The SAMLGenerateLoginModule can be used to obtain an application
generated SAML token from a shared state object that is intialized
in the application's JAAS login module.
About this task
The following procedure describes the setup that is required
to use this functionality.
Procedure
- Save off the shared state object into a class variable
in the initialize method of the JAAS login module.
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken;
import com.ibm.wsspi.wssecurity.core.Constants;
public class myLoginModule implements LoginModule {
...
private Map _sharedState;
...
public void initialize(Subject subject,
CallbackHandle rcallbackHandler,
Map<String, ?> sharedState,
Map<String, ?> options) {
...
this._sharedState = sharedState;
...
}
- Create an ArrayList of SecurityToken and put the application
generated SAMLToken as the only entry in this list.
The WS-Security runtime will loop through the
list and use only the first hit.
- Put the ArrayList object in the _sharedState object with
the following key.
com.ibm.wsspi.wssecurity.core.Constants.
WSSECURITY_TOKEN_TO_BE_INSERTED
public boolean login() throws LoginException {
...
SAMLToken mySamlToken=someSAMLToken;
ArrayList<SecurityToken> tokenList =
new ArrayList<SecurityToken>();
tokenList.add(mySamlToken);
_sharedState.put(
Constants.WSSECURITY_TOKEN_TO_BE_INSERTED,
tokenList);
...
}