You can create self-issued SAML tokens with the bearer subject confirmation method and then send these tokens with Web services request messages using the Java API for XML-Based Web Services (JAX-WS) programming model and Web Services Security APIs (WSS API).
This task assumes that you are familiar with the JAX-WS programming model, the WSS API interfaces, SAML concepts, and the use of policy sets to configure and administer web services settings.
You can create a self-issued SAML token and then send the SAML token in web services request messages from a web services client. The web services application client used in this task is a modified version of the client code that is contained in the JaxWSServicesSamples sample application that is available for download. Code snippets from the sample are described in the procedure section, and a complete, ready-to-use web services client sample is provided in the Example section.
You have created a self-issued SAML token with the bearer subject confirmation method and then sent this token with web services request messages using the JAX-WS programming model and WSS APIs.
The following code sample is a web services client application that demonstrates how to create a self-issued SAML token and send that SAML token in web services request messages. If your usage scenario requires SAML tokens, but does not require your application to pass the SAML tokens using web services messages, you only need to use the first part of the following sample code, up through the // Initialize web services client section.
/** * The following source code is sample code created by IBM Corporation. * This sample code is provided to you solely for the purpose of assisting you in the * use of the technology. The code is provided 'AS IS', without warranty or condition of * any kind. IBM shall not be liable for any damages arising out of your use of the * sample code, even if IBM has been advised of the possibility of such damages. */ package com.ibm.was.wssample.sei.cli; import com.ibm.was.wssample.sei.echo.EchoService12PortProxy; import com.ibm.was.wssample.sei.echo.EchoStringInput; import com.ibm.websphere.wssecurity.wssapi.WSSFactory; import com.ibm.websphere.wssecurity.wssapi.WSSGenerationContext; import com.ibm.websphere.wssecurity.wssapi.WSSConsumingContext; import com.ibm.websphere.wssecurity.wssapi.WSSTimestamp; import com.ibm.websphere.wssecurity.callbackhandler.SAMLGenerateCallbackHandler; import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken; import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken; import com.ibm.wsspi.wssecurity.core.token.config.WSSConstants; import com.ibm.wsspi.wssecurity.saml.config.SamlConstants; import java.util.Map; import java.util.HashMap; import javax.xml.ws.BindingProvider; /** * SampleClient * main entry point for thin client JAR sample * and worker class to communicate with the services */ public class SampleClient { private String urlHost = "localhost"; private String urlPort = "9443"; private static final String CONTEXT_BASE = "/WSSampleSei/"; private static final String ECHO_CONTEXT12 = CONTEXT_BASE+"EchoService12"; private String message = "HELLO"; private String uriString = "https://" + urlHost + ":" + urlPort; private String endpointURL = uriString + ECHO_CONTEXT12; private String input = message; /** * main() * * see printusage() for command-line arguments * * @param args */ public static void main(String[] args) { SampleClient sample = new SampleClient(); sample.CallService(); } /** * CallService Parms were already read. Now call the service proxy classes * */ void CallService() { String response = "ERROR!:"; try { System.setProperty("java.security.auth.login.config", "profile_root/properties/wsjaas_client.conf "); System.setProperty("com.ibm.SSL.ConfigURL", "file:profile_root/properties/ssl.client.props"); // Initialize WSSFactory object WSSFactory factory = WSSFactory.getInstance(); // Initialize WSSGenerationContext WSSGenerationContext gencont = factory.newWSSGenerationContext(); // Initialize SAML issuer configuration via custom properties HashMap<Object, Object> customProps = new HashMap<Object,Object>(); customProps.put(SamlConstants.ISSUER_URI_PROP, "example.com"); customProps.put(SamlConstants.TTL_PROP, "3600000"); customProps.put(SamlConstants.KS_PATH_PROP, "keystores/saml-provider.jceks"); customProps.put(SamlConstants.KS_TYPE_PROP, "JCEKS"); customProps.put(SamlConstants.KS_PW_PROP, "{xor}LCswLTovPiws"); customProps.put(SamlConstants.KEY_ALIAS_PROP, "samlissuer"); customProps.put(SamlConstants.KEY_NAME_PROP, "CN=SAMLIssuer, O=EXAMPLE"); customProps.put(SamlConstants.KEY_PW_PROP, "{xor}NDomLz4sLA=="); customProps.put(SamlConstants.TS_PATH_PROP, "keystores/saml-provider.jceks"); customProps.put(SamlConstants.TS_TYPE_PROP, "JCEKS"); customProps.put(SamlConstants.TS_PW_PROP, "{xor}LCswLTovPiws"); gencont.add(customProps); //Add custom properties // Create SAMLToken HashMap<Object, Object> map = new HashMap<Object, Object>(); map.put(SamlConstants.CONFIRMATION_METHOD, "Bearer"); map.put(SamlConstants.TOKEN_TYPE, WSSConstants.SAML.SAML20_VALUE_TYPE); map.put(SamlConstants.SAML_NAME_IDENTIFIER, "Alice"); map.put(SamlConstants.SIGNATURE_REQUIRED, "true"); SAMLGenerateCallbackHandler callbackHandler = new SAMLGenerateCallbackHandler(map); SecurityToken samlToken = factory.newSecurityToken(SAMLToken.class, callbackHandler, "system.wss.generate.saml"); System.out.println("SAMLToken id = " + samlToken.getId()); // Initialize web services client EchoService12PortProxy echo = new EchoService12PortProxy(); echo._getDescriptor().setEndpoint(endpointURL); // Configure SOAPAction properties BindingProvider bp = (BindingProvider) (echo._getDescriptor().getProxy()); Map<String, Object> requestContext = bp.getRequestContext(); requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpointURL); requestContext.put(BindingProvider.SOAPACTION_USE_PROPERTY, Boolean.TRUE); requestContext.put(BindingProvider.SOAPACTION_URI_PROPERTY, "echoOperation"); gencont.add(samlToken); // Add timestamp WSSTimestamp timestamp = factory.newWSSTimestamp(); gencont.add(timestamp); gencont.process(requestContext); // Build the input object EchoStringInput echoParm = new com.ibm.was.wssample.sei.echo.ObjectFactory().createEchoStringInput(); echoParm.setEchoInput(input); System.out.println(">> CLIENT: SEI Echo to " + endpointURL); // Prepare to consume timestamp in response message. WSSConsumingContext concont = factory.newWSSConsumingContext(); concont.add(WSSConsumingContext.TIMESTAMP); concont.process(requestContext); // Call the service response = echo.echoOperation(echoParm).getEchoResponse(); System.out.println(">> CLIENT: SEI Echo invocation complete."); System.out.println(">> CLIENT: SEI Echo response is: " + response); } catch (Exception e) { System.out.println(">> CLIENT: ERROR: SEI Echo EXCEPTION."); e.printStackTrace(); } } }
SAMLToken id = _191EBC44865015D9AB1270745072344 Retrieving document at 'file:profile_root/.../wsdl/'. >> CLIENT: SEI Echo to https://localhost:9443/WSSampleSei/EchoService12 >> CLIENT: SEI Echo invocation complete. >> CLIENT: SEI Echo response is: SOAP12==>>HELLO
In this information ...Related tasks
| IBM Redbooks, demos, education, and more(Index) |