com.ibm.websphere.wssecurity.callbackhandler

Class SAMLConsumeCallback

  1. java.lang.Object
  2. extended bycom.ibm.websphere.wssecurity.callbackhandler.SAMLConsumeCallback
All implemented interfaces:
javax.security.auth.callback.Callback

  1. public class SAMLConsumeCallback
  2. extends java.lang.Object
  3. implements javax.security.auth.callback.Callback
This is a Callback class used to collect configuration data associated with the consumer of an incoming SAML token. It is important to note that an incoming token (inbound request) is checked for expiration using the token's own expiration date and the clock skew between the sending and the receiving system. The expiration date of the token must be above the current time minus the clock skew value. The default clock skew is set to: 3 minutes.
A SAML token remains valid in the process if it was valid at the time the process received that token.
See Also:
SAMLToken, SAMLTokenFactory

Constructor Summary

Constructor and Description
SAMLConsumeCallback()

Method Summary

Modifier and Type Method and Description
  1. boolean
enforceAudienceRestriction()
Returns the flag whether AudienceRestriction assertion validation is required.
  1. boolean
enforceOneTimeUse()
Returns the flag whether OneTimeUse or DoNotCacheCondition assertion validation is required.
  1. java.lang.String
getAlias()
Returns the alias name used by the consumer of the SAML token in its keyStore.
  1. boolean
getAllowUnencKey()
Gets setting for allowing an Unencrypted key in a Holder of Key token.
  1. long
getClockSkew()
Returns the time in milliseconds that is allowed for clock skew between the token issuer and the consumer.
  1. java.lang.String
getConfirmationMethod()
Returns the ConfirmationMethod to be used when requesting/generating a SAML token.
  1. java.util.List<java.lang.String>
getCRLPaths()
  1. java.lang.String
getKeyName()
Returns the name of the key used by the token consumer.
  1. char[]
getKeyPassword()
Returns the password for recovering the key.
  1. char[]
getKeyStorePassword()
Returns the password for the keyStore used by the consumer of the SAML token.
  1. java.lang.String
getKeyStorePath()
Returns the file path for the keyStore used by the consumer of the SAML token.
  1. java.lang.String
getKeyStoreReference()
Returns the reference name of the keyStore used by the token consumer (e.g. a service).
  1. java.lang.String
getKeyStoreType()
Returns the type of the keyStore used by the consumer of the SAML token.
  1. java.util.ArrayList<java.lang.String[]>
getTrustedIssuers()
  1. java.lang.String
getTrustedSTSAlias()
Returns the alias used to locate the key used by the SAML token issuer.
  1. char[]
getTrustStorePassword()
Returns the password for the trustStore used by the token consumer.
  1. java.lang.String
getTrustStorePath()
Returns the file path to the trustStore used by the token consumer.
  1. java.lang.String
getTrustStoreRef()
Returns the reference name of the trustStore used by the token consumer.
  1. java.lang.String
getTrustStoreType()
Returns the type of the trustStore used by the token consumer.
  1. java.util.List<java.lang.String>
getX509Paths()
Gets the set of intermediate certificate files
  1. boolean
isSignatureRequired()
Returns the flag whether signature on the SAML token from the issuer is required.
  1. boolean
isTrustAnySigner()
Returns the flag whether to trust any SAML token issuer.
  1. void
setAlias(java.lang.String alias)
Sets the key alias name in the consumer's keyStore.
  1. void
setAllowUnencKey(boolean value)
Sets setting for allowing an Unencrypted key in a Holder of Key token.
  1. void
setClockSkew(long time)
Sets the time in milliseconds that is allowed for clock skew between the token issuer and the consumer.
  1. void
setConfirmationMethod(java.lang.String method)
Sets the type of Subject ConfirmationMethod to be used by the token requester.
  1. void
setCRLPath(java.util.List value)
Sets revoked certificate list file.
  1. void
setEnforceAudienceRestriction(boolean flag)
Set the flag whether AudienceRestriction validation is required.
  1. void
setEnforceOneTimeUse(boolean flag)
Set the flag whether OneTimeUse or DoNotCacheCondition validation is required.
  1. void
setIsSignatureRequired(boolean option)
Set the flag whether signature by the SAML token issuer is required.
  1. void
setKeyName(java.lang.String keyName)
Sets the name of the key used by the token consumer.
  1. void
setKeyPassword(char[] keyPassword)
Sets the password for recovering the key.
  1. void
setKeyStorePassword(char[] keyStorePassword)
Sets the type of the keyStore used by the consumer of the SAML token.
  1. void
setKeyStorePath(java.lang.String keyStorePath)
Sets the file path for the keyStore used by the consumer of the SAML token..
  1. void
setKeyStoreReference(java.lang.String keyStoreRef)
Sets the reference name of the keyStore used by the token consumer (e.g. a service).
  1. void
setKeyStoreType(java.lang.String keyStoreType)
Sets the type of the keyStore by the consumer of the SAML token.
  1. void
setTrustAnySigner(boolean option)
Sets the flag whether to trust any SAML token issuer.
  1. void
setTrustedIssuers(java.util.ArrayList<java.lang.String[]> issuers)
  1. void
setTrustedSTSAlias(java.lang.String alias)
Sets alias name for the key used by the SAML token issuer
  1. void
setTrustStorePassword(char[] passwd)
Sets the password for the trustStore used by the token consumer.
  1. void
setTrustStorePath(java.lang.String path)
Sets the file path to the trustStore used by the token consumer.
  1. void
setTrustStoreRef(java.lang.String ref)
Sets the reference name of the truStstore used by the token consumer.
  1. void
setTrustStoreType(java.lang.String type)
Sets the type of the trustStore used by the token consumer.
  1. void
setX509Path(java.util.List value)
Sets intermediate certificate file list.
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SAMLConsumeCallback

  1. public SAMLConsumeCallback()

Method Detail

getKeyStoreReference

  1. public java.lang.String getKeyStoreReference( )
Returns the reference name of the keyStore used by the token consumer (e.g. a service).
Returns:
reference name of the keyStore of the token consumer.

setKeyStoreReference

  1. public void setKeyStoreReference( java.lang.String keyStoreRef)
Sets the reference name of the keyStore used by the token consumer (e.g. a service).
Parameters:
keyStoreRef - string representing the reference name of the keyStore.

getKeyStorePath

  1. public java.lang.String getKeyStorePath( )
Returns the file path for the keyStore used by the consumer of the SAML token.
Returns:
String that contains the path of the keyStore.

setKeyStorePath

  1. public void setKeyStorePath(java.lang.String keyStorePath)
Sets the file path for the keyStore used by the consumer of the SAML token..
Parameters:
keyStorePath - string representing the path to the keyStore.

getKeyStoreType

  1. public java.lang.String getKeyStoreType( )
Returns the type of the keyStore used by the consumer of the SAML token.
Returns:
type of the keyStore

setKeyStoreType

  1. public void setKeyStoreType(java.lang.String keyStoreType)
Sets the type of the keyStore by the consumer of the SAML token.
Parameters:
keyStoreType - string representing the type of the keyStore

getKeyStorePassword

  1. public char[] getKeyStorePassword( )
Returns the password for the keyStore used by the consumer of the SAML token.
Returns:
charcter array that contains the password used to check the integrity or unlock the keyStore used by the consumer of a SAML token.

setKeyStorePassword

  1. public void setKeyStorePassword( char[] keyStorePassword)
Sets the type of the keyStore used by the consumer of the SAML token.
Parameters:
keyStorePassword - character array that contains the password used to check the integrity or unlock the keyStore for the consumer of the SAML token.

getAlias

  1. public java.lang.String getAlias( )
Returns the alias name used by the consumer of the SAML token in its keyStore.
Returns:
alias string representing the key alias name.

setAlias

  1. public void setAlias(java.lang.String alias)
Sets the key alias name in the consumer's keyStore.
Parameters:
alias - string representing the alias name.

getKeyPassword

  1. public char[] getKeyPassword()
Returns the password for recovering the key.
Returns:
character array that contains the password used for recovering the key.

setKeyPassword

  1. public void setKeyPassword(char[] keyPassword)
Sets the password for recovering the key.
Parameters:
keyPassword - character array that contains the password for recovering the key.

getKeyName

  1. public java.lang.String getKeyName( )
Returns the name of the key used by the token consumer.
Returns:
String that contains the key.

setKeyName

  1. public void setKeyName(java.lang.String keyName)
Sets the name of the key used by the token consumer.
Parameters:
keyName - string that contains the name of the key.

getTrustStoreRef

  1. public java.lang.String getTrustStoreRef( )
Returns the reference name of the trustStore used by the token consumer.
Returns:
String containing the name of the trustStore reference.

setTrustStoreRef

  1. public void setTrustStoreRef(java.lang.String ref)
Sets the reference name of the truStstore used by the token consumer.
Parameters:
ref - string that contains the reference name of the trustStore.

getTrustStorePath

  1. public java.lang.String getTrustStorePath( )
Returns the file path to the trustStore used by the token consumer.
Returns:
String that contains the path to the trustStore.

setTrustStorePath

  1. public void setTrustStorePath(java.lang.String path)
Sets the file path to the trustStore used by the token consumer.
Parameters:
path - String that contains the path to the trustStore.

getTrustStoreType

  1. public java.lang.String getTrustStoreType( )
Returns the type of the trustStore used by the token consumer.
Returns:
String that contains the type of the trustStore.

setTrustStoreType

  1. public void setTrustStoreType(java.lang.String type)
Sets the type of the trustStore used by the token consumer.
Parameters:
type - a string that contains the type of trustStore.

getTrustStorePassword

  1. public char[] getTrustStorePassword( )
Returns the password for the trustStore used by the token consumer.
Returns:
character array that contains the password used to check the integrity of the trustStore or to unlock it.

setTrustStorePassword

  1. public void setTrustStorePassword( char[] passwd)
Sets the password for the trustStore used by the token consumer.

getTrustedSTSAlias

  1. public java.lang.String getTrustedSTSAlias( )
Returns the alias used to locate the key used by the SAML token issuer.
Returns:
String that contains the alias for the key used by the issuer of the SAML token.

setTrustedSTSAlias

  1. public void setTrustedSTSAlias( java.lang.String alias)
Sets alias name for the key used by the SAML token issuer
Parameters:
alias - a string that contains the alias name.

isTrustAnySigner

  1. public boolean isTrustAnySigner( )
Returns the flag whether to trust any SAML token issuer.
Returns:
boolean value indicating whether to trust any SAML issuer.

setTrustAnySigner

  1. public void setTrustAnySigner(boolean option)
Sets the flag whether to trust any SAML token issuer.
Parameters:
option - boolean for the flag whether to trust any SAML token issuer.

isSignatureRequired

  1. public boolean isSignatureRequired( )
Returns the flag whether signature on the SAML token from the issuer is required.
Returns:
the flag whether SAML issuer should sign the SAML assertion. The default behavior is that Signature from SAML issuer is required.

setIsSignatureRequired

  1. public void setIsSignatureRequired( boolean option)
Set the flag whether signature by the SAML token issuer is required.
Parameters:
option - boolean flag whether the signature by the SAML token issuer is required.

getClockSkew

  1. public long getClockSkew()
Returns the time in milliseconds that is allowed for clock skew between the token issuer and the consumer. The clock skew is used when checking for the expiration of the token on an Inbound request. The expiration time of the token needs to be above the current time minus the clock skew.
Returns:
the time in milliseconds allowed for clock skew. The default clock skew is 3 minutes.

setClockSkew

  1. public void setClockSkew(long time)
Sets the time in milliseconds that is allowed for clock skew between the token issuer and the consumer. The clock skew is used when checking for the expiration of the token on an Inbound request. The expiration time of the token needs to be above the current time minus the clock skew.
Parameters:
time - a long integer representing time for the clockSkew value in milliseconds.

enforceOneTimeUse

  1. public boolean enforceOneTimeUse( )
Returns the flag whether OneTimeUse or DoNotCacheCondition assertion validation is required.
Returns:
the flag whether OneTimeUse or DoNotCacheCondition assertion validation is required. The default behavior is that OneTimeUse or DoNotCacheCondition assertion validation from SAML issuer is required.

enforceAudienceRestriction

  1. public boolean enforceAudienceRestriction( )
Returns the flag whether AudienceRestriction assertion validation is required.
Returns:
the flag whether AudienceRestriction assertion validation is required. The default behavior is that AudienceRestriction from SAML issuer is required.

setEnforceOneTimeUse

  1. public void setEnforceOneTimeUse( boolean flag)
Set the flag whether OneTimeUse or DoNotCacheCondition validation is required.

setEnforceAudienceRestriction

  1. public void setEnforceAudienceRestriction( boolean flag)
Set the flag whether AudienceRestriction validation is required.

getTrustedIssuers

  1. public java.util.ArrayList<java.lang.String[]> getTrustedIssuers( )
Returns:
a list of trusted SAML Issuers, each contains Issuer name and/or Signer certificate's SubjectDN

setTrustedIssuers

  1. public void setTrustedIssuers(java.util.ArrayList<java.lang.String[]> issuers)

getConfirmationMethod

  1. public java.lang.String getConfirmationMethod( )
Returns the ConfirmationMethod to be used when requesting/generating a SAML token.
Returns:
the required Subject ConfirmationMethod. The valid values are "holder-of-key", "bearer", or "sender-vouches"

setConfirmationMethod

  1. public void setConfirmationMethod( java.lang.String method)
Sets the type of Subject ConfirmationMethod to be used by the token requester.
Parameters:
method - a string identifying the Subject ConfirmationMethod.

getCRLPaths

  1. public java.util.List<java.lang.String> getCRLPaths( )

getX509Paths

  1. public java.util.List<java.lang.String> getX509Paths( )
Gets the set of intermediate certificate files
Returns:
List of X509 Certificate files

setX509Path

  1. public void setX509Path(java.util.List value)
Sets intermediate certificate file list.

setCRLPath

  1. public void setCRLPath(java.util.List value)
Sets revoked certificate list file.

setAllowUnencKey

  1. public void setAllowUnencKey(boolean value)
Sets setting for allowing an Unencrypted key in a Holder of Key token.
Parameters:
value - boolean flag whether to allow an Unencrypted key in a Holder of Key token

getAllowUnencKey

  1. public boolean getAllowUnencKey( )
Gets setting for allowing an Unencrypted key in a Holder of Key token. Default behavior is to allow an unencrypted key.