The SuisseID SDK/Java is an easy to use class library for integrating Java EE Web applications with the SuisseID core infrastructure.
The SuisseID SDK/Java offers functionality for
- Creating SuisseID-specific SAML 2.0 requests, i.e. XML documents. The SAML messages supported by the SDK are
- Signing the SAML requests.
- Implementing the SAML POST binding.
- Parsing the SAML response , i.e. XML documents.
- Verifing the signature of the SAML response as well as the signature of the QC signed attributes
- Accessing the authentication information and attributes received from a SuisseID IdP (Identity Provider) or CAS (Claim Assertion Service).
The SuisseID SDK/Java does not offer any functionality for
- Plain certificate-based authentication, since this is already offered by the Java EE container.
- The WS-Trust related part of the SuisseID specification.
The only restriction imposed by the SDK/Java is the need to access the Servlet API. The SDK/Java uses the Servlet API for sending SAML 2.0 samlp:AuthnRequest or samlp:AttributeQuery messages and for receiving samlp:Response messages using the SAML POST binding. Higher level Web UI frameworks like Struts, Wicket, JSF, etc. offer direct access to the Servlet API.
The integration of the SDK/Java in an application can occur using Servlet filters or as Servlets.
The SDK/Java is built on top of OpenSAML2, an open source Java library meant to support developers working with the Security Assertion Markup Language (SAML). The full dependencies of the SDK/Java are documented here.
The binaries and the source code of the SDK/Java are available for download from the download section.
A getting started User's Guide is available.
A guide for building the SDK/Java from source is available.
The JavaDoc API documents are available for download from the download section.
A simple SuisseID Service Provider
webapp-sp directory in the source code contains a simple web app implementing a SuisseID Service Provider. The web app demonstrates the functionality of the SDK/Java (online demo). The example Service Provider can use the SDK/Java own Idp (see below) as well as the operational IdPs.
webapp-sp has been successfully deployed in Glassfish v2.1 (see the file
suisseid-sdk/sdk/doc/glassfish_deployment_instruction.txt for deployment instructions) and in JBoss 5.
A simplistic SuisseID Identity Provider
webapp-idp directory in the source code contains a simple web app implementing a simplistic SuisseID Identity Provider. The web app can be used for running test scenarios which can't be easily be done using the operational SuisseID IdPs.
Currently we can't give support for the SuisseID SDK/Java. In the near future a support forum and a ticketing system will be made available.