com.ibm.websphere.wssecurity.wssapi.token
Interface SAMLToken
All Superinterfaces:
- public interface SAMLToken
- extends GenericSecurityToken
SAMLToken represents a SAML security token as defined by OASIS Web Services Security:SAML Token Profile 1.1. WSSTrustClient class and WSSTrustClientValidateResult class could return tokens that implement this interface.
See Also:
Field Summary
Modifier and Type | Field and Description |
---|---|
|
GET_SAMLATTRIBUTES_PERM
this is the java2 security permission needed to retrieve attributes
from a SAML token.
|
Fields inherited from interface com.ibm.websphere.wssecurity.wssapi.token.SecurityToken |
---|
DECRYPTING_KEY, ENCRYPTING_KEY, REF_EMBEDDED, REF_KEYID, REF_STR, REF_THUMBPRINT, SIGNING_KEY, TokenQname, ValueType, VERIFING_KEY |
Method Summary
Modifier and Type | Method and Description |
---|---|
|
getAssertionQName()
Return SAML Assertion namespace, defined in a schema SAML-XSD.
|
|
getAudienceRestriction()
Retrieves AudienceRestriction String name list.
|
|
getAuthenticationInstant()
Retrieves the authentication time when the token holder is authenticated.
|
|
getAuthenticationMethod()
Retrieves the authentication method that was used to authenticate the token holder.
|
|
getConfirmationMethod()
Retrieves the Subject Confirmation Method used in this SAML token.
|
|
getHolderOfKeyBytes()
Retrieves the key bytes from the Holder-of-Key Element of this SAML token.
|
|
getProxyRestrictionCount()
Retrieves number of ProxyRestriction Count.
|
|
getroxyRestrictionAudience()
Retrieves String list of ProxyRestriction Audience.
|
|
getSAMLAttributes()
Retrieves the list of all attributes contained in the SAML token.
|
|
getSamlCreated()
Retrieves the SAML assertion creation date.
|
|
getSamlExpires()
Return SAML Expiration time.
|
|
getSamlID()
Retrieves the identifier associated with this SAML assertion.
|
|
getSAMLIssuerName()
Retrieves the name of issuer.
|
|
getSAMLNameID()
Retrieves SAML NameId or NameIdentifier assertion associated with the token holder.
|
|
getSignerCertificate()
Retrieves SAML signer's X.509 Certificate
|
|
getStringAttributes()
Retrieves a Map of SAML attributes that consist of single (key, string value) pairs only.
|
|
getSubjectDNS()
Retrieves DNSAddress in SubjectLocality.
|
|
getSubjectIPAddress()
Retrieves IPAddress in SubjectLocality.
|
|
getXMLInputStream()
Retrieves InputSream form of SAML Assertion.
|
|
hasProxyRestriction()
Retrieves flag to indicate ProxyRestriction.
|
|
isOneTimeUse()
Retrieves flag to indicate OneTimeUse or DoNotCacheCondition.
|
|
isReadOnly()
Retrieves readOnly flag.
|
|
setTokenReadOnly()
sets the SAMLToken to read only mode, meaning when we get any kind of SAMLAtributes,
we return only copies instead of direct references.
|
Methods inherited from interface com.ibm.websphere.wssecurity.wssapi.token.GenericSecurityToken |
---|
getProperties, setValueType |
Methods inherited from interface com.ibm.websphere.wssecurity.wssapi.token.SecurityToken |
---|
getId, getKey, getKeyIdentifier, getKeyIdentifierEncodingType, getKeyIdentifierValueType, getKeyName, getPrincipal, getReferenceURI, getThumbprint, getThumbprintEncodingType, getThumbprintValueType, getTokenQname, getValueType, getXML |
Field Detail
GET_SAMLATTRIBUTES_PERM
- static final java.security.SecurityPermission GET_SAMLATTRIBUTES_PERM
this is the java2 security permission needed to retrieve attributes
from a SAML token.
Method Detail
getSamlID
- java.lang.String getSamlID()
Retrieves the identifier associated with this SAML assertion.
Returns:
a string representing the ID for SAML 2.0, or AssertionID for SAML 1.1.
getAssertionQName
- javax.xml.namespace.QName getAssertionQName( )
Return SAML Assertion namespace, defined in a schema SAML-XSD.
Returns:
SAML Assertion namespace, defined in a schema SAML-XSD
It is "urn:oasis:names:tc:SAML:1.0:assertion" for SAML 1.1, and
"urn:oasis:names:tc:SAML:2.0:assertion" for SAML 2.0.
getSamlExpires
- java.util.Date getSamlExpires()
Return SAML Expiration time.
Returns:
SAML Token expiration time, which is delimited by the NotOnOrAfter attribute in element.
getSamlCreated
- java.util.Date getSamlCreated()
Retrieves the SAML assertion creation date.
Returns:
SAML Token creation Date based on the NotBefore attribute in element.
getConfirmationMethod
- java.lang.String getConfirmationMethod( )
Retrieves the Subject Confirmation Method used in this SAML token.
based on the SAML token profile for versions 1.1 and 2.0.
Returns:
SAML SubjectConfirmation Method, and valid method is holder-of-key, bearer, or sender-vouches.
the returned string is based on the OASIS SAML token profile 1.1 and SAML token profile 2.0.
See Also:
getHolderOfKeyBytes
- byte[] getHolderOfKeyBytes()
Retrieves the key bytes from the Holder-of-Key Element of this SAML token.
Returns:
the shared secret key bytes for a symmetric holder-of-key assertion.
getSAMLIssuerName
- java.lang.String getSAMLIssuerName( )
Retrieves the name of issuer.
Returns:
issuer name of the SAML authority responsible for the claims in the SAML assertion.
getAuthenticationMethod
- java.lang.String getAuthenticationMethod( )
Retrieves the authentication method that was used to authenticate the token holder.
Returns:
the authentication method that took place prior to the token's creation.
For example "password", "kerberos", "ltpa".
getAuthenticationInstant
- java.util.Date getAuthenticationInstant( )
Retrieves the authentication time when the token holder is authenticated.
Returns:
the authentication time when the token holder is authenticated.
getSubjectDNS
- java.lang.String getSubjectDNS( )
Retrieves DNSAddress in SubjectLocality.
Returns:
DNSAddress in SubjectLocality.
getSubjectIPAddress
- java.lang.String getSubjectIPAddress( )
Retrieves IPAddress in SubjectLocality.
Returns:
IPAddress in SubjectLocality.
getAudienceRestriction
- java.util.List<java.lang.String> getAudienceRestriction( )
Retrieves AudienceRestriction String name list.
Returns:
AudienceRestriction String name list.
isOneTimeUse
- boolean isOneTimeUse()
Retrieves flag to indicate OneTimeUse or DoNotCacheCondition.
Returns:
flag to indicate OneTimeUse or DoNotCacheCondition.
hasProxyRestriction
- boolean hasProxyRestriction()
Retrieves flag to indicate ProxyRestriction.
Returns:
flag to indicate ProxyRestriction.
getProxyRestrictionCount
- long getProxyRestrictionCount()
Retrieves number of ProxyRestriction Count.
Returns:
number of ProxyRestriction Count.
getroxyRestrictionAudience
- java.util.List<java.lang.String> getroxyRestrictionAudience( )
Retrieves String list of ProxyRestriction Audience.
Returns:
String list of ProxyRestriction Audience.
getSAMLAttributes
- java.util.List<com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute> getSAMLAttributes( )
Retrieves the list of all attributes contained in the SAML token.
When the token is in "readOnly" mode, a copy of the token's SAMLAttribute list is returned.
However, even though nothing can be added or removed from list, the attributes themselves
could be changed, thus altering the existing SAMLAttributes.
For this reason, this method method requires the
"wssapi.SAMLToken.getSAMLAttributes" Java Security permission .
getStringAttributes
- java.util.Map<java.lang.String,java.lang.String> getStringAttributes( )
Retrieves a Map of SAML attributes that consist of single (key, string value) pairs only.
Returns:
a Map of SAML Attributes that consist of single key with single String value. To get a
complete Attribute list, use method getSAMLAttributes().
getSAMLNameID
- com.ibm.wsspi.wssecurity.saml.data.SAMLNameID getSAMLNameID( )
Retrieves SAML NameId or NameIdentifier assertion associated with the token holder.
Returns:
SAML NameID or NameIdentifier assertion associated with the token holder.
setTokenReadOnly
- void setTokenReadOnly()
sets the SAMLToken to read only mode, meaning when we get any kind of SAMLAtributes,
we return only copies instead of direct references. This will prevent modifications
to SAMLToken attributes held in the token.
isReadOnly
- boolean isReadOnly()
Retrieves readOnly flag.
Returns:
readOnly flag.
getXMLInputStream
- java.io.InputStream getXMLInputStream( )
- throws WSSException
Retrieves InputSream form of SAML Assertion.
getSignerCertificate
- java.security.cert.X509Certificate getSignerCertificate( )
Retrieves SAML signer's X.509 Certificate
Returns:
SAML signer's X.509 Certificate