IBM WebSphere Application ServerTM
Release 8

com.ibm.wsspi.wssecurity.core.config
Interface IssuedTokenConfigConstants


public interface IssuedTokenConfigConstants

Generic Constants and properties used by the generic issued token login modules and callbacks.


Field Summary
static java.lang.String ALWAYS_GENERIC
           This key is used by the GenericIssuedTokenConsumeLoginModule and can be set using any of the built-in callback handlers.
static java.lang.String APPLIES_TO
           The key is used to specify the AppliesTo for the requested issued Token when using WSSAPI.
static java.lang.String CONFIRMATION_METHOD
           This is the key used to specify SAML assertion ConfirmationMethod.
static java.lang.String ENFORCE_CONFIRMATION_METHOD
           This is the key used to specify the option to enforce confirmation method in SAML assertion when doing token exchange The default value for this property is false unless it is set to true.
static java.lang.String EXCHANGED_TOKEN_TYPE
           This is the key used to specify the token type that should be returned after a successful token validation.
static java.lang.String KEY_ALIAS
           This is the optional key used to specify the key alias decrypt SAML assertion
static java.lang.String KEY_NAME
           This is the optional key used to specify the key name decrypt SAML assertion
static java.lang.String KEY_PASSWORD
           This is the optional key used to specify the key password decrypt SAML assertion
static java.lang.String KEY_STORE_PASSWORD
           This is the key used to specify keystore password decrypt SAML assertion
static java.lang.String KEY_STORE_PATH
           This is the key used to specify keystore file path to decrypt SAML assertion
static java.lang.String KEY_STORE_TYPE
           This is the key used to specify keystore type name decrypt SAML assertion
static java.lang.String PASS_THROUGH_TOKEN
           This key is valid for use by both GenericIssuedTokenConsumeLoginModule and GenericIssuedTokenGenerateLoginModule.
static java.lang.String SAML_APPLIES_TO
           The key is used to specify the AppliesTo for the requested SAMLToken when using WSSAPI.
static java.lang.String SSL_CONFIG_ALIAS
           The key is used to specify the alias to an SSL configuration used by WS-Trust client to request SAMLToken.
static java.lang.String STS_ADDRESS
           This is the key used to specify the SecurityTokenService address.
static java.lang.String TRUST_CLIENT_BINDING
           This is the key used to specify WS-trust client's binding name.
static java.lang.String TRUST_CLIENT_BINDING_SCOPE
           This is the key used to specify binding scope for the policyset attached to WS-Trust client.
static java.lang.String TRUST_CLIENT_COLLECTION_REQUEST
           This is the key used to specify if RequestSecurityTokenCollection is required in WS-Trust request.
static java.lang.String TRUST_CLIENT_POLICY
           This is the key used to specify WS-Trust client's policyset name.
static java.lang.String TRUST_CLIENT_SOAP_VERSION
           This is the key used to specify the SOAP version in WS-Trust request.
static java.lang.String TRUST_CLIENT_VALIDATE_BINDING
           This is the key used to specify WS-trust client's binding name for Validate.
static java.lang.String TRUST_CLIENT_VALIDATE_POLICY
           This is the key used to specify WS-Trust client's policyset name for Validate.
static java.lang.String TRUST_CLIENT_WSTRUST_NAMESPACE
           This is the key used to specify the WS-Trust namespace in WS-Trust request.
static java.lang.String TRUST_INCLUDE_TOKEN_TYPE
           This is the key used to specify the the returned token type included in trust request message.
static java.lang.String TRUST_ISSUER
           This is the key used to specify the issuer for the requested token.
static java.lang.String TRUST_VALIDATE_TARGET_OPTION
           This is the key used to specify the used WS-Trust ValidateTarget, which is one of the following options: token, or base.
static java.lang.String TRUSTED_ISSUER_
           This is the key used in the custom properties in GenericIssuedTokenConsumeCallbackHandler to specify the trusted issuer name whose name is trustedIssuer_n where n is an integer and started from 0.
static java.lang.String TRUSTED_ISSUER_SUBJECTDN
           This is the key used in the custom properties in GenericIssuedTokenConsumeCallbackHandler to specify the trusted issuer X509Certificate's SubjectDN name whose name is trustedSubjectDN_n where n is an integer and started from 0.
static java.lang.String UNT_PASSWORD_REQUIRED
           This is the optional key used to specify if password is required when using UsernameToken from RunAs subject.
static java.lang.String USE_RUN_AS_SUBJECT
           This is the key used to specify if the generator should use the token from RunAsSubject for outgoing request.
static java.lang.String USE_RUN_AS_SUBJECT_ONLY
           This is the key used to specify if the generator should only use the token from RunAsSubject for outgoing request.
static java.lang.String USE_TOKEN
           This is the key used to specify which token ValueType in RunAsSubject is used to generate token for the SOAP requester.
static java.lang.String VALIDATE_TOKEN
           This is the key used to specify if generator should use WS-Trust to validate the token from RunAsSubject.
static java.lang.String WSS_CONSUMING_CONTEXT
           The key is used to specify the WSSConsumingContext object used by WS-Trust client to request SAMLToken.
static java.lang.String WSS_GENERATION_CONTEXT
           The key is used to specify the WSSGenerationContext object used by WS-Trust client to request SAMLToken.
 

Field Detail

STS_ADDRESS

static final java.lang.String STS_ADDRESS

This is the key used to specify the SecurityTokenService address. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

See Also:
Constant Field Values

TRUST_CLIENT_POLICY

static final java.lang.String TRUST_CLIENT_POLICY

This is the key used to specify WS-Trust client's policyset name. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

See Also:
Constant Field Values

TRUST_CLIENT_BINDING

static final java.lang.String TRUST_CLIENT_BINDING

This is the key used to specify WS-trust client's binding name. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

See Also:
Constant Field Values

TRUST_CLIENT_SOAP_VERSION

static final java.lang.String TRUST_CLIENT_SOAP_VERSION

This is the key used to specify the SOAP version in WS-Trust request. Valid values are "1.1" or "1.2". The default value is the same SOAP version used by application client. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

See Also:
Constant Field Values

TRUST_CLIENT_WSTRUST_NAMESPACE

static final java.lang.String TRUST_CLIENT_WSTRUST_NAMESPACE

This is the key used to specify the WS-Trust namespace in WS-Trust request. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

See Also:
Constant Field Values

TRUST_CLIENT_BINDING_SCOPE

static final java.lang.String TRUST_CLIENT_BINDING_SCOPE

This is the key used to specify binding scope for the policyset attached to WS-Trust client. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

See Also:
Constant Field Values

EXCHANGED_TOKEN_TYPE

static final java.lang.String EXCHANGED_TOKEN_TYPE

This is the key used to specify the token type that should be returned after a successful token validation. The key is used in the CallbackHandler's custom properties in token consumer bindings.

See Also:
Constant Field Values

TRUST_VALIDATE_TARGET_OPTION

static final java.lang.String TRUST_VALIDATE_TARGET_OPTION

This is the key used to specify the used WS-Trust ValidateTarget, which is one of the following options: token, or base. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

See Also:
Constant Field Values

TRUST_ISSUER

static final java.lang.String TRUST_ISSUER

This is the key used to specify the issuer for the requested token. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

See Also:
Constant Field Values

TRUST_INCLUDE_TOKEN_TYPE

static final java.lang.String TRUST_INCLUDE_TOKEN_TYPE

This is the key used to specify the the returned token type included in trust request message. The default implementation always include the required return token ValueType in WS-Trust request message. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

See Also:
Constant Field Values

USE_RUN_AS_SUBJECT

static final java.lang.String USE_RUN_AS_SUBJECT

This is the key used to specify if the generator should use the token from RunAsSubject for outgoing request. The default behavior is always to try to use validated tokens in RunAs subject first. The key is used in the CallbackHandler's custom properties in token generator bindings.

See Also:
Constant Field Values

USE_RUN_AS_SUBJECT_ONLY

static final java.lang.String USE_RUN_AS_SUBJECT_ONLY

This is the key used to specify if the generator should only use the token from RunAsSubject for outgoing request. The default behavior is to use WS-Trust Issue to request a token if RunAs subject fails to emit a valid token.

See Also:
Constant Field Values

USE_TOKEN

static final java.lang.String USE_TOKEN

This is the key used to specify which token ValueType in RunAsSubject is used to generate token for the SOAP requester. If the specified token ValueType is different from the ValueType in the requested token, a token exchange is performed by using ws-trust Validate. If the specified token ValueType is the same as the ValueType in the requested token, a token validation is performed by using ws-trust Validate. Optionally, the token validation could be deferred to service provider. The key is used in the CallbackHandler's custom properties in token generator bindings.

See Also:
Constant Field Values

VALIDATE_TOKEN

static final java.lang.String VALIDATE_TOKEN

This is the key used to specify if generator should use WS-Trust to validate the token from RunAsSubject. The default behavior is to always Validate the outgoing token from RunAsSubject before sending token to service. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

See Also:
Constant Field Values

TRUST_CLIENT_VALIDATE_POLICY

static final java.lang.String TRUST_CLIENT_VALIDATE_POLICY

This is the key used to specify WS-Trust client's policyset name for Validate. If this key is not specified, the policyset specified by key TRUST_CLIENT_POLICY is applied. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

See Also:
Constant Field Values

TRUST_CLIENT_VALIDATE_BINDING

static final java.lang.String TRUST_CLIENT_VALIDATE_BINDING

This is the key used to specify WS-trust client's binding name for Validate. If this key is not specified, the bindings specified by key TRUST_CLIENT_BINDING is applied. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

See Also:
Constant Field Values

ENFORCE_CONFIRMATION_METHOD

static final java.lang.String ENFORCE_CONFIRMATION_METHOD

This is the key used to specify the option to enforce confirmation method in SAML assertion when doing token exchange The default value for this property is false unless it is set to true.

See Also:
Constant Field Values

CONFIRMATION_METHOD

static final java.lang.String CONFIRMATION_METHOD

This is the key used to specify SAML assertion ConfirmationMethod. Valid values include "bearer", and "sender-vouches".

See Also:
Constant Field Values

KEY_STORE_PATH

static final java.lang.String KEY_STORE_PATH

This is the key used to specify keystore file path to decrypt SAML assertion

See Also:
Constant Field Values

KEY_STORE_TYPE

static final java.lang.String KEY_STORE_TYPE

This is the key used to specify keystore type name decrypt SAML assertion

See Also:
Constant Field Values

KEY_STORE_PASSWORD

static final java.lang.String KEY_STORE_PASSWORD

This is the key used to specify keystore password decrypt SAML assertion

See Also:
Constant Field Values

KEY_ALIAS

static final java.lang.String KEY_ALIAS

This is the optional key used to specify the key alias decrypt SAML assertion

See Also:
Constant Field Values

KEY_NAME

static final java.lang.String KEY_NAME

This is the optional key used to specify the key name decrypt SAML assertion

See Also:
Constant Field Values

KEY_PASSWORD

static final java.lang.String KEY_PASSWORD

This is the optional key used to specify the key password decrypt SAML assertion

See Also:
Constant Field Values

UNT_PASSWORD_REQUIRED

static final java.lang.String UNT_PASSWORD_REQUIRED

This is the optional key used to specify if password is required when using UsernameToken from RunAs subject.

See Also:
Constant Field Values

WSS_GENERATION_CONTEXT

static final java.lang.String WSS_GENERATION_CONTEXT

The key is used to specify the WSSGenerationContext object used by WS-Trust client to request SAMLToken.

See Also:
Constant Field Values

WSS_CONSUMING_CONTEXT

static final java.lang.String WSS_CONSUMING_CONTEXT

The key is used to specify the WSSConsumingContext object used by WS-Trust client to request SAMLToken.

See Also:
Constant Field Values

SSL_CONFIG_ALIAS

static final java.lang.String SSL_CONFIG_ALIAS

The key is used to specify the alias to an SSL configuration used by WS-Trust client to request SAMLToken. This key is optional. If this key is not set, the default SSL alias defined in system's SSL Configuration is used.

See Also:
Constant Field Values

APPLIES_TO

static final java.lang.String APPLIES_TO

The key is used to specify the AppliesTo for the requested issued Token when using WSSAPI.

See Also:
Constant Field Values

SAML_APPLIES_TO

static final java.lang.String SAML_APPLIES_TO

The key is used to specify the AppliesTo for the requested SAMLToken when using WSSAPI.

See Also:
Constant Field Values

TRUST_CLIENT_COLLECTION_REQUEST

static final java.lang.String TRUST_CLIENT_COLLECTION_REQUEST

This is the key used to specify if RequestSecurityTokenCollection is required in WS-Trust request. The default behavior is to use RequestSecurityToken instead of RequestSecurityTokenCollection.

See Also:
Constant Field Values

TRUSTED_ISSUER_

static final java.lang.String TRUSTED_ISSUER_

This is the key used in the custom properties in GenericIssuedTokenConsumeCallbackHandler to specify the trusted issuer name whose name is trustedIssuer_n where n is an integer and started from 0.

See Also:
Constant Field Values

TRUSTED_ISSUER_SUBJECTDN

static final java.lang.String TRUSTED_ISSUER_SUBJECTDN

This is the key used in the custom properties in GenericIssuedTokenConsumeCallbackHandler to specify the trusted issuer X509Certificate's SubjectDN name whose name is trustedSubjectDN_n where n is an integer and started from 0.

See Also:
Constant Field Values

PASS_THROUGH_TOKEN

static final java.lang.String PASS_THROUGH_TOKEN

This key is valid for use by both GenericIssuedTokenConsumeLoginModule and GenericIssuedTokenGenerateLoginModule. It can be specified on any of the built-in callback handlers. When this key is used for the consumer, it is used to direct if the inbound token should be sent to the STS or not. The default behavior is to always send the inbound token to the STS for validation and/or exchange (depending on other config settings). When this property is set to true, the inbound token will not be sent to the STS at all, in effect, 'passing through' the consumer. Also, when this property is set to true and a built-in token type is used (UsernameToken, Kerberos Token, SAML token, etc), the token will be parsed and available on the WS-Security context for later processing by a caller configuration JAAS login module. When this key is used for the generator, it is used to direct if the outbound token should be obtained from the STS or not. The default behavior is to always obtain the token from the STS. When this property is set to true, the inbound token will be obtained in this order: 1) From the sharedState from a stacked JAAS login module, 2) From the com.ibm.wsspi.wssecurity.token.tokenHolder list on the message context 3) From the inbound SecurityTokens Refer to the following constants in com.ibm.wsspi.wssecurity.core.Constants for more information: com.ibm.wsspi.wssecurity.token.tokenHolder com.ibm.wsspi.wssecurity.token.enableCaptureTokenContext com.ibm.wsspi.wssecurity.token.enableCaptureTokenInboundMsg

See Also:
Constant Field Values

ALWAYS_GENERIC

static final java.lang.String ALWAYS_GENERIC

This key is used by the GenericIssuedTokenConsumeLoginModule and can be set using any of the built-in callback handlers. When passThroughToken is set to true, if this property is also set to true, the login module will always create a GenericSecurityToken instead of a built-in token type that corresponds to the valueType that is configured for the token. The default value for this property is false.

See Also:
Constant Field Values

IBM WebSphere Application ServerTM
Release 8