OpenAM v.13 – REST STS OpenAM Token Translation

A quick demo of OpenAM’s Token Translation Service

According to Wikipedia:

In a typical usage scenario, a client requests access to a secure software application, often called a relying party. Instead of the application authenticating the client, the client is redirected to an STS. The STS authenticates the client and issues a security token. Finally, the client is redirected back to the relying party where it presents the security token. The token is the data record in which claims are packed, and is protected from manipulation with strong cryptography. The software application verifies that the token originated from an STS trusted by it, and then makes authorization decisions accordingly. The token is creating a chain of trust between the STS and the software application consuming the claims. This process is illustrated in the Security Assertion Markup Language (SAML) use case, demonstrating how single sign-on can be used to access web services.

Here is a quick video (w/o audio) demonstrating how to create an STS instance in OpenAM v.13 and then using Postman (REST client) to translate the tokenid of an authenticated user.

Caveat: There are obviously more configuration requirements for an actual deployment, the ACS URL would be key, for example. Refer to the STS documentation linked below the video.

References:

 

 

REST Requests:

Authenticate:

 POST /openam/json/authenticate HTTP/1.1
 Host: am.example.com:8080
 X-OpenAM-Username: username
 X-OpenAM-Password: password
 Content-Type: application/json
 Cache-Control: no-cache
{}

Translate:

 POST /openam/rest-sts/sts-test?_action=translate HTTP/1.1
 Host: am.example.com:8080
 Content-Type: application/json
 Cache-Control: no-cache
{
 “input_token_state”: {
 “token_type”: “OPENAM”,
 “session_id”: “AQIC5wM2LY4SfczD8y5-kVgiXY7rxxxxxxxxx8k0o8.*AAJTSQACMDEAAlNLABQtNjY4MzQxNjkzMDg2ODI1MjIzOQACUzEAAA..*”
 },
 “output_token_state”: {
 “token_type”: “SAML2”,
 “subject_confirmation”: “BEARER”
 }
 }

Next Steps?
We implement solutions like this for our clients nearly every day. Are you looking for assistance on a current project? Maybe you have a future project and you just want to keep in touch. Awesome! Head on over to our contact page and drop us a line. We’re looking forward to hearing from you.