com.ibm.websphere.wssecurity.wssapi.token

Interface SAMLToken

All Superinterfaces:
GenericSecurityToken, SecurityToken

  1. public interface SAMLToken
  2. extends GenericSecurityToken
This API is used to retrieve data elements from an existing SAML token assertion. Items such token creation time, expiration time, the subject confirmation method, attributes, etc.
SAMLToken represents a SAML security token as defined by OASIS Web Services Security:SAML Token Profile 1.1. WSSTrustClient class and WSSTrustClientValidateResult class could return tokens that implement this interface.
See Also:
SecurityToken, GenericSecurityToken

Field Summary

Modifier and Type Field and Description
  1. static
  2. java.security.SecurityPermission
GET_SAMLATTRIBUTES_PERM
this is the java2 security permission needed to retrieve attributes from a SAML token.
Fields inherited from interface com.ibm.websphere.wssecurity.wssapi.token.SecurityToken
DECRYPTING_KEY, ENCRYPTING_KEY, REF_EMBEDDED, REF_KEYID, REF_STR, REF_THUMBPRINT, SIGNING_KEY, TokenQname, ValueType, VERIFING_KEY

Method Summary

Modifier and Type Method and Description
  1. javax.xml.namespace.QName
getAssertionQName()
Return SAML Assertion namespace, defined in a schema SAML-XSD.
  1. java.util.List<java.lang.String>
getAudienceRestriction()
Retrieves AudienceRestriction String name list.
  1. java.util.Date
getAuthenticationInstant()
Retrieves the authentication time when the token holder is authenticated.
  1. java.lang.String
getAuthenticationMethod()
Retrieves the authentication method that was used to authenticate the token holder.
  1. java.lang.String
getConfirmationMethod()
Retrieves the Subject Confirmation Method used in this SAML token.
  1. byte[]
getHolderOfKeyBytes()
Retrieves the key bytes from the Holder-of-Key Element of this SAML token.
  1. long
getProxyRestrictionCount()
Retrieves number of ProxyRestriction Count.
  1. java.util.List<java.lang.String>
getroxyRestrictionAudience()
Retrieves String list of ProxyRestriction Audience.
  1. java.util.List<com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute>
getSAMLAttributes()
Retrieves the list of all attributes contained in the SAML token.
  1. java.util.Date
getSamlCreated()
Retrieves the SAML assertion creation date.
  1. java.util.Date
getSamlExpires()
Return SAML Expiration time.
  1. java.lang.String
getSamlID()
Retrieves the identifier associated with this SAML assertion.
  1. java.lang.String
getSAMLIssuerName()
Retrieves the name of issuer.
  1. com.ibm.wsspi.wssecurity.saml.data.SAMLNameID
getSAMLNameID()
Retrieves SAML NameId or NameIdentifier assertion associated with the token holder.
  1. java.security.cert.X509Certificate
getSignerCertificate()
Retrieves SAML signer's X.509 Certificate
  1. java.util.Map<java.lang.String,java.lang.String>
getStringAttributes()
Retrieves a Map of SAML attributes that consist of single (key, string value) pairs only.
  1. java.lang.String
getSubjectDNS()
Retrieves DNSAddress in SubjectLocality.
  1. java.lang.String
getSubjectIPAddress()
Retrieves IPAddress in SubjectLocality.
  1. java.io.InputStream
getXMLInputStream()
Retrieves InputSream form of SAML Assertion.
  1. boolean
hasProxyRestriction()
Retrieves flag to indicate ProxyRestriction.
  1. boolean
isOneTimeUse()
Retrieves flag to indicate OneTimeUse or DoNotCacheCondition.
  1. boolean
isReadOnly()
Retrieves readOnly flag.
  1. void
setTokenReadOnly()
sets the SAMLToken to read only mode, meaning when we get any kind of SAMLAtributes, we return only copies instead of direct references.
Methods inherited from interface com.ibm.websphere.wssecurity.wssapi.token.GenericSecurityToken
getProperties, setValueType
Methods inherited from interface com.ibm.websphere.wssecurity.wssapi.token.SecurityToken
getId, getKey, getKeyIdentifier, getKeyIdentifierEncodingType, getKeyIdentifierValueType, getKeyName, getPrincipal, getReferenceURI, getThumbprint, getThumbprintEncodingType, getThumbprintValueType, getTokenQname, getValueType, getXML

Field Detail

GET_SAMLATTRIBUTES_PERM

  1. static final java.security.SecurityPermission GET_SAMLATTRIBUTES_PERM
this is the java2 security permission needed to retrieve attributes from a SAML token.

Method Detail

getSamlID

  1. java.lang.String getSamlID()
Retrieves the identifier associated with this SAML assertion.
Returns:
a string representing the ID for SAML 2.0, or AssertionID for SAML 1.1.

getAssertionQName

  1. javax.xml.namespace.QName getAssertionQName( )
Return SAML Assertion namespace, defined in a schema SAML-XSD.
Returns:
SAML Assertion namespace, defined in a schema SAML-XSD It is "urn:oasis:names:tc:SAML:1.0:assertion" for SAML 1.1, and "urn:oasis:names:tc:SAML:2.0:assertion" for SAML 2.0.

getSamlExpires

  1. java.util.Date getSamlExpires()
Return SAML Expiration time.
Returns:
SAML Token expiration time, which is delimited by the NotOnOrAfter attribute in element.

getSamlCreated

  1. java.util.Date getSamlCreated()
Retrieves the SAML assertion creation date.
Returns:
SAML Token creation Date based on the NotBefore attribute in element.

getConfirmationMethod

  1. java.lang.String getConfirmationMethod( )
Retrieves the Subject Confirmation Method used in this SAML token. based on the SAML token profile for versions 1.1 and 2.0.
Returns:
SAML SubjectConfirmation Method, and valid method is holder-of-key, bearer, or sender-vouches. the returned string is based on the OASIS SAML token profile 1.1 and SAML token profile 2.0.
See Also:

getHolderOfKeyBytes

  1. byte[] getHolderOfKeyBytes()
Retrieves the key bytes from the Holder-of-Key Element of this SAML token.
Returns:
the shared secret key bytes for a symmetric holder-of-key assertion.

getSAMLIssuerName

  1. java.lang.String getSAMLIssuerName( )
Retrieves the name of issuer.
Returns:
issuer name of the SAML authority responsible for the claims in the SAML assertion.

getAuthenticationMethod

  1. java.lang.String getAuthenticationMethod( )
Retrieves the authentication method that was used to authenticate the token holder.
Returns:
the authentication method that took place prior to the token's creation. For example "password", "kerberos", "ltpa".

getAuthenticationInstant

  1. java.util.Date getAuthenticationInstant( )
Retrieves the authentication time when the token holder is authenticated.
Returns:
the authentication time when the token holder is authenticated.

getSubjectDNS

  1. java.lang.String getSubjectDNS( )
Retrieves DNSAddress in SubjectLocality.
Returns:
DNSAddress in SubjectLocality.

getSubjectIPAddress

  1. java.lang.String getSubjectIPAddress( )
Retrieves IPAddress in SubjectLocality.
Returns:
IPAddress in SubjectLocality.

getAudienceRestriction

  1. java.util.List<java.lang.String> getAudienceRestriction( )
Retrieves AudienceRestriction String name list.
Returns:
AudienceRestriction String name list.

isOneTimeUse

  1. boolean isOneTimeUse()
Retrieves flag to indicate OneTimeUse or DoNotCacheCondition.
Returns:
flag to indicate OneTimeUse or DoNotCacheCondition.

hasProxyRestriction

  1. boolean hasProxyRestriction()
Retrieves flag to indicate ProxyRestriction.
Returns:
flag to indicate ProxyRestriction.

getProxyRestrictionCount

  1. long getProxyRestrictionCount()
Retrieves number of ProxyRestriction Count.
Returns:
number of ProxyRestriction Count.

getroxyRestrictionAudience

  1. java.util.List<java.lang.String> getroxyRestrictionAudience( )
Retrieves String list of ProxyRestriction Audience.
Returns:
String list of ProxyRestriction Audience.

getSAMLAttributes

  1. java.util.List<com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute> getSAMLAttributes( )
Retrieves the list of all attributes contained in the SAML token. When the token is in "readOnly" mode, a copy of the token's SAMLAttribute list is returned. However, even though nothing can be added or removed from list, the attributes themselves could be changed, thus altering the existing SAMLAttributes. For this reason, this method method requires the "wssapi.SAMLToken.getSAMLAttributes" Java Security permission .

getStringAttributes

  1. java.util.Map<java.lang.String,java.lang.String> getStringAttributes( )
Retrieves a Map of SAML attributes that consist of single (key, string value) pairs only.
Returns:
a Map of SAML Attributes that consist of single key with single String value. To get a complete Attribute list, use method getSAMLAttributes().

getSAMLNameID

  1. com.ibm.wsspi.wssecurity.saml.data.SAMLNameID getSAMLNameID( )
Retrieves SAML NameId or NameIdentifier assertion associated with the token holder.
Returns:
SAML NameID or NameIdentifier assertion associated with the token holder.

setTokenReadOnly

  1. void setTokenReadOnly()
sets the SAMLToken to read only mode, meaning when we get any kind of SAMLAtributes, we return only copies instead of direct references. This will prevent modifications to SAMLToken attributes held in the token.

isReadOnly

  1. boolean isReadOnly()
Retrieves readOnly flag.
Returns:
readOnly flag.

getXMLInputStream

  1. java.io.InputStream getXMLInputStream( )
  2. throws WSSException
Retrieves InputSream form of SAML Assertion.
Returns:
an InputStream form of SAML Assertion.
Throws:

getSignerCertificate

  1. java.security.cert.X509Certificate getSignerCertificate( )
Retrieves SAML signer's X.509 Certificate
Returns:
SAML signer's X.509 Certificate