Sending a Request for a
Security Token
After setting up the SOAP header handlers,
the example creates a token request and calls the
Issue
method.
The following sequence shows the operations and
corresponding Java elements.
Retrieve the STS service
port ( STSService ). The service port
provides access to the vCenter Single Sign-On client API methods. The vCenter
Single Sign-On handler resolver must be associated with the STS service before
you retrieve the service port. See
Using Handler Methods for SOAP Headers.
| 
|
Create a token request
( RequestSecurityTokenType ). Your
vCenter Single Sign-On client will pass the token request to the
Issue method. The
Issue method will send
the token request in the body of the SOAP message. This example sets the token
request fields as appropriate for a holder-of-key token request.
| RequestSecurityTokenType
|
Set the token request
fields.
| RequestSecurityTokenType
tokenType
requestType
lifetime
keyType
signatureAlgorithm
renewing
|
Set the endpoint address
for the token request.
| 
|
Call the
Issue method.
| Issue (RequestSecurityTokenType)
STSService
|
Handle the response from
the vCenter Single Sign-On Server.
| RequestSecurityTokenResponseType
|
The following example shows Java code that
performs these operations.
Acquiring a vCenter Single Sign-On Token –
Sending the Request
/* * Retrieve the STSServicePort from the STSService_Service object. */ STSService stsPort = stsService.getSTSServicePort(); /* * Create a token request object. */ RequestSecurityTokenType tokenType = new RequestSecurityTokenType(); /* * Create a LifetimeType object. */ LifetimeType lifetime = new LifetimeType(); /* * Derive the token creation date and time. * Use a GregorianCalendar to establish the current time, * then use a DatatypeFactory to map the time data to XML. */ DatatypeFactory dtFactory = DatatypeFactory.newInstance(); GregorianCalendar cal = new GregorianCalendar(TimeZone.getTimeZone("GMT")); XMLGregorianCalendar xmlCalendar = dtFactory.newXMLGregorianCalendar(cal); AttributedDateTime created = new AttributedDateTime(); created.setValue(xmlCalendar.toXMLFormat()); /* * Specify a time interval for token expiration (specified in milliseconds). */ AttributedDateTime expires = new AttributedDateTime(); xmlCalendar.add(dtFactory.newDuration(30 * 60 * 1000)); expires.setValue(xmlCalendar.toXMLFormat()); /* * Set the created and expires fields in the lifetime object. */ lifetime.setCreated(created); lifetime.setExpires(expires); /* * Set the token request fields. */ tokenType.setTokenType("urn:oasis:names:tc:SAML:2.0:assertion"); tokenType.setRequestType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"); tokenType.setLifetime(lifetime); tokenType.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey"); tokenType.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); /* * Specify a token that can be renewed. */ RenewingType renewing = new RenewingType(); renewing.setAllow(Boolean.TRUE); renewing.setOK(Boolean.FALSE); // WS-Trust Profile: MUST be set to false tokenType.setRenewing(renewing); /* Get the request context and set the endpoint address. */ Map<String, Object> reqContext = ((BindingProvider) stsPort).getRequestContext(); reqContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, args[0]); /* * Use the STS port to invoke the "issue" method to acquire the token * from the vCenter Single Sign-On Server. */ RequestSecurityTokenResponseCollectionType issueResponse = stsPort.issue(tokenType); /* * Handle the response - extract the SAML token from the response. The response type * contains the token type (SAML token type urn:oasis:names:tc:SAML:2.0:assertion). */ RequestSecurityTokenResponseType rstResponse = issueResponse.getRequestSecurityTokenResponse(); RequestedSecurityTokenType requestedSecurityToken = rstResponse.getRequestedSecurityToken(); /* * Extract the SAML token from the RequestedSecurityTokenType object. * The generic token type (Element) corresponds to the type required * for the SAML token handler that supports the call to LoginByToken. */ Element token = requestedSecurityToken.getAny();