PingFederate STS Client SDK 1.1.0.3

The PingFederate STS Client SDK is used for making WS-Trust requests to the PingFederate STS endpoints.

See:
          Description

Packages
com.pingidentity.sts.clientapi Main client SDK classes, exceptions, and constants.
com.pingidentity.sts.clientapi.authentication Classes for support of various transport and WS-Security authentication mechanisms.
com.pingidentity.sts.clientapi.model Data classes used for construction of WS-Trst messages and interactions with the PingFederate STS endpoint.
com.pingidentity.sts.clientapi.protocol Interfaces and data classes used for parsing WS-Trst messages and interactions with the PingFederate STS endpoint.
com.pingidentity.sts.clientapi.tokens Interfaces and classes which describe behaviors for security tokens.
com.pingidentity.sts.clientapi.tokens.saml Data classes for SAML tokens.
com.pingidentity.sts.clientapi.tokens.wsse Data classes for WS-Security tokens.
com.pingidentity.sts.clientapi.utils Various utility classes used internally by the PingFederate STS Client SDK.

 

The PingFederate STS Client SDK is used for making WS-Trust requests to the PingFederate STS endpoints. The SDK provides interfaces that perform the WS-Trust Request Security Token (RST) and Request Security Token Response (RSTR) messaging to interact with the PingFederate STS endpoints. Using this SDK library, applications are not responsible for forming WS-Trust messages, and instead interact only with the tokens themselves.

STSClient class is the starting point for PingFederate STS Client SDK.

Example of Usage

The following code example demonstrates sending an Issue request to PingFederate STS with a Username token. PingFederate STS validates the Username token and issues a SAML token based upon the configured SP configuration.

        // set IdP STS endpoint configuration
        STSClientConfiguration stsClientConfiguration = new STSClientConfiguration();

        stsClientConfiguration.setStsEndpoint("https://localhost:9031/idp/sts.wst");        
        stsClientConfiguration.setAppliesTo("http://localhost");
        STSClient client;
        // instantiate the STS client 
        try {
            client = new STSClient(stsClientConfiguration);
        } catch (MalformedURLException e) {

            // deal with the exception.  
            // in case of a hardcoded endpoint this never happens
            throw new RuntimeException(e);

        }
        // Send in a Username token and receive the issued SAML token
        Element token;
        try {
            token = client.issueToken("joe", "2Federate");

        } catch (STSClientException e) {
            // deal with the exception
            throw new RuntimeException(e);
        }

The following code example demonstrates extracting the SAML token from the WSSE security header of the SOAP message and making a Validate request to PingFederate STS.

        SOAPHeader header = message.getSOAPHeader();

        NodeList secHeaders = header.getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security");

        if (secHeaders.getLength() == 0) {

            throw new RuntimeException("No Security Header");
        }
        Element securityHeader = (Element) secHeaders.item(0);

        STSClientConfiguration stsClientConfiguration = new STSClientConfiguration();
        stsClientConfiguration.setStsEndpoint("https://localhost:9031/sp/sts.wst");
        // Ignoring SSL errors is helpful when using self-signed SSL certificates  
        stsClientConfiguration.setIgnoreSSLTrustErrors(true);

        STSClient client;
        try {
            client = new STSClient(stsClientConfiguration);

        } catch (MalformedURLException e) {
            // deal with the exception.  
            // in case of a hardcoded endpoint this never happens

            throw new RuntimeException(e);
        }
        SamlToken token;

        try {
            token = client.extractTokenFromSecurityHeader(securityHeader);

        } catch (SecurityTokenException e) {
            throw new RuntimeException(e);

        }
        if (token == null) {

            throw new RuntimeException("No security token found");
        }
        boolean valid;

        try {
            valid = client.validateToken(token);

        } catch (STSClientException e) {
            throw new RuntimeException(e);

        }
        if (!valid) {
            throw new RuntimeException("Security token invalid");

        }      



Copyright © 2006-2009 Ping Identity Corporation. All Rights Reserved.