Creating SAML attributes in SAML tokens

Using the SAML runtime API, you can create SAML tokens containing SAML attributes. You can also extract the SAML attributes from an existing SAML token.

About this task

When WebSphere® Application Server Version 7.0.0.7 and later is installed, you can create SAML attributes using the SAML token library APIs. The SAML attributes are added to a CredentialConfig object, which is used to generate a SAML token. The API also provides a function that extracts SAML attributes from an existing SAML token and processes the attributes.

To create a SAML token containing SAML attributes, perform the following steps:

Procedure

  1. Initialize a com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute object. This creates a SAML attribute based on an address, for example:
    SAMLAttribute sattribute = 	       	
             new SAMLAttribute("urn:oid:2.5.4.20", //Name
        		 new String[] {" any address"}, //Attribute Values
        		 null,  /*XML Attributes empty on this example*/	 
        		 "urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500", //NameSpace
        		 "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",  //format
        		 "Address");
  2. Use the SAMLTokenFactory to create a CredentialConfig object containing a SAML attribute. This method requires the Java security permisson wssapi.SAMLTokenFactory.newCredentialConfig.
    1. Create a com.ibm.wsspi.wssecurity.saml.config.CredentialConfig object and set a valid principal name.
    2. Create a SAML attribute.
    3. Create a list of SAML attributes and add the SAML attribute to the list.
    4. Add the SAML attribute list to the CredentialConfig object.
    See the following example:
    SAMLTokenFactory samlFactory =
      SAMLTokenFactory.getInstance("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");//samlTokenType
                
    CredentialConfig credentialConfig = samlFactory.newCredentialConfig();
    credentialConfig.setRequesterNameID("any name");
              
    SAMLAttribute sattribute = 	       	
             new SAMLAttribute("urn:oid:2.5.4.20", //Name
        		 new String[] {" any address"}, //Attribute Values
        		 null,  /*XML Attributes empty on this example*/	 
        		 "urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500", //NameSpace
        		 "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",  //format
        		 "Address");
                
    ArrayList<SAMLAttribute> al = new ArrayList<SAMLAttribute>();
    al.add(sattribute);
    credentialConfig.setSAMLAttributes(al);
  3. Specifying the CredentialConfig as a parameter, use the com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory newSAMLToken method to create a SAML token containing the attributes. This step assumes that a RequesterConfig reqData object and a ProviderConfig samlIssuerCfg object have already been created. For more information on these objects, read about RequesterConfig and ProviderConfig.
    1. Obtain an instance of the SAMLTokenFactory.
    2. Create a SAML token using the newSAMLToken method from the SAMLTokenFactory, for example:
      SAMLTokenFactory samlFactory =
        SAMLTokenFactory.getInstance("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
      
      SAMLToken aSamlToken = samlFactory.newSAMLToken(credentialConfig, reqData, samlIssuerCfg);
  4. Optional: Extract SAML attributes from an existing SAML token. This step is useful to extract the SAML attributes from a received SAML token. You can use this step when a SAML assertion is received and the attributes contained in the assertion need to be processed.
    1. Invoke the getSAMLAttributes() method with the token as a parameter to obtain a list of the SAML attributes in the token. This method requires the Java security permission wssapi.SAMLToken.getSAMLAttributes.
    2. Apply an iterator to the list.
    3. Iterate through the list and perform any additional processing required for your application.
    See the following example:
    List<SAMLAttribute> aList = aSAMLToken.getSAMLAttributes();
    java.util.Iterator<SAMLAttribute> i = aList.iterator();
    
    while(i.hasNext()){
    
       SAMLAttribute anAttribute = i.next();
    
       //do something with namespace
       String namespace = anAttribute.getAttributeNamespace();
    
       //do something with name
       String name = anAttribute.getName();
    
       //do something with friendly name
       String friendlyName = anAttribute.getFriendlyName();
    
       //process sring attribute values
       String[] stringAttributeValues = anAttribute.getStringAttributeValue();
    
       //process XML attribute values
       XMLStructure[] xmlAttributeValues = (XMLStructure[]) anAttribute.getXMLAttributeValue();
    
       }



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms of Use | Feedback

Last updatedLast updated: Sep 19, 2011 3:08:41 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-nd-zos&topic=twbs_managesamlattribs
File name: twbs_managesamlattribs.html