StsClientApi

com.pingidentity.Security.STS Namespace

The PingFederate WS-Trust STS Client SDK is used for making WS-Trust requests to the PingFederate WS-Trust STS endpoints. The SDK provides interfaces that perform the WS-Trust Request Security Token (RST) and Request Security Token Response (RSTR) messaging to interact with the PingFederate STS endpoints. Using this SDK library, applications are not responsible for forming WS-Trust messages, and instead interact only with the tokens themselves.

The following code example demonstrates sending an Issue request to PingFederate with a Username token. PingFederate validates the Username token and issues a SAML token based upon the configured SP configuration.

  
 // Configure STS Client (IDP-side, SP connection)
 STSClientConfiguration idpStsConfig = new STSClientConfiguration();
 idpStsConfig.appliesTo = "http://wsp.domain.com";
 idpStsConfig.stsEndpoint = new Uri("https://wsc.domain.com:9031/idp/sts.wst");
 idpStsConfig.systemAuthType = SystemAuthType.BASIC;
 idpStsConfig.systemAuthUsername = "test1";
 idpStsConfig.systemAuthPassword = "2Federate";
 STSClient idpStsClient = new STSClient(idpStsConfig);

 // Send RST Issue request to STS
 SecurityToken samlToken = idpStsClient.IssueToken("joe","Password1");  
 

The following code example demonstrates making a Validate request to PingFederate.

SoapContext reqCtx = RequestSoapContext.Current;
if (reqCtx.Security.Tokens.Count == 0)
{
  throw new SecurityFault("No security token found");
}
IEnumerator tokenEnumerator = reqCtx.Security.Tokens.GetEnumerator();
tokenEnumerator.MoveNext();
SecurityToken samlToken = (SecurityToken) tokenEnumerator.Current;
if (!(samlToken is SamlTokenClientBase))
{
  throw new SecurityFault("Only SAML tokens are supported");
}

// Configure STS Client (SP-side, IdP connection)
STSClientConfiguration spStsConfig = new STSClientConfiguration();
spStsConfig.stsEndpoint = new Uri("https://wsp.domain.com:9031/idp/sts.wst");
spStsConfig.systemAuthType = SystemAuthType.BASIC;
spStsConfig.systemAuthUsername = "test1";
spStsConfig.systemAuthPassword = "2Federate";
STSClient spStsClient = new STSClient(spStsConfig);

bool tokenValid = spStsClient.ValidateToken(samlToken);
if (!tokenValid)
{
  throw new SecurityFault("Invalid Token");
} 

In order to use the example code, add the following lines to the security element of microsoft.web.services3 section in your application configuration (App.config) file. Only one SAML token manager can be in use during runtime. Disable the token manager not in use using XML comments.

<securityTokenManager>
   <add type="com.pingidentity.Security.Tokens.SAMLToken.ClientSaml1_1TokenManager, StsClientApi_Tokens"
        namespace="urn:oasis:names:tc:SAML:1.0:assertion" localName="Assertion"/>
   <!--
   <add type="com.pingidentity.Security.Tokens.SAMLToken.ClientSaml2_0TokenManager, StsClientApi_Tokens" 
        namespace="urn:oasis:names:tc:SAML:2.0:assertion" localName="Assertion" />
   -->
</securityTokenManager>

Namespace hierarchy

Classes

ClassDescription
WstStatus This class helps to work with the validate status in the RSTR.