After setting up the SOAP header handlers, the example creates a token request and calls the issue method. The following sequence shows the operations and corresponding Java elements.

The following code example shows Java code that performs these operations.

Acquiring a vCenter Single Sign-On Token – Sending the Request

/*
 * Retrieve the STSServicePort from the STSService_Service object.
 */
 STSService stsPort = stsService.getSTSServicePort();

/*
 * Create a token request object.
 */
 RequestSecurityTokenType tokenType = new RequestSecurityTokenType();

/*
 *  Create a LifetimeType object. 
 */
 LifetimeType lifetime = new LifetimeType();

/*
 * Derive the token creation date and time.
 * Use a GregorianCalendar to establish the current time,
 * then use a DatatypeFactory to map the time data to XML.
 */
 DatatypeFactory dtFactory = DatatypeFactory.newInstance();
 GregorianCalendar cal = new GregorianCalendar(TimeZone.getTimeZone("GMT"));
 XMLGregorianCalendar xmlCalendar = dtFactory.newXMLGregorianCalendar(cal);
 AttributedDateTime created = new AttributedDateTime();
 created.setValue(xmlCalendar.toXMLFormat());

/*
 * Specify a time interval for token expiration (specified in milliseconds).
 */
 AttributedDateTime expires = new AttributedDateTime();
 xmlCalendar.add(dtFactory.newDuration(30 * 60 * 1000));
 expires.setValue(xmlCalendar.toXMLFormat());

/*
 * Set the created and expires fields in the lifetime object.
 */
 lifetime.setCreated(created);
 lifetime.setExpires(expires);

/*
 * Set the token request fields.
 */
 tokenType.setTokenType("urn:oasis:names:tc:SAML:2.0:assertion");
 tokenType.setRequestType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue");
 tokenType.setLifetime(lifetime);
 tokenType.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey");
 tokenType.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");

/*
 * Specify a token that can be renewed.
 */
 RenewingType renewing = new RenewingType();
 renewing.setAllow(Boolean.TRUE);
 renewing.setOK(Boolean.FALSE); // WS-Trust Profile: MUST be set to false
 tokenType.setRenewing(renewing);

/* Get the request context and set the endpoint address. */
 Map<String, Object> reqContext = ((BindingProvider) stsPort).getRequestContext();
 reqContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, args[0]);

/*
 * Use the STS port to invoke the "issue" method to acquire the token
 * from the vCenter Single Sign-On server.
 */
 RequestSecurityTokenResponseCollectionType issueResponse = stsPort.issue(tokenType);

/*
 * Handle the response - extract the SAML token from the response. The response type
 * contains the token type (SAML token type urn:oasis:names:tc:SAML:2.0:assertion).
 */
 RequestSecurityTokenResponseType rstResponse = issueResponse.getRequestSecurityTokenResponse();
 RequestedSecurityTokenType requestedSecurityToken = rstResponse.getRequestedSecurityToken();

/*
 * Extract the SAML token from the RequestedSecurityTokenType object.
 * The generic token type (Element) corresponds to the type required
 * for the SAML token handler that supports the call to LoginByToken.
 */
 Element token = requestedSecurityToken.getAny();