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("myAttr", "urn:ibm:attr", "attributeValue")); IDMappingExtUtils.traceString("Sending STSUU as base token: " + req_stsuu); There are helper functions in IDMappingExtUtils which can be used to create XML Documents and Elements to construct other token types, such as binary security token / username token. var base_element = req_stsuu.toXML().getDocumentElement(); var rsp = sts_client.doSTSExchange("http://schemas.xmlsoap.org/ws/2005/02/trust/Validate", null, // No token type "urn:issuer", "urn:appliesTo", null, // No claims base_element); // // build a new STUU from the response element // var rsp_stsuu = new STSUniversalUser(); rsp_stsuu.fromXML(rsp); IDMappingExtUtils.traceString("recieved response STSUU: " + rsp_stsuu);For high performance situations, its recommended to use the LocalSTSClient and invoke a chain which is local to the federation runtime. This avoids the HTTP(S) overhead and goes via a Bean interface. See: com.tivoli.am.fim.fedmgr2.trust.util.LocalSTSClient
requestType
- Value to populate the <RequestType> element with.tokenType
- Value to populate the <TokentType> element with.issuerAddress
- issuer addressappliesToAddress
- appliesTo addressclaimsElement
- Optional claims to provide in the requestbaseToken
- element to populate the Base element with in the
requestSTSClientException
- if there is an error making the request or
handling the response.