[Fix Pack 17 or later]


Passing SAML tokens between JAAS login modules

The SAMLGenerateLoginModule can be used to obtain an application generated SAML token from a shared state object that is intialized in the application's JAAS login module.

About this task

The following procedure describes the setup that is required to use this functionality.

Procedure

  1. Save off the shared state object into a class variable in the initialize method of the JAAS login module.
    import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
    import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken;
    import com.ibm.wsspi.wssecurity.core.Constants;
    
    public class myLoginModule implements LoginModule {
    ...
      private Map _sharedState;
    ...
    public void initialize(Subject subject, 
           CallbackHandle rcallbackHandler, 
           Map<String, ?> sharedState, 
           Map<String, ?> options) {
    ...
       this._sharedState = sharedState;
    ...
      }     
  2. Create an ArrayList of SecurityToken and put the application generated SAMLToken as the only entry in this list.

    The WS-Security runtime will loop through the list and use only the first hit.

  3. Put the ArrayList object in the _sharedState object with the following key.
    com.ibm.wsspi.wssecurity.core.Constants.
    WSSECURITY_TOKEN_TO_BE_INSERTED
    
      public boolean login() throws LoginException {
    ...
        SAMLToken mySamlToken=someSAMLToken;
        ArrayList<SecurityToken> tokenList = 
            new ArrayList<SecurityToken>();
        tokenList.add(mySamlToken);
        _sharedState.put(
            Constants.WSSECURITY_TOKEN_TO_BE_INSERTED,
            tokenList);
    ...
      }
Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Jun 11, 2013 8:40:09 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v701sca&product=was-nd-mp&topic=twbs_pass_samltoken
File name: twbs_pass_samltoken.html