private OMElement getRSTTemplate() throws TrustException { OMFactory omFac = OMAbstractFactory.getOMFactory(); OMElement element = omFac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE); if (ClientConstants.SAML_TOKEN_TYPE_20.equals(tokenType)) { TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, element) .setText(RahasConstants.TOK_TYPE_SAML_20); } else if (ClientConstants.SAML_TOKEN_TYPE_11.equals(tokenType)) { TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, element) .setText(RahasConstants.TOK_TYPE_SAML_10); } if (ClientConstants.SUBJECT_CONFIRMATION_BEARER.equals(subjectConfirmationMethod)) { TrustUtil.createKeyTypeElement( RahasConstants.VERSION_05_02, element, RahasConstants.KEY_TYPE_BEARER); } else if (ClientConstants.SUBJECT_CONFIRMATION_HOLDER_OF_KEY.equals( subjectConfirmationMethod)) { TrustUtil.createKeyTypeElement( RahasConstants.VERSION_05_02, element, RahasConstants.KEY_TYPE_SYMM_KEY); } // request claims in the token. OMElement claimElement = TrustUtil.createClaims(RahasConstants.VERSION_05_02, element, claimDialect); // Populate the <Claims/> element with the <ClaimType/> elements addClaimType(claimElement, claimUris); return element; }
private static OMElement getRSTTemplate() throws Exception { OMFactory fac = OMAbstractFactory.getOMFactory(); OMElement elem = fac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE); TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem) .setText(RahasConstants.TOK_TYPE_SAML_10); TrustUtil.createKeyTypeElement( RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY); TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256); return elem; }
public static void main(String[] args) throws Exception { if (args.length != 3) { System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path"); } ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null); STSClient stsClient = new STSClient(ctx); stsClient.setRstTemplate(getRSTTemplate()); String action = TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE); stsClient.setAction(action); Token responseToken = stsClient.requestSecurityToken( loadPolicy("sample05/policy.xml"), "http://localhost:8080/axis2/services/STS", loadPolicy("sample05/sts_policy.xml"), null); System.out.println( "\n############################# Requested Token ###################################\n"); System.out.println(responseToken.getToken().toString()); TokenStorage store = TrustUtil.getTokenStore(ctx); store.add(responseToken); ServiceClient client = new ServiceClient(ctx, null); Options options = new Options(); options.setAction("urn:echo"); options.setTo(new EndpointReference(args[0])); options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("sample05/policy.xml")); options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, responseToken.getId()); client.setOptions(options); client.engageModule("addressing"); client.engageModule("rampart"); OMElement response = client.sendReceive(getPayload("Hello world1")); System.out.println("Response : " + response); }
private void run() { try { loadConfigurations(); // set the trust store as a system property for communication over // TLS. System.setProperty("javax.net.ssl.trustStore", keystorePath); System.setProperty("javax.net.ssl.trustStorePassword", keystorePwd); // create configuration context ConfigurationContext configCtx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(repoPath); // create STS client STSClient stsClient = new STSClient(configCtx); stsClient.setRstTemplate(getRSTTemplate()); String action = null; String responseTokenID = null; action = TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE); stsClient.setAction(action); // request the security token from STS. Token responseToken; Policy stsPolicy = loadPolicy(stsPolicyPath); // add rampart config assertion to the ws-sec policies RampartConfig rampartConfig = buildRampartConfig(); stsPolicy.addAssertion(rampartConfig); responseToken = stsClient.requestSecurityToken(null, stsEPR, stsPolicy, relyingPartyEPR); // store the obtained token in token store to be used in future // communication. TokenStorage store = TrustUtil.getTokenStore(configCtx); responseTokenID = responseToken.getId(); store.add(responseToken); // print token System.out.println(responseToken.getToken().toString()); // sending token renew request String renewedTokenID = null; if (enableRenewing) { System.out.println("Renewing " + tokenType); String TokenProfile = null; if (tokenType.equals(ClientConstants.SAML_TOKEN_TYPE_11)) { TokenProfile = RahasConstants.TOK_TYPE_SAML_10; } else if (tokenType.equals(ClientConstants.SAML_TOKEN_TYPE_20)) { TokenProfile = RahasConstants.TOK_TYPE_SAML_20; } stsClient.setRstTemplate(getRSTTemplate()); boolean tokenRenewed = stsClient.renewToken(responseTokenID, TokenProfile, stsEPR, stsPolicy, store); System.out.println("tokenRenewed : " + tokenRenewed); Token renewedToken = store.getRenewedTokens()[0]; renewedTokenID = renewedToken.getId(); System.out.println("Renewed Token : \n" + renewedToken.getToken().toString()); } // Validate the token if (enableValidateBinding) { // validating the token. stsClient = new STSClient(configCtx); action = TrustUtil.getActionValue( RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_VALIDATE); stsClient.setAction(action); String tokenID = null; if (renewedTokenID != null) { tokenID = renewedTokenID; } else { tokenID = responseTokenID; } boolean isValid = stsClient.validateToken(tokenID, stsEPR, stsPolicy); if (isValid) { if (enableRenewing) { System.out.println("Renewed SAML " + tokenType + " Token is valid"); } else { System.out.println("Response SAML " + tokenType + " Token is valid"); } } else { if (enableRenewing) { System.out.println("Renewed SAML " + tokenType + " Token is invalid"); } else { System.out.println("Response SAML " + tokenType + " Token is invalid"); } } } // Send the token to relying party if (enableRelyingParty) { /* Invoke secured service using the obtained token */ OMElement responseElem = null; // create service client ServiceClient serClient = new ServiceClient(configCtx, null); // engage modules serClient.engageModule("addressing"); serClient.engageModule("rampart"); // load policy of secured service Policy sec_policy = loadPolicy(relyingPartyPolicyPath); // add rampart config to the ws-sec policies sec_policy.addAssertion(rampartConfig); // set in/out security policies in client opts serClient.getOptions().setProperty(RampartMessageData.KEY_RAMPART_POLICY, sec_policy); // Set the token id as a property in the Axis2 client scope, so // that this will be picked up when creating the secure message to // invoke // the endpoint. serClient .getOptions() .setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, renewedTokenID); // set action of the Hello Service to be invoked. serClient.getOptions().setAction("urn:echoString"); serClient.getOptions().setTo(new EndpointReference(relyingPartyEPR)); // invoke the service // System.out.println(serClient.sendReceive(getPayload(echoRequestMsg)).toString()); responseElem = serClient.sendReceive(getPayload(echoRequestMsg)); // cleanup transports serClient.getOptions().setCallTransportCleanup(true); System.out.println(responseElem.toString()); System.exit(0); } } catch (Exception e) { e.printStackTrace(); } finally { System.exit(0); } }