IBM WebSphere Application ServerTM
Release 8

com.ibm.websphere.wssecurity.callbackhandler
Class SAMLIdAssertionCallback

java.lang.Object
  extended by com.ibm.websphere.wssecurity.callbackhandler.SAMLIdAssertionCallback
All Implemented Interfaces:
javax.security.auth.callback.Callback

public class SAMLIdAssertionCallback
extends java.lang.Object
implements javax.security.auth.callback.Callback

This is a callback class for asserting SAMLToken to WebSphere WSCredential

See Also:
SAMLToken, SAMLIdAssertionCallbackHandler

Field Summary
static java.util.ArrayList<java.lang.String> defaultGroupNameList
           
static java.lang.String GROUP
           
static java.lang.String GROUP_IDS
           
static java.lang.String GROUPIDS
           
static java.lang.String GROUPMEMBERSHIP
           
static java.lang.String GROUPS
           
static java.lang.String MEMBEROF
           
static java.lang.String MEMBEROF_1
           
static java.lang.String MEMBERS
           
static java.lang.String MEMBERSHIP
           
static java.lang.String PRIMARY_GROUP
           
static java.lang.String ROLE
           
static java.lang.String ROLES
           
static java.lang.String WSCREDENTIAL_ACCESS_ID
           
static java.lang.String WSCREDENTIAL_NAMESPACE
           
 
Constructor Summary
SAMLIdAssertionCallback()
           
 
Method Summary
 java.util.ArrayList<java.lang.String[]> getCredentialList()
          Returns a list of trusted credential's identifiers, each identifier includes issuer name, optional SAML attribute name and attribute namespace for principal, optional SAML attribute name and attribute namespace for realm, and optional SAML attribute name and attribute namespace for group memberships.
 boolean isCrossDomainIdAssertion()
           
 boolean isUseIssuerNameForRealm()
           
 boolean isUseNameQualifierForRealm()
           
 void setCredentialList(java.util.ArrayList<java.lang.String[]> credList)
          Sets a list of trusted credential's identifiers, each identifier includes security domain name, optional SAML attribute name and attribute namespace for principal, optional SAML attribute name and attribute namespace for realm, and optional SAML attribute name and attribute namespace for group memberships.
 void setCrossDomainIdAssertion(boolean flag)
          sets flag of cross security domain ID assertion.
 void setUseIssuerNameForRealm(boolean flag)
          sets flag to use Issuer name for realm if SAML is issued from WSCredential.
 void setUseNameQualifierForRealm(boolean flag)
          sets flag to use NameQualifier for realm if SAML is not issued from WSCredential.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

GROUPS

public static final java.lang.String GROUPS
See Also:
Constant Field Values

GROUP

public static final java.lang.String GROUP
See Also:
Constant Field Values

MEMBEROF

public static final java.lang.String MEMBEROF
See Also:
Constant Field Values

MEMBEROF_1

public static final java.lang.String MEMBEROF_1
See Also:
Constant Field Values

MEMBERSHIP

public static final java.lang.String MEMBERSHIP
See Also:
Constant Field Values

GROUPMEMBERSHIP

public static final java.lang.String GROUPMEMBERSHIP
See Also:
Constant Field Values

MEMBERS

public static final java.lang.String MEMBERS
See Also:
Constant Field Values

GROUPIDS

public static final java.lang.String GROUPIDS
See Also:
Constant Field Values

ROLE

public static final java.lang.String ROLE
See Also:
Constant Field Values

ROLES

public static final java.lang.String ROLES
See Also:
Constant Field Values

GROUP_IDS

public static final java.lang.String GROUP_IDS
See Also:
Constant Field Values

PRIMARY_GROUP

public static final java.lang.String PRIMARY_GROUP
See Also:
Constant Field Values

defaultGroupNameList

public static java.util.ArrayList<java.lang.String> defaultGroupNameList

WSCREDENTIAL_ACCESS_ID

public static final java.lang.String WSCREDENTIAL_ACCESS_ID
See Also:
Constant Field Values

WSCREDENTIAL_NAMESPACE

public static final java.lang.String WSCREDENTIAL_NAMESPACE
See Also:
Constant Field Values
Constructor Detail

SAMLIdAssertionCallback

public SAMLIdAssertionCallback()
Method Detail

setCredentialList

public void setCredentialList(java.util.ArrayList<java.lang.String[]> credList)
Sets a list of trusted credential's identifiers, each identifier includes security domain name, optional SAML attribute name and attribute namespace for principal, optional SAML attribute name and attribute namespace for realm, and optional SAML attribute name and attribute namespace for group memberships. The default principal is SAML NameIdentifer for SAML 1.1 or NameId for SAML 2.0 The default issuer name is any issuer name. The default realm name is SAML issuer name. The default group memberships are all attribute names: groups, group, memberof, groupmembership, membership, members, and groupid.

Parameters:
credList - A list of trusted credential's identifiers.

getCredentialList

public java.util.ArrayList<java.lang.String[]> getCredentialList()
Returns a list of trusted credential's identifiers, each identifier includes issuer name, optional SAML attribute name and attribute namespace for principal, optional SAML attribute name and attribute namespace for realm, and optional SAML attribute name and attribute namespace for group memberships.

Returns:
A list of trusted credential's identifiers

setCrossDomainIdAssertion

public void setCrossDomainIdAssertion(boolean flag)
sets flag of cross security domain ID assertion. The SAML NameID or NameIdentifier and SAML attributes will be used to generate WSCredential without user registry lookup if this property is set to true.

Parameters:
flag - A flag if cross security domain ID assertion enabled

isCrossDomainIdAssertion

public boolean isCrossDomainIdAssertion()
Returns:
the flag if cross security domain ID assertion enabled.

setUseNameQualifierForRealm

public void setUseNameQualifierForRealm(boolean flag)
sets flag to use NameQualifier for realm if SAML is not issued from WSCredential. The SAML issuer name is used as foreign realm if this property is not set.

Parameters:
flag - A flag if cross security domain ID assertion enabled

isUseNameQualifierForRealm

public boolean isUseNameQualifierForRealm()
Returns:
the flag if use NameQualifier for realm if SAML is not issued from WSCredential

setUseIssuerNameForRealm

public void setUseIssuerNameForRealm(boolean flag)
sets flag to use Issuer name for realm if SAML is issued from WSCredential. The NameQualifier is used as foreign realm if this property is not set.

Parameters:
flag - A flag if cross security domain ID assertion enabled

isUseIssuerNameForRealm

public boolean isUseIssuerNameForRealm()
Returns:
the flag if use NameQualifier for realm if SAML is issued from WSCredential.

IBM WebSphere Application ServerTM
Release 8