Class STSClientHelper
java.lang.Object
com.tivoli.am.fim.trustserver.sts.modules.http.stsclient.STSClientHelper
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
-
Field Details
-
STSClientHelper_java_copyright
-
-
Constructor Details
-
STSClientHelper
public STSClientHelper(String url, String username, String password, String trustStore, String clientStore, String clientAlias) Constructor. Create a client capable of calling an STS.- Parameters:
url- protocol, host, port and path to make the call tousername- BA username. Set to null to disable BA.password- BA password Set to null to disable BA.trustStore- Trust store for SSL connection. If null, the default value for the runtime will be used.clientStore- Client store for client certificate authentication. Set to null to disable client cert authenticationclientAlias- Certificate label for client certificat authentcation. Set to null to disable client cert authentication
-
-
Method Details
-
doSTSExchange
public Element doSTSExchange(String requestType, String tokenType, String issuerAddress, String appliesToAddress, Element claimsElement, Element baseToken) throws STSClientException An example of invoking the STSClient helper from a mapping rule:// The following imports are required. importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils); importClass(Packages.com.tivoli.am.fim.trustserver.sts.modules.http.stsclient.STSClientHelper); var sts_client = new STSClientHelper("https://127.0.0.1/TrustServerWS/SecurityTokenServiceWST13", "easuser", // Authenticate with BA "hunter2", "rt_profile_keys", // Default trust store null, // No client certificate authentication null); // This example invokes a chain with the following properties: // // Mode: Validate(http://schemas.xmlsoap.org/ws/2005/02/trust/Validate) // Issuer: "urn:issuer"; // AppliesTo: "urn:appliesTo" // // // The chain modules: // // 1. Default STSUU - Validate // 2. Default Map - Map (optional) // 3. Default STSUU - Issue // // It is assumed that the returned STSUU will contain a principal to be used // var req_stsuu = new STSUniversalUser(); req_stsuu.addAttribute( new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("myAttr", "urn:ibm:attr", "attributeValue")); IDMappingExtUtils.traceString("Sending STSUU as base token: " + req_stsuu); There are helper functions in IDMappingExtUtils which can be used to create XML Documents and Elements to construct other token types, such as binary security token / username token. var base_element = req_stsuu.toXML().getDocumentElement(); var rsp = sts_client.doSTSExchange("http://schemas.xmlsoap.org/ws/2005/02/trust/Validate", null, // No token type "urn:issuer", "urn:appliesTo", null, // No claims base_element); // // build a new STUU from the response element // var rsp_stsuu = new STSUniversalUser(); rsp_stsuu.fromXML(rsp); IDMappingExtUtils.traceString("recieved response STSUU: " + rsp_stsuu);For high performance situations, its recommended to use the LocalSTSClient and invoke a chain which is local to the federation runtime. This avoids the HTTP(S) overhead and goes via a Bean interface. See: com.tivoli.am.fim.fedmgr2.trust.util.LocalSTSClient- Parameters:
requestType- Value to populate the <RequestType> element with.tokenType- Value to populate the <TokentType> element with.issuerAddress- issuer addressappliesToAddress- appliesTo addressclaimsElement- Optional claims to provide in the requestbaseToken- element to populate the Base element with in the request- Returns:
- the text content of the RequestedSecurityToken in the response
-