Propagation of SAML tokens using the API
The SAML propagation function is useful for applications that interact across multiple servers. The propagation feature communicates token information from the originating server downstream to other servers.
Programmatic propagation of SAML tokens is achieved through a combination of explicit programming and use of the Web Services Security runtime environment. For example, you can extract the SAMLToken from the org.apache.axis2.jaxws.BindingProvider object. The token is then used for outbound calls. In this example, since WebSphere® security is not required, programmatically propagating the SAML token allows you to exploit SAML security at the application level. Furthermore, the SAML token can be communicated downstream using any protocol.
Use the following sample code to extract the SAMLToken on the client side after the first request is completed.
javax.xml.ws.Dispatch dispatch = ...;
dispatch.invoke();
Obtain
a response context and extract the
SAMLToken:Map<String, Object> responseContext = dispatch.getResponseContext();
SAMLToken samlToken =
(SAMLToken ) responseContext.get(com.ibm.wsspi.wssecurity.saml.config.SamlConstants.
SAMLTOKEN_OUT_MESSAGECONTEXT);
The following sample code shows how to reuse a SAMLToken for subsequent web services requests.
javax.xml.ws.Dispatch dispatch = ...;
The web services
client then uses this code to pass a SAMLToken to the Web Services Security
handler:Map<String, Object> requestContext = dispatch.getRequestContext();
requestContext.put(com.ibm.wsspi.wssecurity.saml.config.SamlConstants.
SAMLTOKEN_IN_MESSAGECONTEXT, samlToken);
The web services provider (receiver) can use the following code to extract a SAMLToken from an incoming web services request.
Subject subject = (Subject) context.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_WSSSUBJECT);
SAMLToken samlToken = null;
try {
samlToken = (SAMLToken) AccessController.doPrivileged(
new java.security.PrivilegedExceptionAction() {
public Object run() throws java.lang.Exception {
final java.util.Iterator authIterator =
subject.getPrivateCredentials(SAMLToken.class).iterator();
if ( authIterator.hasNext() ) {
final SAMLToken token = (SAMLToken)
authIterator.next();
return token;
}
return null;
}
});
} catch (Exception ex) {
// Error handling
}
List<SAMLAttribute> allAttributes;
allAttributes = ((SAMLToken) samlToken).getSAMLAttributes();
The web services client runtime environment can cache the SAML token. On subsequent client requests within the application, the security runtime environment retrieves the SAML token from the cache for use with the target.