The VMware vCenter Single Sign On SDK provides sample code that is an extension of the JAX-WS XML Web services message handler (javax.xml.ws.handler). The sample code consists of a set of SOAP header handler methods and a header handler resolver, to which you add the handler methods. The handler methods insert timestamp, user credential, and message signature data into the SOAP security header for the request. A handler method extracts the SAML token from the vCenter Single Sign On Server response.The VMware vCenter Single Sign On client SOAP header handler files are located in the soaphandlers directory:
1 Create an STS service object (STSService_Service). This object will bind the handlers to the request and provide access to the issue method.
2 Create a handler resolver object (HeaderHandlerResolver). This object acts as a receptacle for the handlers.
■ Timestamp – The handler will use system time to set the timestamp values.
■ User credential – The handler requires a username and a password; it will create a username token for the supplied values.
■ User certificate signature – The handler requires a private key and an x509 certificate. The handler will use the private key to sign the body of the SOAP message (the token request), and it will embed the certificate in the SOAP security header.
■ SAML token extraction – The handler extracts the SAML token directly from vCenter Single Sign On Server response to avoid token modification by the JAX-WS bindings. The following code fragment creates a handler resolver and adds the handler methods to the handler resolver. After the handlers have been established, the client creates a token request and calls the Issue method. See Sending a Request for a Security Token.
Important You must perform these steps for message security before retrieving the STS service port. An example of retrieving the STS service port is shown in Sending a Request for a Security Token.Example: Acquiring a vCenter Single Sign On Token – Soap Handlers