Versions Compared

Old Version 6

changes.mady.by.user Thomas Kilden Nielsen

Saved on

compared with

New Version 7

changes.mady.by.user Thomas Kilden Nielsen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Indledning

Omveksler OIO SAML Bootstrap Token til OIO IDWS sikkerhedsbillet rettet mod et givet audience, f.eks. FMK, Dokumentdelingsservice eller MinSpærring.

...

Der findes et komplet eksempel (incl. hvordan anvender opbygger request og modtager response) sidst på siden der virker uden at det kræver tilretning.

Eksempel

Request

Beskrivelse af hvordan Seal.Java anvendes til at opbygge et STS request findes her: Bootstrap Token til OIO-Idws Token (Consumer - Request)

...

Nu vil en anvender kunne modtage det omvekslede token og hvordan man anvender Seal.Java til dette er beskrevet her: Bootstrap Token til OIO-Idws Token (Consumer - Response)


Komplet eksempel (incl. opbygning af request  og modtagelse af response)


Code Block
collapsetrue
public class TestFactoryFlow extends AbstractUserIDCardTest {
		
	@Test
	public void testBst2Idws() {

        /**
         * Consumer sender request
         */

        // CredentialVault og Factory
        CredentialVault signingVault = CredentialVaultTestUtil.getVoces3CredentialVault();
        CredentialVault holderOfKeyVault = CredentialVaultTestUtil.getVocesHolderOfKeyCredentialVault();
        OIOSAMLFactory factory = new OIOSAMLFactory();

        // Byg OIOSAMLAssertion
        UserIDCard uidc = createUserIDCard();

        OIOSAMLAssertionBuilder oiosamlAssertionBuilder = factory.createOIOSAMLAssertionBuilder();
        oiosamlAssertionBuilder.setAudienceRestriction("http://fmk-online.dk");
        oiosamlAssertionBuilder.setRecipientURL("https://fmk");
        oiosamlAssertionBuilder.setIssuer("Issuer");
        oiosamlAssertionBuilder.setNotBefore(notBefore);
        oiosamlAssertionBuilder.setNotOnOrAfter(notOnOrAfter);
        oiosamlAssertionBuilder.setDeliveryNotOnOrAfter(d(10000L));
        oiosamlAssertionBuilder.setUserIdCard(uidc);
        oiosamlAssertionBuilder.setSigningVault(signingVault);
        OIOSAMLAssertion oiosamlAssertion = oiosamlAssertionBuilder.build();

        // Byg STS request
        OIOSAMLAssertionToIDCardRequestDOMBuilder domBuilder = factory.createOIOSAMLAssertionToIDCardRequestDOMBuilder();
        domBuilder.setSigningVault(signingVault);
        domBuilder.setOIOSAMLAssertion(oiosamlAssertion);
        domBuilder.setITSystemName("EMS");
        domBuilder.setUserAuthorizationCode("2345C");
        domBuilder.setUserEducationCode("7170");
        domBuilder.setUserGivenName("Fritz");
        domBuilder.setUserSurName("Müller");
        Document consumerStsRequestDocument = domBuilder.build();

        /**
         * Send request over netværk
         */
        String consumerStsRequestXml = XmlUtil.node2String(consumerStsRequestDocument, false, false);
        consumerStsRequestDocument = XmlUtil.readXml(new java.util.Properties(), consumerStsRequestXml, false);

        /**
         *  STS modtager request
         */
        OIOBootstrapToIdentityTokenRequest stsRequest = factory.createOIOBootstrapToIdentityTokenRequestModelBuilder().build(consumerStsRequestDocument);

        // Her vil STS'en verificere ID kortet. I dette eksempel verificeres følgende tre attributter:
        OIOBSTSAMLAssertion oiobstsamlAssertion = stsRequest.getOIOBSTSAMLAssertion();
        Assert.assertEquals("DK-SAML-2.0", oiobstsamlAssertion.getSpecVersion());
        Assert.assertEquals("3", oiobstsamlAssertion.getAssuranceLevel());
        Assert.assertEquals("http://fmk-online.dk", oiobstsamlAssertion.getAudienceRestriction());

        /**
         *  STS bygger response
         */

        // Byg IdentityToken
        CitizenIdentityTokenBuilder identityTokenBuilder = factory.createCitizenIdentityTokenBuilder();
        identityTokenBuilder.setAudienceRestriction("http://fmk-online.dk");
        identityTokenBuilder.setRecipientURL("https://fmk");
        identityTokenBuilder.setIssuer("Issuer");
        identityTokenBuilder.setNotBefore(notBefore);
        identityTokenBuilder.setNotOnOrAfter(notOnOrAfter);
        identityTokenBuilder.setDeliveryNotOnOrAfter(notOnOrAfter);
        identityTokenBuilder.setCprNumberAttribute("0101701234");
        identityTokenBuilder.setSubjectNameID("SubjectNameID");
        identityTokenBuilder.setSubjectNameIDFormat("SubjectNameIDFormat");
        identityTokenBuilder.setHolderOfKeyCertificate(holderOfKeyVault.getSystemCredentialPair().getCertificate());
        identityTokenBuilder.setSigningVault(signingVault);

        IdentityToken identityToken = identityTokenBuilder.build();

        // Byg STS response
        AbstractOIOToIdentityTokenResponseDOMBuilder<?> responseBuilder = factory.createOIOBootstrapToIdentityTokenResponseDOMBuilder();
        responseBuilder.setIdentityToken(identityToken);
        responseBuilder.setSigningVault(signingVault);
        responseBuilder.setRelatesTo("relatesTo");
        responseBuilder.setContext("context");

        Document consumerStsResponseDocument = responseBuilder.build();

        /**
         *  Send response over netværk
         */
        String consumerStsResponseXml = XmlUtil.node2String(consumerStsResponseDocument, false, false);
        consumerStsResponseDocument = XmlUtil.readXml(new Properties(), consumerStsResponseXml, false);

        /**
         *  Consumer modtager response
         */
        OIOBootstrapToIdentityTokenResponse consumerStsResponse = factory.createOIOBootstrapToIdentityTokenResponseModelBuilder().build(consumerStsResponseDocument);

        IdentityToken identityTokenResponse = consumerStsResponse.getIdentityToken();
        Assert.assertEquals("DK-SAML-2.0", identityTokenResponse.getSpecVersion());
        Assert.assertEquals("3", identityTokenResponse.getAssuranceLevel());
        Assert.assertEquals("http://fmk-online.dk", identityTokenResponse.getAudienceRestriction());
    }
}

...