| Main Page
 SAML Query Samples
 
 1. Introduction
    This sample is used to illustrate how to form a Query; how to write a
    sample AttributeMapper; how to send and process aSOAPmessage using
    theSAMLSDK. The following is the program flow: 
 
The application first obtains the SSOTokenIt forms an AuthenticationQueryusing the info in theSSOTokenIt forms a SOAP message and send it to the SAMLSOAPReceiver(SAMLSOAPReceiverprocess the SOAP request and reply with a SAML
       response.)It receives the SOAPmessage reply and obtains Authentication
       Assertion from it. In a real application, this Assertion can be obtained
       from Single Sign on using artifact or POST profile, orSAMLClient.It forms an AttributeQueryusing the Authentication
       Assertion obtained from last step asSubjectConfirmationDataIt forms a SOAPmessage and sends it to theSAMLSOAPReceiver(SAMLSOAPReceiverprocesses theSOAPrequest, finds matching
       Attributes using theSampleAttributeMapper, and reply with aSAMLresponse.)It receives SOAPreply and obtains theSAMLResponse from it. 
    For simplicity, this sample is designed to be run in the same JVMthat the Access Manager is running on. It is possible to run the sample in
    a differentJVMby modifyingSAMLQueryServlet.java. The key is to
    send theAuthenticationQueryto the server that issue theSSOToken; send theAttributeQueryto the server that produces Attributes; and the server that
    issue the Authentication Assertion is on the Trusted Partner Sites of the
    server that receivesAttributeQuery. 
 
 2. Instructions on Building, Configuring and Running the Sample
    If not specified, instructions listed below apply to both Solaris and
    Windows machines. Solaris file path separator "/" is used in the
    instruction. Change it to "\" for Windows. <INSTALL_DIR> is the
    directory where Sun Java System Access Manager is installed.
     
 
Go to <INSTALL_DIR>/samples/saml/queryEdit the Makefile(make.batfor Windows) if needed. Modify
       the following environment variables if you do not want to use the
       default:
       BASE - Set this Variable to installed directory for Sun Java System
       Access Manager
       CLASSPATH - Reference to all the needed jars to compile this sample
       JAVA_HOME - Set this variable to your installation of JDK. It should
       be newer than JDK 1.3.1
       BASE_CLASS_DIR - Directory where all the compiled classes will be kept
       Run gmake(make.batfor Windows)Deploy SAMLQuerySample.jarin the web container.
    a. Go to BASE_CLASS_DIR
    b. Copy SAMLQuerySample.jar to <install-dir>/SUNWam/lib
    c. Add <install-dir>/SUNWam/lib/SAMLQuerySample.jar to web container's
       classpath. For example, for Express install, add to classpathsuffix of
       file <install-dir>/servers/<instance>/config/server.xml
    d. Add <servlet> and <servlet-mapping> to file
       <install-dir>/web-apps/services/WEB-INF/web.xml
       For example:
       <servlet>
       <servlet-name>querysample</servlet-name>
       <description>querysample</description>
       <servlet-class>SAMLQueryServlet</servlet-class>
       </servlet>
       <servlet-mapping>
       <servlet-name>querysample</servlet-name>
       <url-pattern>/querysample</url-pattern>
       </servlet-mapping>
    Restart the Sun Java System Access Manager.
    Login to Administration Console as amadmin
       http://<server.domain>:port/amconsoleClick on "Federation" tab
    Click on "SAML" tab
    Click "edit" link of the only entry of "Site Identifiers" to go to
       "Edit Site Identifier" page. Make sure "Instance ID" has correct
       protocol and port if you changed Access Manager server protocol or port.
       Copy the Site IDvalue. It will be used at step 11. Click "Save" if you make any change or "Cancel" to go back to
       previous page.
    Click "New" under "Trusted Partners" to go to
       "Select trusted partner type and profile" page. Check "SOAP Query" under
       "Destination" and click "Next" to go to "Add New Trusted Partner" page.
       Set attributes like the following:
       
       Source ID: <the one obtained from step 9>
       Host List: <the ipaddress of the machine that Access Manager is running on>
       Attribute Mapper: SampleAttributeMapper
       Click on "Finish"
    Click on "Save"
    Invoke the servlet
       http://<server.domain>:port/<service_deploy_URI>/querysampleYou may also logout and login as other user and then invoke the
       servlet.
    You should see servlet response output similar to the following:The SAML Request to be sent is:
 
       <samlp:Request
       xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
       RequestID="ZadxB2mWot+mfSo7lQMU4MykzKw=" MajorVersion="1" MinorVersion="0"
       IssueInstant="2002-08-31T00:01:53Z">
       <samlp:AuthenticationQuery>
       <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
       <saml:NameIdentifier
       NameQualifier="dc=example,dc=com">uid=amAdmin,ou=People,dc=example,dc=com</saml:NameIdentifier>
       <saml:SubjectConfirmation>
       <saml:ConfirmationMethod>urn:com:sun:identity</saml:ConfirmationMethod>
       <saml:SubjectConfirmationData>AQIC5wM2LY4SfcxkBK5+0S4DoN9U/
       KHQ268NBt7ozAcWu4T2fgi4vKcz9h1imi6pl/
       bCqtgxS7RGdRvEpHXCKktFn7xI4cZw2TriUgfqMa7+f+c=
       @neuhome.red.iplanet.com-0%3A3d700638%3A7d3e164a9afd89e8</
       saml:SubjectConfirmationData>
       </saml:SubjectConfirmation>
       </saml:Subject>
       </samlp:AuthenticationQuery>
       </samlp:Request>
       TheSOAPendpoint is:http://neuhome.red.iplanet.com:58080/amserver/SAMLSOAPReceiverThe response received is 
       <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
       ResponseID="IYQ5pYcm4sw8rE+mw81beABfnNA="
       InResponseTo="ZadxB2mWot+mfSo7lQMU4MykzKw=" MajorVersion="1" MinorVersion="0"
       IssueInstant="2002-08-31T00:01:53Z" Recipient="192.18.148.29">
       <samlp:Status>
       <samlp:StatusCode Value="samlp:Success">
       </samlp:StatusCode>
       </samlp:Status>
       <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1"
       MinorVersion="0" AssertionID="92yF88dhd1K2+tGOzFs8jJvF7Mw="
       Issuer="neuhome.red.iplanet.com:58080" IssueInstant="2002-08-31T00:01:53Z">
       <saml:Conditions NotBefore="2002-08-30T23:56:53Z" NotOnOrAfter="2002-08-31T00:02:53Z"
       >
       </saml:Conditions>
       <saml:AuthenticationStatement AuthenticationMethod="urn:com:sun:identity:LDAP"
       AuthenticationInstant="2002-08-30T23:57:13Z">
       <saml:Subject>
       <saml:NameIdentifier
       NameQualifier="dc=example,dc=com">uid=amAdmin,ou=People,dc=example,dc=com</saml:NameIdentifier>
       <saml:SubjectConfirmation>
       <saml:ConfirmationMethod>urn:com:sun:identity</saml:ConfirmationMethod>
       <saml:SubjectConfirmationData>AQIC5wM2LY4SfcxkBK5+0S4DoN9U/
       KHQ268NBt7ozAcWu4T2fgi4vKcz9h1imi6pl/
       bCqtgxS7RGdRvEpHXCKktFn7xI4cZw2TriUgfqMa7+f+c=
       @neuhome.red.iplanet.com-0%3A3d700638%3A7d3e164a9afd89e8</
       saml:SubjectConfirmationData>
       </saml:SubjectConfirmation>
       </saml:Subject>
       <saml:SubjectLocality IPAddress="192.18.148.29" /></saml:AuthenticationStatement>
       </saml:Assertion>
       </samlp:Response>
       TheSAMLRequest to be sent is:
       <samlp:Request
       xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
       RequestID="G/AUygEJazkTo0zQJg5tlP8R/T8=" MajorVersion="1" MinorVersion="0"
       IssueInstant="2002-08-31T00:01:53Z">
       <samlp:AttributeQuery>
       <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
       <saml:NameIdentifier
       NameQualifier="dc=example,dc=com">uid=amAdmin,ou=People,dc=example,dc=com</saml:NameIdentifier>
       <saml:SubjectConfirmation>
       <saml:ConfirmationMethod>urn:com:sun:identity</saml:ConfirmationMethod>
       <saml:SubjectConfirmationData><saml:Assertion
       AssertionID="92yF88dhd1K2+tGOzFs8jJvF7Mw=" IssueInstant="2002-08-31T00:01:53Z"
       Issuer="neuhome.red.iplanet.com:58080" MajorVersion="1" MinorVersion="0"
       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
       <saml:Conditions NotBefore="2002-08-30T23:56:53Z"
       NotOnOrAfter="2002-08-31T00:02:53Z">
       </saml:Conditions>
       <saml:AuthenticationStatement AuthenticationInstant="2002-08-30T23:57:13Z"
       AuthenticationMethod="urn:com:sun:identity:LDAP">
       <saml:Subject>
       <saml:NameIdentifier
       NameQualifier="dc=example,dc=com">uid=amAdmin,ou=People,dc=example,dc=com</saml:NameIdentifier>
       <saml:SubjectConfirmation>
       <saml:ConfirmationMethod>urn:com:sun:identity</saml:ConfirmationMethod>
       <saml:SubjectConfirmationData>AQIC5wM2LY4SfcxkBK5+0S4DoN9U/
       KHQ268NBt7ozAcWu4T2fgi4vKcz9h1imi6pl/
       bCqtgxS7RGdRvEpHXCKktFn7xI4cZw2TriUgfqMa7+f+c=
       @neuhome.red.iplanet.com-0%3A3d700638%3A7d3e164a9afd89e8</
       saml:SubjectConfirmationData>
       </saml:SubjectConfirmation>
       </saml:Subject>
       <saml:SubjectLocality
       IPAddress="192.18.148.29"></saml:SubjectLocality></saml:AuthenticationStatement>
       </saml:Assertion>
       </saml:SubjectConfirmationData>
       </saml:SubjectConfirmation>
       </saml:Subject>
       </samlp:AttributeQuery>
       </samlp:Request>
       The response received is:
       <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
       ResponseID="slFcTqP6CFq26xs3pnlpfpRID2I="
       InResponseTo="G/AUygEJazkTo0zQJg5tlP8R/T8=" MajorVersion="1" MinorVersion="0"
       IssueInstant="2002-08-31T00:01:53Z" Recipient="192.18.148.29">
       <samlp:Status>
       <samlp:StatusCode Value="samlp:Success">
       </samlp:StatusCode>
       </samlp:Status>
       <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1"
       MinorVersion="0" AssertionID="PhI5XH0rkUCNTlLBaIe4/Y5nT8w="
       Issuer="neuhome.red.iplanet.com:58080" IssueInstant="2002-08-31T00:01:53Z"
       >
       <saml:Conditions NotBefore="2002-08-30T23:56:53Z" NotOnOrAfter="2002-08-31T00:02:53Z"
       >
       </saml:Conditions>
       <saml:AttributeStatement >
       <saml:Subject>
       <saml:NameIdentifier
       NameQualifier="dc=example,dc=com">uid=amAdmin,ou=People,dc=example,dc=com</saml:NameIdentifier>
       <saml:SubjectConfirmation>
       <saml:ConfirmationMethod>urn:com:sun:identity</saml:ConfirmationMethod>
       <saml:SubjectConfirmationData><saml:Assertion
       AssertionID="92yF88dhd1K2+tGOzFs8jJvF7Mw=" IssueInstant="2002-08-31T00:01:53Z"
       Issuer="neuhome.red.iplanet.com:58080" MajorVersion="1" MinorVersion="0"
       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
       <saml:Conditions NotBefore="2002-08-30T23:56:53Z"
       NotOnOrAfter="2002-08-31T00:02:53Z">
       </saml:Conditions>
       <saml:AuthenticationStatement AuthenticationInstant="2002-08-30T23:57:13Z"
       AuthenticationMethod="urn:com:sun:identity:LDAP">
       <saml:Subject>
       <saml:NameIdentifier
       NameQualifier="dc=example,dc=com">uid=amAdmin,ou=People,dc=example,dc=com</saml:NameIdentifier>
       <saml:SubjectConfirmation>
       <saml:ConfirmationMethod>urn:com:sun:identity</saml:ConfirmationMethod>
       <saml:SubjectConfirmationData>AQIC5wM2LY4SfcxkBK5+0S4DoN9U/
       KHQ268NBt7ozAcWu4T2fgi4vKcz9h1imi6pl
       bCqtgxS7RGdRvEpHXCKktFn7xI4cZw2TriUgfqMa7+f+c=
       @neuhome.red.iplanet.com-0%3A3d700638%3A7d3e164a9afd89e8</
       saml:SubjectConfirmationData>
       </saml:SubjectConfirmation>
       </saml:Subject>
       <saml:SubjectLocality
       IPAddress="192.18.148.29"></saml:SubjectLocality></saml:AuthenticationStatement>
       </saml:Assertion>
       </saml:SubjectConfirmationData>
       </saml:SubjectConfirmation>
       </saml:Subject>
       <saml:Attribute AttributeName="userpassword" AttributeNamespace="iPlanetAMUserService">
       <saml:AttributeValue
       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
       {SSHA}3/GreMuCxplJr518lWknB6wADY0vVcIZBFX8Pw==</saml:AttributeValue>
       </saml:Attribute>
       <saml:Attribute AttributeName="uid" AttributeNamespace="iPlanetAMUserService">
       <saml:AttributeValue
       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">amAdmin</saml:AttributeValue>
       </saml:Attribute>
       <saml:Attribute AttributeName="cn" AttributeNamespace="iPlanetAMUserService">
       <saml:AttributeValue
       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">amAdmin</saml:AttributeValue>
       </saml:Attribute>
       <saml:Attribute AttributeName="inetuserstatus"
       AttributeNamespace="iPlanetAMUserService">
       <saml:AttributeValue
       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">Active</saml:AttributeValue>
       </saml:Attribute>
       <saml:Attribute AttributeName="sn" AttributeNamespace="iPlanetAMUserService">
       <saml:AttributeValue
       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">amAdmin</saml:AttributeValue>
       </saml:Attribute>
       </saml:AttributeStatement>
       </saml:Assertion>
       </samlp:Response>
        |