Versions Compared

Old Version 9

changes.mady.by.user Thomas Kilden Nielsen

Saved on

compared with

New Version 10

changes.mady.by.user Thomas Kilden Nielsen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Indledning

Omveksler NSP OIO SAML Bootstrap Token til NSP OIO IDWS sikkerhedsbillet rettet mod et givet audience, f.eks. FMK, Dokumentdelingsservice eller MinSpærring.

...

Der findes et komplet eksempel (incl. hvordan anvender opbygger request og modtager response) sidst på siden der virker uden at det kræver tilretning.

Eksempel

Request

Beskrivelse af hvordan Seal.Java anvendes til at opbygge et STS request findes her: Bootstrap Token til OIO-Idws Token (Consumer - Request)

...

Nu vil en anvender kunne modtage det omvekslede token og hvordan man anvender Seal.Java til dette er beskrevet her: Bootstrap Token til OIO-Idws Token (Consumer - Response)


Komplet eksempel (incl. opbygning af request  og modtagelse af response)


Code Block
collapsetrue
public class TestFactoryFlow extends AbstractUserIDCardTest {
        
 @Test
    public void testBst2Idws() {

        /**
         * Consumer sender request
         */

        // CredentialVault og Factory
        CredentialVault signingVault = CredentialVaultTestUtil.getVoces3CredentialVault();
        CredentialVault holderOfKeyVault = CredentialVaultTestUtil.getVocesHolderOfKeyCredentialVault();
        OIOSAMLFactory factory = new OIOSAMLFactory();

        // Byg OIOBSTSAMLAssertion
        OIO3BSTCitizenSAMLAssertionBuilder oio3bstCitizenSAMLAssertionBuilder = factory.createOIO3BSTCitizenSAMLAssertionBuilder();
        oio3bstCitizenSAMLAssertionBuilder.setAudience("http://fmk-online.dk");
        oio3bstCitizenSAMLAssertionBuilder.setIssuer("Issuer");
        oio3bstCitizenSAMLAssertionBuilder.setNameId("NameId");
        oio3bstCitizenSAMLAssertionBuilder.setAssuranceLevel(AssuranceLevel.NSIS.Substantial);
        oio3bstCitizenSAMLAssertionBuilder.setCpr("0101701234");
        oio3bstCitizenSAMLAssertionBuilder.setNotOnOrAfter(notOnOrAfter);
        oio3bstCitizenSAMLAssertionBuilder.setSigningVault(signingVault);
        oio3bstCitizenSAMLAssertionBuilder.setHolderOfKeyCertificate(holderOfKeyVault.getSystemCredentialPair().getCertificate());
        OIOBSTSAMLAssertion oiobstsamlAssertion = oio3bstCitizenSAMLAssertionBuilder.build();

        // Byg STS request
        OIOBootstrapToIdentityTokenRequestDOMBuilder requestDomBuilder = factory.createOIOBootstrapToIdentityTokenRequestDOMBuilder();
        requestDomBuilder.setOIOBootstrapToken(oiobstsamlAssertion);
        requestDomBuilder.setAudience("http://fmk-online.dk");
        requestDomBuilder.setCPRNumberClaim("0101701234");
        requestDomBuilder.setSigningVault(signingVault);
        Document consumerStsRequestDocument = requestDomBuilder.build();

        /**
         * Send request over netværk
         */
        String consumerStsRequestXml = XmlUtil.node2String(consumerStsRequestDocument, false, false);
        consumerStsRequestDocument = XmlUtil.readXml(new java.util.Properties(), consumerStsRequestXml, false);

        /**
         *  STS modtager request
         */
        OIOBootstrapToIdentityTokenRequest stsRequest = factory.createOIOBootstrapToIdentityTokenRequestModelBuilder().build(consumerStsRequestDocument);

        // Her vil STS'en verificere ID kortet. I dette eksempel verificeres følgende tre attributter:
        oiobstsamlAssertion = stsRequest.getOIOBSTSAMLAssertion();
        Assert.assertEquals("OIO-SAML-3.0", oiobstsamlAssertion.getSpecVersion());
        Assert.assertEquals("Substantial", oiobstsamlAssertion.getAssuranceLevel());
        Assert.assertEquals("http://fmk-online.dk", oiobstsamlAssertion.getAudienceRestriction());

        /**
         *  STS bygger response
         */

        // Byg IdentityToken
        CitizenIdentityTokenBuilder identityTokenBuilder = factory.createCitizenIdentityTokenBuilder();
        identityTokenBuilder.setAudienceRestriction("http://fmk-online.dk");
        identityTokenBuilder.setRecipientURL("https://fmk");
        identityTokenBuilder.setIssuer("Issuer");
        identityTokenBuilder.setNotBefore(notBefore);
        identityTokenBuilder.setNotOnOrAfter(notOnOrAfter);
        identityTokenBuilder.setDeliveryNotOnOrAfter(notOnOrAfter);
        identityTokenBuilder.setCprNumberAttribute("0101701234");
        identityTokenBuilder.setSubjectNameID("SubjectNameID");
        identityTokenBuilder.setSubjectNameIDFormat("SubjectNameIDFormat");
        identityTokenBuilder.setHolderOfKeyCertificate(holderOfKeyVault.getSystemCredentialPair().getCertificate());
        identityTokenBuilder.setSigningVault(signingVault);

        IdentityToken identityToken = identityTokenBuilder.build();

        // Byg STS response
        AbstractOIOToIdentityTokenResponseDOMBuilder<?> responseBuilder = factory.createOIOBootstrapToIdentityTokenResponseDOMBuilder();
        responseBuilder.setIdentityToken(identityToken);
        responseBuilder.setSigningVault(signingVault);
        responseBuilder.setRelatesTo("relatesTo");
        responseBuilder.setContext("context");

        Document consumerStsResponseDocument = responseBuilder.build();

        /**
         *  Send response over netværk
         */
        String consumerStsResponseXml = XmlUtil.node2String(consumerStsResponseDocument, false, false);
        consumerStsResponseDocument = XmlUtil.readXml(new Properties(), consumerStsResponseXml, false);

        /**
         *  Consumer modtager response
         */
        OIOBootstrapToIdentityTokenResponse consumerStsResponse = factory.createOIOBootstrapToIdentityTokenResponseModelBuilder().build(consumerStsResponseDocument);

        IdentityToken identityTokenResponse = consumerStsResponse.getIdentityToken();
        Assert.assertEquals("DK-SAML-2.0", identityTokenResponse.getSpecVersion());
        Assert.assertEquals("3", identityTokenResponse.getAssuranceLevel());
        Assert.assertEquals("http://fmk-online.dk", identityTokenResponse.getAudienceRestriction());
    }
}

...