Package com.tivoli.am.fim.trustserver.sts.modules.http.stsclient

Class STSClientHelper

  • public class STSClientHelper
extends java.lang.Object

    • Constructor Summary

      Constructors 
      Constructor Description
      STSClientHelper​(java.lang.String url, java.lang.String username, java.lang.String password, java.lang.String trustStore, java.lang.String clientStore, java.lang.String clientAlias)
      Constructor.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      org.w3c.dom.Element doSTSExchange​(java.lang.String requestType, java.lang.String tokenType, java.lang.String issuerAddress, java.lang.String appliesToAddress, org.w3c.dom.Element claimsElement, org.w3c.dom.Element baseToken)
      An example of invoking the STSClient helper from a mapping rule:

      • Methods inherited from class java.lang.Object

        equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • STSClientHelper_java_copyright

        public static final java.lang.String STSClientHelper_java_copyright

    • Constructor Detail

      • STSClientHelper

        public STSClientHelper​(java.lang.String url,
                       java.lang.String username,
                       java.lang.String password,
                       java.lang.String trustStore,
                       java.lang.String clientStore,
                       java.lang.String clientAlias)
        Constructor. Create a client capable of calling an STS.
        Parameters:
        url - protocol, host, port and path to make the call to
        username - BA username. Set to null to disable BA.
        password - BA password Set to null to disable BA.
        trustStore - Trust store for SSL connection. If null, the default value for the runtime will be used.
        clientStore - Client store for client certificate authentication. Set to null to disable client cert authentication
        clientAlias - Certificate label for client certificat authentcation. Set to null to disable client cert authentication

    • Method Detail

      • doSTSExchange

        public org.w3c.dom.Element doSTSExchange​(java.lang.String requestType,
                                         java.lang.String tokenType,
                                         java.lang.String issuerAddress,
                                         java.lang.String appliesToAddress,
                                         org.w3c.dom.Element claimsElement,
                                         org.w3c.dom.Element baseToken)
                                  throws STSClientException
        An example of invoking the STSClient helper from a mapping rule: 
         // The following imports are required.
 importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils);
 importClass(Packages.com.tivoli.am.fim.trustserver.sts.modules.http.stsclient.STSClientHelper);

 var sts_client = new STSClientHelper("https://127.0.0.1/TrustServerWS/SecurityTokenServiceWST13",
      "easuser",         // Authenticate with BA
      "hunter2", 
      "rt_profile_keys", // Default trust store
      null,              // No client certificate authentication
      null);

 // This example invokes a chain with the following properties:
 //
 // Mode: Validate(http://schemas.xmlsoap.org/ws/2005/02/trust/Validate)
 // Issuer: "urn:issuer";
 // AppliesTo: "urn:appliesTo"
 //
 //
 // The chain modules:
 //
 // 1. Default STSUU - Validate
 // 2. Default Map - Map (optional)
 // 3. Default STSUU - Issue
 //
 // It is assumed that the returned STSUU will contain a principal to be used
 //

 var req_stsuu = new STSUniversalUser();
 req_stsuu.addAttribute(
     new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("myAttr",
                                                           "urn:ibm:attr",
                                                           "attributeValue"));
 IDMappingExtUtils.traceString("Sending STSUU as base token: " + req_stsuu);
 
  There are helper functions in IDMappingExtUtils which can be used to create
  XML Documents and Elements to construct other token types, such as binary security
  token / username token.
 
 var base_element = req_stsuu.toXML().getDocumentElement();
 var rsp = sts_client.doSTSExchange("http://schemas.xmlsoap.org/ws/2005/02/trust/Validate",
                                   null, // No token type
                                   "urn:issuer",
                                   "urn:appliesTo",
                                   null, // No claims
                                   base_element);
 //
 //  build a new STUU from the response element
 // 
 var rsp_stsuu = new STSUniversalUser();
 rsp_stsuu.fromXML(rsp);
 IDMappingExtUtils.traceString("recieved response STSUU: " + rsp_stsuu);
        For high performance situations, its recommended to use the LocalSTSClient and invoke a chain which is local to the federation runtime. This avoids the HTTP(S) overhead and goes via a Bean interface. See: com.tivoli.am.fim.fedmgr2.trust.util.LocalSTSClient
        Parameters:
        requestType - Value to populate the <RequestType> element with.
        tokenType - Value to populate the <TokentType> element with.
        issuerAddress - issuer address
        appliesToAddress - appliesTo address
        claimsElement - Optional claims to provide in the request
        baseToken - element to populate the Base element with in the request
        Returns:
        the text content of the RequestedSecurityToken in the response
        Throws:
        STSClientException - if there is an error making the request or handling the response.