You can insert custom attributes into self-issued SAML tokens by using the Java API for XML-Based Web Services (JAX-WS) programming model and Web Services Security APIs (WSS APIs).
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken; import com.ibm.websphere.wssecurity.callbackhandler.SAMLGenerateCallbackHandler; import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken; import com.ibm.wsspi.wssecurity.core.token.config.WSSConstants; import com.ibm.wsspi.wssecurity.saml.config.SamlConstants; import com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute; WSSFactory factory = WSSFactory.getInstance(); HashMap<Object, Object> map = new HashMap<Object, Object>(); map.put(SamlConstants.CONFIRMATION_METHOD, "Bearer"); map.put(SamlConstants.Token_REQUEST, "issue"); map.put(SamlConstants.TOKEN_TYPE, WSSConstants.SAML.SAML20_VALUE_TYPE); map.put(SamlConstants.SAML_NAME_IDENTIFIER, "Alice"); map.put(SamlConstants.SIGNATURE_REQUIRED, "true"); ArrayList<SAMLAttribute> al = new ArrayList<SAMLAttribute>(); String groups[] = {"IBMer", "Texan"}; SAMLAttribute sattribute = new SAMLAttribute("Membership", groups, null,null, null, null); al.add(sattribute); String gender[] = {"Female"}; sattribute = new SAMLAttribute("Gender", gender, null,null, null, null); al.add(sattribute); map.put(SamlConstants.SAML_ATTRIBUTES, al); SAMLGenerateCallbackHandler callbackHandler = new SAMLGenerateCallbackHandler(map); SecurityToken samlToken = factory.newSecurityToken(SAMLToken.class, callbackHandler, "system.wss.generate.saml");
You have inserted custom attributes to a SAML security token.
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="_E62A1CA3C2F21D9A9B1287772824570" IssueInstant="2010-10-22T18:40:24.531Z"> <saml2:Issuer>example.com</samls2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> ... </ds:Signature> <saml2:Subject> <saml2:NameID>Alice</saml2:NameID> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"></saml2:SubjectConfirmation> </saml2:Subject> <saml2:Conditions NotBefore="2010-10-22T18:40:24.531Z" NotOnOrAfter="2010-10-22T19:40:24.531Z"> </saml2:Conditions> <saml2:AttributeStatement> <saml2:Attribute Name="Membership"> <saml2:AttributeValue>IBMer</saml2:AttributeValue> <saml2:AttributeValue>Texan</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="Gender"> <saml2:AttributeValue>Female</saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement> </saml2:Assertion>
In this information ...Related tasks
| IBM Redbooks, demos, education, and more(Index) |