IBM WebSphere Application ServerTM
Release 7

com.ibm.websphere.wssecurity.callbackhandler
Class SAMLIdAssertionCallbackHandler

java.lang.Object
  extended by com.ibm.websphere.wssecurity.callbackhandler.SAMLIdAssertionCallbackHandler
All Implemented Interfaces:
javax.security.auth.callback.CallbackHandler

public class SAMLIdAssertionCallbackHandler
extends java.lang.Object
implements javax.security.auth.callback.CallbackHandler

This class is a callback handler for asserting SAMLToken to WebSphere WSCredential. This callback handler define rules to map SAMLToken attributes to WebSphere WSCredential. You use this handler to specify a list of trusted SAML issuer names from who attributes might be asserted to WSCredential. For SAML token issued from the listed trusted issuers, you can specify which attribute name and attribute name space define security realm, principal, and group memberships. All issuer names are trusted by default. The default principal name is NameId for SAML 2.0 or NameIdentifier for SAML 1.1. The default realm is set to be issuer name. If attribute to WSCredential mapping rule is not defined, the following default mapping rule is applied: 1. All issuers are trusted. 2. the realm is issuer name. 3. The principal is SAML NameID or NameIdentifier., and 4. The group memberships will be searched from a list of attribute names, including "group", "groups", "groupmembership", 'membership", "members", "memberof", "memberOf", "groupid", "role", "roles", "PrimaryGroupId", and "GroupIds".

The custom property "issuer" is trusted issuer name whose name is issuer_n where n is an integer.

The custom property "principalName" is the attribute name for principal whose name is principalNamen where n is an integer.

The custom property "principalNamespace" is the attribute name space for principal whose name is principalNamespace_n where n is an integer.

The custom property "realmName" is the attribute name for realm whose name is realmName_n where n is an integer.

The custom property "realmNamespace" is the attribute name space for realm whose name is realmNamespace_n where n is an integer.

The custom property "groupName" is the attribute name for groups whose name is groupName_n where n is an integer.

The custom property "groupNamespace" is the attribute name space for groups whose name is groupNamespace_n where n is an integer.

The custom property "realmNameRange" is a white space delimited String that lists all names could be used as trusted realm whose name is realmNameRange_n where n is an integer.

The custom property "uniqueId" is the attribute name for WebSphere credential's unique ID whose name is uniqueId_n where n is an integer.

The custom property "uniqueIdNamespace" is the attribute name space for WebSphere credential's unique ID whose name is uniqueIdNamespace_n where n is an integer.

See Also:
SAMLToken, SAMLIdAssertionCallback

Field Summary
static java.lang.String ACCESSID
           
static java.lang.String ACCESSIDNAMESPACE
           
static java.lang.String CROSS_DOMAIN_ID_ASSERTION
           
static java.lang.String GROUPNAMESPACE
           
static java.lang.String GROUPS
           
static java.lang.String ISSUER
           
static java.lang.String PRINCIPAL
           
static java.lang.String PRINCIPALNAMESPACE
           
static java.lang.String REALM
           
static java.lang.String REALM_RANGE
           
static java.lang.String REALMNAMESPACE
           
static java.lang.String USEISSUERNAMEFORREALM
           
static java.lang.String USENAMEQUALIFIERFORREALM
           
 
Constructor Summary
SAMLIdAssertionCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
           
 
Method Summary
 void handle(javax.security.auth.callback.Callback[] callbacks)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ISSUER

public static final java.lang.String ISSUER

PRINCIPAL

public static final java.lang.String PRINCIPAL

PRINCIPALNAMESPACE

public static final java.lang.String PRINCIPALNAMESPACE

GROUPS

public static final java.lang.String GROUPS

GROUPNAMESPACE

public static final java.lang.String GROUPNAMESPACE

REALM

public static final java.lang.String REALM

REALMNAMESPACE

public static final java.lang.String REALMNAMESPACE

CROSS_DOMAIN_ID_ASSERTION

public static final java.lang.String CROSS_DOMAIN_ID_ASSERTION

REALM_RANGE

public static final java.lang.String REALM_RANGE

ACCESSID

public static final java.lang.String ACCESSID

ACCESSIDNAMESPACE

public static final java.lang.String ACCESSIDNAMESPACE

USENAMEQUALIFIERFORREALM

public static final java.lang.String USENAMEQUALIFIERFORREALM

USEISSUERNAMEFORREALM

public static final java.lang.String USEISSUERNAMEFORREALM
Constructor Detail

SAMLIdAssertionCallbackHandler

public SAMLIdAssertionCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
Method Detail

handle

public void handle(javax.security.auth.callback.Callback[] callbacks)
            throws java.io.IOException,
                   javax.security.auth.callback.UnsupportedCallbackException
Specified by:
handle in interface javax.security.auth.callback.CallbackHandler
Throws:
java.io.IOException
javax.security.auth.callback.UnsupportedCallbackException

IBM WebSphere Application ServerTM
Release 7