com.ibm.websphere.wssecurity.callbackhandler
Class SAMLConsumeCallback
- java.lang.Object
com.ibm.websphere.wssecurity.callbackhandler.SAMLConsumeCallback
All implemented interfaces:
javax.security.auth.callback.Callback
- public class SAMLConsumeCallback
- extends java.lang.Object
- implements javax.security.auth.callback.Callback
A SAML token remains valid in the process if it was valid at the time the process received that token.
See Also:
Constructor Summary
Constructor and Description |
---|
SAMLConsumeCallback()
|
Method Summary
Modifier and Type | Method and Description |
---|---|
|
enforceAudienceRestriction()
Returns the flag whether AudienceRestriction assertion validation is required.
|
|
enforceOneTimeUse()
Returns the flag whether OneTimeUse or DoNotCacheCondition assertion validation is required.
|
|
getAlias()
Returns the alias name used by the consumer of the SAML token in its keyStore.
|
|
getAllowUnencKey()
Gets setting for allowing an Unencrypted key in a Holder of Key token.
|
|
getClockSkew()
Returns the time in milliseconds that is allowed for clock skew between the token
issuer and the consumer.
|
|
getConfirmationMethod()
Returns the ConfirmationMethod to be used when requesting/generating a SAML token.
|
|
getCRLPaths()
|
|
getKeyName()
Returns the name of the key used by the token consumer.
|
|
getKeyPassword()
Returns the password for recovering the key.
|
|
getKeyStorePassword()
Returns the password for the keyStore used by the consumer of the SAML token.
|
|
getKeyStorePath()
Returns the file path for the keyStore used by the consumer of the SAML token.
|
|
getKeyStoreReference()
Returns the reference name of the keyStore used by the token consumer (e.g. a service).
|
|
getKeyStoreType()
Returns the type of the keyStore used by the consumer of the SAML token.
|
|
getTrustedIssuers()
|
|
getTrustedSTSAlias()
Returns the alias used to locate the key used by the SAML token issuer.
|
|
getTrustStorePassword()
Returns the password for the trustStore used by the token consumer.
|
|
getTrustStorePath()
Returns the file path to the trustStore used by the token consumer.
|
|
getTrustStoreRef()
Returns the reference name of the trustStore used by the token consumer.
|
|
getTrustStoreType()
Returns the type of the trustStore used by the token consumer.
|
|
getX509Paths()
Gets the set of intermediate certificate files
|
|
isSignatureRequired()
Returns the flag whether signature on the SAML token from the issuer is required.
|
|
isTrustAnySigner()
Returns the flag whether to trust any SAML token issuer.
|
|
setAlias(java.lang.String alias)
Sets the key alias name in the consumer's keyStore.
|
|
setAllowUnencKey(boolean value)
Sets setting for allowing an Unencrypted key in a Holder of Key token.
|
|
setClockSkew(long time)
Sets the time in milliseconds that is allowed for clock skew between the token
issuer and the consumer.
|
|
setConfirmationMethod(java.lang.String method)
Sets the type of Subject ConfirmationMethod to be used by the token requester.
|
|
setCRLPath(java.util.List value)
Sets revoked certificate list file.
|
|
setEnforceAudienceRestriction(boolean flag)
Set the flag whether AudienceRestriction validation is required.
|
|
setEnforceOneTimeUse(boolean flag)
Set the flag whether OneTimeUse or DoNotCacheCondition validation is required.
|
|
setIsSignatureRequired(boolean option)
Set the flag whether signature by the SAML token issuer is required.
|
|
setKeyName(java.lang.String keyName)
Sets the name of the key used by the token consumer.
|
|
setKeyPassword(char[] keyPassword)
Sets the password for recovering the key.
|
|
setKeyStorePassword(char[] keyStorePassword)
Sets the type of the keyStore used by the consumer of the SAML token.
|
|
setKeyStorePath(java.lang.String keyStorePath)
Sets the file path for the keyStore used by the consumer of the SAML token..
|
|
setKeyStoreReference(java.lang.String keyStoreRef)
Sets the reference name of the keyStore used by the token consumer (e.g. a service).
|
|
setKeyStoreType(java.lang.String keyStoreType)
Sets the type of the keyStore by the consumer of the SAML token.
|
|
setTrustAnySigner(boolean option)
Sets the flag whether to trust any SAML token issuer.
|
|
setTrustedIssuers(java.util.ArrayList<java.lang.String[]> issuers)
|
|
setTrustedSTSAlias(java.lang.String alias)
Sets alias name for the key used by the SAML token issuer
|
|
setTrustStorePassword(char[] passwd)
Sets the password for the trustStore used by the token consumer.
|
|
setTrustStorePath(java.lang.String path)
Sets the file path to the trustStore used by the token consumer.
|
|
setTrustStoreRef(java.lang.String ref)
Sets the reference name of the truStstore used by the token consumer.
|
|
setTrustStoreType(java.lang.String type)
Sets the type of the trustStore used by the token consumer.
|
|
setX509Path(java.util.List value)
Sets intermediate certificate file list.
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail
SAMLConsumeCallback
- public SAMLConsumeCallback()
Method Detail
getKeyStoreReference
- public java.lang.String getKeyStoreReference( )
Returns the reference name of the keyStore used by the token consumer (e.g. a service).
Returns:
reference name of the keyStore of the token consumer.
setKeyStoreReference
- public void setKeyStoreReference( java.lang.String keyStoreRef)
Sets the reference name of the keyStore used by the token consumer (e.g. a service).
Parameters:
keyStoreRef
- string representing the reference name of the keyStore. getKeyStorePath
- public java.lang.String getKeyStorePath( )
Returns the file path for the keyStore used by the consumer of the SAML token.
Returns:
String that contains the path of the keyStore.
setKeyStorePath
- public void setKeyStorePath(java.lang.String keyStorePath)
Sets the file path for the keyStore used by the consumer of the SAML token..
Parameters:
keyStorePath
- string representing the path to the keyStore. getKeyStoreType
- public java.lang.String getKeyStoreType( )
Returns the type of the keyStore used by the consumer of the SAML token.
Returns:
type of the keyStore
setKeyStoreType
- public void setKeyStoreType(java.lang.String keyStoreType)
Sets the type of the keyStore by the consumer of the SAML token.
Parameters:
keyStoreType
- string representing the type of the keyStore getKeyStorePassword
- public char[] getKeyStorePassword( )
Returns the password for the keyStore used by the consumer of the SAML token.
Returns:
charcter array that contains the password used to check the integrity or unlock the keyStore used by
the consumer of a SAML token.
setKeyStorePassword
- public void setKeyStorePassword( char[] keyStorePassword)
Sets the type of the keyStore used by the consumer of the SAML token.
Parameters:
keyStorePassword
- character array that contains the password used to check the integrity or unlock
the keyStore for the consumer of the SAML token. getAlias
- public java.lang.String getAlias( )
Returns the alias name used by the consumer of the SAML token in its keyStore.
Returns:
alias string representing the key alias name.
setAlias
- public void setAlias(java.lang.String alias)
Sets the key alias name in the consumer's keyStore.
Parameters:
alias
- string representing the alias name. getKeyPassword
- public char[] getKeyPassword()
Returns the password for recovering the key.
Returns:
character array that contains the password used for recovering the key.
setKeyPassword
- public void setKeyPassword(char[] keyPassword)
Sets the password for recovering the key.
Parameters:
keyPassword
- character array that contains the password for recovering the key. getKeyName
- public java.lang.String getKeyName( )
Returns the name of the key used by the token consumer.
Returns:
String that contains the key.
setKeyName
- public void setKeyName(java.lang.String keyName)
Sets the name of the key used by the token consumer.
Parameters:
keyName
- string that contains the name of the key. getTrustStoreRef
- public java.lang.String getTrustStoreRef( )
Returns the reference name of the trustStore used by the token consumer.
Returns:
String containing the name of the trustStore reference.
setTrustStoreRef
- public void setTrustStoreRef(java.lang.String ref)
Sets the reference name of the truStstore used by the token consumer.
Parameters:
ref
- string that contains the reference name of the trustStore. getTrustStorePath
- public java.lang.String getTrustStorePath( )
Returns the file path to the trustStore used by the token consumer.
Returns:
String that contains the path to the trustStore.
setTrustStorePath
- public void setTrustStorePath(java.lang.String path)
Sets the file path to the trustStore used by the token consumer.
Parameters:
path
- String that contains the path to the trustStore. getTrustStoreType
- public java.lang.String getTrustStoreType( )
Returns the type of the trustStore used by the token consumer.
Returns:
String that contains the type of the trustStore.
setTrustStoreType
- public void setTrustStoreType(java.lang.String type)
Sets the type of the trustStore used by the token consumer.
Parameters:
type
- a string that contains the type of trustStore. getTrustStorePassword
- public char[] getTrustStorePassword( )
Returns the password for the trustStore used by the token consumer.
Returns:
character array that contains the password used to check the integrity of the trustStore
or to unlock it.
setTrustStorePassword
- public void setTrustStorePassword( char[] passwd)
Sets the password for the trustStore used by the token consumer.
getTrustedSTSAlias
- public java.lang.String getTrustedSTSAlias( )
Returns the alias used to locate the key used by the SAML token issuer.
Returns:
String that contains the alias for the key used by the issuer of the SAML token.
setTrustedSTSAlias
- public void setTrustedSTSAlias( java.lang.String alias)
Sets alias name for the key used by the SAML token issuer
Parameters:
alias
- a string that contains the alias name. isTrustAnySigner
- public boolean isTrustAnySigner( )
Returns the flag whether to trust any SAML token issuer.
Returns:
boolean value indicating whether to trust any SAML issuer.
setTrustAnySigner
- public void setTrustAnySigner(boolean option)
Sets the flag whether to trust any SAML token issuer.
Parameters:
option
- boolean for the flag whether to trust any SAML token issuer. isSignatureRequired
- public boolean isSignatureRequired( )
Returns the flag whether signature on the SAML token from the issuer is required.
Returns:
the flag whether SAML issuer should sign the SAML assertion. The
default behavior is that Signature from SAML issuer is required.
setIsSignatureRequired
- public void setIsSignatureRequired( boolean option)
Set the flag whether signature by the SAML token issuer is required.
Parameters:
option
- boolean flag whether the signature by the SAML token issuer is required. getClockSkew
- public long getClockSkew()
Returns the time in milliseconds that is allowed for clock skew between the token
issuer and the consumer. The clock skew is used when checking for the expiration
of the token on an Inbound request. The expiration time of the token needs to be
above the current time minus the clock skew.
Returns:
the time in milliseconds allowed for clock skew. The default clock skew
is 3 minutes.
setClockSkew
- public void setClockSkew(long time)
Sets the time in milliseconds that is allowed for clock skew between the token
issuer and the consumer. The clock skew is used when checking for the expiration
of the token on an Inbound request. The expiration time of the token needs to be
above the current time minus the clock skew.
Parameters:
time
- a long integer representing time for the clockSkew value in milliseconds. enforceOneTimeUse
- public boolean enforceOneTimeUse( )
Returns the flag whether OneTimeUse or DoNotCacheCondition assertion validation is required.
Returns:
the flag whether OneTimeUse or DoNotCacheCondition assertion validation is required. The
default behavior is that OneTimeUse or DoNotCacheCondition assertion validation from SAML issuer is required.
enforceAudienceRestriction
- public boolean enforceAudienceRestriction( )
Returns the flag whether AudienceRestriction assertion validation is required.
Returns:
the flag whether AudienceRestriction assertion validation is required. The
default behavior is that AudienceRestriction from SAML issuer is required.
setEnforceOneTimeUse
- public void setEnforceOneTimeUse( boolean flag)
Set the flag whether OneTimeUse or DoNotCacheCondition validation is required.
setEnforceAudienceRestriction
- public void setEnforceAudienceRestriction( boolean flag)
Set the flag whether AudienceRestriction validation is required.
getTrustedIssuers
- public java.util.ArrayList<java.lang.String[]> getTrustedIssuers( )
Returns:
a list of trusted SAML Issuers, each contains Issuer name and/or Signer certificate's SubjectDN
setTrustedIssuers
- public void setTrustedIssuers(java.util.ArrayList<java.lang.String[]> issuers)
getConfirmationMethod
- public java.lang.String getConfirmationMethod( )
Returns the ConfirmationMethod to be used when requesting/generating a SAML token.
Returns:
the required Subject ConfirmationMethod. The valid values
are "holder-of-key", "bearer", or "sender-vouches"
setConfirmationMethod
- public void setConfirmationMethod( java.lang.String method)
Sets the type of Subject ConfirmationMethod to be used by the token requester.
Parameters:
method
- a string identifying the Subject ConfirmationMethod. getCRLPaths
- public java.util.List<java.lang.String> getCRLPaths( )
getX509Paths
- public java.util.List<java.lang.String> getX509Paths( )
Gets the set of intermediate certificate files
Returns:
List of X509 Certificate files
setX509Path
- public void setX509Path(java.util.List value)
Sets intermediate certificate file list.
setCRLPath
- public void setCRLPath(java.util.List value)
Sets revoked certificate list file.
setAllowUnencKey
- public void setAllowUnencKey(boolean value)
Sets setting for allowing an Unencrypted key in a Holder of Key token.
Parameters:
value
- boolean flag whether to allow an Unencrypted key in a Holder of Key token getAllowUnencKey
- public boolean getAllowUnencKey( )
Gets setting for allowing an Unencrypted key in a Holder of Key token.
Default behavior is to allow an unencrypted key.