java如何在WebSphere8.5.5中的我的JAAS自定义登录模块中使用SAML令牌属性值

我正在使用一个自定义JAAS登录模块来实现idAssertion。我已经配置了一个有效的TAI，它将使用令牌数据或属性值返回SAML响应。我需要使用来自SAML令牌的JAAS登录模块中的组详细信息。如何在此处获取组和属性值？已使用WSSUtilFactory，但它返回空值。 JAAS登录模块

package com.hcl.portal.transparent;
import java.security.PrivilegedActionException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.naming.InitialContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import com.ibm.portal.auth.tai.ExternalIdentityCredential;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.wssecurity.wssapi.WSSUtilFactory;
import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken;
import com.ibm.ws.security.util.AccessController;
import com.ibm.wsspi.security.auth.callback.WSTokenHolderCallback;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute;
import com.ibm.wsspi.wssecurity.saml.data.SAMLNameID;

public class loginModule implements LoginModule {
    private boolean success = false;
    Subject currentSubject;
    CallbackHandler currentCallbackHandler;
    Map<String, Object> currentSharedState;
    Map<String, Object> currentOptions;

    @Override
    public void initialize(Subject subject, CallbackHandler callbackHandler,
            Map<String, ?> sharedState, Map<String, ?> options) {
        currentSubject = subject;
        currentCallbackHandler = callbackHandler;
        currentSharedState = (Map<String, Object>) sharedState;
        currentOptions = (Map<String, Object>) options;
        success = false;
        System.out.println("kousik level 0.1");
    }

     @Override
    public boolean login() throws LoginException {
        String uniqueid = "";
        Hashtable hashtable = new Hashtable();
        Callback callbacks[] = new Callback[3];
        System.out.println("kousik level 0.2");
        
        try {
            callbacks[0] = new WSTokenHolderCallback("");
            callbacks[1] = new NameCallback("User:");
            callbacks[2] = new PasswordCallback("Password:", false);            
           
            currentCallbackHandler.handle(callbacks);
            boolean requiresLogin = ((WSTokenHolderCallback) callbacks[0]).getRequiresLogin();              

            if (requiresLogin) {
                String username = ((NameCallback) callbacks[1]).getName();
                String userDefaultname = ((NameCallback) callbacks[1]).getDefaultName();
                System.out.println("k----------username = " + username);
                System.out.println("k----------Dusername = " + userDefaultname);
                if (username != null) {
                    try {                        
                        InitialContext ctx = new InitialContext();
                        UserRegistry reg = (UserRegistry) ctx.lookup("UserRegistry");
                        uniqueid = reg.getUniqueUserId(username);
                    } catch (com.ibm.websphere.security.EntryNotFoundException e1) {                        
                        
                        System.out.println("Login Module - transient for base realm ");
                        uniqueid = "uid=" + username + ",o=base,o=transparent";
                        hashtable.put(AttributeNameConstants.WSCREDENTIAL_UNIQUEID,uniqueid);
                        hashtable.put(AttributeNameConstants.WSCREDENTIAL_SECURITYNAME,uniqueid);
                        // You may add specific users to specific groups to not only have all transient user as "AllAuthenticated"
                      
                        ArrayList<String> groupList = new ArrayList<String>();
                        groupList.add("cn=wpsadmins,o=defaultWIMFileBasedRealm");
                        
                       // AttributeNameConstants.WSCREDENTIAL_GROUPS
                        hashtable.put(AttributeNameConstants.WSCREDENTIAL_GROUPS,groupList);
                        // Add attributes for this special user as well
                        hashtable.put("sn",username);
                        hashtable.put("cn",username);
                        hashtable.put("uid",username);
                        hashtable.put("ibm-primaryEmail",username+"@portal.ibm.com");
                       // }
                        currentSubject.getPublicCredentials().add(hashtable);
                        currentSubject.getPublicCredentials().add(new ExternalIdentityCredential(hashtable));
                        currentSharedState.put(AttributeNameConstants.WSCREDENTIAL_PROPERTIES_KEY,hashtable);
                    } catch (Exception e1) {
                        System.out.println("Login Module failed for user lookup: "+ e1);
                    }
                    System.out.println("uniqueid = " + uniqueid);
                } else {
                    System.out.println("uniqueid is null - do nothing");
                    success = false;
                    System.out.println("failed with uniqueid= " + uniqueid);
                    return success;
                }
            } else {
                System.out.println("This is a repeat login, nothing to do.");
            }

        } catch (Exception e) {
            System.out.println("Login Module failed: " + e);
        }
        success = true;
        System.out.println("success with uniqueid= " + uniqueid);
        return success;
    }

    @Override
    public boolean commit() throws LoginException {
        // TODO Auto-generated method stub
        return false;
    }

    @Override
    public boolean abort() throws LoginException {
        // TODO Auto-generated method stub
        return false;
    }

    @Override
    public boolean logout() throws LoginException {
        // TODO Auto-generated method stub
        return false;
    }

}