Sun Java System Access Manager version 7 2005Q4

SAML Query Samples

    1. Introduction

    This sample is used to illustrate how to form a Query; how to write a
    sample AttributeMapper; how to send and process a SOAP message using
    the SAML SDK. The following is the program flow:
    
    1. The application first obtains the SSOToken
    
    2. It forms an AuthenticationQuery using the info in the SSOToken
    
    3. It forms a SOAP message and send it to the SAMLSOAPReceiver
       (SAMLSOAPReceiver process the SOAP request and reply with a SAML
       response.)
    
    4. It receives the SOAP message reply and obtains Authentication
       Assertion from it. In a real application, this Assertion can be obtained
       from Single Sign on using artifact or POST profile, or SAMLClient.
    
    5. It forms an AttributeQuery using the Authentication
       Assertion obtained from last step as SubjectConfirmationData
    
    6. It forms a SOAP message and sends it to the SAMLSOAPReceiver
       (SAMLSOAPReceiver processes the SOAP request, finds matching
       Attributes using the SampleAttributeMapper, and reply with a SAML
       response.)
    
    7. It receives SOAP reply and obtains the SAML Response from it.
    


    For simplicity, this sample is designed to be run in the same JVM
    that the Access Manager is running on. It is possible to run the sample in
    a different JVM by modifying SAMLQueryServlet.java. The key is to
    send the AuthenticationQuery to the server that issue the SSOToken; send the
    AttributeQuery to the server that produces Attributes; and the server that
    issue the Authentication Assertion is on the Trusted Partner Sites of the
    server that receives AttributeQuery.
    

    2. Instructions on Building, Configuring and Running the Sample

    If not specified, instructions listed below apply to both Solaris and
    Windows machines. Solaris file path separator "/" is used in the
    instruction. Change it to "\" for Windows. <INSTALL_DIR> is the
    directory where Sun Java System Access Manager is installed.
    
    1. Go to <INSTALL_DIR>/samples/saml/query
    
    2. Edit the Makefile (make.bat for Windows) if needed. Modify
       the following environment variables if you do not want to use the
       default:
       
       BASE - Set this Variable to installed directory for Sun Java System
       Access Manager
       CLASSPATH - Reference to all the needed jars to compile this sample
       JAVA_HOME - Set this variable to your installation of JDK. It should
       be newer than JDK 1.3.1
       BASE_CLASS_DIR - Directory where all the compiled classes will be kept
       
    
    3. Run gmake (make.bat for Windows)
    
    4. Deploy SAMLQuerySample.jar in the web container.
    
    a. Go to BASE_CLASS_DIR
    b. Copy SAMLQuerySample.jar to <install-dir>/SUNWam/lib
    c. Add <install-dir>/SUNWam/lib/SAMLQuerySample.jar to web container's
       classpath. For example, for Express install, add to classpathsuffix of
       file <install-dir>/servers/<instance>/config/server.xml
    d. Add <servlet> and <servlet-mapping> to file
       <install-dir>/web-apps/services/WEB-INF/web.xml
       For example:
       <servlet>
       <servlet-name>querysample</servlet-name>
       <description>querysample</description>
       <servlet-class>SAMLQueryServlet</servlet-class>
       </servlet>
       <servlet-mapping>
       <servlet-name>querysample</servlet-name>
       <url-pattern>/querysample</url-pattern>
       </servlet-mapping>
    
    
    5. Restart the Sun Java System Access Manager.
    
    6. Login to Administration Console as amadmin
       
       http://<server.domain>:port/amconsole
    
    7. Click on "Federation" tab
    
    8. Click on "SAML" tab
    
    9. Click "edit" link of the only entry of "Site Identifiers" to go to
       "Edit Site Identifier" page. Make sure "Instance ID" has correct
       protocol and port if you changed Access Manager server protocol or port.
       Copy the Site ID value. It will be used at step 11.
    
    10.  Click "Save" if you make any change or "Cancel" to go back to
       previous page.
    
    11. Click "New" under "Trusted Partners" to go to
       "Select trusted partner type and profile" page. Check "SOAP Query" under
       "Destination" and click "Next" to go to "Add New Trusted Partner" page.
       Set attributes like the following:
       
       Source ID: <the one obtained from step 9>
       Host List: <the ipaddress of the machine that Access Manager is running on>
       Attribute Mapper: SampleAttributeMapper
       
    
    12. Click on "Finish"
    
    13. Click on "Save"
    
    14. Invoke the servlet
       http://<server.domain>:port/<service_deploy_URI>/querysample
    
    15. You may also logout and login as other user and then invoke the
       servlet.
    
    16. You should see servlet response output similar to the following:
       The SAML Request to be sent is:
       
       <samlp:Request
       xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
       RequestID="ZadxB2mWot+mfSo7lQMU4MykzKw=" MajorVersion="1" MinorVersion="0"
       IssueInstant="2002-08-31T00:01:53Z">
       <samlp:AuthenticationQuery>
       <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
       <saml:NameIdentifier
       NameQualifier="dc=example,dc=com">uid=amAdmin,ou=People,dc=example,dc=com</saml:NameIdentifier>
       <saml:SubjectConfirmation>
       <saml:ConfirmationMethod>urn:com:sun:identity</saml:ConfirmationMethod>
       <saml:SubjectConfirmationData>AQIC5wM2LY4SfcxkBK5+0S4DoN9U/
       KHQ268NBt7ozAcWu4T2fgi4vKcz9h1imi6pl/
       bCqtgxS7RGdRvEpHXCKktFn7xI4cZw2TriUgfqMa7+f+c=
       @neuhome.red.iplanet.com-0%3A3d700638%3A7d3e164a9afd89e8</
       saml:SubjectConfirmationData>
       </saml:SubjectConfirmation>
       </saml:Subject>
       </samlp:AuthenticationQuery>
       </samlp:Request>
       
       The SOAP endpoint is:
       http://neuhome.red.iplanet.com:58080/amserver/SAMLSOAPReceiver
       The response received is
       
       <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
       ResponseID="IYQ5pYcm4sw8rE+mw81beABfnNA="
       InResponseTo="ZadxB2mWot+mfSo7lQMU4MykzKw=" MajorVersion="1" MinorVersion="0"
       IssueInstant="2002-08-31T00:01:53Z" Recipient="192.18.148.29">
       <samlp:Status>
       <samlp:StatusCode Value="samlp:Success">
       </samlp:StatusCode>
       </samlp:Status>
       <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1"
       MinorVersion="0" AssertionID="92yF88dhd1K2+tGOzFs8jJvF7Mw="
       Issuer="neuhome.red.iplanet.com:58080" IssueInstant="2002-08-31T00:01:53Z">
       <saml:Conditions NotBefore="2002-08-30T23:56:53Z" NotOnOrAfter="2002-08-31T00:02:53Z"
       >
       </saml:Conditions>
       <saml:AuthenticationStatement AuthenticationMethod="urn:com:sun:identity:LDAP"
       AuthenticationInstant="2002-08-30T23:57:13Z">
       <saml:Subject>
       <saml:NameIdentifier
       NameQualifier="dc=example,dc=com">uid=amAdmin,ou=People,dc=example,dc=com</saml:NameIdentifier>
       <saml:SubjectConfirmation>
       <saml:ConfirmationMethod>urn:com:sun:identity</saml:ConfirmationMethod>
       <saml:SubjectConfirmationData>AQIC5wM2LY4SfcxkBK5+0S4DoN9U/
       KHQ268NBt7ozAcWu4T2fgi4vKcz9h1imi6pl/
       bCqtgxS7RGdRvEpHXCKktFn7xI4cZw2TriUgfqMa7+f+c=
       @neuhome.red.iplanet.com-0%3A3d700638%3A7d3e164a9afd89e8</
       saml:SubjectConfirmationData>
       </saml:SubjectConfirmation>
       </saml:Subject>
       <saml:SubjectLocality IPAddress="192.18.148.29" /></saml:AuthenticationStatement>
       </saml:Assertion>
       </samlp:Response>
       
       The SAML Request to be sent is:
       
       <samlp:Request
       xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
       RequestID="G/AUygEJazkTo0zQJg5tlP8R/T8=" MajorVersion="1" MinorVersion="0"
       IssueInstant="2002-08-31T00:01:53Z">
       <samlp:AttributeQuery>
       <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
       <saml:NameIdentifier
       NameQualifier="dc=example,dc=com">uid=amAdmin,ou=People,dc=example,dc=com</saml:NameIdentifier>
       <saml:SubjectConfirmation>
       <saml:ConfirmationMethod>urn:com:sun:identity</saml:ConfirmationMethod>
       <saml:SubjectConfirmationData><saml:Assertion
       AssertionID="92yF88dhd1K2+tGOzFs8jJvF7Mw=" IssueInstant="2002-08-31T00:01:53Z"
       Issuer="neuhome.red.iplanet.com:58080" MajorVersion="1" MinorVersion="0"
       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
       <saml:Conditions NotBefore="2002-08-30T23:56:53Z"
       NotOnOrAfter="2002-08-31T00:02:53Z">
       </saml:Conditions>
       <saml:AuthenticationStatement AuthenticationInstant="2002-08-30T23:57:13Z"
       AuthenticationMethod="urn:com:sun:identity:LDAP">
       <saml:Subject>
       <saml:NameIdentifier
       NameQualifier="dc=example,dc=com">uid=amAdmin,ou=People,dc=example,dc=com</saml:NameIdentifier>
       <saml:SubjectConfirmation>
       <saml:ConfirmationMethod>urn:com:sun:identity</saml:ConfirmationMethod>
       <saml:SubjectConfirmationData>AQIC5wM2LY4SfcxkBK5+0S4DoN9U/
       KHQ268NBt7ozAcWu4T2fgi4vKcz9h1imi6pl/
       bCqtgxS7RGdRvEpHXCKktFn7xI4cZw2TriUgfqMa7+f+c=
       @neuhome.red.iplanet.com-0%3A3d700638%3A7d3e164a9afd89e8</
       saml:SubjectConfirmationData>
       </saml:SubjectConfirmation>
       </saml:Subject>
       <saml:SubjectLocality
       IPAddress="192.18.148.29"></saml:SubjectLocality></saml:AuthenticationStatement>
       </saml:Assertion>
       </saml:SubjectConfirmationData>
       </saml:SubjectConfirmation>
       </saml:Subject>
       </samlp:AttributeQuery>
       </samlp:Request>
       
       The response received is:
       
       <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
       ResponseID="slFcTqP6CFq26xs3pnlpfpRID2I="
       InResponseTo="G/AUygEJazkTo0zQJg5tlP8R/T8=" MajorVersion="1" MinorVersion="0"
       IssueInstant="2002-08-31T00:01:53Z" Recipient="192.18.148.29">
       <samlp:Status>
       <samlp:StatusCode Value="samlp:Success">
       </samlp:StatusCode>
       </samlp:Status>
       <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1"
       MinorVersion="0" AssertionID="PhI5XH0rkUCNTlLBaIe4/Y5nT8w="
       Issuer="neuhome.red.iplanet.com:58080" IssueInstant="2002-08-31T00:01:53Z"
       >
       <saml:Conditions NotBefore="2002-08-30T23:56:53Z" NotOnOrAfter="2002-08-31T00:02:53Z"
       >
       </saml:Conditions>
       <saml:AttributeStatement >
       <saml:Subject>
       <saml:NameIdentifier
       NameQualifier="dc=example,dc=com">uid=amAdmin,ou=People,dc=example,dc=com</saml:NameIdentifier>
       <saml:SubjectConfirmation>
       <saml:ConfirmationMethod>urn:com:sun:identity</saml:ConfirmationMethod>
       <saml:SubjectConfirmationData><saml:Assertion
       AssertionID="92yF88dhd1K2+tGOzFs8jJvF7Mw=" IssueInstant="2002-08-31T00:01:53Z"
       Issuer="neuhome.red.iplanet.com:58080" MajorVersion="1" MinorVersion="0"
       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
       <saml:Conditions NotBefore="2002-08-30T23:56:53Z"
       NotOnOrAfter="2002-08-31T00:02:53Z">
       </saml:Conditions>
       <saml:AuthenticationStatement AuthenticationInstant="2002-08-30T23:57:13Z"
       AuthenticationMethod="urn:com:sun:identity:LDAP">
       <saml:Subject>
       <saml:NameIdentifier
       NameQualifier="dc=example,dc=com">uid=amAdmin,ou=People,dc=example,dc=com</saml:NameIdentifier>
       <saml:SubjectConfirmation>
       <saml:ConfirmationMethod>urn:com:sun:identity</saml:ConfirmationMethod>
       <saml:SubjectConfirmationData>AQIC5wM2LY4SfcxkBK5+0S4DoN9U/
       KHQ268NBt7ozAcWu4T2fgi4vKcz9h1imi6pl
       bCqtgxS7RGdRvEpHXCKktFn7xI4cZw2TriUgfqMa7+f+c=
       @neuhome.red.iplanet.com-0%3A3d700638%3A7d3e164a9afd89e8</
       saml:SubjectConfirmationData>
       </saml:SubjectConfirmation>
       </saml:Subject>
       <saml:SubjectLocality
       IPAddress="192.18.148.29"></saml:SubjectLocality></saml:AuthenticationStatement>
       </saml:Assertion>
       </saml:SubjectConfirmationData>
       </saml:SubjectConfirmation>
       </saml:Subject>
       <saml:Attribute AttributeName="userpassword" AttributeNamespace="iPlanetAMUserService">
       <saml:AttributeValue
       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
       {SSHA}3/GreMuCxplJr518lWknB6wADY0vVcIZBFX8Pw==</saml:AttributeValue>
       </saml:Attribute>
       <saml:Attribute AttributeName="uid" AttributeNamespace="iPlanetAMUserService">
       <saml:AttributeValue
       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">amAdmin</saml:AttributeValue>
       </saml:Attribute>
       <saml:Attribute AttributeName="cn" AttributeNamespace="iPlanetAMUserService">
       <saml:AttributeValue
       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">amAdmin</saml:AttributeValue>
       </saml:Attribute>
       <saml:Attribute AttributeName="inetuserstatus"
       AttributeNamespace="iPlanetAMUserService">
       <saml:AttributeValue
       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">Active</saml:AttributeValue>
       </saml:Attribute>
       <saml:Attribute AttributeName="sn" AttributeNamespace="iPlanetAMUserService">
       <saml:AttributeValue
       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">amAdmin</saml:AttributeValue>
       </saml:Attribute>
       </saml:AttributeStatement>
       </saml:Assertion>
       </samlp:Response>
       
    



End of Sample

