Using the IdP client façade to generate tokens and pass them to Service Providers

When a user is authenticated and wants to access the services of another SP, call the following code on the SP side.

About this task

The code generates the federated token.


// One time properties to initialize the IdP client.
Properties properties = new Properties();
properties.put(IdPClient.IDP_SERVER_URL, "URL");
properties.put(IdPClient.IDP_CLIENT_CERTIFICATE_ISSUER, "URL");
properties.put(IdPClient.IDP_CLIENT_KEYSTORE_PATH, "JKS file path");
properties.put(IdPClient.IDP_CLIENT_KEYSTORE_PASSKEY, "JKS passkey");
properties.put(IdPClient.IDP_CLIENT_KEYSTORE_ALIAS, "Certificate alias");
// Get the IdP client factory singleton instance 
//with the specified parameters.
IdPClientFactory clientFactory = IdPClientFactory.getInstance(properties);
// Get the partition specific client facade to do the assertion.
IdPClientFacade clientFacade = clientFactory.getIdPClientFacade(partition);
// Establish SSO Login with the IdP server 
IdPClientToken token = clientFacade.doIdPLogin(clientId, forUserId, spId);

After the token is obtained, it can be passed to target SPs to access their resources based on the mapped user's roles and permissions.


// Security token is validated at Service Provider side.
IdPClientAssertion assertion = spFacade.assertIdPToken(clientId, forUserId, spId, 
token.getTokenId());
// Retrieve the principal from the assertion, if there is no exception.
String principal = assertion.getMappedUser();

The client facade is multi-tenant aware and can be used to configure each partition separately. To use this feature, append the client ID to each property name. For example:


properties.put(IdPClient.IDP_CLIENT_KEYSTORE_PATH + 
".partition1", "JKS file path"); 
properties.put(IdPClient.IDP_CLIENT_KEYSTORE_PASSKEY + 
".partition1", "JKS passkey"); 
properties.put(IdPClient.IDP_CLIENT_KEYSTORE_ALIAS + 
".partition1", "Certificate alias");