You can create self-issued SAML tokens with the sender-vouches subject confirmation method and then use the Java API for XML-Based Web Services (JAX-WS) programming model and Web Services Security APIs (WSS APIs) to send these tokens with web services request messages with transport protection.
This task assumes that you are familiar with the JAX-WS programming model, the WSS API interfaces, SAML concepts, SSL transport protection, and the use of policy sets to configure and administer web services settings.
You can create a self-issued SAML token and then send the SAML token in web services request messages from a web services client. The web services client application used in this task is a modified version of the client code that is contained in the JaxWSServicesSamples sample application that is available for download. Code examples from the sample are described in the procedure section, and a complete, ready-to-use web services client sample is provided in the Example section.
You have created a self-issued SAML token with the sender-vouches confirmation method with transport protection and then sent this token with web services request messages using the JAX-WS programming model and WSS APIs.
The following code sample is a complete, ready-to-use web services client application that demonstrates how to create a self-issued SAML sender-vouches token and send that SAML token in web services request messages. This sample code illustrates the procedure steps described previously.
/** * The following source code is sample code created by IBM Corporation. * This sample code is provided to you solely for the purpose of assisting you in the * use of the technology. The code is provided 'AS IS', without warranty or condition of * any kind. IBM shall not be liable for any damages arising out of your use of the * sample code, even if IBM has been advised of the possibility of such damages. */ package com.ibm.was.wssample.sei.cli; import com.ibm.was.wssample.sei.echo.EchoService12PortProxy; import com.ibm.was.wssample.sei.echo.EchoStringInput; import com.ibm.websphere.wssecurity.wssapi.WSSFactory; import com.ibm.websphere.wssecurity.wssapi.WSSGenerationContext; import com.ibm.websphere.wssecurity.wssapi.WSSConsumingContext; import com.ibm.websphere.wssecurity.wssapi.WSSTimestamp; import com.ibm.websphere.wssecurity.callbackhandler.SAMLGenerateCallbackHandler; import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken; import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken; import com.ibm.wsspi.wssecurity.core.token.config.WSSConstants; import com.ibm.wsspi.wssecurity.saml.config.SamlConstants; import java.util.Map; import java.util.HashMap; import javax.xml.ws.BindingProvider; public class SampleSamlSVClient { private String urlHost = "localhost"; private String urlPort = "9081"; private static final String CONTEXT_BASE = "/WSSampleSei/"; private static final String ECHO_CONTEXT12 = CONTEXT_BASE+"EchoService12"; private String message = "HELLO"; private String uriString = "http://" + urlHost + ":" + urlPort; private String endpointURL = uriString + ECHO_CONTEXT12; private String input = message; /** * main() * * see printusage() for command-line arguments * * @param args */ public static void main(String[] args) { SampleSamlSVClient sample = new SampleSamlSVClient(); sample.CallService(); } /** * CallService Parms were already read. Now call the service proxy classes. * */ void CallService() { String response = "ERROR!:"; try { System.setProperty("java.security.auth.login.config", "profile_root/properties/wsjaas_client.conf "); // Initialize WSSFactory object WSSFactory factory = WSSFactory.getInstance(); // Initialize WSSGenerationContext WSSGenerationContext gencont = factory.newWSSGenerationContext(); // Initialize SAML issuer configuration via custom properties HashMap<Object, Object> customProps = new HashMap<Object,Object>(); customProps.put(SamlConstants.ISSUER_URI_PROP, "example.com"); customProps.put(SamlConstants.TTL_PROP, "3600000"); customProps.put(SamlConstants.KS_PATH_PROP, "keystores/saml-provider.jceks"); customProps.put(SamlConstants.KS_TYPE_PROP, "JCEKS"); customProps.put(SamlConstants.KS_PW_PROP, "{xor}LCswLTovPiws"); customProps.put(SamlConstants.KEY_ALIAS_PROP, "samlissuer"); customProps.put(SamlConstants.KEY_NAME_PROP, "CN=SAMLIssuer, O=EXAMPLE"); customProps.put(SamlConstants.KEY_PW_PROP, "{xor}NDomLz4sLA=="); customProps.put(SamlConstants.TS_PATH_PROP, "keystores/saml-provider.jceks"); customProps.put(SamlConstants.TS_TYPE_PROP, "JCEKS"); customProps.put(SamlConstants.TS_PW_PROP, "{xor}LCswLTovPiws"); gencont.add(customProps); //Add custom properties // Create SAMLToken HashMap<Object, Object> map = new HashMap<Object, Object>(); map.put(SamlConstants.CONFIRMATION_METHOD, "sender-vouches"); map.put(SamlConstants.TOKEN_TYPE, WSSConstants.SAML.SAML20_VALUE_TYPE); map.put(SamlConstants.SAML_NAME_IDENTIFIER, "Alice"); map.put(SamlConstants.SIGNATURE_REQUIRED, "true"); SAMLGenerateCallbackHandler callbackHandler = new SAMLGenerateCallbackHandler(map); SecurityToken samlToken = factory.newSecurityToken(SAMLToken.class, callbackHandler, "system.wss.generate.saml"); System.out.println("SAMLToken id = " + samlToken.getId()); // Initialize web services client EchoService12PortProxy echo = new EchoService12PortProxy(); echo._getDescriptor().setEndpoint(endpointURL); // Configure SOAPAction properties BindingProvider bp = (BindingProvider) (echo._getDescriptor().getProxy()); Map<String, Object> requestContext = bp.getRequestContext(); requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpointURL); requestContext.put(BindingProvider.SOAPACTION_USE_PROPERTY, Boolean.TRUE); requestContext.put(BindingProvider.SOAPACTION_URI_PROPERTY, "echoOperation"); gencont.add(samlToken); // Add timestamp WSSTimestamp timestamp = factory.newWSSTimestamp(); gencont.add(timestamp); gencont.process(requestContext); // Build the input object EchoStringInput echoParm = new com.ibm.was.wssample.sei.echo.ObjectFactory().createEchoStringInput(); echoParm.setEchoInput(input); System.out.println(">> CLIENT: SEI Echo to " + endpointURL); // Prepare to consume timestamp in response message WSSConsumingContext concont = factory.newWSSConsumingContext(); concont.add(WSSConsumingContext.TIMESTAMP); concont.process(requestContext); // Call the service response = echo.echoOperation(echoParm).getEchoResponse(); System.out.println(">> CLIENT: SEI Echo invocation complete."); System.out.println(">> CLIENT: SEI Echo response is: " + response); } catch (Exception e) { System.out.println(">> CLIENT: ERROR: SEI Echo EXCEPTION."); e.printStackTrace(); } } }
SAMLToken id = _6CDDF0DBF91C044D211271166233407 Retrieving document at 'file:profile_root/.../wsdl/'. >> CLIENT: SEI Echo to http://localhost:9443/WSSampleSei/EchoService12 >> CLIENT: SEI Echo invocation complete. >> CLIENT: SEI Echo response is: SOAP12==>>HELLO
In this information ...Related tasks
| IBM Redbooks, demos, education, and more(Index) |