Requesting SAML holder-of-key tokens with asymmetric key from External Security Token Service using WSS APIs
You can request an external Security Token Service (STS) to issue SAML tokens with the holder-of-key subject confirmation method with a public key in an X.509 certificate with the Java™ API for XML-Based Web Services (JAX-WS) programming model and Web Services Security APIs (WSS APIs).
Before you begin
This task assumes that you are familiar with
the JAX-WS
programming model, the WSS API interfaces, SAML concepts, and the
use of policy sets to configure and administer web services settings.
Complete the following actions before you begin this task:
- Read about propagating self-issued SAML holder-of-key tokens with asymmetric key by using WSS APIs.
- Become familiar with using embedded key materials in SAML tokens for message protection by using WSS APIs. Your usage scenario requires requesting SAML tokens from an external STS instead of using self-issued SAML tokens.
- Read about requesting SAML sender-vouches tokens from an external STS to propagate by using WSS APIs with message level protection.
- Read about requesting SAML sender-vouches tokens from an external STS to propagate by using WSS APIs with transport level protection.
- Read about requesting SAML bearer tokens from an external STS, which you propagate by using WSS APIs with transport level protection.
- Become familiar with accessing an external STS by using WSS APIs.
About this task
Procedure
Results
You have learned key building blocks to request SAML tokens with the holder-of-key subject confirmation method and asymmetric key from an external STS using WSS APIs. To use the SAML token to sign request messages, become familiar with the example code in the Propagating self-issued SAML holder-of-key tokens with asymmetric key by using WSS APIs topic.