* @throws WSTrustException
*/
private void issueToken(WSTrustRequestContext context, String assertionID) throws WSTrustException
{
// lifetime and audience restrictions.
Lifetime lifetime = context.getRequestSecurityToken().getLifetime();
AudienceRestrictionType restriction = null;
AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo();
if (appliesTo != null)
restriction = SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo));
ConditionsType conditions = SAMLAssertionFactory.createConditions(lifetime.getCreated(), lifetime.getExpires(),
restriction);
String confirmationMethod = null;
KeyInfoConfirmationDataType keyInfoDataType = null;
// if there is a proof-of-possession token in the context, we have the holder of key confirmation method.
if (context.getProofTokenInfo() != null)
{
confirmationMethod = SAMLUtil.SAML2_HOLDER_OF_KEY_URI;
keyInfoDataType = SAMLAssertionFactory.createKeyInfoConfirmation(context.getProofTokenInfo());
}
else
confirmationMethod = SAMLUtil.SAML2_BEARER_URI;
// TODO: implement the SENDER_VOUCHES scenario.
SubjectConfirmationType subjectConfirmation = SAMLAssertionFactory.createSubjectConfirmation(null,
confirmationMethod, keyInfoDataType);
// create a subject using the caller principal.
Principal principal = context.getCallerPrincipal();
String subjectName = principal == null ? "ANONYMOUS" : principal.getName();
NameIDType nameID = SAMLAssertionFactory.createNameID(null, "urn:jboss:identity-federation", subjectName);
SubjectType subject = SAMLAssertionFactory.createSubject(nameID, subjectConfirmation);
// TODO: add SAML statements that corresponds to the claims provided by the requester.
// create the SAML assertion.
NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null, context.getTokenIssuer());
AssertionType assertion = SAMLAssertionFactory.createAssertion(assertionID, issuerID, lifetime.getCreated(),
conditions, subject, null);
// convert the constructed assertion to element.
Element assertionElement = null;
try