« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today

Blog::Navigation

Blog::Editing

Bookmarks::Blogroll

Blog::Referrers

Today's Page Hits: 270

Site notes

This page validates as XHTML 1.0, and will look much better in a browser that supports web standards, but it is accessible to any browser or Internet device. It was created using techniques detailed at glish.com/css/.

Powered by Roller Weblogger.
« Metro Adoption | Main | Handling Claims with... »
Tuesday Dec 30, 2008

Parsing SAML Assertion with Metro SAML API

Originally in Metro/XWSS, we only provided API to create SAML assertions, but no API to parse them. That's why in all the SAML related samples, we had to use primitive DOM API to parse SAML assertions to obtain user information. Since Metro 1.4, we have enhanced the SAML API to add support for parsing the SAML assertions.

Here are some sample codes on how to get user identity and attributes from an SAML assertion using these new API. 



import com.sun.xml.wss.saml.Assertion;

import com.sun.xml.wss.saml.AssertionUtil;

import com.sun.xml.wss.saml.*;

1. Create Assertion from an DOM element:



Element samlEle;

Assertion assertion = AssertionUtil.fromElement(samlEle);

2. Get user attributes and Subject 



Subject subject = null; 

NameID nameID = null;




// SAML 2.0

try {

     subject = assertion.getSubject()};

}catch (Exception ex){

     subject =  null;

}




if (subject != null){

     nameID = subject.getNameId();

}




List&lsaquo Object&rsaquo statements = assertion.getStatements(); 




for (Object s : statements){

      if (s instanceof AttributeStatement){

          List&lsaquo Attribute&rsaquo attrs = ((AttributeStatement)s).getAttributes();   

          for (Attribue attr : attrs){

                 String attrName = attr.getName();

                 List&lsaquo Object&rsaquo attrValues = attr.getAttributes();

                 String attrValue = ((Element)attrValues.get(0)).getFirstChild().getNodeValue();

                 ...

          }




          // for SAML 1.0, 1.1

          if (subject == null){

                 subject = ((AttributeStatement)s).getSubject()

         }

      } else if (s instanceof AuthenticationStatement){

         subject = ((AuthenticationStatement)s).getSubject();

      }




}

3. Get the user identifier in the Subject:



if (nameID != null){

        //SAML 2.0 case 

        String id = nameID.getValue();

        String nameQualifier = nameID.getNameQualifier();

        String format = nameID.getFormat();

}else{

     // SAML 1.0, 1.1. case

     NameIdentifier nameIdentifier = subject.getNameIdentifier();

     if (nameIdentifier != null){

                String id = nameIdentifier.getValue();

                String nameQualifier = nameIdentifier.getNameQualifier();

                String format = nameIdentifier.getFormat();

        }

}

Posted at 05:39PM Dec 30, 2008 by jiandongg in Sun  |  Comments[2]

Comments:

Is this API available yet? I tried to find it on the XWSS page but couldn't. The latest version I could find is XWSS 3.0 FCS and there is no method getStatements in the API documentation...

Currently I'm using XPath the parse the assertions, but that is rather cumbersome.

Thanks.

Posted by Fred Wan on January 02, 2009 at 06:37 AM PST #

Hi Fred,

Yes, it iis available:

https://xwss.dev.java.net/source/browse/xwss/xwss-ri/src/com/sun/xml/wss/saml/Assertion.java?rev=1.13&view=markup

You should have it with Metro 1.4 or above:

https://metro.dev.java.net/1.4/

The API doc may not be updated. I will check back.

Thanks!

JIandong

Posted by Jiandong Guo on January 02, 2009 at 10:55 AM PST #

Post a Comment:
  • HTML Syntax: NOT allowed
Locations of visitors to this page
Copyright (C) 2003, jiandongg