com.ibm.wsspi.wssecurity.saml.config
Interface ConsumerConfig
All Superinterfaces:
- public interface ConsumerConfig
- extends ConsumerConfiguration
This interface encapsulates getter and setter methods for the configuration attributes of the SAML token consumer.
User should never implement this interface directly, and is required to useSAMLTokenFactory
to get an instance of ConsumerConfig.
Field Summary
Modifier and Type | Field and Description |
---|---|
|
DEFAULT_CLOCKSKEW
|
Method Summary
Modifier and Type | Method and Description |
---|---|
|
addCertStore(java.security.cert.CertStore certStore)
Adds a cert store to the current cert store list
|
|
addCRLPath(java.lang.String value)
Adds revoked certificate list.
|
|
addX509Path(java.lang.String value)
Adds Intermediate certificate file.
|
|
getAlgorithmSuite()
Returns the Encryption Algorithm for encrypted token or key.
|
|
getAliasForTokenProvider()
Returns a string representing the key alias corresponding to the token provider.
|
|
getAllowUnencKey()
Gets setting for allowing an Unencrypted key in a Holder of Key token.
|
|
getCertStores()
Gets the cert store list
|
|
getClockSkew()
Return the allowable clock skew.
|
|
getCRLPaths()
Get the list of revoked certificate list files.
|
getKeyInformationConfig()
Returns the KeyInformationConfig object to be be used to decrypt an encrypted SAML
token or key.
|
|
getKeyStoreConfig()
Returns the KeyStoreConfig object used for the decryption of a SAML token or keys.
|
|
|
getRevocationEnabled()
Gets the setting of the revocationEnabled flag
|
getTrustStoreConfig()
Returns the KeyStoreConfig object used in the validation of the SAML Enveloped-Signature.
|
|
|
getX509Paths()
Get the list of intermediate certificate files.
|
|
isAssertionSignatureRequired()
Returns an indication as to whether this token consumer requires signed SAML assertions.
|
|
setAlgorithmSuite(java.lang.String alg)
Sets the encryption algorithm for the encrypted token or key.
|
|
setAliasForTokenProvider(java.lang.String alias)
Sets alias for Token provider's key.
|
|
setAllowUnencKey(boolean value)
Sets setting for allowing an Unencrypted key in a Holder of Key token.
|
|
setAssertionSignatureRequired(boolean option)
Indicates if signature on the assertion is required by this consumer.
|
|
setCertStores(java.util.List<java.security.cert.CertStore> certStores)
Sets the cert store list
|
|
setClockSkew(long time)
Set clock skew
|
|
setCRLPath(java.util.List value)
Sets revoked certificate list.
|
|
setKeyInformationConfig(KeyInformationConfig kic)
Sets the Key Information configuration attribute.
|
|
setKeyStoreConfig(KeyStoreConfig ksc)
Sets the KeyStore configuration attribute.
|
|
setRevocationEnabled(boolean value)
Enables certificate revocation.
|
|
setTrustAnySTS(boolean option)
Indicates if this consumer trusts all token providers.
|
|
setTrustStoreConfig(KeyStoreConfig tsc)
Sets the TrustStore configuration attribute.
|
|
setX509Path(java.util.List value)
Sets intermediate certificate file lists.
|
|
trustAnySTS()
Returns an indication as to whether this token consumer trusts all token providers.
|
Methods inherited from interface com.ibm.wsspi.wssecurity.core.config.Configuration |
---|
validate |
Field Detail
DEFAULT_CLOCKSKEW
- static final long DEFAULT_CLOCKSKEW
See Also:
Method Detail
getAlgorithmSuite
- java.lang.String getAlgorithmSuite( )
Returns the Encryption Algorithm for encrypted token or key.
Returns:
a string representing the Encryption Algorithm for encrypted SAML token or keys.
getKeyInformationConfig
- KeyInformationConfig getKeyInformationConfig( )
Returns the KeyInformationConfig object to be be used to decrypt an encrypted SAML
token or key.
Returns:
KeyInformationConfig for the decryption of encrypted SAML token or keys.
See Also:
getKeyStoreConfig
- KeyStoreConfig getKeyStoreConfig( )
Returns the KeyStoreConfig object used for the decryption of a SAML token or keys.
Returns:
KeyStoreConfig for the decryption of encrypted SAML token or Keys.
See Also:
getTrustStoreConfig
- KeyStoreConfig getTrustStoreConfig( )
Returns the KeyStoreConfig object used in the validation of the SAML Enveloped-Signature.
Returns:
KeyStoreConfig object to be used for the SAML Enveloped-Signature validation.
See Also:
getAliasForTokenProvider
- java.lang.String getAliasForTokenProvider( )
Returns a string representing the key alias corresponding to the token provider.
Returns:
alias name for the token provider's key.
isAssertionSignatureRequired
- boolean isAssertionSignatureRequired( )
Returns an indication as to whether this token consumer requires signed SAML assertions.
Returns:
boolean true or false indicating if the consumer of the SAML token requires signed assertions.
trustAnySTS
- boolean trustAnySTS()
Returns an indication as to whether this token consumer trusts all token providers.
Returns:
boolean true or false indicating if the consumer of the SAML token trusts all token providers.
setAlgorithmSuite
- void setAlgorithmSuite(java.lang.String alg)
Sets the encryption algorithm for the encrypted token or key.
Parameters:
alg
- a string representing the algorithm. setKeyInformationConfig
- void setKeyInformationConfig(KeyInformationConfig kic)
Sets the Key Information configuration attribute.
See Also:
setKeyStoreConfig
- void setKeyStoreConfig(KeyStoreConfig ksc)
Sets the KeyStore configuration attribute.
See Also:
setTrustStoreConfig
- void setTrustStoreConfig(KeyStoreConfig tsc)
Sets the TrustStore configuration attribute.
setAliasForTokenProvider
- void setAliasForTokenProvider(java.lang.String alias)
Sets alias for Token provider's key.
Parameters:
alias
- name for the provider's key. setAssertionSignatureRequired
- void setAssertionSignatureRequired( boolean option)
Indicates if signature on the assertion is required by this consumer.
Parameters:
option
- boolean true or false. setTrustAnySTS
- void setTrustAnySTS(boolean option)
Indicates if this consumer trusts all token providers.
Parameters:
option
- boolean true or false. getClockSkew
- long getClockSkew()
Return the allowable clock skew.
Returns:
the maximum allowable clock skew
setClockSkew
- void setClockSkew(long time)
Set clock skew
getX509Paths
- java.util.List<java.lang.String> getX509Paths( )
Get the list of intermediate certificate files.
Returns:
the list of intermediate certificate files
getCRLPaths
- java.util.List<java.lang.String> getCRLPaths( )
Get the list of revoked certificate list files.
Returns:
the list of CRL files
addX509Path
- void addX509Path(java.lang.String value)
Adds Intermediate certificate file.
addCRLPath
- void addCRLPath(java.lang.String value)
Adds revoked certificate list.
setX509Path
- void setX509Path(java.util.List value)
Sets intermediate certificate file lists.
setCRLPath
- void setCRLPath(java.util.List value)
Sets revoked certificate list.
setRevocationEnabled
- void setRevocationEnabled(boolean value)
Enables certificate revocation. This sets the
revocationEnabled flag, for use in the PKIXBuilderParameters.
This revocationEnabled is used in conjunction with certificate
revocation lists
getRevocationEnabled
- boolean getRevocationEnabled()
Gets the setting of the revocationEnabled flag
Returns:
boolean true or false indicating if certificate revocation is enabled
setCertStores
- void setCertStores(java.util.List<java.security.cert.CertStore> certStores)
Sets the cert store list
getCertStores
- java.util.List<java.security.cert.CertStore> getCertStores( )
Gets the cert store list
Returns:
cert store list
addCertStore
- void addCertStore(java.security.cert.CertStore certStore)
Adds a cert store to the current cert store list
setAllowUnencKey
- void setAllowUnencKey(boolean value)
Sets setting for allowing an Unencrypted key in a Holder of Key token.
Parameters:
value
- boolean flag whether to allow an Unencrypted key in a Holder of Key token getAllowUnencKey
- boolean getAllowUnencKey()
Gets setting for allowing an Unencrypted key in a Holder of Key token.
Default behavior is to allow an unencrypted key.