Denne omveksling anvendes af...
I det følgende vises nogle stykker kode der viser hvordan man som anvender skal bruge Seal.Java til denne omveksling.
Der findes et komplet eksempel sidst på siden der virker uden at det kræver tilretning.
Når en consumer vil anvende denne omveksling, så skal man starte med at sætte CredentialVault og Factory op:
// CredentialVault og Factory CredentialVault signingVault = CredentialVaultTestUtil.getVoces3CredentialVault(); CredentialVault holderOfKeyVault = CredentialVaultTestUtil.getVocesHolderOfKeyCredentialVault(); OIOSAMLFactory factory = new OIOSAMLFactory(); |
Her efter kan man opbygge en signeret OIO SAML Assertion der skal medsendes i det samlede request:
// Byg OIOSAMLAssertion
UserIDCard uidc = createUserIDCard();
OIOSAMLAssertionBuilder oiosamlAssertionBuilder = factory.createOIOSAMLAssertionBuilder();
oiosamlAssertionBuilder.setAudienceRestriction("http://fmk-online.dk");
oiosamlAssertionBuilder.setRecipientURL("https://fmk");
oiosamlAssertionBuilder.setIssuer("Issuer");
oiosamlAssertionBuilder.setNotBefore(notBefore);
oiosamlAssertionBuilder.setNotOnOrAfter(notOnOrAfter);
oiosamlAssertionBuilder.setDeliveryNotOnOrAfter(d(10000L));
oiosamlAssertionBuilder.setUserIdCard(uidc);
oiosamlAssertionBuilder.setSigningVault(signingVault);
OIOSAMLAssertion oiosamlAssertion = oiosamlAssertionBuilder.build(); |
@Test
public void testBst2Idws() {
/**
* Consumer sender request
*/
// CredentialVault og Factory
CredentialVault signingVault = CredentialVaultTestUtil.getVoces3CredentialVault();
CredentialVault holderOfKeyVault = CredentialVaultTestUtil.getVocesHolderOfKeyCredentialVault();
OIOSAMLFactory factory = new OIOSAMLFactory();
// Byg OIOSAMLAssertion
UserIDCard uidc = createUserIDCard();
OIOSAMLAssertionBuilder oiosamlAssertionBuilder = factory.createOIOSAMLAssertionBuilder();
oiosamlAssertionBuilder.setAudienceRestriction("http://fmk-online.dk");
oiosamlAssertionBuilder.setRecipientURL("https://fmk");
oiosamlAssertionBuilder.setIssuer("Issuer");
oiosamlAssertionBuilder.setNotBefore(notBefore);
oiosamlAssertionBuilder.setNotOnOrAfter(notOnOrAfter);
oiosamlAssertionBuilder.setDeliveryNotOnOrAfter(d(10000L));
oiosamlAssertionBuilder.setUserIdCard(uidc);
oiosamlAssertionBuilder.setSigningVault(signingVault);
OIOSAMLAssertion oiosamlAssertion = oiosamlAssertionBuilder.build();
// Byg STS request
OIOSAMLAssertionToIDCardRequestDOMBuilder domBuilder = factory.createOIOSAMLAssertionToIDCardRequestDOMBuilder();
domBuilder.setSigningVault(signingVault);
domBuilder.setOIOSAMLAssertion(oiosamlAssertion);
domBuilder.setITSystemName("EMS");
domBuilder.setUserAuthorizationCode("2345C");
domBuilder.setUserEducationCode("7170");
domBuilder.setUserGivenName("Fritz");
domBuilder.setUserSurName("Müller");
Document consumerStsRequestDocument = domBuilder.build();
/**
* Send request over netværk
*/
String consumerStsRequestXml = XmlUtil.node2String(consumerStsRequestDocument, false, false);
consumerStsRequestDocument = XmlUtil.readXml(new java.util.Properties(), consumerStsRequestXml, false);
/**
* STS modtager request
*/
OIOBootstrapToIdentityTokenRequest stsRequest = factory.createOIOBootstrapToIdentityTokenRequestModelBuilder().build(consumerStsRequestDocument);
// Her vil STS'en verificere ID kortet. I dette eksempel verificeres følgende tre attributter:
OIOBSTSAMLAssertion oiobstsamlAssertion = stsRequest.getOIOBSTSAMLAssertion();
Assert.assertEquals("DK-SAML-2.0", oiobstsamlAssertion.getSpecVersion());
Assert.assertEquals("3", oiobstsamlAssertion.getAssuranceLevel());
Assert.assertEquals("http://fmk-online.dk", oiobstsamlAssertion.getAudienceRestriction());
/**
* STS bygger response
*/
// Byg IdentityToken
CitizenIdentityTokenBuilder identityTokenBuilder = factory.createCitizenIdentityTokenBuilder();
identityTokenBuilder.setAudienceRestriction("http://fmk-online.dk");
identityTokenBuilder.setRecipientURL("https://fmk");
identityTokenBuilder.setIssuer("Issuer");
identityTokenBuilder.setNotBefore(notBefore);
identityTokenBuilder.setNotOnOrAfter(notOnOrAfter);
identityTokenBuilder.setDeliveryNotOnOrAfter(notOnOrAfter);
identityTokenBuilder.setCprNumberAttribute("0101701234");
identityTokenBuilder.setSubjectNameID("SubjectNameID");
identityTokenBuilder.setSubjectNameIDFormat("SubjectNameIDFormat");
identityTokenBuilder.setHolderOfKeyCertificate(holderOfKeyVault.getSystemCredentialPair().getCertificate());
identityTokenBuilder.setSigningVault(signingVault);
IdentityToken identityToken = identityTokenBuilder.build();
// Byg STS response
AbstractOIOToIdentityTokenResponseDOMBuilder<?> responseBuilder = factory.createOIOBootstrapToIdentityTokenResponseDOMBuilder();
responseBuilder.setIdentityToken(identityToken);
responseBuilder.setSigningVault(signingVault);
responseBuilder.setRelatesTo("relatesTo");
responseBuilder.setContext("context");
Document consumerStsResponseDocument = responseBuilder.build();
/**
* Send response over netværk
*/
String consumerStsResponseXml = XmlUtil.node2String(consumerStsResponseDocument, false, false);
consumerStsResponseDocument = XmlUtil.readXml(new Properties(), consumerStsResponseXml, false);
/**
* Consumer modtager response
*/
OIOBootstrapToIdentityTokenResponse consumerStsResponse = factory.createOIOBootstrapToIdentityTokenResponseModelBuilder().build(consumerStsResponseDocument);
IdentityToken identityTokenResponse = consumerStsResponse.getIdentityToken();
Assert.assertEquals("DK-SAML-2.0", identityTokenResponse.getSpecVersion());
Assert.assertEquals("3", identityTokenResponse.getAssuranceLevel());
Assert.assertEquals("http://fmk-online.dk", identityTokenResponse.getAudienceRestriction());
} |