1

I'm able to successfully setup websphere to authenticate with an IdP and access the web resource as expected. But now my application needs the claims/assertions/attributes available in the SAML token/response to proceed further. What is best option available to access the SAML response/attributes inside my java application?

Defendore
  • 649
  • 1
  • 8
  • 20

2 Answers2

2

For WebSphere Liberty profile:

  1. get com.ibm.websphere.security.saml2.Saml20Token from RunAsSubject:

    Saml20Token samlToken = null;
Subject subject = WSSubject.getRunAsSubject();
Iterator authIterator = subject.getPrivateCredentials(Saml20Token.class).iterator();
if (authIterator.hasNext()) {
    samlToken = (Saml20Token) authIterator.next();
}

  2. You can get List of com.ibm.websphere.security.saml2.Saml20Attribute from Saml20Token

    samlToken.getSAMLAttributes();

  3. You can also get most SAML assertions from Saml20Token. For example samlToken.getSAMLIssuerName();

For classic WebSphere:

    Subject subject = WSSubject.getRunAsSubject();
    SAMLToken samlToken = (SAMLToken) AccessController.doPrivileged(
                new java.security.PrivilegedExceptionAction() {
                    public Object run() throws java.lang.Exception
                    {
                        final java.util.Iterator authIterator = subject.getPrivateCredentials(SAMLToken.class).iterator();
                        if ( authIterator.hasNext() ) {
                            final SAMLToken token = (SAMLToken) authIterator.next();
                            return token;
                        }
                        return null;
                    }
                });
                   SAMLNameID = samlToken.getSAMLNameID();
    List<SAMLAttribute>  attributes = samlToken.getSAMLAttributes();
Chunlong
  • 616
  • 5
  • 9
  • Do you know how to configure server.xml in OpenLiberty and which dependencies should I include in pom.xml. Now it throws `java.lang.NoClassDefFoundError: com/ibm/websphere/security/saml2/Saml20Token` – cyper Aug 23 '23 at 13:36
2

I want to add to the previous answer.For Websphere Application Server, if you are using already available WebsphereSamlSP application as SP then you can use following code inside handleRedirect() method of IBMWebpshereSamlACSListenerServlet to get saml attributes. Or use this in your custom SP code.

SAMLToken samlToken = (SAMLToken) AccessController
                        .doPrivileged(new java.security.PrivilegedExceptionAction() {
                            public Object run() throws java.lang.Exception {
                                final java.util.Iterator authIterator = subject
                                        .getPrivateCredentials(SAMLToken.class)
                                        .iterator();
                                if (authIterator.hasNext()) {
                                    final SAMLToken token = (SAMLToken) authIterator
                                            .next();
                                    return token;
                                }
                                return null;
                            }
                        });
            // Log attribute name and values
                List<SAMLAttribute> attributes = samlToken.getSAMLAttributes();
                if (attributes != null && !attributes.isEmpty()) {
                    for (SAMLAttribute attr : attributes) {
                        logger.debug(attr.getName());
                        if (attr.getStringAttributeValue() != null) {
                            for (int i = 0; i < attr.getStringAttributeValue().length; i++) {
                                logger.debug(attr.getStringAttributeValue()[i]);
                            }

                        }
                    }
                }
BK Elizabeth
  • 479
  • 5
  • 15