Sending a Request for a Security Token

After setting up the SOAP header handlers, the example creates a token request and calls the issue method. The following sequence shows the operations and corresponding Java elements.

Example: Acquiring a vCenter Single Sign-On Token – Sending the Request shows Java code that performs these operations.

Example: Acquiring a vCenter Single Sign-On Token – Sending the Request

/*

* Retrieve the STSServicePort from the STSService_Service object.

*/

STSService stsPort = stsService.getSTSServicePort();

 

/*

* Create a token request object.

*/

RequestSecurityTokenType tokenType = new RequestSecurityTokenType();

 

/*

* Create a LifetimeType object.

*/

LifetimeType lifetime = new LifetimeType();

 

/*

* Derive the token creation date and time.

* Use a GregorianCalendar to establish the current time,

* then use a DatatypeFactory to map the time data to XML.

*/

DatatypeFactory dtFactory = DatatypeFactory.newInstance();

GregorianCalendar cal = new GregorianCalendar( TimeZone.getTimeZone("GMT"));

XMLGregorianCalendar xmlCalendar = dtFactory .newXMLGregorianCalendar(cal);

AttributedDateTime created = new AttributedDateTime();

created.setValue(xmlCalendar.toXMLFormat());

 

/*

* Specify a time interval for token expiration (specified in milliseconds).

*/

AttributedDateTime expires = new AttributedDateTime();

xmlCalendar.add(dtFactory.newDuration(30 * 60 * 1000));

expires.setValue(xmlCalendar.toXMLFormat());

 

/*

* Set the created and expires fields in the lifetime object.

*/

lifetime.setCreated(created);

lifetime.setExpires(expires);

 

/*

* Set the token request fields.

*/

tokenType.setTokenType("urn:oasis:names:tc:SAML:2.0:assertion");

tokenType .setRequestType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue");

tokenType.setLifetime(lifetime);

tokenType .setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey");

tokenType .setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");

 

/*

* Specify a token that can be renewed.

*/

RenewingType renewing = new RenewingType();

renewing.setAllow(Boolean.TRUE);

renewing.setOK(Boolean.FALSE); // WS-Trust Profile: MUST be set to false

tokenType.setRenewing(renewing);

 

/* Get the request context and set the endpoint address. */

Map<String, Object> reqContext = ((BindingProvider) stsPort) .getRequestContext();

reqContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, args[0]);

 

/*

* Use the STS port to invoke the "issue" method to acquire the token

* from the vCenter Single Sign-On server.

*/

RequestSecurityTokenResponseCollectionType issueResponse = stsPort .issue(tokenType);

 

/*

* Handle the response - extract the SAML token from the response. The response type

* contains the token type (SAML token type urn:oasis:names:tc:SAML:2.0:assertion).

*/

RequestSecurityTokenResponseType rstResponse = issueResponse .getRequestSecurityTokenResponse();

RequestedSecurityTokenType requestedSecurityToken = rstResponse .getRequestedSecurityToken();

 

/*

* Extract the SAML token from the RequestedSecurityTokenType object.

* The generic token type (Element) corresponds to the type required

* for the SAML token handler that supports the call to LoginByToken.

*/

Element token = requestedSecurityToken.getAny();