STSRequest and STSResponse access using a JavaScript mapping rule
Using the Default Mapping STS Module and a JavaScript mapping rule, we can perform identity mapping. The mapping rule can access STSRequest and STSResponse objects. The following two implicit objects and the classes required by these two objects can be exposed (for example, Java DOM, XML classes, and so on):
- STSRequest which represents the WS-Trust request
- STSResponse, which represents the WS-Trust response
To get the input security token from the WS-Trust request use JavaScript code:
stsrequest.getRequestSecurityToken().getBase()
This returns the input security token as an instance of the Java class org.w3c.dom.Element.
To set the output security token in the WS-Trust response use JavaScript code:
stsresponse.getRequestSecurityTokenResponse().setRequestedSecurityToken(outputSecurityToken)
The outputSecurityToken is the output security token represented as an instance of Java class org.w3c.dom.Element. By default, WS-Trust response contains only one output security token. To return additional output security tokens, we can use the following JavaScript code:
stsresponse.addRequestSecurityTokenResponse().setRequestedSecurityToken(outputSecurityToken)
The examples in the following topics show the mapping to and from a base64 encoded JSON string. They use the Default Mapping module with a JavaScript mapping rule. The JavaScript mapping rule accesses the STSRequest and STSResponse objects and performs the identity mapping.
- Example: Map a base64 encoded JSON string to a SAML2 token
- Example: Map a SAML2 token to a base64 encoded JSON string
Parent topic: Configure STS modules