com.ibm.wsspi.wssecurity.saml.config

Interface ConsumerConfig

All Superinterfaces:
Configuration, ConsumerConfiguration

  1. public interface ConsumerConfig
  2. extends ConsumerConfiguration

This interface encapsulates getter and setter methods for the configuration attributes of the SAML token consumer.

User should never implement this interface directly, and is required to use SAMLTokenFactory to get an instance of ConsumerConfig.

Field Summary

Modifier and Type Field and Description
  1. static
  2. long
DEFAULT_CLOCKSKEW

Method Summary

Modifier and Type Method and Description
  1. void
addCertStore(java.security.cert.CertStore certStore)
Adds a cert store to the current cert store list
  1. void
addCRLPath(java.lang.String value)
Adds revoked certificate list.
  1. void
addX509Path(java.lang.String value)
Adds Intermediate certificate file.
  1. java.lang.String
getAlgorithmSuite()
Returns the Encryption Algorithm for encrypted token or key.
  1. java.lang.String
getAliasForTokenProvider()
Returns a string representing the key alias corresponding to the token provider.
  1. boolean
getAllowUnencKey()
Gets setting for allowing an Unencrypted key in a Holder of Key token.
  1. java.util.List<java.security.cert.CertStore>
getCertStores()
Gets the cert store list
  1. long
getClockSkew()
Return the allowable clock skew.
  1. java.util.List<java.lang.String>
getCRLPaths()
Get the list of revoked certificate list files.
  1. KeyInformationConfig
getKeyInformationConfig()
Returns the KeyInformationConfig object to be be used to decrypt an encrypted SAML token or key.
  1. KeyStoreConfig
getKeyStoreConfig()
Returns the KeyStoreConfig object used for the decryption of a SAML token or keys.
  1. boolean
getRevocationEnabled()
Gets the setting of the revocationEnabled flag
  1. KeyStoreConfig
getTrustStoreConfig()
Returns the KeyStoreConfig object used in the validation of the SAML Enveloped-Signature.
  1. java.util.List<java.lang.String>
getX509Paths()
Get the list of intermediate certificate files.
  1. boolean
isAssertionSignatureRequired()
Returns an indication as to whether this token consumer requires signed SAML assertions.
  1. void
setAlgorithmSuite(java.lang.String alg)
Sets the encryption algorithm for the encrypted token or key.
  1. void
setAliasForTokenProvider(java.lang.String alias)
Sets alias for Token provider's key.
  1. void
setAllowUnencKey(boolean value)
Sets setting for allowing an Unencrypted key in a Holder of Key token.
  1. void
setAssertionSignatureRequired(boolean option)
Indicates if signature on the assertion is required by this consumer.
  1. void
setCertStores(java.util.List<java.security.cert.CertStore> certStores)
Sets the cert store list
  1. void
setClockSkew(long time)
Set clock skew
  1. void
setCRLPath(java.util.List value)
Sets revoked certificate list.
  1. void
setKeyInformationConfig(KeyInformationConfig kic)
Sets the Key Information configuration attribute.
  1. void
setKeyStoreConfig(KeyStoreConfig ksc)
Sets the KeyStore configuration attribute.
  1. void
setRevocationEnabled(boolean value)
Enables certificate revocation.
  1. void
setTrustAnySTS(boolean option)
Indicates if this consumer trusts all token providers.
  1. void
setTrustStoreConfig(KeyStoreConfig tsc)
Sets the TrustStore configuration attribute.
  1. void
setX509Path(java.util.List value)
Sets intermediate certificate file lists.
  1. boolean
trustAnySTS()
Returns an indication as to whether this token consumer trusts all token providers.
Methods inherited from interface com.ibm.wsspi.wssecurity.core.config.Configuration
validate

Field Detail

DEFAULT_CLOCKSKEW

  1. static final long DEFAULT_CLOCKSKEW
See Also:

Method Detail

getAlgorithmSuite

  1. java.lang.String getAlgorithmSuite( )
Returns the Encryption Algorithm for encrypted token or key.
Returns:
a string representing the Encryption Algorithm for encrypted SAML token or keys.

getKeyInformationConfig

  1. KeyInformationConfig getKeyInformationConfig( )
Returns the KeyInformationConfig object to be be used to decrypt an encrypted SAML token or key.
Returns:
KeyInformationConfig for the decryption of encrypted SAML token or keys.
See Also:

getKeyStoreConfig

  1. KeyStoreConfig getKeyStoreConfig( )
Returns the KeyStoreConfig object used for the decryption of a SAML token or keys.
Returns:
KeyStoreConfig for the decryption of encrypted SAML token or Keys.
See Also:

getTrustStoreConfig

  1. KeyStoreConfig getTrustStoreConfig( )
Returns the KeyStoreConfig object used in the validation of the SAML Enveloped-Signature.
Returns:
KeyStoreConfig object to be used for the SAML Enveloped-Signature validation.
See Also:

getAliasForTokenProvider

  1. java.lang.String getAliasForTokenProvider( )
Returns a string representing the key alias corresponding to the token provider.
Returns:
alias name for the token provider's key.

isAssertionSignatureRequired

  1. boolean isAssertionSignatureRequired( )
Returns an indication as to whether this token consumer requires signed SAML assertions.
Returns:
boolean true or false indicating if the consumer of the SAML token requires signed assertions.

trustAnySTS

  1. boolean trustAnySTS()
Returns an indication as to whether this token consumer trusts all token providers.
Returns:
boolean true or false indicating if the consumer of the SAML token trusts all token providers.

setAlgorithmSuite

  1. void setAlgorithmSuite(java.lang.String alg)
Sets the encryption algorithm for the encrypted token or key.
Parameters:
alg - a string representing the algorithm.

setKeyInformationConfig

  1. void setKeyInformationConfig(KeyInformationConfig kic)
Sets the Key Information configuration attribute.
See Also:

setKeyStoreConfig

  1. void setKeyStoreConfig(KeyStoreConfig ksc)
Sets the KeyStore configuration attribute.
See Also:

setTrustStoreConfig

  1. void setTrustStoreConfig(KeyStoreConfig tsc)
Sets the TrustStore configuration attribute.
Parameters:
tsc - of KeyStoreConfig type.
See Also:

setAliasForTokenProvider

  1. void setAliasForTokenProvider(java.lang.String alias)
Sets alias for Token provider's key.
Parameters:
alias - name for the provider's key.

setAssertionSignatureRequired

  1. void setAssertionSignatureRequired( boolean option)
Indicates if signature on the assertion is required by this consumer.
Parameters:
option - boolean true or false.

setTrustAnySTS

  1. void setTrustAnySTS(boolean option)
Indicates if this consumer trusts all token providers.
Parameters:
option - boolean true or false.

getClockSkew

  1. long getClockSkew()
Return the allowable clock skew.
Returns:
the maximum allowable clock skew

setClockSkew

  1. void setClockSkew(long time)
Set clock skew

getX509Paths

  1. java.util.List<java.lang.String> getX509Paths( )
Get the list of intermediate certificate files.
Returns:
the list of intermediate certificate files

getCRLPaths

  1. java.util.List<java.lang.String> getCRLPaths( )
Get the list of revoked certificate list files.
Returns:
the list of CRL files

addX509Path

  1. void addX509Path(java.lang.String value)
Adds Intermediate certificate file.

addCRLPath

  1. void addCRLPath(java.lang.String value)
Adds revoked certificate list.

setX509Path

  1. void setX509Path(java.util.List value)
Sets intermediate certificate file lists.

setCRLPath

  1. void setCRLPath(java.util.List value)
Sets revoked certificate list.

setRevocationEnabled

  1. void setRevocationEnabled(boolean value)
Enables certificate revocation. This sets the revocationEnabled flag, for use in the PKIXBuilderParameters. This revocationEnabled is used in conjunction with certificate revocation lists

getRevocationEnabled

  1. boolean getRevocationEnabled()
Gets the setting of the revocationEnabled flag
Returns:
boolean true or false indicating if certificate revocation is enabled

setCertStores

  1. void setCertStores(java.util.List<java.security.cert.CertStore> certStores)
Sets the cert store list

getCertStores

  1. java.util.List<java.security.cert.CertStore> getCertStores( )
Gets the cert store list
Returns:
cert store list

addCertStore

  1. void addCertStore(java.security.cert.CertStore certStore)
Adds a cert store to the current cert store list

setAllowUnencKey

  1. void setAllowUnencKey(boolean value)
Sets setting for allowing an Unencrypted key in a Holder of Key token.
Parameters:
value - boolean flag whether to allow an Unencrypted key in a Holder of Key token

getAllowUnencKey

  1. boolean getAllowUnencKey()
Gets setting for allowing an Unencrypted key in a Holder of Key token. Default behavior is to allow an unencrypted key.