Page History
...
Her efter kan man opbygge en signeret OIO SAML Assertion der skal medsendes i det samlede request:
| Code Block |
|---|
// Byg OIOSAMLAssertionOIOBSTSAMLAssertion UserIDCard uidc = createUserIDCard(); OIOSAMLAssertionBuilder oiosamlAssertionBuilderOIO3BSTCitizenSAMLAssertionBuilder oio3bstCitizenSAMLAssertionBuilder = factory.createOIOSAMLAssertionBuildercreateOIO3BSTCitizenSAMLAssertionBuilder(); oiosamlAssertionBuilderoio3bstCitizenSAMLAssertionBuilder.setAudienceRestrictionsetAudience("http://fmk-online.dk"); oiosamlAssertionBuilderoio3bstCitizenSAMLAssertionBuilder.setRecipientURLsetIssuer("https://fmkIssuer"); oiosamlAssertionBuilderoio3bstCitizenSAMLAssertionBuilder.setIssuersetNameId("Issuer"NameId"); oio3bstCitizenSAMLAssertionBuilder.setAssuranceLevel(AssuranceLevel.NSIS.Substantial); oiosamlAssertionBuilderoio3bstCitizenSAMLAssertionBuilder.setNotBeforesetCpr(notBefore"0101701234"); oiosamlAssertionBuilderoio3bstCitizenSAMLAssertionBuilder.setNotOnOrAfter(notOnOrAfter); oiosamlAssertionBuilderoio3bstCitizenSAMLAssertionBuilder.setDeliveryNotOnOrAftersetSigningVault(d(10000LsigningVault)); oiosamlAssertionBuilder.setUserIdCard(uidc); oiosamlAssertionBuilder.setSigningVault(signingVaultoio3bstCitizenSAMLAssertionBuilder.setHolderOfKeyCertificate(holderOfKeyVault.getSystemCredentialPair().getCertificate()); OIOSAMLAssertionOIOBSTSAMLAssertion oiosamlAssertionoiobstsamlAssertion = oiosamlAssertionBuilderoio3bstCitizenSAMLAssertionBuilder.build(); |
Nu kan det samlede request der skal sendes til STS bygges:
| Code Block |
|---|
// Byg STS request OIOSAMLAssertionToIDCardRequestDOMBuilderOIOBootstrapToIdentityTokenRequestDOMBuilder domBuilderoioBootstrapToIdentityTokenRequestDOMBuilder = factory.createOIOSAMLAssertionToIDCardRequestDOMBuildercreateOIOBootstrapToIdentityTokenRequestDOMBuilder(); domBuilderoioBootstrapToIdentityTokenRequestDOMBuilder.setSigningVaultsetOIOBootstrapToken(signingVaultoiobstsamlAssertion); domBuilder.setOIOSAMLAssertion(oiosamlAssertion); domBuilder.setITSystemName("EMS"); domBuilder.setUserAuthorizationCode("2345CoioBootstrapToIdentityTokenRequestDOMBuilder.setAudience("http://fmk-online.dk"); domBuilderoioBootstrapToIdentityTokenRequestDOMBuilder.setUserEducationCodesetCPRNumberClaim("71700101701234"); domBuilderoioBootstrapToIdentityTokenRequestDOMBuilder.setUserGivenName("Fritz"); domBuilder.setUserSurName("Müller"setSigningVault(signingVault); Document consumerStsRequestDocument = domBuilderoioBootstrapToIdentityTokenRequestDOMBuilder.build(); |
Når requestet sendes over netværket skal det konverteres til XML:
...
| Code Block | ||
|---|---|---|
| ||
public class TestFactoryFlow extends AbstractUserIDCardTest {
@Test
@Test
public void testBst2Idws() {
/**
* Consumer sender request
*/
// CredentialVault og Factory
CredentialVault signingVault = CredentialVaultTestUtil.getVoces3CredentialVault();
CredentialVault holderOfKeyVault = CredentialVaultTestUtil.getVocesHolderOfKeyCredentialVault();
OIOSAMLFactory factory = new OIOSAMLFactory();
// Byg OIOSAMLAssertionOIOBSTSAMLAssertion
UserIDCardOIO3BSTCitizenSAMLAssertionBuilder uidcoio3bstCitizenSAMLAssertionBuilder = createUserIDCard();
OIOSAMLAssertionBuilder oiosamlAssertionBuilder = factory.createOIOSAMLAssertionBuildercreateOIO3BSTCitizenSAMLAssertionBuilder();
oiosamlAssertionBuilderoio3bstCitizenSAMLAssertionBuilder.setAudienceRestrictionsetAudience("http://fmk-online.dk");
oiosamlAssertionBuilderoio3bstCitizenSAMLAssertionBuilder.setRecipientURLsetIssuer("https://fmkIssuer");
oiosamlAssertionBuilderoio3bstCitizenSAMLAssertionBuilder.setIssuersetNameId("IssuerNameId");
oiosamlAssertionBuilderoio3bstCitizenSAMLAssertionBuilder.setNotBefore(notBeforesetAssuranceLevel(AssuranceLevel.NSIS.Substantial);
oiosamlAssertionBuilderoio3bstCitizenSAMLAssertionBuilder.setNotOnOrAftersetCpr(notOnOrAfter"0101701234");
oiosamlAssertionBuilderoio3bstCitizenSAMLAssertionBuilder.setDeliveryNotOnOrAfter(d(10000L)setNotOnOrAfter(notOnOrAfter);
oiosamlAssertionBuilderoio3bstCitizenSAMLAssertionBuilder.setUserIdCardsetSigningVault(uidcsigningVault);
oiosamlAssertionBuilder.setSigningVault(signingVaultoio3bstCitizenSAMLAssertionBuilder.setHolderOfKeyCertificate(holderOfKeyVault.getSystemCredentialPair().getCertificate());
OIOSAMLAssertionOIOBSTSAMLAssertion oiosamlAssertionoiobstsamlAssertion = oiosamlAssertionBuilderoio3bstCitizenSAMLAssertionBuilder.build();
// Byg STS request
OIOSAMLAssertionToIDCardRequestDOMBuilderOIOBootstrapToIdentityTokenRequestDOMBuilder domBuilderoioBootstrapToIdentityTokenRequestDOMBuilder = factory.createOIOSAMLAssertionToIDCardRequestDOMBuildercreateOIOBootstrapToIdentityTokenRequestDOMBuilder();
domBuilderoioBootstrapToIdentityTokenRequestDOMBuilder.setSigningVaultsetOIOBootstrapToken(signingVaultoiobstsamlAssertion);
domBuilder.setOIOSAMLAssertion(oiosamlAssertion);
domBuilder.setITSystemName("EMS");
domBuilder.setUserAuthorizationCode("2345CoioBootstrapToIdentityTokenRequestDOMBuilder.setAudience("http://fmk-online.dk");
domBuilderoioBootstrapToIdentityTokenRequestDOMBuilder.setUserEducationCodesetCPRNumberClaim("71700101701234");
domBuilderoioBootstrapToIdentityTokenRequestDOMBuilder.setUserGivenNamesetSigningVault("Fritz"signingVault);
domBuilder.setUserSurName("Müller");
Document consumerStsRequestDocument = domBuilderoioBootstrapToIdentityTokenRequestDOMBuilder.build();
/**
* Send request over netværk
*/
String consumerStsRequestXml = XmlUtil.node2String(consumerStsRequestDocument, false, false);
consumerStsRequestDocument = XmlUtil.readXml(new java.util.Properties(), consumerStsRequestXml, false);
/**
* STS modtager request
*/
OIOBootstrapToIdentityTokenRequest stsRequest = factory.createOIOBootstrapToIdentityTokenRequestModelBuilder().build(consumerStsRequestDocument);
// Her vil STS'en verificere ID kortet. I dette eksempel verificeres følgende tre attributter:
OIOBSTSAMLAssertion oiobstsamlAssertion = stsRequest.getOIOBSTSAMLAssertion();
Assert.assertEquals("DKOIO-SAML-23.0", oiobstsamlAssertion.getSpecVersion());
Assert.assertEquals("3Substantial", oiobstsamlAssertion.getAssuranceLevel());
Assert.assertEquals("http://fmk-online.dk", oiobstsamlAssertion.getAudienceRestriction());
/**
* STS bygger response
*/
// Byg IdentityToken
CitizenIdentityTokenBuilder identityTokenBuilder = factory.createCitizenIdentityTokenBuilder();
identityTokenBuilder.setAudienceRestriction("http://fmk-online.dk");
identityTokenBuilder.setRecipientURL("https://fmk");
identityTokenBuilder.setIssuer("Issuer");
identityTokenBuilder.setNotBefore(notBefore);
identityTokenBuilder.setNotOnOrAfter(notOnOrAfter);
identityTokenBuilder.setDeliveryNotOnOrAfter(notOnOrAfter);
identityTokenBuilder.setCprNumberAttribute("0101701234");
identityTokenBuilder.setSubjectNameID("SubjectNameID");
identityTokenBuilder.setSubjectNameIDFormat("SubjectNameIDFormat");
identityTokenBuilder.setHolderOfKeyCertificate(holderOfKeyVault.getSystemCredentialPair().getCertificate());
identityTokenBuilder.setSigningVault(signingVault);
IdentityToken identityToken = identityTokenBuilder.build();
// Byg STS response
AbstractOIOToIdentityTokenResponseDOMBuilder<?> responseBuilder = factory.createOIOBootstrapToIdentityTokenResponseDOMBuilder();
responseBuilder.setIdentityToken(identityToken);
responseBuilder.setSigningVault(signingVault);
responseBuilder.setRelatesTo("relatesTo");
responseBuilder.setContext("context");
Document consumerStsResponseDocument = responseBuilder.build();
/**
* Send response over netværk
*/
String consumerStsResponseXml = XmlUtil.node2String(consumerStsResponseDocument, false, false);
consumerStsResponseDocument = XmlUtil.readXml(new Properties(), consumerStsResponseXml, false);
/**
* Consumer modtager response
*/
OIOBootstrapToIdentityTokenResponse consumerStsResponse = factory.createOIOBootstrapToIdentityTokenResponseModelBuilder().build(consumerStsResponseDocument);
IdentityToken identityTokenResponse = consumerStsResponse.getIdentityToken();
Assert.assertEquals("DK-SAML-2.0", identityTokenResponse.getSpecVersion());
Assert.assertEquals("3", identityTokenResponse.getAssuranceLevel());
Assert.assertEquals("http://fmk-online.dk", identityTokenResponse.getAudienceRestriction());
}
} |
...