+

Search Tips   |   Advanced Search

Add attributes to self-issued SAML tokens using the API

The SAML library API can be used to create a self-issued SAML token that has custom attributes.

When self-issued SAML tokens are created using the SAML token generator there is no way to add custom attributes using callback handler properties. However, using the SAML library API, a custom SAML attribute callback handler defined in the SAMLIssuerConfig.properties file can be created that can add attributes to a self-issued SAML token. A SAML attribute callback handler can also be used by applications that use the newSAMLToken method.

The SAML attribute callback handler will run for all SAML tokens created from the application server with the modified SAMLIssuerConfig.properties file.

  1. Develop a custom SAML attribute callback handler. For example: 
    package test.saml;
 import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import com.ibm.websphere.wssecurity.callbackhandler.Saml11AttributeCallback;
import com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute;
import java.util.ArrayList;
 public class AttributeProvider implements javax.security.auth.callback.CallbackHandler {
    @Override
    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
        if (callbacks == null || callbacks.length == 0) {
            throw new UnsupportedCallbackException(null, "There is no callback.");
        }
        for (int i = 0; i < callbacks.length; i++) {
            if (callbacks[i] instanceof Saml11AttributeCallback) {
                Saml11AttributeCallback callback = (Saml11AttributeCallback)callbacks[i];
                SAMLAttribute attr = new SAMLAttribute("newAttribute", new String[]{"newValue"}, null, null, null, null);
                ArrayList<SAMLAttribute> attrList = callback.getSAMLAttributes();                                if (attrList == null) {
                    attrList = new ArrayList<SAMLAttribute>();
                    attrList.add(attr);
                    callback.setSAMLAttributes(attrList);
                } else {
                    attrList.add(attr);
                }
            }
        }
    }
}

  2. Add the AttributeProvider custom property to the (cellRoot)/sts/SAMLIssuerConfig.properties file. For example: AttributeProvider=test.saml.AttributeProvider


Results

When this task is completed using the sample code provided, the following element will be added to all SAML tokens: 
<saml:AttributeStatement>
    <saml:Attribute Name="newAttribute">
        <saml:AttributeValue>newValue</saml:AttributeValue>
    </saml:Attribute>
</saml:AttributeStatement>


Related concepts

  • Security token


    Related tasks

  • Develop web services clients that retrieve tokens from the JAAS Subject in an application
  • Protecting system resources and APIs (Java 2 security) for developing applications
  • Configure Java 2 security policy files