|
PERMISION NOTICE AND DISCLAIMER This website contains certain downloadable software. This software is copyrighted and the copyrighter claims all exclusive rights to such software. The copyright owner of the software that you download through this site may be indicated in the accompanying read-me file and in the accompanying source code as well as in the area of this Web Site from which the software is downloaded. Permission to use, copy, modify and distribute this software and its source code for non commercial purposes and without fee is hereby granted, provided that the name of the copyright owner or related contributors not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. The copyright owner and contributors makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. The copyright owner and its contributors disclaim all warranties with regard to this software, including all implied warranties of merchantability and fitness. In no event shall the author and the contributors be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortuous action, arising out of or in connection with the use or performance of this software. AcceptCancel
The objective of this example is to obtain a SAML token, which can later be used for Single Sign-On.
Single Sign-On is an authentication process that enables the user to authenticate once and to gain access to several systems with this one identification process.
To try this example, you must download the file called sampleAxis11.zip and follow the instructions in Configuration of the Environment.
First, we must initialize the connection with the TrustedX authentication Web service.
TWSAALocator locatorAa = new TWSAALocator();
locatorAa.setAuthNTypeEndpointAddress(host);
AuthNType aat = locatorAa.getAuthNType();
AuthNBindingStub bindingAa = (AuthNBindingStub) aat;
UtilTrustedX.ssl_conf();
Unlike the other examples, to perform an authentication request, we must create an AuthNRequestType object.
AuthNRequestType ar = new AuthNRequestType();
For this example, authentication is performed via an agent. Therefore, a new agent is created in the request and the data necessary to identify it are included.
The necessary data are: the agent's unique identifier (agentId), the IP address from which the authenticated entity connects (ipAddress) and the identifier of the authentication method (authMethod) which the agent uses on the authenticated entity. Moreover, the necessary data is calculated for filling out the agent’s authentication chain (auth), which is required in all authentication requests sent by the agent.
ar.setAgent(new AgentAuthNData());
ar.getAgent().setAgentId(agentId);
ar.getAgent().setIpAddr(ipAddress);
ar.getAgent().setAuthMethod(new URI(authMethod));
Random random = new Random();
byte[] randBytes = new byte[20];
random.nextBytes(randBytes);
ar.getAgent().setRand(randBytes);
String created = new Long(System.currentTimeMillis()).toString();
ar.getAgent().setCreated(created);
ar.getAgent().setAuth(calculateHMAC(agentId, randBytes, created, ipAddress, secret));
The credentials of the entity to be authenticated are also included in the agent. To do this, we create a Credentials object, which contains a UsernameTokenType object with the username and the clear text password. These are the credentials that are included in the agent with the setCredentials() method.
Credentials c = new Credentials();
UsernameTokenType unt = new UsernameTokenType();
unt.setUsername(new AttributedString(username));
PasswordString ps = new PasswordString(password);
ps.setType(new URI(PASSWORD_TYPE));
unt.setPassword(ps);
c.setUsernameToken(unt);
ar.getAgent().setCredentials(c);
Finally, the format of the response must also be indicated in the agent – in this case an Assertion is requested.
ar.getAgent().setRespondWith(new QName(SAML_URI, RESPONSE_TYPE));
Once all the data have been entered in the request, the authN() operation is invoked; this operation sends the request to the host and collects the response in a AuthNResponseType object.
AuthNResponseType arv = bindingAa.authN(ar);
It is now possible to extract the obtained response.
String response = Util.serialize(bindingAa._getCall().getResponseMessage().getSOAPEnvelope().getAsDocument());
And lastly, we can extract the SAML assertion from the response and display it on screen.
System.out.println("** Token **");
System.out.println(getToken(response));
Once the code has been executed, we obtain an output, such as the one below.
** Token **
<saml:AssertionAssertionID="aid-31323031303830313838-4992a0d26f172fdc8d7445c5576ea072"IssueInstant="2008-01-23T09:23:08.681Z"Issuer="urn:safelayer:tws:services:aa:2.1" MajorVersion="1"MinorVersion="1" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions NotBefore="2008-01-23T09:23:08.681Z" NotOnOrAfter="2008-01-23T10:23:08.681Z"/><saml:AuthenticationStatementAuthenticationInstant="2008-01-23T09:23:08.681Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password:clear"><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">trustedx</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:SubjectLocality IPAddress="192.168.160.1"/></saml:AuthenticationStatement></saml:Assertion>
|
Try 
(1)