com.ibm.websphere.wssecurity.callbackhandler

Class SAMLIdAssertionCallback

  1. java.lang.Object
  2. extended bycom.ibm.websphere.wssecurity.callbackhandler.SAMLIdAssertionCallback
All implemented interfaces:
javax.security.auth.callback.Callback

  1. public class SAMLIdAssertionCallback
  2. extends java.lang.Object
  3. implements javax.security.auth.callback.Callback
This is a callback class for asserting SAMLToken to WebSphere WSCredential
See Also:
SAMLToken, SAMLIdAssertionCallbackHandler

Field Summary

Modifier and Type Field and Description
  1. static
  2. java.util.ArrayList<java.lang.String>
defaultGroupNameList
  1. static
  2. java.lang.String
GROUP
  1. static
  2. java.lang.String
GROUP_IDS
  1. static
  2. java.lang.String
GROUPIDS
  1. static
  2. java.lang.String
GROUPMEMBERSHIP
  1. static
  2. java.lang.String
GROUPS
  1. static
  2. java.lang.String
MEMBEROF
  1. static
  2. java.lang.String
MEMBEROF_1
  1. static
  2. java.lang.String
MEMBERS
  1. static
  2. java.lang.String
MEMBERSHIP
  1. static
  2. java.lang.String
PRIMARY_GROUP
  1. static
  2. java.lang.String
ROLE
  1. static
  2. java.lang.String
ROLES
  1. static
  2. java.lang.String
WSCREDENTIAL_ACCESS_ID
  1. static
  2. java.lang.String
WSCREDENTIAL_NAMESPACE

Constructor Summary

Constructor and Description
SAMLIdAssertionCallback()

Method Summary

Modifier and Type Method and Description
  1. java.util.ArrayList<java.lang.String[]>
getCredentialList()
Returns a list of trusted credential's identifiers, each identifier includes issuer name, optional SAML attribute name and attribute namespace for principal, optional SAML attribute name and attribute namespace for realm, and optional SAML attribute name and attribute namespace for group memberships.
  1. boolean
isCrossDomainIdAssertion()
  1. boolean
isUseIssuerNameForRealm()
  1. boolean
isUseNameQualifierForRealm()
  1. void
setCredentialList(java.util.ArrayList<java.lang.String[]> credList)
Sets a list of trusted credential's identifiers, each identifier includes security domain name, optional SAML attribute name and attribute namespace for principal, optional SAML attribute name and attribute namespace for realm, and optional SAML attribute name and attribute namespace for group memberships.
  1. void
setCrossDomainIdAssertion(boolean flag)
sets flag of cross security domain ID assertion.
  1. void
setUseIssuerNameForRealm(boolean flag)
sets flag to use Issuer name for realm if SAML is issued from WSCredential.
  1. void
setUseNameQualifierForRealm(boolean flag)
sets flag to use NameQualifier for realm if SAML is not issued from WSCredential.
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

GROUPS

  1. public static final java.lang.String GROUPS
See Also:

GROUP

  1. public static final java.lang.String GROUP
See Also:

MEMBEROF

  1. public static final java.lang.String MEMBEROF
See Also:

MEMBEROF_1

  1. public static final java.lang.String MEMBEROF_1
See Also:

MEMBERSHIP

  1. public static final java.lang.String MEMBERSHIP
See Also:

GROUPMEMBERSHIP

  1. public static final java.lang.String GROUPMEMBERSHIP
See Also:

MEMBERS

  1. public static final java.lang.String MEMBERS
See Also:

GROUPIDS

  1. public static final java.lang.String GROUPIDS
See Also:

ROLE

  1. public static final java.lang.String ROLE
See Also:

ROLES

  1. public static final java.lang.String ROLES
See Also:

GROUP_IDS

  1. public static final java.lang.String GROUP_IDS
See Also:

PRIMARY_GROUP

  1. public static final java.lang.String PRIMARY_GROUP
See Also:

defaultGroupNameList

  1. public static java.util.ArrayList<java.lang.String> defaultGroupNameList

WSCREDENTIAL_ACCESS_ID

  1. public static final java.lang.String WSCREDENTIAL_ACCESS_ID
See Also:

WSCREDENTIAL_NAMESPACE

  1. public static final java.lang.String WSCREDENTIAL_NAMESPACE
See Also:

Constructor Detail

SAMLIdAssertionCallback

  1. public SAMLIdAssertionCallback( )

Method Detail

setCredentialList

  1. public void setCredentialList(java.util.ArrayList<java.lang.String[]> credList)
Sets a list of trusted credential's identifiers, each identifier includes security domain name, optional SAML attribute name and attribute namespace for principal, optional SAML attribute name and attribute namespace for realm, and optional SAML attribute name and attribute namespace for group memberships. The default principal is SAML NameIdentifer for SAML 1.1 or NameId for SAML 2.0 The default issuer name is any issuer name. The default realm name is SAML issuer name. The default group memberships are all attribute names: groups, group, memberof, groupmembership, membership, members, and groupid.
Parameters:
credList - A list of trusted credential's identifiers.

getCredentialList

  1. public java.util.ArrayList<java.lang.String[]> getCredentialList( )
Returns a list of trusted credential's identifiers, each identifier includes issuer name, optional SAML attribute name and attribute namespace for principal, optional SAML attribute name and attribute namespace for realm, and optional SAML attribute name and attribute namespace for group memberships.
Returns:
A list of trusted credential's identifiers

setCrossDomainIdAssertion

  1. public void setCrossDomainIdAssertion( boolean flag)
sets flag of cross security domain ID assertion. The SAML NameID or NameIdentifier and SAML attributes will be used to generate WSCredential without user registry lookup if this property is set to true.
Parameters:
flag - A flag if cross security domain ID assertion enabled

isCrossDomainIdAssertion

  1. public boolean isCrossDomainIdAssertion( )
Returns:
the flag if cross security domain ID assertion enabled.

setUseNameQualifierForRealm

  1. public void setUseNameQualifierForRealm( boolean flag)
sets flag to use NameQualifier for realm if SAML is not issued from WSCredential. The SAML issuer name is used as foreign realm if this property is not set.
Parameters:
flag - A flag if cross security domain ID assertion enabled

isUseNameQualifierForRealm

  1. public boolean isUseNameQualifierForRealm( )
Returns:
the flag if use NameQualifier for realm if SAML is not issued from WSCredential

setUseIssuerNameForRealm

  1. public void setUseIssuerNameForRealm( boolean flag)
sets flag to use Issuer name for realm if SAML is issued from WSCredential. The NameQualifier is used as foreign realm if this property is not set.
Parameters:
flag - A flag if cross security domain ID assertion enabled

isUseIssuerNameForRealm

  1. public boolean isUseIssuerNameForRealm( )
Returns:
the flag if use NameQualifier for realm if SAML is issued from WSCredential.