Sending a Request for a Security Token

After setting up the SOAP header handlers, the example creates a token request and calls the issue method. The following sequence shows the operations and corresponding Java elements.

5	Retrieve the STS service port (STSService). The service port provides access to the vCenter Single Sign On client API methods. The vCenter Single Sign On handler resolver must be associated with the STS service before you retrieve the service port. See Using Handler Methods for SOAP Headers.

Create a token request (RequestSecurityTokenType). Your vCenter Single Sign On client will pass the token request to the Issue method. The Issue method will send the token request in the body of the SOAP message. This example sets the token request fields as appropriate for a holder-of-key token request.

7	Set the token request fields.

■	lifetime – Creation and expiration times.

■	token type – urn:oasis:names:tc:SAML:2.0:assertion

■	request type – http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue

■	key type – http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey (for holder-of-key token type)

■	signature algorithm – http://www.w3.org/2001/04/xmldsig-more#rsa-sha256

■	renewable status

8	Set the endpoint address for the token request.

9	Call the Issue method.

10	Handle the response from the vCenter Single Sign On Server.

The following example shows Java code that performs these operations.

Example: Acquiring a vCenter Single Sign On Token – Sending the Request

* Retrieve the STSServicePort from the STSService_Service object.

STSService stsPort = stsService.getSTSServicePort();

* Create a token request object.

RequestSecurityTokenType tokenType = new RequestSecurityTokenType();

* Create a LifetimeType object.

LifetimeType lifetime = new LifetimeType();

* Derive the token creation date and time.

* Use a GregorianCalendar to establish the current time,

* then use a DatatypeFactory to map the time data to XML.

DatatypeFactory dtFactory = DatatypeFactory.newInstance();

GregorianCalendar cal = new GregorianCalendar( TimeZone.getTimeZone("GMT"));

XMLGregorianCalendar xmlCalendar = dtFactory .newXMLGregorianCalendar(cal);

AttributedDateTime created = new AttributedDateTime();

created.setValue(xmlCalendar.toXMLFormat());

* Specify a time interval for token expiration (specified in milliseconds).

AttributedDateTime expires = new AttributedDateTime();

xmlCalendar.add(dtFactory.newDuration(30 * 60 * 1000));

expires.setValue(xmlCalendar.toXMLFormat());

* Set the created and expires fields in the lifetime object.

lifetime.setCreated(created);

lifetime.setExpires(expires);

* Set the token request fields.

tokenType.setTokenType("urn:oasis:names:tc:SAML:2.0:assertion");

tokenType .setRequestType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue");

tokenType.setLifetime(lifetime);

tokenType .setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey");

tokenType .setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");

* Specify a token that can be renewed.

RenewingType renewing = new RenewingType();

renewing.setAllow(Boolean.TRUE);

renewing.setOK(Boolean.FALSE); // WS-Trust Profile: MUST be set to false

tokenType.setRenewing(renewing);

/* Get the request context and set the endpoint address. */

Map<String, Object> reqContext = ((BindingProvider) stsPort) .getRequestContext();

reqContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, args[0]);

* Use the STS port to invoke the "issue" method to acquire the token

* from the vCenter Single Sign On Server.

RequestSecurityTokenResponseCollectionType issueResponse = stsPort .issue(tokenType);

* Handle the response - extract the SAML token from the response. The response type

* contains the token type (SAML token type urn:oasis:names:tc:SAML:2.0:assertion).

RequestSecurityTokenResponseType rstResponse = issueResponse .getRequestSecurityTokenResponse();

RequestedSecurityTokenType requestedSecurityToken = rstResponse .getRequestedSecurityToken();

* Extract the SAML token from the RequestedSecurityTokenType object.

* The generic token type (Element) corresponds to the type required

* for the SAML token handler that supports the call to LoginByToken.

Element token = requestedSecurityToken.getAny();