Creating SAML attributes in SAML tokens
Using the SAML runtime API, you can create SAML tokens containing SAML attributes. You can also extract the SAML attributes from an existing SAML token.
About this task
To create a SAML token containing SAML attributes, perform the following steps:
Procedure
- Initialize a com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute
object. This creates a SAML attribute based on an address, for example:
SAMLAttribute sattribute = new SAMLAttribute("urn:oid:2.5.4.20", //Name new String[] {" any address"}, //Attribute Values null, /*XML Attributes empty on this example*/ "urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500", //NameSpace "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", //format "Address");
- Use the SAMLTokenFactory to create a CredentialConfig object
containing a SAML attribute. This method requires the Java security
permisson wssapi.SAMLTokenFactory.newCredentialConfig.
- Create a com.ibm.wsspi.wssecurity.saml.config.CredentialConfig object and set a valid principal name.
- Create a SAML attribute.
- Create a list of SAML attributes and add the SAML attribute to the list.
- Add the SAML attribute list to the CredentialConfig object.
SAMLTokenFactory samlFactory = SAMLTokenFactory.getInstance("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");//samlTokenType CredentialConfig credentialConfig = samlFactory.newCredentialConfig(); credentialConfig.setRequesterNameID("any name"); SAMLAttribute sattribute = new SAMLAttribute("urn:oid:2.5.4.20", //Name new String[] {" any address"}, //Attribute Values null, /*XML Attributes empty on this example*/ "urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500", //NameSpace "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", //format "Address"); ArrayList<SAMLAttribute> al = new ArrayList<SAMLAttribute>(); al.add(sattribute); credentialConfig.setSAMLAttributes(al);
- Specifying the CredentialConfig as a parameter, use the
com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory newSAMLToken
method to create a SAML token containing the attributes. This
step assumes that a RequesterConfig reqData object
and a ProviderConfig samlIssuerCfg object have already
been created. For more information on these objects, read about RequesterConfig
and ProviderConfig.
- Obtain an instance of the SAMLTokenFactory.
- Create a SAML token using the newSAMLToken method from
the SAMLTokenFactory, for example:
SAMLTokenFactory samlFactory = SAMLTokenFactory.getInstance("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"); SAMLToken aSamlToken = samlFactory.newSAMLToken(credentialConfig, reqData, samlIssuerCfg);
- Optional: Extract SAML attributes from an existing
SAML token. This step is useful to extract the SAML attributes from
a received SAML token. You can use this step when a SAML assertion
is received and the attributes contained in the assertion need to
be processed.
- Invoke the getSAMLAttributes() method with the token as a parameter to obtain a list of the SAML attributes in the token. This method requires the Java security permission wssapi.SAMLToken.getSAMLAttributes.
- Apply an iterator to the list.
- Iterate through the list and perform any additional processing required for your application.
List<SAMLAttribute> aList = aSAMLToken.getSAMLAttributes(); java.util.Iterator<SAMLAttribute> i = aList.iterator(); while(i.hasNext()){ SAMLAttribute anAttribute = i.next(); //do something with namespace String namespace = anAttribute.getAttributeNamespace(); //do something with name String name = anAttribute.getName(); //do something with friendly name String friendlyName = anAttribute.getFriendlyName(); //process sring attribute values String[] stringAttributeValues = anAttribute.getStringAttributeValue(); //process XML attribute values XMLStructure[] xmlAttributeValues = (XMLStructure[]) anAttribute.getXMLAttributeValue(); }
Subtopics
SAML user attributes
A SAML assertion can contain user attributes relating to the principal of the SAML token. A SAML assertion can contain multiple user attributes.


File name: twbs_managesamlattribs.html