Insert SAML attributes using WSS APIs

Network Deployment (Distributed operating systems), v8.0 > Develop and deploying applications > Develop web services - Security (WS-Security) > Develop applications that use Web Services Security > Develop message-level security for JAX-WS web services > Secure web services applications using the WSS APIs at the message level > Secure messages at the request generator using WSS APIs > Secure messages at the request generator using WSS APIs

Insert SAML attributes using WSS APIs

We can insert custom attributes into self-issued SAML tokens by using the Java API for JAX-WS programming model and Web Services Security APIs (WSS APIs).
This task assumes that you are familiar with the JAX-WS programming model, the WSS API interfaces, SAML concepts, and the use of policy sets to configure and administer web services settings. Complete the following actions before you begin this task:

Read about propagating self-issued SAML bearer tokens by using WSS APIs.
Read about propagating self-issued SAML sender-vouches tokens by using WSS APIs with message level protection.
Read about propagating self-issued SAML sender-vouches tokens by using WSS APIs with SSL transport protection.
Read about propagating self-issued SAML holder-of-key tokens with symmetric key by using WSS APIs.
Read about propagating self-issued SAML holder-of-key tokens with asymmetric key by using WSS APIs.

This task shows example code that inserts custom attributes into self-issued SAML security tokens. This particular example uses the bearer subject confirmation method. We can add attributes to any SAML security tokens, and the same code can be used with other subject confirmation methods.

Procedure

Insert custom attributes when creating SAML security tokens; for example:
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.websphere.wssecurity.callbackhandler.SAMLGenerateCallbackHandler;
import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken;
import com.ibm.wsspi.wssecurity.core.token.config.WSSConstants;
import com.ibm.wsspi.wssecurity.saml.config.SamlConstants;
import com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute;

WSSFactory factory = WSSFactory.getInstance();
HashMap
<Object, Object> map = new HashMap
<Object, Object>();
map.put(SamlConstants.CONFIRMATION_METHOD, "Bearer");
map.put(SamlConstants.Token_REQUEST, "issue");
map.put(SamlConstants.TOKEN_TYPE, WSSConstants.SAML.SAML20_VALUE_TYPE);
map.put(SamlConstants.SAML_NAME_IDENTIFIER, "Alice");
map.put(SamlConstants.SIGNATURE_REQUIRED, "true");
ArrayList
<SAMLAttribute> al = new ArrayList
<SAMLAttribute>();
String groups[] = {"IBMer", "Texan"};
SAMLAttribute sattribute = new SAMLAttribute("Membership", groups, null,null, null, null);
al.add(sattribute);
String gender[] = {"Female"};
sattribute = new SAMLAttribute("Gender", gender, null,null, null, null);
al.add(sattribute);
map.put(SamlConstants.SAML_ATTRIBUTES, al);
SAMLGenerateCallbackHandler callbackHandler = new SAMLGenerateCallbackHandler(map);
SecurityToken samlToken = factory.newSecurityToken(SAMLToken.class, callbackHandler,                                                   "system.wss.generate.saml");
Results

You have inserted custom attributes to a SAML security token.

Example
The following example shows the custom attributes in the SAML Assertion:
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
                  Version="2.0"
                       ID="_E62A1CA3C2F21D9A9B1287772824570"
                       IssueInstant="2010-10-22T18:40:24.531Z">
<saml2:Issuer>example.com
</samls2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">     ...

</ds:Signature>
<saml2:Subject>  
<saml2:NameID>Alice
</saml2:NameID>  
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2010-10-22T18:40:24.531Z"
                    NotOnOrAfter="2010-10-22T19:40:24.531Z">
</saml2:Conditions>
<saml2:AttributeStatement>  
<saml2:Attribute Name="Membership">      
<saml2:AttributeValue>IBMer
</saml2:AttributeValue>      
<saml2:AttributeValue>Texan
</saml2:AttributeValue>  
</saml2:Attribute>  
<saml2:Attribute Name="Gender">      
<saml2:AttributeValue>Female
</saml2:AttributeValue>  
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion> 
What to do next
Merge the code with the example code listed in the “Propagating self-issued SAML bearer tokens by using WSS APIs” topic to generate SAML security tokens. We can see SAML attributes in the SAML Assertions.
Send self-issued SAML bearer tokens using WSS APIs
Send self-issued SAML sender-vouches tokens using WSS APIs with message level protection
Send self-issued SAML sender-vouches tokens using WSS APIs with SSL transport protection
Send self-issued SAML holder-of-key tokens with symmetric key using WSS APIs
Send self-issued SAML holder-of-key tokens with asymmetric key using WSS APIs

+
Search Tips | Advanced Search