com.pingidentity.sts.clientapi
Class STSClient

java.lang.Object
  extended by com.pingidentity.sts.clientapi.STSClient

public class STSClient
extends java.lang.Object

STSClient provides operations to invoke STS functions.


Constructor Summary
STSClient(java.lang.String endpoint)
          Creates STSClient.
STSClient(STSClientConfiguration stsClientConfiguration)
          Creates STSClient using appropriate configuration.
 
Method Summary
 RequestSecurityTokenData createIssueData()
          Creates request data for an Issue RST request.
 RequestSecurityTokenData createValidateData()
          Creates request data for a Validate RST request.
 SamlToken extractTokenFromSecurityHeader(org.w3c.dom.Element securityHeader)
          Extracts a SAML Assertion from a Security Header.
 STSClientConfiguration getStsClientConfiguration()
           
 org.w3c.dom.Element issueToken(java.lang.String tokenData)
          Sends an RST request to the STS server.
 org.w3c.dom.Element issueToken(java.lang.String username, java.lang.String password)
          Sends an RST request to the STS server.
 org.w3c.dom.Element issueToken(Token token)
          Sends an RST request to the STS server.
 org.w3c.dom.Element issueToken(javax.security.auth.x500.X500PrivateCredential credential)
          Sends an RST request to the STS server.
 STSResponse makeRequest(RequestSecurityTokenData rstData, org.w3c.dom.Element token, java.lang.Object requestorCredentials, java.lang.String tokenType)
           
 STSResponse makeRequest(RequestSecurityTokenData rstData, org.w3c.dom.Element token, java.lang.Object requestorCredentials, java.lang.String tokenType, boolean embeddedToken)
          Sends the RST request to the STS server.
 STSResponse makeRequest(RequestSecurityTokenData rstData, org.w3c.dom.Element token, java.lang.Object requestorCredentials, java.lang.String tokenType, javax.security.auth.x500.X500PrivateCredential credential)
          Sends the RST request to the STS server.
 STSResponse makeRequest(RequestSecurityTokenData rstData, org.w3c.dom.Element token, java.lang.Object requestorCredentials, java.lang.String tokenType, javax.security.auth.x500.X500PrivateCredential credential, boolean useEmbeddedToken)
          Sends the RST request to the STS server.
 void registerSecurityTokenReference(javax.xml.namespace.QName tokenElementName, java.lang.String tokenType, SecurityTokenReference securityTokenReference)
          Registers the SecurityTokenReference object for a token of tokenElementName.
 void setStsCertificate(java.security.cert.X509Certificate certificate)
          Sets the STS Server Certificate if you want to check the server signature of the RSTRs.
 boolean validateToken(SamlToken token)
          Validates a given token on the PingFederate server.
 org.w3c.dom.Element wrapTokenInSecurityHeader(org.w3c.dom.Element token)
          Wraps a token in Security Header.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

STSClient

public STSClient(java.lang.String endpoint)
          throws java.net.MalformedURLException
Creates STSClient.

Parameters:
endpoint - the Security Token Service endpoint
Throws:
java.net.MalformedURLException - if the endpoint URL is malformed.

STSClient

public STSClient(STSClientConfiguration stsClientConfiguration)
          throws java.net.MalformedURLException
Creates STSClient using appropriate configuration.

Parameters:
stsClientConfiguration - the configuration
Throws:
java.net.MalformedURLException - if the STS endpoint URL in the configuration is malformed
Method Detail

getStsClientConfiguration

public STSClientConfiguration getStsClientConfiguration()

setStsCertificate

public void setStsCertificate(java.security.cert.X509Certificate certificate)
Sets the STS Server Certificate if you want to check the server signature of the RSTRs.

Parameters:
certificate - the STS Server Certificate

makeRequest

public STSResponse makeRequest(RequestSecurityTokenData rstData,
                               org.w3c.dom.Element token,
                               java.lang.Object requestorCredentials,
                               java.lang.String tokenType,
                               javax.security.auth.x500.X500PrivateCredential credential,
                               boolean useEmbeddedToken)
                        throws STSClientException,
                               java.io.IOException
Sends the RST request to the STS server.

Parameters:
rstData - contains RST data.
token - the token to be validated.
requestorCredentials - credentials of the requestor. Acceptable credential type are HTTPAuthentication and WSSEAuthentication.
tokenType - the token type that is needed for referencing of the token. If null STSClient tries to find the most appropritate token type for the token element being provided.
credential - if provided the message will be signed with that credential.
useEmbeddedToken - indicates whether to reference token from RST (false), or embed it to RST (true).
Returns:
the Response from the STS server
Throws:
STSClientException - if the request can't be generated
java.io.IOException - if an IO exception occurs
See Also:
RequestSecurityTokenData

makeRequest

public STSResponse makeRequest(RequestSecurityTokenData rstData,
                               org.w3c.dom.Element token,
                               java.lang.Object requestorCredentials,
                               java.lang.String tokenType,
                               javax.security.auth.x500.X500PrivateCredential credential)
                        throws STSClientException,
                               java.io.IOException
Sends the RST request to the STS server.

Parameters:
rstData - contains RST data.
token - the token to be validated.
requestorCredentials - credentials of the requestor. Acceptable credential type are HTTPAuthentication and WSSEAuthentication.
tokenType - the token type that is needed for referencing of the token. If null STSClient tries to find the most appropritate token type for the token element being provided.
credential - if provided the message will be signed with that credential.
Returns:
the Response from the STS server
Throws:
STSClientException - if the request can't be generated
java.io.IOException - if an IO exception occurs
See Also:
RequestSecurityTokenData

makeRequest

public STSResponse makeRequest(RequestSecurityTokenData rstData,
                               org.w3c.dom.Element token,
                               java.lang.Object requestorCredentials,
                               java.lang.String tokenType,
                               boolean embeddedToken)
                        throws STSClientException,
                               java.io.IOException
Sends the RST request to the STS server. This does the same that makeRequest(com.pingidentity.sts.clientapi.model.RequestSecurityTokenData, org.w3c.dom.Element, Object, String, javax.security.auth.x500.X500PrivateCredential) does with credential = null.

Parameters:
rstData - contains RST data.
token - the token to be validated.
requestorCredentials - credentials of the requestor. Acceptable credential type are HTTPAuthentication and WSSEAuthentication.
tokenType - the token type that is needed for referencing of the token. If null STSClient tries to find the most appropritate token type for the token element being provided.
embeddedToken -
Returns:
the Response from STS server
Throws:
STSClientException - if the request can't be generated
java.io.IOException - if an IO exception occurs
See Also:
RequestSecurityTokenData

makeRequest

public STSResponse makeRequest(RequestSecurityTokenData rstData,
                               org.w3c.dom.Element token,
                               java.lang.Object requestorCredentials,
                               java.lang.String tokenType)
                        throws STSClientException,
                               java.io.IOException
Throws:
STSClientException
java.io.IOException

wrapTokenInSecurityHeader

public org.w3c.dom.Element wrapTokenInSecurityHeader(org.w3c.dom.Element token)
Wraps a token in Security Header.

Parameters:
token - the token
Returns:
DOM element <wsse:Security/> containing the token and ≶wsu:Timestamp/>. This element is intended to be put into the SOAP Header.

extractTokenFromSecurityHeader

public SamlToken extractTokenFromSecurityHeader(org.w3c.dom.Element securityHeader)
                                         throws SecurityTokenException
Extracts a SAML Assertion from a Security Header.

Parameters:
securityHeader - the Security Header, which be retrieved via javax.xml.soap.SOAPMessage.getSOAPHeader()
Returns:
the SAML Assertion or null if no SAML Assertion found
Throws:
SecurityTokenException - if there's a problem with parsing the SAML Assertion

validateToken

public boolean validateToken(SamlToken token)
                      throws STSClientException
Validates a given token on the PingFederate server. This method requires the STSClient instance to be created with STSClientConfiguration.

Parameters:
token - the token to be validated.
Returns:
true if the token is valid, false otherwise.
Throws:
STSClientException - in case of exceptions during token validation

issueToken

public org.w3c.dom.Element issueToken(Token token)
                               throws STSClientException
Sends an RST request to the STS server. Derives configuration values from agent.properties.

Returns:
the issued token
Throws:
STSClientException - to indicate failed request

issueToken

public org.w3c.dom.Element issueToken(java.lang.String tokenData)
                               throws STSClientException
Sends an RST request to the STS server. Derives configuration values from agent.properties.

Parameters:
tokenData - base64 encoded binary data that is used to construct a binary token. This token is sent to the STS server along with the RST.
Returns:
the issued token
Throws:
STSClientException - to indicate failed request

issueToken

public org.w3c.dom.Element issueToken(javax.security.auth.x500.X500PrivateCredential credential)
                               throws STSClientException
Sends an RST request to the STS server. Derives configuration values from agent.properties.

Parameters:
credential - the X509 certificate keypair
Returns:
the issued token
Throws:
STSClientException - to indicate failed request

issueToken

public org.w3c.dom.Element issueToken(java.lang.String username,
                                      java.lang.String password)
                               throws STSClientException
Sends an RST request to the STS server. Derives configuration values from agent.properties and sends a UserName token using the provided parameter values.

Parameters:
username - the user name
password - the user password
Returns:
the issued token
Throws:
STSClientException - to indicate failed request

registerSecurityTokenReference

public void registerSecurityTokenReference(javax.xml.namespace.QName tokenElementName,
                                           java.lang.String tokenType,
                                           SecurityTokenReference securityTokenReference)
Registers the SecurityTokenReference object for a token of tokenElementName.

Parameters:
tokenElementName - token element name
securityTokenReference - SecurityTokenReference object
tokenType - the token type, may be null if the token type can be unambiguously obtained from the token element
See Also:
SecurityTokenReference

createIssueData

public RequestSecurityTokenData createIssueData()
Creates request data for an Issue RST request.

Returns:
request data for an Issue RST request

createValidateData

public RequestSecurityTokenData createValidateData()
Creates request data for a Validate RST request.

Returns:
request data for a Validate RST request


Copyright © 2006-2009 Ping Identity Corporation. All Rights Reserved.