com.ibm.websphere.wssecurity.callbackhandler

Class SAMLIdAssertionCallbackHandler

  1. java.lang.Object
  2. extended bycom.ibm.websphere.wssecurity.callbackhandler.SAMLIdAssertionCallbackHandler
All implemented interfaces:
javax.security.auth.callback.CallbackHandler

  1. public class SAMLIdAssertionCallbackHandler
  2. extends java.lang.Object
  3. implements javax.security.auth.callback.CallbackHandler
This class is a callback handler for asserting SAMLToken to WebSphere WSCredential. This callback handler define rules to map SAMLToken attributes to WebSphere WSCredential. You use this handler to specify a list of trusted SAML issuer names from who attributes might be asserted to WSCredential. For SAML token issued from the listed trusted issuers, you can specify which attribute name and attribute name space define security realm, principal, and group memberships. All issuer names are trusted by default. The default principal name is NameId for SAML 2.0 or NameIdentifier for SAML 1.1. The default realm is set to be issuer name. If attribute to WSCredential mapping rule is not defined, the following default mapping rule is applied: 1. All issuers are trusted. 2. the realm is issuer name. 3. The principal is SAML NameID or NameIdentifier., and 4. The group memberships will be searched from a list of attribute names, including "group", "groups", "groupmembership", 'membership", "members", "memberof", "memberOf", "groupid", "role", "roles", "PrimaryGroupId", and "GroupIds".

The custom property "issuer" is trusted issuer name whose name is issuer_n where n is an integer.

The custom property "principalName" is the attribute name for principal whose name is principalNamen where n is an integer.

The custom property "principalNamespace" is the attribute name space for principal whose name is principalNamespace_n where n is an integer.

The custom property "realmName" is the attribute name for realm whose name is realmName_n where n is an integer.

The custom property "realmNamespace" is the attribute name space for realm whose name is realmNamespace_n where n is an integer.

The custom property "groupName" is the attribute name for groups whose name is groupName_n where n is an integer.

The custom property "groupNamespace" is the attribute name space for groups whose name is groupNamespace_n where n is an integer.

The custom property "realmNameRange" is a white space delimited String that lists all names could be used as trusted realm whose name is realmNameRange_n where n is an integer.

The custom property "uniqueId" is the attribute name for WebSphere credential's unique ID whose name is uniqueId_n where n is an integer.

The custom property "uniqueIdNamespace" is the attribute name space for WebSphere credential's unique ID whose name is uniqueIdNamespace_n where n is an integer.

See Also:
SAMLToken, SAMLIdAssertionCallback

Field Summary

Modifier and Type Field and Description
  1. static
  2. java.lang.String
ACCESSID
  1. static
  2. java.lang.String
ACCESSIDNAMESPACE
  1. static
  2. java.lang.String
CROSS_DOMAIN_ID_ASSERTION
  1. static
  2. java.lang.String
GROUPNAMESPACE
  1. static
  2. java.lang.String
GROUPS
  1. static
  2. java.lang.String
ISSUER
  1. static
  2. java.lang.String
PRINCIPAL
  1. static
  2. java.lang.String
PRINCIPALNAMESPACE
  1. static
  2. java.lang.String
REALM
  1. static
  2. java.lang.String
REALM_RANGE
  1. static
  2. java.lang.String
REALMNAMESPACE
  1. static
  2. java.lang.String
USEISSUERNAMEFORREALM
  1. static
  2. java.lang.String
USENAMEQUALIFIERFORREALM

Constructor Summary

Constructor and Description
SAMLIdAssertionCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)

Method Summary

Modifier and Type Method and Description
  1. void
handle(javax.security.auth.callback.Callback[] callbacks)
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ISSUER

  1. public static final java.lang.String ISSUER

PRINCIPAL

  1. public static final java.lang.String PRINCIPAL

PRINCIPALNAMESPACE

  1. public static final java.lang.String PRINCIPALNAMESPACE

GROUPS

  1. public static final java.lang.String GROUPS

GROUPNAMESPACE

  1. public static final java.lang.String GROUPNAMESPACE

REALM

  1. public static final java.lang.String REALM

REALMNAMESPACE

  1. public static final java.lang.String REALMNAMESPACE

CROSS_DOMAIN_ID_ASSERTION

  1. public static final java.lang.String CROSS_DOMAIN_ID_ASSERTION

REALM_RANGE

  1. public static final java.lang.String REALM_RANGE

ACCESSID

  1. public static final java.lang.String ACCESSID

ACCESSIDNAMESPACE

  1. public static final java.lang.String ACCESSIDNAMESPACE

USENAMEQUALIFIERFORREALM

  1. public static final java.lang.String USENAMEQUALIFIERFORREALM

USEISSUERNAMEFORREALM

  1. public static final java.lang.String USEISSUERNAMEFORREALM

Constructor Detail

SAMLIdAssertionCallbackHandler

  1. public SAMLIdAssertionCallbackHandler( java.util.Map<java.lang.Object,java.lang.Object> properties)

Method Detail

handle

  1. public void handle(javax.security.auth.callback.Callback[] callbacks)
  2. throws java.io.IOException
  3. javax.security.auth.callback.UnsupportedCallbackException
Specified by:
handle in interface javax.security.auth.callback.CallbackHandler
Throws:
java.io.IOException
javax.security.auth.callback.UnsupportedCallbackException