The SAML library API can be used to create a SAML token
that has a custom NameID.
About this task
When self-issued SAML tokens are created using the SAML
token generator there is no way to customize the NameID using callback
handler properties. However, using the SAML library API, a custom
SAML NameID callback handler that is defined in the SAMLIssuerConfig.properties
file can be created that can customize the NameID of a self-issued
SAML token. A SAML NameID callback handler can also be used by applications
that use the newSAMLToken method.
The SAML
NameID callback handler will run for all SAML tokens that are created
from the application server with the modified SAMLIssuerConfig.properties
file.
Procedure
- Develop a custom SAML NameID callback handler.
For
example:
package test.saml;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import com.ibm.websphere.wssecurity.callbackhandler.NameIDCallback;
import com.ibm.wsspi.wssecurity.saml.data.SAMLNameID;
public class NameIDProvider implements javax.security.auth.callback.CallbackHandler {
@Override
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
if (callbacks == null || callbacks.length == 0) {
throw new UnsupportedCallbackException(null, "There is no callback.");
}
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameIDCallback) {
NameIDCallback callback = (NameIDCallback)callbacks[i];
SAMLNameID nameid = new SAMLNameID("newNameID", null, null, null, null);
callback.setSAMLNameID(nameid);
}
}
}
}
- Add the NameIDProvider custom property to the (cellRoot)/sts/SAMLIssuerConfig.properties
file.
For example: NameIDProvider =test.saml.NameIDProvider
Results
When this task is completed using the sample code provided,
the following element will be added to all SAML tokens:<saml:Subject>
<saml:NameID>newNameID</saml:NameID>
</saml:Subject>