Saml:AuthenticateClient
From Adapt
Connect to SAML Authenticated service
SAML Authenticated calls are done using wss4j along with some helper classes in the pawn-ws-sec project. These handle signing messages, and embedding assertions in the soap message.
Configure WSS4j
You'll need to create a client deployment descriptor to tell wss4j to handle signing messages and to tell it to use different classes to do the signing. This connects to the Receiver service.
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"> <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/> <globalConfiguration > </globalConfiguration > <service name="Receiver"> <requestFlow> <handler type="java:edu.umiacs.wssec.CachedDoAllSender"> <parameter name="action" value="Timestamp SAMLTokenSigned"/> </handler> </requestFlow> </service> </deployment>
Prime wss4j
Next, you need to prime CachedDoAllSender with information regarding the assertion and keystore to use.
CachedDoAllSender.setSignatureKeyStore(keystore); CachedDoAllSender.setSamlAssertion(samlAssertion);
Create call
Now when you want to call a saml authenticated service, you must first create a service locator and call based on the deployment descriptor above:
ReceiverServiceLocator recvSl; Receiver recv; String url = "http://localhost:8080/pawn-archive/services/Receiver" EngineConfiguration config = new FileProvider("client.deploy.wsdd"); recvSl = new ReceiverServiceLocator(config); recvSl.setReceiverEndpointAddress(url); recv = schedSl.getReceiver();
The next step is to configure the call
Stub stub = (stub)recv; stub._setProperty(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); stub._setProperty(WSHandlerConstants.USER, KEYSTORE_ALIAS); // alias w/ priv/pub keypair stub._setProperty(WSHandlerConstants.PW_CALLBACK_REF, new PasswordCallBack(KEYSTORE_PASS));
wss4j wants to pull the password to unlock your private key from a callback class. This is the same as retrieving the password for doing ws-security UsernameToken authentication. A sample callback class follows:
public class PasswordCallBack implements CallbackHandler { private String pass; public PasswordCallBack(String pass) { this.pass = pass; } public void handle(javax.security.auth.callback.Callback[] callbacks) throws java.io.IOException, javax.security.auth.callback.UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof WSPasswordCallback) { WSPasswordCallback pc = (WSPasswordCallback)callbacks[i]; // for saml token , uses type unknown due to bug in wss4j if (pc.getUsage() == WSPasswordCallback.UNKNOWN) { pc.setPassword(pass); } } else { throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); } } } }
You can now make web service calls.
recv.testAuthorization();
-- Main.MikeSmorul - 12 Sep 2005