IBM WebSphere Application ServerTM
Release 7

com.ibm.websphere.wssecurity.callbackhandler
Class SAMLIdAssertionCallbackHandler

java.lang.Object
  extended by com.ibm.websphere.wssecurity.callbackhandler.SAMLIdAssertionCallbackHandler
All Implemented Interfaces:
javax.security.auth.callback.CallbackHandler

public class SAMLIdAssertionCallbackHandler
extends java.lang.Object
implements javax.security.auth.callback.CallbackHandler

This class is a callback handler for asserting SAMLToken to WebSphere WSCredential. This callback handler define rules to map SAMLToken attributes to WebSphere WSCredential. You use this handler to specify a list of trusted SAML issuer names from who attributes might be asserted to WSCredential. For SAML token issued from the listed trusted issuers, you can specify which attribute name and attribute name space define security realm, principal, and group memberships. All issuer names are trusted by default. The default principal name is NameId for SAML 2.0 or NameIdentifier for SAML 1.1. The default realm is set to be issuer name. If attribute to WSCredential mapping rule is not defined, the following default mapping rule is applied: 1. All issuers are trusted. 2. the realm is issuer name. 3. The principal is SAML NameID or NameIdentifier., and 4. The group memberships will be searched from a list of attribute names, including "group", "groups", "groupmembership", 'membership", "members", "memberof", "groupid", "role", and "roles".

The custom property "issuer" is trusted issuer name whose name is issuer_n where n is an integer.

The custom property "principalName" is the attribute name for principal whose name is principalNamen where n is an integer.

The custom property "principalNamespace" is the attribute name space for principal whose name is principalNamespace_n where n is an integer.

The custom property "realmName" is the attribute name for realm whose name is realmName_n where n is an integer.

The custom property "realmNamespace" is the attribute name space for realm whose name is realmNamespace_n where n is an integer.

The custom property "groupName" is the attribute name for groups whose name is groupName_n where n is an integer.

The custom property "groupNamespace" is the attribute name space for groups whose name is groupNamespace_n where n is an integer.

See Also:
SAMLToken, SAMLIdAssertionCallback

Field Summary
static java.lang.String CROSS_DOMAIN_ID_ASSERTION
           
static java.lang.String GROUPNAMESPACE
           
static java.lang.String GROUPS
           
static java.lang.String ISSUER
           
static java.lang.String PRINCIPAL
           
static java.lang.String PRINCIPALNAMESPACE
           
static java.lang.String REALM
           
static java.lang.String REALMNAMESPACE
           
 
Constructor Summary
SAMLIdAssertionCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
           
 
Method Summary
 void handle(javax.security.auth.callback.Callback[] callbacks)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ISSUER

public static final java.lang.String ISSUER
See Also:
Constant Field Values

PRINCIPAL

public static final java.lang.String PRINCIPAL
See Also:
Constant Field Values

PRINCIPALNAMESPACE

public static final java.lang.String PRINCIPALNAMESPACE
See Also:
Constant Field Values

GROUPS

public static final java.lang.String GROUPS
See Also:
Constant Field Values

GROUPNAMESPACE

public static final java.lang.String GROUPNAMESPACE
See Also:
Constant Field Values

REALM

public static final java.lang.String REALM
See Also:
Constant Field Values

REALMNAMESPACE

public static final java.lang.String REALMNAMESPACE
See Also:
Constant Field Values

CROSS_DOMAIN_ID_ASSERTION

public static final java.lang.String CROSS_DOMAIN_ID_ASSERTION
See Also:
Constant Field Values
Constructor Detail

SAMLIdAssertionCallbackHandler

public SAMLIdAssertionCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
Method Detail

handle

public void handle(javax.security.auth.callback.Callback[] callbacks)
            throws java.io.IOException,
                   javax.security.auth.callback.UnsupportedCallbackException
Specified by:
handle in interface javax.security.auth.callback.CallbackHandler
Throws:
java.io.IOException
javax.security.auth.callback.UnsupportedCallbackException

IBM WebSphere Application ServerTM
Release 7