<%@page import="org.apache.axis.client.Call"%> <%@page import="org.apache.axis.client.Service"%> <%@page import="org.apache.axis.encoding.XMLType"%> <%@page import="org.apache.axis.encoding.ser.BeanDeserializerFactory"%> <%@page import="org.apache.axis.encoding.ser.BeanSerializerFactory"%> <%@page import="javax.xml.rpc.encoding.TypeMapping"%> <%@page import="javax.xml.rpc.encoding.TypeMappingRegistry"%> <%@page import="javax.xml.rpc.ParameterMode"%> <%@page import="javax.xml.namespace.QName"%> <%@page import="com.tricipher.soa.saml.ValidateResult"%> <% // NOTE: This sample uses Apache AXIS, see: // http://ws.apache.org/axis/java/user-guide.html#InstallingAxisAndUsingThisGuide // for information on installing AXIS. // Change the endpoint to use your organization's myOneLogin domain by replacing "developer" with your organization name String endPoint = "https://developer.myonelogin.com/SAAS/API/1.0/SOA/validateSaml"; // Chnage the recipient name to the same one you entered in the SP configuration (typically the URL to this file) String recipientName = "http://localhost:8080/SAAS/validateSaml.jsp"; // No more changes are required below this point // Define the validate() web service call QName operationName = new QName("http://saml.soa.tricipher.com/", "validate"); // We use the result class in the com.tricipher.soa.saml namespace, see separate class QName returnType = new QName("http://saml.soa.tricipher.com/", "ValidateResult"); // The actual SAML assertion received from myOneLogin String samlResponse = (String)request.getParameter("SAMLResponse"); String result = ""; try { // Create new web service call Service service = new Service(); Call call = (Call) service.createCall(); // Setup new web service call call.setTargetEndpointAddress(new java.net.URL(endPoint)); call.setUseSOAPAction(true); call.setOperationName(operationName); call.setReturnType(returnType); // SAML assertion that was POSTed to us from myOneLogin call.addParameter("samlResponse", XMLType.XSD_STRING, ParameterMode.IN); // The location of this page, to be compared to SAML assertion call.addParameter("recipientName", XMLType.XSD_STRING, ParameterMode.IN); // Map the return type to our class that will contain the result TypeMappingRegistry tmr = service.getTypeMappingRegistry(); TypeMapping tm = tmr.createTypeMapping(); tm.register(ValidateResult.class, returnType, new BeanSerializerFactory(ValidateResult.class, returnType), new BeanDeserializerFactory(ValidateResult.class, returnType)); tmr.register(org.apache.axis.Constants.URI_SOAP11_ENC, tm); // Execute web service call ValidateResult vResult = (ValidateResult) call.invoke(new Object[] { samlResponse, recipientName }); // Extremely simple result handling, show username if validated, error if not if (vResult.isValid()) { result = vResult.getUsername(); } else { result = vResult.getMessage(); } } catch (Exception e) { result = e.getLocalizedMessage(); } %> <%=result%> /** * Define and use this class for collecting the result. Keep * in com.tricipher.soa.saml package. * * Simple class containing 3 members that hold the information * returned from the myOneLogin validateSaml web service. * * https://developer.myonelogin.com/SAAS/API/1.0/SOA/validateSaml * */ package com.tricipher.soa.saml; public class ValidateResult { private Boolean isValid = false; private String username = ""; private String message = ""; public ValidateResult() { } public ValidateResult(Boolean isValid, String username, String message) { this.isValid = isValid; this.username = username; this.message = message; } public Boolean isValid() { return isValid; } public void setValid(Boolean isValid) { this.isValid = isValid; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getMessage() { return message; } public void setMessage(String message) { this.message = message; } }