callbackHandler.setIssuer("www.example.com");
callbackHandler.setResource("http://resource.org");
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
WSSecSAMLToken wsSign = new WSSecSAMLToken();
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document unsignedDoc = wsSign.build(doc, samlAssertion, secHeader);
String outputString =
XMLUtils.PrettyDocumentToString(unsignedDoc);
if (LOG.isDebugEnabled()) {
LOG.debug("SAML 1.1 Authz Assertion (sender vouches):");
LOG.debug(outputString);
}
assertTrue(outputString.contains("http://resource.org"));
List<WSSecurityEngineResult> results = verify(unsignedDoc);
WSSecurityEngineResult actionResult =
WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
SamlAssertionWrapper receivedSamlAssertion =
(SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertTrue(receivedSamlAssertion != null);
assertFalse(receivedSamlAssertion.isSigned());
}