Oracle® Security Developer Tools Reference
10g Release 2 (10.1.2) B15975-01 |
|
Previous |
Next |
This chapter provides information about using the Oracle Security Assertions Markup Language (SAML) Software Development Kit (SDK). Oracle SAML allows Java developers to develop cross-domain single sign-on and federated access control solutions that conform to the SAML 1.0/1.1 specifications.
This chapter contains the following topics:
The Oracle SAML SDK provides a Java API with supporting tools, documentation, and sample programs to assist developers of SAML-compliant Java security services. Oracle SAML can be integrated into existing Java solutions, including applets, applications, EJBs, servlets, and JSPs.
Oracle SAML provides the following features:
Support for the SAML 1.0/1.1 specifications
Support for SAML-based single sign-on and federated identity profiles, such as those specified by the Liberty Alliance Project
See Also: For more information and links to these specifications and related documents, see Appendix A, "References". |
The Oracle SAML Java API contains the following packages for creating SAML-compliant Java applications:
oracle.security.xmlsec.saml
This package contains classes that support SAML assertions.
oracle.security.xmlsec.samlp
This package contains classes that support the SAML request and response protocol (SAMLP).
The Oracle Security Developer Tools are installed with Oracle Application Server in ORACLE_HOME
.
This section explains how to set up your environment for Oracle SAML. It contains these topics:
In order to use Oracle SAML, your system must have the Java Development Kit (JDK) version 1.2.2 or higher.
Your CLASSPATH
environment variable must contain the full path and file names to all of the required jar and class files. Make sure the following items are included in your CLASSPATH
:
osdt_core.jar
osdt_cert.jar
osdt_xmlsec.jar
osdt_saml.jar
The jaxen.jar
file (Jaxen XPath engine, included with your Oracle XML Security distribution)
The jar files for your chosen XML parser and XSLT processor (for example, xalan.jar
and xercesImpl.jar
if using Apache Xalan-Java)
To set the CLASSPATH
on Windows:
In your Windows Control Panel, select System.
In the System Properties dialog, select the Advanced tab.
Click Environment Variables.
In the User Variables section, click New to add a CLASSPATH
environment variable for your user profile. If a CLASSPATH
environment variable already exists, select it and click Edit.
Add the full path and file names for all of the required jar files to the CLASSPATH
.
For example, your CLASSPATH
might look like this:
%CLASSPATH%;C:\ORACLE_HOME\jlib\osdt_core.jar; C:\ORACLE_HOME\jlib\osdt_cert.jar; C:\ORACLE_HOME\jlib\osdt_xmlsec.jar; C:\ORACLE_HOME\jlib\osdt_saml.jar; C:\ORACLE_HOME\jlib\jaxen.jar; C:\xalan-j_2_6_0\bin\xalan.jar;C:\xalan-j_2_6_0\bin\xercesImpl.jar
Click OK.
On UNIX, set your CLASSPATH
environment variable to include the full path and file name of all of the required jar and class files. For example:
setenv CLASSPATH $CLASSPATH:$ORACLE_HOME/jlib/osdt_core.jar:\ $ORACLE_HOME/jlib/osdt_cert.jar:\ $ORACLE_HOME/jlib/osdt_xmlsec.jar:\ $ORACLE_HOME/jlib/osdt_saml.jar:\ $ORACLE_HOME/jlib/jaxen.jar:\ /usr/lib/xalan-j_2_6_0/bin/xalan.jar:/usr/lib/xalan-j_2_6_0/bin/xercesImpl.jar
This section provides information and code samples for using the key classes and interfaces of Oracle SAML. The core classes are:
The supporting classes and interfaces are:
This section provides a brief overview of the core SAML and SAMLP classes with some brief code examples.
This class initializes the Oracle SAML toolkit. By default Oracle SAML is automatically initialized for SAML v1.0. You can also initialize Oracle SAML for a specific version of the SAML specification. When the initialize
method is called for a specific version, previously initialized versions will remain initialized. Example 9-1 shows how to initialize the SAML toolkit for SAML v1.0 and SAML v1.1.
This class represents the Assertion
element of the SAML Assertion schema.
Example 9-2 shows how to create a new Assertion
element and append it to an existing XML document.
Example 9-2 Creating an Assertion Element and Appending to an XML Document
Document doc = Instance of org.w3c.dom.Document;
Assertion assertion = new Assertion(doc);
doc.getDocumentElement().appendChild(assertion);
Example 9-3 shows how to obtain Assertion
elements from an XML document.
Example 9-3 Obtaining Assertion Elements From an XML Document
Document doc = Instance of org.w3c.dom.Document;
// Get a list of all Assertion elements in the document
NodeList assrtList =
doc.getElementsByTagNameNS(SAMLURI.ns_saml, "Assertion");
if (assrtList.getLength() == 0)
System.err.println("No Assertion elements found.");
// Convert each org.w3c.dom.Node object to a
// oracle.security.xmlsec.saml.Assertion object and process
for (int s = 0, n = assrtList.getLength(); s < n; ++s)
{
Assertion assertion = new Assertion((Element)assrtList.item(s));
// Process Assertion element
...
}
This class represents the Request
element of the SAML Protocol schema.
Example 9-4 shows how to create a new Request
element and append it to an existing XML document.
Example 9-4 Creating a Request Element and Appending to an XML Document
Document doc = Instance of org.w3c.dom.Document;
Request request = new Request(doc);
doc.getDocumentElement().appendChild(request);
Example 9-5 shows how to obtain Request
elements from an existing XML document.
Example 9-5 Obtaining Request Elements From an XML Document
Document doc = Instance of org.w3c.dom.Document;
// Get a list of all Request elements in the document
NodeList reqList =
doc.getElementsByTagNameNS(SAMLURI.ns_samlp, "Request");
if (reqList.getLength() == 0)
System.err.println("No Request elements found.");
// Convert each org.w3c.dom.Node object to a
// oracle.security.xmlsec.samlp.Request object and process
for (int s = 0, n = reqList.getLength(); s < n; ++s)
{
Request request = new Request((Element)reqList.item(s));
// Process Request element
...
}
This class represents the Response
element of the SAML Protocol schema. See the CreateAuthDecisionResponse.java
example program provided in the examples
directory of your Oracle SAML distribution for a complete example of creating a SAMLP Response message.
Example 9-6 shows how to create a Response
element and append it to an existing XML document.
Example 9-6 Creating a Response Element and Appending to an XML Document
Document doc = Instance of org.w3c.dom.Document;
Response response = new Response(doc);
doc.getDocumentElement().appendChild(response);
Example 9-7 shows how to obtain Response elements from an existing XML document.
Example 9-7 Obtaining Response Elements From an XML Document
Document doc = Instance of org.w3c.dom.Document;
// Get a list of all Response elements in the document
NodeList respList =
doc.getElementsByTagNameNS(SAMLURI.ns_samlp, "Response");
if (respList.getLength() == 0)
System.err.println("No Response elements found.");
// Convert each org.w3c.dom.Node object to a
// oracle.security.xmlsec.samlp.Response object and process
for (int s = 0, n = respList.getLength(); s < n; ++s)
{
Response response = new Response((Element)respList.item(s));
// Process Response element
...
}
This section provides an overview of the supporting classes and interfaces of Oracle SAML.
This interface defines URI string constants for algorithms, namespaces, and objects. The following naming conventions are used:
Action Namespace URIs defined in the SAML 1.0 specifications begin with action_
.
Authentication Method Namespace URIs defined in the SAML 1.0 specifications begin with authentication_method_
.
Confirmation Method Namespace URIs defined in the SAML 1.0 specifications begin with confirmation_method_
.
Namespace URIs begin with ns_
.