The SAML library API can be used to create a self-issued
SAML token that has custom attributes.
About this task
When self-issued SAML tokens are created using the SAML
token generator there is no way to add custom attributes using callback
handler properties. However, using the SAML library API, a custom
SAML attribute callback handler that is defined in the SAMLIssuerConfig.properties
file can be created that can add attributes to a self-issued SAML
token. A SAML attribute callback handler can also be used by applications
that use the newSAMLToken method.
The SAML
attribute callback handler will run for all SAML tokens that are created
from the application server with the modified SAMLIssuerConfig.properties
file.
Procedure
- Develop a custom SAML attribute callback handler. For
example:
package test.saml;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import com.ibm.websphere.wssecurity.callbackhandler.Saml11AttributeCallback;
import com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute;
import java.util.ArrayList;
public class AttributeProvider implements javax.security.auth.callback.CallbackHandler {
@Override
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
if (callbacks == null || callbacks.length == 0) {
throw new UnsupportedCallbackException(null, "There is no callback.");
}
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof Saml11AttributeCallback) {
Saml11AttributeCallback callback = (Saml11AttributeCallback)callbacks[i];
SAMLAttribute attr = new SAMLAttribute("newAttribute", new String[]{"newValue"}, null, null, null, null);
ArrayList<SAMLAttribute> attrList = callback.getSAMLAttributes();
if (attrList == null) {
attrList = new ArrayList<SAMLAttribute>();
attrList.add(attr);
callback.setSAMLAttributes(attrList);
} else {
attrList.add(attr);
}
}
}
}
}
- Add the AttributeProvider custom property to the (cellRoot)/sts/SAMLIssuerConfig.properties
file. For example: AttributeProvider=test.saml.AttributeProvider
Results
When this task is completed using the sample code provided,
the following element will be added to all SAML tokens:
<saml:AttributeStatement>
<saml:Attribute Name="newAttribute">
<saml:AttributeValue>newValue</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>