Overview of application programming interfaces (APIs) for SAML
WebSphere® Application Server support for SAML provides public application programming interfaces (APIs) that you can use to build SAML token aware applications.
Use the SAMLTokenFactory API to create, validate, and authenticate SAML tokens, and to create JAAS subjects that represent SAML tokens. The SAMLTokenFactory implementation supports both the OASIS SAML v1.1 Token Specification and OASIS SAML v2.0 Token Specification. Use the WSSTrustClient API to send, issue, and validate WS-Trust request messages to the specified STS. The WSSTrustClient implementation supports both WS-Trust v1.3 Specification and the WS-Trust v1.2 Specification, and supports both the SOAP v1.1 namespace and the SOAP v1.2 namespace.
com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
class
in Web Services Security (WSS) application programming interface (API).
When there is no concern of confusion we use the term SAMLToken
instead
of using its complete package name. You can use WSS API to request
SAMLToken processing from an external Security Token Service (STS),
to propagate SAMLTokens in SOAP request messages, and to use a symmetric
or asymmetric key identified by SAMLTokens to protect SOAP messages.The
WSS API SAML support complements the com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory
and com.ibm.websphere.wssecurity.wssapi.trust.WSSTrustClient
interfaces.
SAMLTokens that are generated using the com.ibm.websphere.wssecurity.wssapi.WSSFactory
newSecurityToken()
method can be processed by the SAMLTokenFactory
and WSSTrustClient
programming
interfaces. Conversely, SAMLTokens that are generated by SAMLTokenFactory
or
returned by WSSTrustClient
can be used in WSS API.
Deciding which API to use in your application depends on your specific
needs. WSS API SAML support is self contained in the sense that it
provides functionality equivalent to that of the SAMLTokenFactory
and WSSTrustClient
interfaces
as far as web services client applications are concerned. The SAMLTokenFactory
interface
has additional functions to validate SAMLTokens and to create the
JAAS Subject that represents authenticated SAMLTokens. This validation
is useful for the Web services provider side. When you develop applications
to consume SAMLTokens, the SAMLTokenFactory
programming
interface is more suitable for you.
WebSphere Application Server with SAML provides the following APIs that implement SAML as a security token. For information about the methods in these APIs, refer to the SAML token library API documentation, which describes each of the APIs and provides sample code.
- com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory
- com.ibm.websphere.wssecurity.wssapi.token.SAMLToken
- com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute
- com.ibm.wsspi.wssecurity.saml.data.SAMLNameID
- com.ibm.wsspi.wssecurity.saml.config.ConsumerConfig
- com.ibm.wsspi.wssecurity.saml.config.CredentialConfig
- com.ibm.wsspi.wssecurity.saml.config.ProviderConfig
- com.ibm.wsspi.wssecurity.saml.config.RequesterConfig
- com.ibm.wsspi.wssecurity.saml.config.SamlConstants
- com.ibm.wsspi.wssecurity.core.token.config.ConsumerConfiguration
- com.ibm.wsspi.wssecurity.core.token.config.CredentialConfiguration
- com.ibm.wsspi.wssecurity.core.token.config.ProviderConfiguration
- com.ibm.wsspi.wssecurity.core.token.config.RequesterConfiguration
- com.ibm.websphere.wssecurity.callbackhandler.SAMLConsumeCallback
- com.ibm.websphere.wssecurity.callbackhandler.SAMLConsumerCallbackHandler
- com.ibm.websphere.wssecurity.callbackhandler.SAMLGenerateCallback
- com.ibm.websphere.wssecurity.callbackhandler.SAMLGenerateCallbackHandler
- com.ibm.wsspi.wssecurity.wssapi.DOMStructure
- com.ibm.wsspi.wssecurity.wssapi.OMStructure
- com.ibm.websphere.wssecurity.wssapi.trust.WSSTrustClient
- com.ibm.websphere.wssecurity.wssapi.token.GenericSecurityToken
- com.ibm.wsspi.wssecurity.trust.config.ConsumerConfig
- com.ibm.wsspi.wssecurity.trust.config.ConsumerConfig.RSTR
- com.ibm.wsspi.wssecurity.trust.config.ProviderConfig
- com.ibm.wsspi.wssecurity.trust.config.RequesterConfig
- com.ibm.wsspi.wssecurity.core.token.config.WSSConstants
- com.ibm.wsspi.wssecurity.core.token.config.WSSConstants.Namespace
- com.ibm.wsspi.wssecurity.core.token.config.WSSConstants.TokenType
- com.ibm.wsspi.wssecurity.core.token.config.WSSConstants.WST12
- com.ibm.wsspi.wssecurity.core.token.config.WSSConstants.WST13
- com.ibm.wsspi.wssecurity.core.token.config.WSSConstants.Algorithm
- com.ibm.wsspi.wssecurity.core.token.config.WSSConstants.SAML
For additional information about using the APIs, including practical scenarios that illustrate how and when to apply the APIs, read about SAML usage scenarios.