IBM WebSphere Application ServerTM
Release 8

com.ibm.websphere.wssecurity.wssapi.token
Interface SAMLToken

All Superinterfaces:
GenericSecurityToken, SecurityToken

public interface SAMLToken
extends GenericSecurityToken

This API is used to retrieve data elements from an existing SAML token assertion. Items such token creation time, expiration time, the subject confirmation method, attributes, etc.
SAMLToken represents a SAML security token as defined by OASIS Web Services Security:SAML Token Profile 1.1. WSSTrustClient class and WSSTrustClientValidateResult class could return tokens that implement this interface.

See Also:
SecurityToken, GenericSecurityToken

Field Summary
static java.security.SecurityPermission GET_SAMLATTRIBUTES_PERM
          this is the java2 security permission needed to retrieve attributes from a SAML token.
 
Fields inherited from interface com.ibm.websphere.wssecurity.wssapi.token.SecurityToken
DECRYPTING_KEY, ENCRYPTING_KEY, REF_EMBEDDED, REF_KEYID, REF_STR, REF_THUMBPRINT, SIGNING_KEY, TokenQname, ValueType, VERIFING_KEY
 
Method Summary
 javax.xml.namespace.QName getAssertionQName()
          Return SAML Assertion namespace, defined in a schema SAML-XSD.
 java.util.List<java.lang.String> getAudienceRestriction()
          Retrieves AudienceRestriction String name list.
 java.util.Date getAuthenticationInstant()
          Retrieves the authentication time when the token holder is authenticated.
 java.lang.String getAuthenticationMethod()
          Retrieves the authentication method that was used to authenticate the token holder.
 java.lang.String getConfirmationMethod()
          Retrieves the Subject Confirmation Method used in this SAML token.
 byte[] getHolderOfKeyBytes()
          Retrieves the key bytes from the Holder-of-Key Element of this SAML token.
 long getProxyRestrictionCount()
          Retrieves number of ProxyRestriction Count.
 java.util.List<java.lang.String> getroxyRestrictionAudience()
          Retrieves String list of ProxyRestriction Audience.
 java.util.List<com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute> getSAMLAttributes()
          Retrieves the list of all attributes contained in the SAML token.
 java.util.Date getSamlCreated()
          Retrieves the SAML assertion creation date.
 java.util.Date getSamlExpires()
          Return SAML Expiration time.
 java.lang.String getSamlID()
          Retrieves the identifier associated with this SAML assertion.
 java.lang.String getSAMLIssuerName()
          Retrieves the name of issuer.
 com.ibm.wsspi.wssecurity.saml.data.SAMLNameID getSAMLNameID()
          Retrieves SAML NameId or NameIdentifier assertion associated with the token holder.
 java.security.cert.X509Certificate getSignerCertificate()
          Retrieves SAML signer's X.509 Certificate
 java.util.Map<java.lang.String,java.lang.String> getStringAttributes()
          Retrieves a Map of SAML attributes that consist of single (key, string value) pairs only.
 java.lang.String getSubjectDNS()
          Retrieves DNSAddress in SubjectLocality.
 java.lang.String getSubjectIPAddress()
          Retrieves IPAddress in SubjectLocality.
 java.io.InputStream getXMLInputStream()
          Retrieves InputSream form of SAML Assertion.
 boolean hasProxyRestriction()
          Retrieves flag to indicate ProxyRestriction.
 boolean isOneTimeUse()
          Retrieves flag to indicate OneTimeUse or DoNotCacheCondition.
 boolean isReadOnly()
          Retrieves readOnly flag.
 void setTokenReadOnly()
          sets the SAMLToken to read only mode, meaning when we get any kind of SAMLAtributes, we return only copies instead of direct references.
 
Methods inherited from interface com.ibm.websphere.wssecurity.wssapi.token.GenericSecurityToken
getProperties, setValueType
 
Methods inherited from interface com.ibm.websphere.wssecurity.wssapi.token.SecurityToken
getId, getKey, getKeyIdentifier, getKeyIdentifierEncodingType, getKeyIdentifierValueType, getKeyName, getPrincipal, getReferenceURI, getThumbprint, getThumbprintEncodingType, getThumbprintValueType, getTokenQname, getValueType, getXML
 

Field Detail

GET_SAMLATTRIBUTES_PERM

static final java.security.SecurityPermission GET_SAMLATTRIBUTES_PERM
this is the java2 security permission needed to retrieve attributes from a SAML token.

Method Detail

getSamlID

java.lang.String getSamlID()
Retrieves the identifier associated with this SAML assertion.

Returns:
a string representing the ID for SAML 2.0, or AssertionID for SAML 1.1.

getAssertionQName

javax.xml.namespace.QName getAssertionQName()
Return SAML Assertion namespace, defined in a schema SAML-XSD.

Returns:
SAML Assertion namespace, defined in a schema SAML-XSD It is "urn:oasis:names:tc:SAML:1.0:assertion" for SAML 1.1, and "urn:oasis:names:tc:SAML:2.0:assertion" for SAML 2.0.

getSamlExpires

java.util.Date getSamlExpires()
Return SAML Expiration time.

Returns:
SAML Token expiration time, which is delimited by the NotOnOrAfter attribute in element.

getSamlCreated

java.util.Date getSamlCreated()
Retrieves the SAML assertion creation date.

Returns:
SAML Token creation Date based on the NotBefore attribute in element.

getConfirmationMethod

java.lang.String getConfirmationMethod()
Retrieves the Subject Confirmation Method used in this SAML token. based on the SAML token profile for versions 1.1 and 2.0.

Returns:
SAML SubjectConfirmation Method, and valid method is holder-of-key, bearer, or sender-vouches. the returned string is based on the OASIS SAML token profile 1.1 and SAML token profile 2.0.
See Also:
OASIS SAML Token Profile 1.1, OASIS SAML Token Profile 2.0

getHolderOfKeyBytes

byte[] getHolderOfKeyBytes()
Retrieves the key bytes from the Holder-of-Key Element of this SAML token.

Returns:
the shared secret key bytes for a symmetric holder-of-key assertion.

getSAMLIssuerName

java.lang.String getSAMLIssuerName()
Retrieves the name of issuer.

Returns:
issuer name of the SAML authority responsible for the claims in the SAML assertion.

getAuthenticationMethod

java.lang.String getAuthenticationMethod()
Retrieves the authentication method that was used to authenticate the token holder.

Returns:
the authentication method that took place prior to the token's creation. For example "password", "kerberos", "ltpa".

getAuthenticationInstant

java.util.Date getAuthenticationInstant()
Retrieves the authentication time when the token holder is authenticated.

Returns:
the authentication time when the token holder is authenticated.

getSubjectDNS

java.lang.String getSubjectDNS()
Retrieves DNSAddress in SubjectLocality.

Returns:
DNSAddress in SubjectLocality.

getSubjectIPAddress

java.lang.String getSubjectIPAddress()
Retrieves IPAddress in SubjectLocality.

Returns:
IPAddress in SubjectLocality.

getAudienceRestriction

java.util.List<java.lang.String> getAudienceRestriction()
Retrieves AudienceRestriction String name list.

Returns:
AudienceRestriction String name list.

isOneTimeUse

boolean isOneTimeUse()
Retrieves flag to indicate OneTimeUse or DoNotCacheCondition.

Returns:
flag to indicate OneTimeUse or DoNotCacheCondition.

hasProxyRestriction

boolean hasProxyRestriction()
Retrieves flag to indicate ProxyRestriction.

Returns:
flag to indicate ProxyRestriction.

getProxyRestrictionCount

long getProxyRestrictionCount()
Retrieves number of ProxyRestriction Count.

Returns:
number of ProxyRestriction Count.

getroxyRestrictionAudience

java.util.List<java.lang.String> getroxyRestrictionAudience()
Retrieves String list of ProxyRestriction Audience.

Returns:
String list of ProxyRestriction Audience.

getSAMLAttributes

java.util.List<com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute> getSAMLAttributes()
Retrieves the list of all attributes contained in the SAML token. When the token is in "readOnly" mode, a copy of the token's SAMLAttribute list is returned. However, even though nothing can be added or removed from list, the attributes themselves could be changed, thus altering the existing SAMLAttributes. For this reason, this method method requires the "wssapi.SAMLToken.getSAMLAttributes" Java Security permission .


getStringAttributes

java.util.Map<java.lang.String,java.lang.String> getStringAttributes()
Retrieves a Map of SAML attributes that consist of single (key, string value) pairs only.

Returns:
a Map of SAML Attributes that consist of single key with single String value. To get a complete Attribute list, use method getSAMLAttributes().

getSAMLNameID

com.ibm.wsspi.wssecurity.saml.data.SAMLNameID getSAMLNameID()
Retrieves SAML NameId or NameIdentifier assertion associated with the token holder.

Returns:
SAML NameID or NameIdentifier assertion associated with the token holder.

setTokenReadOnly

void setTokenReadOnly()
sets the SAMLToken to read only mode, meaning when we get any kind of SAMLAtributes, we return only copies instead of direct references. This will prevent modifications to SAMLToken attributes held in the token.


isReadOnly

boolean isReadOnly()
Retrieves readOnly flag.

Returns:
readOnly flag.

getXMLInputStream

java.io.InputStream getXMLInputStream()
                                      throws WSSException
Retrieves InputSream form of SAML Assertion.

Returns:
an InputStream form of SAML Assertion.
Throws:
WSSException

getSignerCertificate

java.security.cert.X509Certificate getSignerCertificate()
Retrieves SAML signer's X.509 Certificate

Returns:
SAML signer's X.509 Certificate

IBM WebSphere Application ServerTM
Release 8