使用 API 创建 SAML holder-of-key 令牌
SAML holder-of-key 令牌扩展 WebSphere® Application Server 中的安全性令牌公共接口,且可以用作保护令牌。WebSphere Application Server 为创建 SAML holder-of-key 令牌提供 SAML 库 API。
关于此任务
创建 SAML 令牌需要三个参数:
- com.ibm.wsspi.wssecurity.saml.config.RequesterConfig
- com.ibm.wsspi.wssecurity.saml.config.ProviderConfig
- com.ibm.wsspi.wssecurity.saml.config.CredentialConfig
过程
示例
使用此样本代码,利用来自主体集的密钥(对称密钥)创建 SAML v1.1 holder-of-key 令牌。
import com.ibm.wsspi.wssecurity.saml.config.RequesterConfig;
import com.ibm.wsspi.wssecurity.saml.config.ProviderConfig;
import com.ibm.wsspi.wssecurity.saml.config.CredentialConfoig ;
import com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory
SAMLTokenFactory samlFactory = SAMLTokenFactory.getInstance(SAMLTokenFactory.WssSamlV11Token11);
RequesterConfig reqData = samlFactory.newSymmetricHolderOfKeyTokenGenerateConfig();
//Map "AppliesTo" to key alias, so library knows how to encrypt the Symmetric Key
reqData.setKeyAliasForAppliesTo("SOAPRecipient");
ProviderConfig samlIssuerCfg = samlFactory.newDefaultProviderConfig(IsserUri);
Subject subject = com.ibm.websphere.security.auth.WSSubject.getRunAsSubject();
SAMLToken samlToken = samlFactory.newSAMLToken(subject, reqData, samlIssuerCfg);
使用此样本代码,利用来自主体集的公用密钥创建 SAML v2.0 holder-of-key 令牌:
//User expression on how SAML should be created, default provided
RequesterConfig reqData = samlFactory.newAsymmetricHolderOfKeyTokenGenerateConfig();
//Choose a public key to be included in SAML
reqData.setKeyAliasForRequester("SOAPInitiator");
//Get issuer key store so can sign or encrypt assertion, issuer name
ProviderConfig samlIssuerCfg = samlFactory.newDefaultProviderConfig("any_issuer");
//Get JAAS Subject so the factory can populate principal and attributes to SAML
Subject subject = com.ibm.websphere.security.auth.WSSubject.getRunAsSubject();
SAMLToken samlToken = samlFactory.newSAMLToken(subject, reqData, samlIssuerCfg);
使用此样本代码,利用密钥(对称密钥)创建 SAML v2.0 holder-of-key 令牌:
SAMLTokenFactory samlFactory = SAMLTokenFactory.getInstance (SAMLTokenFactory.WssSamlV20Token11);
RequesterConfig reqData = samlFactory. newSymmetricHolderOfKeyTokenGenerateConfig ();
//Map "AppliesTo" to key alias so library knows how to encrypt the Symmetric Key
reqData.setKeyAliasForAppliesTo("SOAPRecipient");
ProviderConfig samlIssuerCfg = samlFactory.newDefaultProviderConfig(null);
CredentialConfig cred = samlFactory.newCredentialConfig ();
cred.setRequesterNameID("any_name");
SAMLToken samlToken = samlFactory.newSAMLToken(subject, reqData, samlIssuerCfg);