Scsong at 23:44, 11 September 2008

2008-09-11T23:44:02Z

← Older revision		Revision as of 23:44, 11 September 2008
Line 26:		Line 26:
	===Prime wss4j===		===Prime wss4j===

	Next, you need to prime ~~<nop>~~CachedDoAllSender with information regarding the assertion and keystore to use.		Next, you need to prime CachedDoAllSender with information regarding the assertion and keystore to use.

	<pre>		<pre>
Line 61:		Line 61:
	</pre>		</pre>

	wss4j wants to pull the password to unlock your private key from a callback class. This is the same as retrieving the password for doing ws-security ~~<nop>~~UsernameToken authentication. A sample callback class follows:		wss4j wants to pull the password to unlock your private key from a callback class. This is the same as retrieving the password for doing ws-security UsernameToken authentication. A sample callback class follows:

	<pre>		<pre>

Scsong at 23:43, 11 September 2008

2008-09-11T23:43:29Z

New page

==Connect to SAML Authenticated service==

SAML Authenticated calls are done using wss4j along with some helper classes in the pawn-ws-sec project. These handle signing messages, and embedding assertions in the soap message.

===Configure WSS4j===

You'll need to create a client deployment descriptor to tell wss4j to handle signing messages and to tell it to use different classes to do the signing. This connects to the Receiver service.

<pre>
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration >
</globalConfiguration >

<service name="Receiver">
<requestFlow>
<handler type="java:edu.umiacs.wssec.CachedDoAllSender">
<parameter name="action" value="Timestamp SAMLTokenSigned"/>
</handler>
</requestFlow>
</service>

</deployment>
</pre>

===Prime wss4j===

Next, you need to prime <nop>CachedDoAllSender with information regarding the assertion and keystore to use.

<pre>
CachedDoAllSender.setSignatureKeyStore(keystore);
CachedDoAllSender.setSamlAssertion(samlAssertion);
</pre>

===Create call===

Now when you want to call a saml authenticated service, you must first create a service locator and call based on the deployment descriptor above:

<pre>

ReceiverServiceLocator recvSl;
Receiver recv;

String url = "http://localhost:8080/pawn-archive/services/Receiver"
EngineConfiguration config = new FileProvider("client.deploy.wsdd");

recvSl = new ReceiverServiceLocator(config);
recvSl.setReceiverEndpointAddress(url);
recv = schedSl.getReceiver();

</pre>

The next step is to configure the call
<pre>
Stub stub = (stub)recv;

stub._setProperty(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
stub._setProperty(WSHandlerConstants.USER, KEYSTORE_ALIAS); // alias w/ priv/pub keypair
stub._setProperty(WSHandlerConstants.PW_CALLBACK_REF, new PasswordCallBack(KEYSTORE_PASS));
</pre>

wss4j wants to pull the password to unlock your private key from a callback class. This is the same as retrieving the password for doing ws-security <nop>UsernameToken authentication. A sample callback class follows:

<pre>
public class PasswordCallBack implements CallbackHandler {

private String pass;

public PasswordCallBack(String pass) {
this.pass = pass;
}

public void handle(javax.security.auth.callback.Callback[] callbacks)
throws java.io.IOException,
javax.security.auth.callback.UnsupportedCallbackException {

for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];

// for saml token , uses type unknown due to bug in wss4j
if (pc.getUsage() == WSPasswordCallback.UNKNOWN) {
pc.setPassword(pass);
}

} else {
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
}
}
}
}
</pre>

You can now make web service calls.

<pre>
recv.testAuthorization();
</pre>

-- Main.MikeSmorul - 12 Sep 2005

Saml:AuthenticateClient - Revision history

Scsong at 23:44, 11 September 2008

Scsong at 23:43, 11 September 2008