com.ibm.websphere.wssecurity.callbackhandler
Class SAMLIdAssertionCallback
- java.lang.Object
com.ibm.websphere.wssecurity.callbackhandler.SAMLIdAssertionCallback
All implemented interfaces:
javax.security.auth.callback.Callback
- public class SAMLIdAssertionCallback
- extends java.lang.Object
- implements javax.security.auth.callback.Callback
See Also:
Field Summary
Modifier and Type | Field and Description |
---|---|
|
defaultGroupNameList
|
|
GROUP
|
|
GROUP_IDS
|
|
GROUPIDS
|
|
GROUPMEMBERSHIP
|
|
GROUPS
|
|
MEMBEROF
|
|
MEMBEROF_1
|
|
MEMBERS
|
|
MEMBERSHIP
|
|
PRIMARY_GROUP
|
|
ROLE
|
|
ROLES
|
|
WSCREDENTIAL_ACCESS_ID
|
|
WSCREDENTIAL_NAMESPACE
|
Constructor Summary
Constructor and Description |
---|
SAMLIdAssertionCallback()
|
Method Summary
Modifier and Type | Method and Description |
---|---|
|
getCredentialList()
Returns a list of trusted credential's identifiers, each identifier includes
issuer name, optional SAML attribute name and attribute namespace for principal,
optional SAML attribute name and attribute namespace for realm, and
optional SAML attribute name and attribute namespace for group memberships.
|
|
isCrossDomainIdAssertion()
|
|
isUseIssuerNameForRealm()
|
|
isUseNameQualifierForRealm()
|
|
setCredentialList(java.util.ArrayList<java.lang.String[]> credList)
Sets a list of trusted credential's identifiers, each identifier includes
security domain name, optional SAML attribute name and attribute namespace for principal,
optional SAML attribute name and attribute namespace for realm, and
optional SAML attribute name and attribute namespace for group memberships.
|
|
setCrossDomainIdAssertion(boolean flag)
sets flag of cross security domain ID assertion.
|
|
setUseIssuerNameForRealm(boolean flag)
sets flag to use Issuer name for realm if SAML is issued from WSCredential.
|
|
setUseNameQualifierForRealm(boolean flag)
sets flag to use NameQualifier for realm if SAML is not issued from WSCredential.
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail
GROUPS
- public static final java.lang.String GROUPS
See Also:
GROUP
- public static final java.lang.String GROUP
See Also:
MEMBEROF
- public static final java.lang.String MEMBEROF
See Also:
MEMBEROF_1
- public static final java.lang.String MEMBEROF_1
See Also:
MEMBERSHIP
- public static final java.lang.String MEMBERSHIP
See Also:
GROUPMEMBERSHIP
- public static final java.lang.String GROUPMEMBERSHIP
See Also:
MEMBERS
- public static final java.lang.String MEMBERS
See Also:
GROUPIDS
- public static final java.lang.String GROUPIDS
See Also:
ROLE
- public static final java.lang.String ROLE
See Also:
ROLES
- public static final java.lang.String ROLES
See Also:
GROUP_IDS
- public static final java.lang.String GROUP_IDS
See Also:
PRIMARY_GROUP
- public static final java.lang.String PRIMARY_GROUP
See Also:
defaultGroupNameList
- public static java.util.ArrayList<java.lang.String> defaultGroupNameList
WSCREDENTIAL_ACCESS_ID
- public static final java.lang.String WSCREDENTIAL_ACCESS_ID
See Also:
WSCREDENTIAL_NAMESPACE
- public static final java.lang.String WSCREDENTIAL_NAMESPACE
See Also:
Constructor Detail
SAMLIdAssertionCallback
- public SAMLIdAssertionCallback( )
Method Detail
setCredentialList
- public void setCredentialList(java.util.ArrayList<java.lang.String[]> credList)
Sets a list of trusted credential's identifiers, each identifier includes
security domain name, optional SAML attribute name and attribute namespace for principal,
optional SAML attribute name and attribute namespace for realm, and
optional SAML attribute name and attribute namespace for group memberships.
The default principal is SAML NameIdentifer for SAML 1.1 or NameId for SAML 2.0
The default issuer name is any issuer name.
The default realm name is SAML issuer name.
The default group memberships are all attribute names: groups, group, memberof, groupmembership, membership, members, and groupid.
Parameters:
credList
- A list of trusted credential's identifiers. getCredentialList
- public java.util.ArrayList<java.lang.String[]> getCredentialList( )
Returns a list of trusted credential's identifiers, each identifier includes
issuer name, optional SAML attribute name and attribute namespace for principal,
optional SAML attribute name and attribute namespace for realm, and
optional SAML attribute name and attribute namespace for group memberships.
Returns:
A list of trusted credential's identifiers
setCrossDomainIdAssertion
- public void setCrossDomainIdAssertion( boolean flag)
sets flag of cross security domain ID assertion.
The SAML NameID or NameIdentifier and SAML attributes will be used to generate WSCredential without user registry lookup if this property is set to true.
Parameters:
flag
- A flag if cross security domain ID assertion enabled isCrossDomainIdAssertion
- public boolean isCrossDomainIdAssertion( )
Returns:
the flag if cross security domain ID assertion enabled.
setUseNameQualifierForRealm
- public void setUseNameQualifierForRealm( boolean flag)
sets flag to use NameQualifier for realm if SAML is not issued from WSCredential.
The SAML issuer name is used as foreign realm if this property is not set.
Parameters:
flag
- A flag if cross security domain ID assertion enabled isUseNameQualifierForRealm
- public boolean isUseNameQualifierForRealm( )
Returns:
the flag if use NameQualifier for realm if SAML is not issued from WSCredential
setUseIssuerNameForRealm
- public void setUseIssuerNameForRealm( boolean flag)
sets flag to use Issuer name for realm if SAML is issued from WSCredential.
The NameQualifier is used as foreign realm if this property is not set.
Parameters:
flag
- A flag if cross security domain ID assertion enabled isUseIssuerNameForRealm
- public boolean isUseIssuerNameForRealm( )
Returns:
the flag if use NameQualifier for realm if SAML is issued from WSCredential.