in these days I have been working on some security topics like OAuth2 and SAML.
Somehow we need a custom security so I started to look for a way to retrieve SAML token from ADFS server.
The following code part is retrieving security token but it is not recommended by even myself.
Add dependency of CXF;
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-bundle</artifactId>
<version>3.0.0-milestone2</version>
</dependency>
Test Class ;
public class Runny {
public static void main(String[] args) throws Exception{
CXFBusFactory bf = new CXFBusFactory();
Bus bus = bf.createBus();
STSClient client = new STSClient(bus);
Map<String, Object> stsprop = client.getProperties();
stsprop.put("ws-security.username","alice");
stsprop.put("ws-security.callback-handler","com.cxf.sample.ClientCallbackHandler");
stsprop.put("ws-security.encryption.properties","clientKeystore.properties");
stsprop.put("ws-security.encryption.username","mystskey");
stsprop.put("ws-security.sts.token.username","myclientkey");
stsprop.put("ws-security.sts.token.properties","clientKeystore.properties");
stsprop.put("ws-security.sts.token.usecert","true");
stsprop.put(SecurityConstants.IS_BSP_COMPLIANT, "false");
client.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
client.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}UT_Port");
client.setLocation("https://{your adfs server}/adfs/services/trust/13/usernamemixed");
client.setSoap12();
client.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
client.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
client.setEnableAppliesTo(true);
client.setEnableLifetime(true);
client.setAllowRenewing(false);
client.setClaims(createClaims());
client.getOutInterceptors().add(new MyInterceptor(Phase.SETUP ));
SecurityToken requestSecurityToken = client.requestSecurityToken("http://${servername}:8280/services/securedEcho.securedEchoHttpSoap12Endpoint");
System.out.println("requestSecurityToken:" + requestSecurityToken);
}
private static Element createClaims() {
Document doc = DOMUtils.createDocument();
Element claimsElement =
doc.createElementNS("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "Claims");
claimsElement.setAttributeNS(null, "Dialect", "http://wso2.org/claims");
Element claimType =
doc.createElementNS("http://schemas.xmlsoap.org/ws/2005/05/identity", "ClaimType");
claimType.setAttributeNS(null, "Uri", "http://wso2.org/claims/givenname");
claimsElement.appendChild(claimType);
return claimsElement;
}
// Add SAML Security headers to request.
static class MyInterceptor extends AbstractSoapInterceptor {
public MyInterceptor(String p) {
super(p);
// TODO Auto-generated constructor stub
}
public void handleMessage(SoapMessage soapMessage) throws Fault {
DocumentBuilder builder = null;
try {
builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
} catch (ParserConfigurationException e) {
e.printStackTrace();
}
Document doc = builder.newDocument();
Element action = doc.createElementNS("http://www.w3.org/2005/08/addressing","Action");
action.setAttributeNS("http://www.w3.org/2003/05/soap-envelope","mustUnderstand", "1");
action.setTextContent("http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue");
Header actionHeader = new Header(new QName("http://www.w3.org/2005/08/addressing"),
action);
soapMessage.getHeaders().add(actionHeader);
Element messageID = doc.createElementNS("http://www.w3.org/2005/08/addressing","MessageID");
messageID.setTextContent("urn:uuid:16bf093a-264c-45ef-8fa3-117ca6594a8b");
Header messageIDHeader = new Header(new QName("http://www.w3.org/2005/08/addressing"),
messageID);
soapMessage.getHeaders().add(messageIDHeader);
Element activityId = doc.createElementNS("http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics","ActivityId");
activityId.setAttribute("CorrelationId", "306f5c7d-9570-422e-afef-57db2accea71");
activityId.setTextContent("b9fdcdac-1284-4210-8baf-01f0e8a835ab");
Header activityIdHeader = new Header(new QName("http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics"),
activityId);
soapMessage.getHeaders().add(activityIdHeader);
Element to = doc.createElementNS("http://www.w3.org/2005/08/addressing","To");
to.setAttributeNS("http://www.w3.org/2003/05/soap-envelope","mustUnderstand", "1");
to.setTextContent("https://${fully_qualified_name}/adfs/services/trust/13/usernamemixed");
Header toHeader = new Header(new QName("http://www.w3.org/2005/08/addressing"),
to);
soapMessage.getHeaders().add(toHeader);
Element security = doc.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Security");
security.setAttributeNS("http://www.w3.org/2003/05/soap-envelope","mustUnderstand", "1");
Header securityHeader = new Header(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"),
security);
Element usernameToken = doc.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","UsernameToken");
Element username = doc.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Username");
username.setTextContent("bankanet\\iernas");
Element password = doc.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Password");
password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
password.setTextContent("Enfo3501");
usernameToken.appendChild(username);
usernameToken.appendChild(password);
security.appendChild(usernameToken);
soapMessage.getHeaders().add(securityHeader);
// remove renewing node, ADFS doesn't like it..
DOMSource dSource = ((DOMSource)soapMessage.getContent(List.class).get(0));
Node renewal = dSource.getNode().getFirstChild().getNextSibling().getNextSibling().getNextSibling().getNextSibling().getNextSibling().getNextSibling();
dSource.getNode().removeChild(renewal);
// change namespace of ApplyTo
ElementNSImpl elementNSImpl = ((ElementNSImpl)dSource.getNode().getFirstChild().getNextSibling());
elementNSImpl.setAttribute("xmlns:wsp","http://schemas.xmlsoap.org/ws/2004/09/policy");
Field f1;
try {
f1 = elementNSImpl.getClass().getDeclaredField("namespaceURI");
f1.setAccessible(true);
f1.set(elementNSImpl, "http://schemas.xmlsoap.org/ws/2004/09/policy");
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
System.out.println("111");
}
}
}