JavaScript Example of
Retrieving a SAML Token
This example shows
the use of JavaScript with the
vSphere
Automation SDK for REST
to send a SAML token request to the vCenter Single Sign-On
endpoint.
The example assumes that you
have previously saved certain connection information in global variables. The
JavaScript depends on the
Node.js
package,
which allows it to run standalone.
This example depends on the
following global variables.
- my_sso_username
- my_sso_password
- my_psc_host
var https = require('https'); var fs = require('fs'); var httpPort = 443; var tokenFilename = './token.xml'; // Create connection settings object. my_http_options = { host: my_psc_host, port: httpPort, path: '/sts/STSService/vsphere.local', method: 'POST', rejectUnauthorized: false, requestCert: true, agent: false, headers: { 'Content-type': 'text/xml; charset="UTF-8"', 'Content-length': 0, 'User-Agent': 'VMware/jsSample', 'Connection': 'keep-alive', 'SOAPAction': "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" } }; // Set parameters for token lifetime. var now = new Date(); var created = now.toISOString(); now.setHours(now.getHours() + 1); var expires = now.toISOString(); // Build SOAP token request. var requestXml = '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> \ <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> \ <ns5:Security \ xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512" \ xmlns:ns2="http://www.w3.org/2005/08/addressing" \ xmlns:ns3= \ "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \ xmlns:ns4="http://www.rsa.com/names/2009/12/std-ext/WS-Trust1.4/advice" \ xmlns:ns5= \ "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> \ <ns3:Timestamp> \ <ns3:Created>' + created + '</ns3:Created> \ <ns3:Expires>' + expires + '</ns3:Expires> \ </ns3:Timestamp> \ <ns5:UsernameToken> \ <ns5:Username>' + my_sso_username + '</ns5:Username> \ <ns5:Password>' + my_sso_password + '</ns5:Password> \ </ns5:UsernameToken> \ </ns5:Security> \ </SOAP-ENV:Header> \ <SOAP-ENV:Body xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> \ <RequestSecurityToken \ xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512" \ xmlns:ns2="http://www.w3.org/2005/08/addressing" \ xmlns:ns3= \ "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \ xmlns:ns4="http://www.rsa.com/names/2009/12/std-ext/WS-Trust1.4/advice" \ xmlns:ns5= \ "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> \ <TokenType>urn:oasis:names:tc:SAML:2.0:assertion</TokenType> \ <RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</RequestType> \ <Lifetime> \ <ns3:Created>' + created + '</ns3:Created> \ <ns3:Expires>' + expires + '</ns3:Expires> \ </Lifetime> \ <Renewing Allow="true" OK="false" /> \ <Delegatable>true</Delegatable> \ <KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</KeyType> \ <SignatureAlgorithm>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</SignatureAlgorithm> \ </RequestSecurityToken> \ </SOAP-ENV:Body> \ </SOAP-ENV:Envelope>' // Define callback to extract SAML assertion. function extractToken(xmlResponse) { var token; token=xmlResponse.toString().match(/\<saml2:Assertion[\s\S]*\<\/saml2:Assertion\>/m).toString(); return token; } // Define request callback functions. var callback = function(res) { str = ''; res.on('error', function(err) {console.log("ERROR in SSO authentication", err)}); res.on('data', function(chunk) {str += chunk}); res.on('end', function() { console.log("SSO: Authenticated successfully"); my_saml_token = extractToken(str); fs.writeFile(tokenFilename, my_saml_token, function(err){ if (err) { console.log("Couldn't save SAML token to " tokenFilename) } else { console.log("Saved SAML token to " + tokenFilename) } }); }); } // Issue security token request. my_http_options.headers['Content-length'] = requestXml.length; https.request(my_http_options, callback).end(requestXml);