|
||||||||||
PREV NEXT | FRAMES NO FRAMES |
See:
Description
Packages | |
---|---|
com.pingidentity.sts.clientapi | Main client SDK classes, exceptions, and constants. |
com.pingidentity.sts.clientapi.authentication | Classes for support of various transport and WS-Security authentication mechanisms. |
com.pingidentity.sts.clientapi.model | Data classes used for construction of WS-Trst messages and interactions with the PingFederate STS endpoint. |
com.pingidentity.sts.clientapi.protocol | Interfaces and data classes used for parsing WS-Trst messages and interactions with the PingFederate STS endpoint. |
com.pingidentity.sts.clientapi.tokens | Interfaces and classes which describe behaviors for security tokens. |
com.pingidentity.sts.clientapi.tokens.saml | Data classes for SAML tokens. |
com.pingidentity.sts.clientapi.tokens.wsse | Data classes for WS-Security tokens. |
com.pingidentity.sts.clientapi.utils | Various utility classes used internally by the PingFederate STS Client SDK. |
The PingFederate STS Client SDK is used for making WS-Trust requests to the PingFederate STS endpoints. The SDK provides interfaces that perform the WS-Trust Request Security Token (RST) and Request Security Token Response (RSTR) messaging to interact with the PingFederate STS endpoints. Using this SDK library, applications are not responsible for forming WS-Trust messages, and instead interact only with the tokens themselves.
STSClient
class is the starting point for PingFederate STS Client SDK.
The following code example demonstrates sending an Issue request to PingFederate STS with a Username token. PingFederate STS validates the Username token and issues a SAML token based upon the configured SP configuration.
// set IdP STS endpoint configuration STSClientConfiguration stsClientConfiguration = new STSClientConfiguration(); stsClientConfiguration.setStsEndpoint("https://localhost:9031/idp/sts.wst"); stsClientConfiguration.setAppliesTo("http://localhost"); STSClient client; // instantiate the STS client try { client = new STSClient(stsClientConfiguration); } catch (MalformedURLException e) { // deal with the exception. // in case of a hardcoded endpoint this never happens throw new RuntimeException(e); } // Send in a Username token and receive the issued SAML token Element token; try { token = client.issueToken("joe", "2Federate"); } catch (STSClientException e) { // deal with the exception throw new RuntimeException(e); }
The following code example demonstrates extracting the SAML token from the WSSE security header of the SOAP message and making a Validate request to PingFederate STS.
SOAPHeader header = message.getSOAPHeader(); NodeList secHeaders = header.getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security"); if (secHeaders.getLength() == 0) { throw new RuntimeException("No Security Header"); } Element securityHeader = (Element) secHeaders.item(0); STSClientConfiguration stsClientConfiguration = new STSClientConfiguration(); stsClientConfiguration.setStsEndpoint("https://localhost:9031/sp/sts.wst"); // Ignoring SSL errors is helpful when using self-signed SSL certificates stsClientConfiguration.setIgnoreSSLTrustErrors(true); STSClient client; try { client = new STSClient(stsClientConfiguration); } catch (MalformedURLException e) { // deal with the exception. // in case of a hardcoded endpoint this never happens throw new RuntimeException(e); } SamlToken token; try { token = client.extractTokenFromSecurityHeader(securityHeader); } catch (SecurityTokenException e) { throw new RuntimeException(e); } if (token == null) { throw new RuntimeException("No security token found"); } boolean valid; try { valid = client.validateToken(token); } catch (STSClientException e) { throw new RuntimeException(e); } if (!valid) { throw new RuntimeException("Security token invalid"); }
|
||||||||||
PREV NEXT | FRAMES NO FRAMES |