com.tivoli.am.fim.trustserver.sts.modules.http.stsclient

Class STSClientHelper

  • java.lang.Object
    • com.tivoli.am.fim.trustserver.sts.modules.http.stsclient.STSClientHelper


  • public class STSClientHelper
    extends java.lang.Object
    • Constructor Summary

      Constructors 
      Constructor and Description
      STSClientHelper(java.lang.String url, java.lang.String username, java.lang.String password, java.lang.String trustStore, java.lang.String clientStore, java.lang.String clientAlias)
      Constructor.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method and Description
      org.w3c.dom.Element doSTSExchange(java.lang.String requestType, java.lang.String tokenType, java.lang.String issuerAddress, java.lang.String appliesToAddress, org.w3c.dom.Element claimsElement, org.w3c.dom.Element baseToken)
      An example of invoking the STSClient helper from a mapping rule: // The following imports are required.
      • Methods inherited from class java.lang.Object

        equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • STSClientHelper_java_copyright

        public static final java.lang.String STSClientHelper_java_copyright
    • Constructor Detail

      • STSClientHelper

        public STSClientHelper(java.lang.String url,
                               java.lang.String username,
                               java.lang.String password,
                               java.lang.String trustStore,
                               java.lang.String clientStore,
                               java.lang.String clientAlias)
        Constructor. Create a client capable of calling an STS.
        Parameters:
        url - protocol, host, port and path to make the call to
        username - BA username. Set to null to disable BA.
        password - BA password Set to null to disable BA.
        trustStore - Trust store for SSL connection. If null, the default value for the runtime will be used.
        clientStore - Client store for client certificate authentication. Set to null to disable client cert authentication
        clientAlias - Certificate label for client certificat authentcation. Set to null to disable client cert authentication
    • Method Detail

      • doSTSExchange

        public org.w3c.dom.Element doSTSExchange(java.lang.String requestType,
                                                 java.lang.String tokenType,
                                                 java.lang.String issuerAddress,
                                                 java.lang.String appliesToAddress,
                                                 org.w3c.dom.Element claimsElement,
                                                 org.w3c.dom.Element baseToken)
                                          throws STSClientException
        An example of invoking the STSClient helper from a mapping rule:
         // The following imports are required.
         importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils);
         importClass(Packages.com.tivoli.am.fim.trustserver.sts.modules.http.stsclient.STSClientHelper);
        
         var sts_client = new STSClientHelper("https://127.0.0.1/TrustServerWS/SecurityTokenServiceWST13",
              "easuser",         // Authenticate with BA
              "hunter2", 
              "rt_profile_keys", // Default trust store
              null,              // No client certificate authentication
              null);
        
         // This example invokes a chain with the following properties:
         //
         // Mode: Validate(http://schemas.xmlsoap.org/ws/2005/02/trust/Validate)
         // Issuer: "urn:issuer";
         // AppliesTo: "urn:appliesTo"
         //
         //
         // The chain modules:
         //
         // 1. Default STSUU - Validate
         // 2. Default Map - Map (optional)
         // 3. Default STSUU - Issue
         //
         // It is assumed that the returned STSUU will contain a principal to be used
         //
        
         var req_stsuu = new STSUniversalUser();
         req_stsuu.addAttribute(
             new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("myAttr",
                                                                   "urn:ibm:attr",
                                                                   "attributeValue"));
         IDMappingExtUtils.traceString("Sending STSUU as base token: " + req_stsuu);
         
          There are helper functions in IDMappingExtUtils which can be used to create
          XML Documents and Elements to construct other token types, such as binary security
          token / username token.
         
         var base_element = req_stsuu.toXML().getDocumentElement();
         var rsp = sts_client.doSTSExchange("http://schemas.xmlsoap.org/ws/2005/02/trust/Validate",
                                           null, // No token type
                                           "urn:issuer",
                                           "urn:appliesTo",
                                           null, // No claims
                                           base_element);
         //
         //  build a new STUU from the response element
         // 
         var rsp_stsuu = new STSUniversalUser();
         rsp_stsuu.fromXML(rsp);
         IDMappingExtUtils.traceString("recieved response STSUU: " + rsp_stsuu);
        
        For high performance situations, its recommended to use the LocalSTSClient and invoke a chain which is local to the federation runtime. This avoids the HTTP(S) overhead and goes via a Bean interface. See: com.tivoli.am.fim.fedmgr2.trust.util.LocalSTSClient
        Parameters:
        requestType - Value to populate the <RequestType> element with.
        tokenType - Value to populate the <TokentType> element with.
        issuerAddress - issuer address
        appliesToAddress - appliesTo address
        claimsElement - Optional claims to provide in the request
        baseToken - element to populate the Base element with in the request
        Returns:
        the text content of the RequestedSecurityToken in the response
        Throws:
        STSClientException - if there is an error making the request or handling the response.