IBM WebSphere Application ServerTM
Release 7

com.ibm.websphere.wssecurity.callbackhandler
Class SAMLGenerateCallback

java.lang.Object
  extended by com.ibm.websphere.wssecurity.callbackhandler.SAMLGenerateCallback
All Implemented Interfaces:
javax.security.auth.callback.Callback

public class SAMLGenerateCallback
extends java.lang.Object
implements javax.security.auth.callback.Callback

This is a Callback class for the SAML token used to collect requester configuration information prior to creating or requesting a SAML token. Getter and setter methods are used to retrieve and set values for the configuration parameters collected by this Callback. It is important to note that during the propagation of a SAML token on an outbound call that the cacheCushion value is used to make a determination of whether an existing SAML token remaining expiration time is sufficiently long and thus can still be used for propagation. The value of the token expiration date must be above current time plus the cushion value. The default value of cacheCushion is 5 minutes.
A SAML token remains valid in the process if it was valid at the time the process received that token.

See Also:
SAMLToken, SAMLTokenFactory

Constructor Summary
SAMLGenerateCallback()
           
 
Method Summary
 boolean cacheToken()
          Returns the flag that indicates whether SAML should be cached.
 java.lang.String getAlias()
          Returns the alias name of the private key for the SAML token requester.
 long getCacheCushion()
          Returns the value in milliseconds for the cacheCushion.
 java.util.List<java.security.cert.CertStore> getCertStores()
          Returns the list of certificate stores that are available.
 long getClockSkew()
           
 java.lang.String getConfirmationMethod()
          Returns the ConfirmationMethod to be used when requesting/generating a SAML token.
 java.lang.String getEncryptionAlgorithm()
          Returns the algorithm for the encryption
 java.lang.String getKeyName()
          Returns the name of the key.
 char[] getKeyPassword()
          Returns the password for recovering the key.
 java.lang.String getKeySize()
          Returns the key size for the SecretKey, "http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey"
 char[] getKeyStorePassword()
          Returns the password used for the SAML token requester's keyStore.
 java.lang.String getKeyStorePath()
          Returns the file path from which the keyStore for the SAML token requester is loaded.
 java.lang.String getKeyStoreReference()
          Returns the reference name of the keyStore used by the requesting entity for the creation of SAML tokens.
 java.lang.String getKeyStoreType()
          Returns the type of the keyStore used by the SAML token requester.
 java.lang.String getKeyType()
          Returns the name of Key Type to be used for the Subject confirmation for a SAML a SAML token requester.
 java.util.Map<java.lang.String,java.lang.String> getRSTTProperties()
          Return WS-Trust request parameters as defined in RSTT
 java.lang.String getStsBinding()
          Returns the name for the policySet binding used by the WS-Trust client
 java.lang.String getStsBindingScope()
          Return the binding scope for WS-Trust client, and it is either "domain" or "application".
 java.lang.String getStsPolicy()
          Returns the policySet name for WS-Trust client
 java.lang.String getStsSoapVersion()
          Returns the SOAP version for the WS-Trust client
 java.lang.String getStsURI()
          Returns the URL of SecurityTokenService (issuer of the SAML token)
 java.lang.String getTargetServiceAlias()
          Returns the target service's Cetificate alias
 java.lang.String getTokenRequest()
          Returns the name of the token request method.
 java.lang.String getUsekeyType()
          Returns the Usekey keyInfoType
 java.lang.String getWSTrustNamespace()
          Return the WS-Trust namespace used in the SOAP communication with the Security Token provider.
 boolean isCollectionRequest()
           
 boolean isFailOverToTokenRequest()
          Returns an indication of whether to request a new SAML token if the SAML token provided in the RequestContext is not valid.
 boolean isSignatureRequired()
          Returns the flag that indicates whether SAML should be signed by SAML token provider
 void setAlias(java.lang.String alias)
          Sets the alias of private key for the SAML token requester.
 void setCacheCushion(long time)
          Sets the value in milliseconds for the cacheCushion.
 void setCacheToken(boolean option)
          Sets the flag that indicates whether SAML should be cached
 void setCertStores(java.util.List<java.security.cert.CertStore> certStores)
          Sets the list of certificate stores.
 void setClockSkew(long time)
           
 void setCollectionRequest(boolean collectionRequest)
           
 void setConfirmationMethod(java.lang.String method)
          Sets the type of Subject ConfirmationMethod to be used by the token requester.
 void setEncryptionAlgorithm(java.lang.String encryptionAlgorithm)
          Sets the algorithm for the encryption
 void setFailOverToTokenRequest(boolean option)
          Sets the flag that indicates whether to request a new SAML token if SAMLToken from RequestContext is invalid
 void setIsSignatureRequired(boolean option)
          Sets the flag that indicates whether SAML should be signed by SAML token provider
 void setKeyName(java.lang.String keyName)
          Sets the name of the key.
 void setKeyPassword(char[] keyPassword)
          Sets the password for recovering the key.
 void setKeySize(java.lang.String size)
          Sets the key size for the Secret Key
 void setKeyStorePassword(char[] storePassword)
          Sets the password value for the keyStore used by the SAML token requester.
 void setKeyStorePath(java.lang.String storePath)
          Sets the file path from which the keyStore for the SAML token requester is loaded.
 void setKeyStoreReference(java.lang.String storeRef)
          Sets the reference name of the keyStore.
 void setKeyStoreType(java.lang.String storeType)
          Sets the type of the keyStore to be used by the SAML token requester.
 void setKeyType(java.lang.String type)
          Sets the name of key type.
 void setRSTTProperties(java.util.Map<java.lang.String,java.lang.String> rstt)
          Set RSTT for WS-Trust request
 void setStsBinding(java.lang.String policySet)
          Sets the name of WS-Trust client bindings.
 void setStsBindingScope(java.lang.String scope)
          Sets the binding scope for WS-Trust client, and it could be set to "domain" or "application".
 void setStsPolicy(java.lang.String policySet)
          Sets the name of WS-Trust client policy set.
 void setStsSoapVersion(java.lang.String version)
          Sets the required SOAP version of WS-Trust client
 void setStsURI(java.lang.String uri)
          Sets the URL name of SecurityTokenservice (token issuer).
 void setTargetserviceAlias(java.lang.String alias)
          Set the target service's Cetificate alias
 void setTokenRequest(java.lang.String requestMode)
          Sets the SAMLToken request method, "issue", "propagation", or "issueByWSPrincipal"
 void setUseKeyType(java.lang.String type)
          Set the Usekey keyInfoType
 void setWSTrustNamespace(java.lang.String wstNamespace)
          Set WS-Trust namespace used in the SOAP communication with the Security Token provider.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SAMLGenerateCallback

public SAMLGenerateCallback()
Method Detail

getKeyStoreReference

public java.lang.String getKeyStoreReference()
Returns the reference name of the keyStore used by the requesting entity for the creation of SAML tokens.

Returns:
reference name of the keyStore

setKeyStoreReference

public void setKeyStoreReference(java.lang.String storeRef)
Sets the reference name of the keyStore.

Parameters:
storeRef - reference name of the keyStore used by the requesting entity for the creation of SAML tokens.

getKeyStorePath

public java.lang.String getKeyStorePath()
Returns the file path from which the keyStore for the SAML token requester is loaded.

Returns:
the file path from which the keyStore is loaded.

setKeyStorePath

public void setKeyStorePath(java.lang.String storePath)
Sets the file path from which the keyStore for the SAML token requester is loaded.

Parameters:
storePath - path of the keyStore.

getKeyStoreType

public java.lang.String getKeyStoreType()
Returns the type of the keyStore used by the SAML token requester.

Returns:
a string indicating the type of the keyStore used.

setKeyStoreType

public void setKeyStoreType(java.lang.String storeType)
Sets the type of the keyStore to be used by the SAML token requester.

Parameters:
storeType - a string for the keyStore type used.

getKeyStorePassword

public char[] getKeyStorePassword()
Returns the password used for the SAML token requester's keyStore.

Returns:
a character array for the password used to check the integrity of the keyStore or the password used to unlock the keyStore

getConfirmationMethod

public java.lang.String getConfirmationMethod()
Returns the ConfirmationMethod to be used when requesting/generating a SAML token.

Returns:
the required Subject ConfirmationMethod. The valid values are "holder-of-key", "bearer", or "sender-vouches"

getStsPolicy

public java.lang.String getStsPolicy()
Returns the policySet name for WS-Trust client

Returns:
the policySet name for WS-Trust client

getStsBinding

public java.lang.String getStsBinding()
Returns the name for the policySet binding used by the WS-Trust client

Returns:
the name of the policySet binding for the WS-Trust client

getStsURI

public java.lang.String getStsURI()
Returns the URL of SecurityTokenService (issuer of the SAML token)

Returns:
the URL of SecurityTokenService

getKeyType

public java.lang.String getKeyType()
Returns the name of Key Type to be used for the Subject confirmation for a SAML a SAML token requester.

Returns:
the requested Key Type name, the valid values are
  • "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey", or
  • "http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey", or
  • "http://docs.oasis-open.org/ws-sx/ws-trust/200512/BearerKey"

getKeySize

public java.lang.String getKeySize()
Returns the key size for the SecretKey, "http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey"

Returns:
the key size for the SecretKey, "http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey"

getStsSoapVersion

public java.lang.String getStsSoapVersion()
Returns the SOAP version for the WS-Trust client

Returns:
the the SOAP version for the WS-Trust client, the valid values are 1.1 or 1.2

isFailOverToTokenRequest

public boolean isFailOverToTokenRequest()
Returns an indication of whether to request a new SAML token if the SAML token provided in the RequestContext is not valid.

Returns:
a boolean flag that indicates whether to request a new SAML token if the SAML token provided in the RequestContext is not valid. The default behavior is to always request a new SAMLToken if incoming SAMLToken in RequestContext is invalid.

setKeyStorePassword

public void setKeyStorePassword(char[] storePassword)
Sets the password value for the keyStore used by the SAML token requester.

Parameters:
storePassword - character array for the password used to check the integrity of the keyStore or the password used to unlock the keyStore

getAlias

public java.lang.String getAlias()
Returns the alias name of the private key for the SAML token requester.

Returns:
alias name of private key

setAlias

public void setAlias(java.lang.String alias)
Sets the alias of private key for the SAML token requester.

Parameters:
alis - string alias name.

getKeyPassword

public char[] getKeyPassword()
Returns the password for recovering the key.

Returns:
password for recovering the key.

setKeyPassword

public void setKeyPassword(char[] keyPassword)
Sets the password for recovering the key.

Parameters:
keyPassword - character array for the password used to recover the key.

getKeyName

public java.lang.String getKeyName()
Returns the name of the key.

Returns:
name of the key

setKeyName

public void setKeyName(java.lang.String keyName)
Sets the name of the key.

Parameters:
keyName - name of the key

getCertStores

public java.util.List<java.security.cert.CertStore> getCertStores()
Returns the list of certificate stores that are available.

Returns:
list of certificate stores.

getTokenRequest

public java.lang.String getTokenRequest()
Returns the name of the token request method.

Returns:
name of the token request method, valid values are "issue", "propagation", or "issueByWSPrincipal". The default behavior is "issue", in which web service client will request a new SAML token either using ws-trust or self-issue. The "propagation" means that web service client will use SAMLToken from RunAsSubject for downstream call. The "issueByWSPrincipal" means that web service client will self-generate a SAMLToken based on principal in RunAsSubject for downstream call.

setCertStores

public void setCertStores(java.util.List<java.security.cert.CertStore> certStores)
Sets the list of certificate stores.

Parameters:
certStores - list of certificate stores

setConfirmationMethod

public void setConfirmationMethod(java.lang.String method)
Sets the type of Subject ConfirmationMethod to be used by the token requester.

Parameters:
method - a string identifying the Subject ConfirmationMethod.

setStsPolicy

public void setStsPolicy(java.lang.String policySet)
Sets the name of WS-Trust client policy set.

Parameters:
the - name of WS-Trust client policy set.

setStsBinding

public void setStsBinding(java.lang.String policySet)
Sets the name of WS-Trust client bindings.

Parameters:
policySet - the name of WS-Trust client bindings.

setStsURI

public void setStsURI(java.lang.String uri)
Sets the URL name of SecurityTokenservice (token issuer).

Parameters:
uri - the URI name of the Security Token Service (STS).

setKeyType

public void setKeyType(java.lang.String type)
Sets the name of key type.

Parameters:
the - name of key type.

setKeySize

public void setKeySize(java.lang.String size)
Sets the key size for the Secret Key

Parameters:
size - the key size of Secret Key.

setStsSoapVersion

public void setStsSoapVersion(java.lang.String version)
Sets the required SOAP version of WS-Trust client

Parameters:
version - the required SOAP version for WS-Trust client

setTokenRequest

public void setTokenRequest(java.lang.String requestMode)
Sets the SAMLToken request method, "issue", "propagation", or "issueByWSPrincipal"

Parameters:
requestMode - a string for the SAMLToken request mode.

setStsBindingScope

public void setStsBindingScope(java.lang.String scope)
Sets the binding scope for WS-Trust client, and it could be set to "domain" or "application". A value of domain indicates that the specified binding is a general binding, and a value of application indicates that the specified binding is an application specific binding.

Parameters:
scope - the binding scope for WS-Trust client, and it is either "domain" or "application".

getStsBindingScope

public java.lang.String getStsBindingScope()
Return the binding scope for WS-Trust client, and it is either "domain" or "application". A value of domain indicates that the specifiied binding is a general binding, and a value of application indicates that the specified binding is an application specific binding.

Returns:
the binding scope for WS-Trust client, and it is either "domain" or "application".

getWSTrustNamespace

public java.lang.String getWSTrustNamespace()
Return the WS-Trust namespace used in the SOAP communication with the Security Token provider. wstNamespace is a String value that can be set to "http://schemas.xmlsoap.org/ws/2005/02/trust" for ws-trust 1.2, or "http://docs.oasis-open.org/ws-sx/ws-trust/200512" for ws-trust 1.3

Returns:
the WS-Trust namespace

setWSTrustNamespace

public void setWSTrustNamespace(java.lang.String wstNamespace)
Set WS-Trust namespace used in the SOAP communication with the Security Token provider. wstNamespace is a String value that can be set to "http://schemas.xmlsoap.org/ws/2005/02/trust" for ws-trust 1.2, or "http://docs.oasis-open.org/ws-sx/ws-trust/200512" for ws-trust 1.3

Parameters:
wstNamespace - the WS-Trust NameSpace, it is "http://schemas.xmlsoap.org/ws/2005/02/trust" for ws-trust 1.2, or "http://docs.oasis-open.org/ws-sx/ws-trust/200512" for ws-trust 1.3

isCollectionRequest

public boolean isCollectionRequest()

setCollectionRequest

public void setCollectionRequest(boolean collectionRequest)

getRSTTProperties

public java.util.Map<java.lang.String,java.lang.String> getRSTTProperties()
Return WS-Trust request parameters as defined in RSTT

Returns:
WS-Trust RSTT parameters

setRSTTProperties

public void setRSTTProperties(java.util.Map<java.lang.String,java.lang.String> rstt)
Set RSTT for WS-Trust request

Parameters:
WS-Trust - RSTT parameters

setFailOverToTokenRequest

public void setFailOverToTokenRequest(boolean option)
Sets the flag that indicates whether to request a new SAML token if SAMLToken from RequestContext is invalid

Parameters:
option - a flag that indicates whether to request a new SAML token if incoming SAMLToken becomes invalid.

isSignatureRequired

public boolean isSignatureRequired()
Returns the flag that indicates whether SAML should be signed by SAML token provider

Returns:
the flag that indicates whether SAML should be signed by SAML provider

setIsSignatureRequired

public void setIsSignatureRequired(boolean option)
Sets the flag that indicates whether SAML should be signed by SAML token provider

Parameters:
option - a flag that indicates whether the SAML token should be signed by SAML token provider.

cacheToken

public boolean cacheToken()
Returns the flag that indicates whether SAML should be cached.

Returns:
the flag that indicates whether SAML should be cached.

getCacheCushion

public long getCacheCushion()
Returns the value in milliseconds for the cacheCushion. Note that this value is important in determining the expiration status of a token, see above.

Returns:
the token expiration time in milliseconds.

setCacheToken

public void setCacheToken(boolean option)
Sets the flag that indicates whether SAML should be cached

Parameters:
option - a flag that indicates whether the SAML token should be cached.

setCacheCushion

public void setCacheCushion(long time)
Sets the value in milliseconds for the cacheCushion. Note that this value is important in determining the expiration status of a token, see above.

Parameters:
time - the time limit in milliseconds.

getTargetServiceAlias

public java.lang.String getTargetServiceAlias()
Returns the target service's Cetificate alias

Returns:
the target service's Cetificate alias.

setTargetserviceAlias

public void setTargetserviceAlias(java.lang.String alias)
Set the target service's Cetificate alias

Parameters:
the - target service's Cetificate alias

getUsekeyType

public java.lang.String getUsekeyType()
Returns the Usekey keyInfoType

Returns:
the Usekey keyInfoType

setUseKeyType

public void setUseKeyType(java.lang.String type)
Set the Usekey keyInfoType

Parameters:
the - Usekey keyInfoType

setEncryptionAlgorithm

public void setEncryptionAlgorithm(java.lang.String encryptionAlgorithm)
Sets the algorithm for the encryption

Parameters:
encryptionAlgorithm - encryption algorithm

getEncryptionAlgorithm

public java.lang.String getEncryptionAlgorithm()
Returns the algorithm for the encryption

Returns:
encryption algorithm

getClockSkew

public long getClockSkew()
Returns:
the time in milliseconds allowed for clock skew. The default clock skew is 3 minutes.

setClockSkew

public void setClockSkew(long time)
Parameters:
time - a long integer representing time for the clockSkew value in milliseconds.

IBM WebSphere Application ServerTM
Release 7