IBM WebSphere Application ServerTM
Release 7

com.ibm.websphere.wssecurity.callbackhandler
Class SAMLConsumeCallback

java.lang.Object
  extended by com.ibm.websphere.wssecurity.callbackhandler.SAMLConsumeCallback
All Implemented Interfaces:
javax.security.auth.callback.Callback

public class SAMLConsumeCallback
extends java.lang.Object
implements javax.security.auth.callback.Callback

This is a Callback class used to collect configuration data associated with the consumer of an incoming SAML token. It is important to note that an incoming token (inbound request) is checked for expiration using the token's own expiration date and the clock skew between the sending and the receiving system. The expiration date of the token must be above the current time minus the clock skew value. The default clock skew is set to: 3 minutes.
A SAML token remains valid in the process if it was valid at the time the process received that token.

See Also:
SAMLToken, SAMLTokenFactory

Constructor Summary
SAMLConsumeCallback()
           
 
Method Summary
 boolean enforceAudienceRestriction()
          Returns the flag whether AudienceRestriction assertion validation is required.
 boolean enforceOneTimeUse()
          Returns the flag whether OneTimeUse or DoNotCacheCondition assertion validation is required.
 java.lang.String getAlias()
          Returns the alias name used by the consumer of the SAML token in its keyStore.
 long getClockSkew()
          Returns the time in milliseconds that is allowed for clock skew between the token issuer and the consumer.
 java.lang.String getConfirmationMethod()
          Returns the ConfirmationMethod to be used when requesting/generating a SAML token.
 java.util.List<java.lang.String> getCRLPaths()
          Gets the set of revoked certificate lists files
 java.lang.String getEncryptionAlgorithm()
          Returns the algorithm for the encryption
 java.lang.String getKeyName()
          Returns the name of the key used by the token consumer.
 char[] getKeyPassword()
          Returns the password for recovering the key.
 char[] getKeyStorePassword()
          Returns the password for the keyStore used by the consumer of the SAML token.
 java.lang.String getKeyStorePath()
          Returns the file path for the keyStore used by the consumer of the SAML token.
 java.lang.String getKeyStoreReference()
          Returns the reference name of the keyStore used by the token consumer (e.g. a service).
 java.lang.String getKeyStoreType()
          Returns the type of the keyStore used by the consumer of the SAML token.
 java.util.ArrayList<java.lang.String[]> getTrustedIssuers()
           
 java.lang.String getTrustedSTSAlias()
          Returns the alias used to locate the key used by the SAML token issuer.
 char[] getTrustStorePassword()
          Returns the password for the trustStore used by the token consumer.
 java.lang.String getTrustStorePath()
          Returns the file path to the trustStore used by the token consumer.
 java.lang.String getTrustStoreRef()
          Returns the reference name of the trustStore used by the token consumer.
 java.lang.String getTrustStoreType()
          Returns the type of the trustStore used by the token consumer.
 java.util.List<java.lang.String> getX509Paths()
          Gets the set of intermediate certificate files
 boolean isSignatureRequired()
          Returns the flag whether signature on the SAML token from the issuer is required.
 boolean isTrustAnySigner()
          Returns the flag whether to trust any SAML token issuer.
 void setAlias(java.lang.String alias)
          Sets the key alias name in the consumer's keyStore.
 void setClockSkew(long time)
          Sets the time in milliseconds that is allowed for clock skew between the token issuer and the consumer.
 void setConfirmationMethod(java.lang.String method)
          Sets the type of Subject ConfirmationMethod to be used by the token requester.
 void setCRLPath(java.util.List value)
          Sets revoked certificate list file.
 void setEncryptionAlgorithm(java.lang.String encryptionAlgorithm)
          Sets the algorithm for the encryption
 void setEnforceAudienceRestriction(boolean flag)
          Set the flag whether AudienceRestriction validation is required.
 void setEnforceOneTimeUse(boolean flag)
          Set the flag whether OneTimeUse or DoNotCacheCondition validation is required.
 void setIsSignatureRequired(boolean option)
          Set the flag whether signature by the SAML token issuer is required.
 void setKeyName(java.lang.String keyName)
          Sets the name of the key used by the token consumer.
 void setKeyPassword(char[] keyPassword)
          Sets the password for recovering the key.
 void setKeyStorePassword(char[] keyStorePassword)
          Sets the type of the keyStore used by the consumer of the SAML token.
 void setKeyStorePath(java.lang.String keyStorePath)
          Sets the file path for the keyStore used by the consumer of the SAML token..
 void setKeyStoreReference(java.lang.String keyStoreRef)
          Sets the reference name of the keyStore used by the token consumer (e.g. a service).
 void setKeyStoreType(java.lang.String keyStoreType)
          Sets the type of the keyStore by the consumer of the SAML token.
 void setTrustAnySigner(boolean option)
          Sets the flag whether to trust any SAML token issuer.
 void setTrustedIssuers(java.util.ArrayList<java.lang.String[]> issuers)
           
 void setTrustedSTSAlias(java.lang.String alias)
          Sets alias name for the key used by the SAML token issuer
 void setTrustStorePassword(char[] passwd)
          Sets the password for the trustStore used by the token consumer.
 void setTrustStorePath(java.lang.String path)
          Sets the file path to the trustStore used by the token consumer.
 void setTrustStoreRef(java.lang.String ref)
          Sets the reference name of the truStstore used by the token consumer.
 void setTrustStoreType(java.lang.String type)
          Sets the type of the trustStore used by the token consumer.
 void setX509Path(java.util.List value)
          Sets intermediate certificate file list.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SAMLConsumeCallback

public SAMLConsumeCallback()
Method Detail

getKeyStoreReference

public java.lang.String getKeyStoreReference()
Returns the reference name of the keyStore used by the token consumer (e.g. a service).

Returns:
reference name of the keyStore of the token consumer.

setKeyStoreReference

public void setKeyStoreReference(java.lang.String keyStoreRef)
Sets the reference name of the keyStore used by the token consumer (e.g. a service).

Parameters:
keyStoreRef - string representing the reference name of the keyStore.

getKeyStorePath

public java.lang.String getKeyStorePath()
Returns the file path for the keyStore used by the consumer of the SAML token.

Returns:
String that contains the path of the keyStore.

setKeyStorePath

public void setKeyStorePath(java.lang.String keyStorePath)
Sets the file path for the keyStore used by the consumer of the SAML token..

Parameters:
keyStorePath - string representing the path to the keyStore.

getKeyStoreType

public java.lang.String getKeyStoreType()
Returns the type of the keyStore used by the consumer of the SAML token.

Returns:
type of the keyStore

setKeyStoreType

public void setKeyStoreType(java.lang.String keyStoreType)
Sets the type of the keyStore by the consumer of the SAML token.

Parameters:
keyStoreType - string representing the type of the keyStore

getKeyStorePassword

public char[] getKeyStorePassword()
Returns the password for the keyStore used by the consumer of the SAML token.

Returns:
charcter array that contains the password used to check the integrity or unlock the keyStore used by the consumer of a SAML token.

setKeyStorePassword

public void setKeyStorePassword(char[] keyStorePassword)
Sets the type of the keyStore used by the consumer of the SAML token.

Parameters:
keyStorePassword - character array that contains the password used to check the integrity or unlock the keyStore for the consumer of the SAML token.

getAlias

public java.lang.String getAlias()
Returns the alias name used by the consumer of the SAML token in its keyStore.

Returns:
alias string representing the key alias name.

setAlias

public void setAlias(java.lang.String alias)
Sets the key alias name in the consumer's keyStore.

Parameters:
alias - string representing the alias name.

getKeyPassword

public char[] getKeyPassword()
Returns the password for recovering the key.

Returns:
character array that contains the password used for recovering the key.

setKeyPassword

public void setKeyPassword(char[] keyPassword)
Sets the password for recovering the key.

Parameters:
keyPassword - character array that contains the password for recovering the key.

getKeyName

public java.lang.String getKeyName()
Returns the name of the key used by the token consumer.

Returns:
String that contains the key.

setKeyName

public void setKeyName(java.lang.String keyName)
Sets the name of the key used by the token consumer.

Parameters:
keyName - string that contains the name of the key.

getTrustStoreRef

public java.lang.String getTrustStoreRef()
Returns the reference name of the trustStore used by the token consumer.

Returns:
String containing the name of the trustStore reference.

setTrustStoreRef

public void setTrustStoreRef(java.lang.String ref)
Sets the reference name of the truStstore used by the token consumer.

Parameters:
ref - string that contains the reference name of the trustStore.

getTrustStorePath

public java.lang.String getTrustStorePath()
Returns the file path to the trustStore used by the token consumer.

Returns:
String that contains the path to the trustStore.

setTrustStorePath

public void setTrustStorePath(java.lang.String path)
Sets the file path to the trustStore used by the token consumer.

Parameters:
path - String that contains the path to the trustStore.

getTrustStoreType

public java.lang.String getTrustStoreType()
Returns the type of the trustStore used by the token consumer.

Returns:
String that contains the type of the trustStore.

setTrustStoreType

public void setTrustStoreType(java.lang.String type)
Sets the type of the trustStore used by the token consumer.

Parameters:
type - a string that contains the type of trustStore.

getTrustStorePassword

public char[] getTrustStorePassword()
Returns the password for the trustStore used by the token consumer.

Returns:
character array that contains the password used to check the integrity of the trustStore or to unlock it.

setTrustStorePassword

public void setTrustStorePassword(char[] passwd)
Sets the password for the trustStore used by the token consumer.

Parameters:
storePassword - a character array that contains the password used to check the integrity of the trustStore or to unlock it.

getTrustedSTSAlias

public java.lang.String getTrustedSTSAlias()
Returns the alias used to locate the key used by the SAML token issuer.

Returns:
String that contains the alias for the key used by the issuer of the SAML token.

setTrustedSTSAlias

public void setTrustedSTSAlias(java.lang.String alias)
Sets alias name for the key used by the SAML token issuer

Parameters:
alias - a string that contains the alias name.

isTrustAnySigner

public boolean isTrustAnySigner()
Returns the flag whether to trust any SAML token issuer.

Returns:
boolean value indicating whether to trust any SAML issuer.

setTrustAnySigner

public void setTrustAnySigner(boolean option)
Sets the flag whether to trust any SAML token issuer.

Parameters:
option - boolean for the flag whether to trust any SAML token issuer.

isSignatureRequired

public boolean isSignatureRequired()
Returns the flag whether signature on the SAML token from the issuer is required.

Returns:
the flag whether SAML issuer should sign the SAML assertion. The default behavior is that Signature from SAML issuer is required.

setIsSignatureRequired

public void setIsSignatureRequired(boolean option)
Set the flag whether signature by the SAML token issuer is required.

Parameters:
option - boolean flag whether the signature by the SAML token issuer is required.

getClockSkew

public long getClockSkew()
Returns the time in milliseconds that is allowed for clock skew between the token issuer and the consumer. The clock skew is used when checking for the expiration of the token on an Inbound request. The expiration time of the token needs to be above the current time minus the clock skew.

Returns:
the time in milliseconds allowed for clock skew. The default clock skew is 3 minutes.

setClockSkew

public void setClockSkew(long time)
Sets the time in milliseconds that is allowed for clock skew between the token issuer and the consumer. The clock skew is used when checking for the expiration of the token on an Inbound request. The expiration time of the token needs to be above the current time minus the clock skew.

Parameters:
time - a long integer representing time for the clockSkew value in milliseconds.

enforceOneTimeUse

public boolean enforceOneTimeUse()
Returns the flag whether OneTimeUse or DoNotCacheCondition assertion validation is required.

Returns:
the flag whether OneTimeUse or DoNotCacheCondition assertion validation is required. The default behavior is that OneTimeUse or DoNotCacheCondition assertion validation from SAML issuer is required.

enforceAudienceRestriction

public boolean enforceAudienceRestriction()
Returns the flag whether AudienceRestriction assertion validation is required.

Returns:
the flag whether AudienceRestriction assertion validation is required. The default behavior is that AudienceRestriction from SAML issuer is required.

setEnforceOneTimeUse

public void setEnforceOneTimeUse(boolean flag)
Set the flag whether OneTimeUse or DoNotCacheCondition validation is required.

Parameters:
option - boolean flag whether OneTimeUse or DoNotCacheCondition validation is required.

setEnforceAudienceRestriction

public void setEnforceAudienceRestriction(boolean flag)
Set the flag whether AudienceRestriction validation is required.

Parameters:
option - boolean flag whether AudienceRestriction validation is required.

getTrustedIssuers

public java.util.ArrayList<java.lang.String[]> getTrustedIssuers()
Returns:
a list of trusted SAML Issuers, each contains Issuer name and/or Signer certificate's SubjectDN

setTrustedIssuers

public void setTrustedIssuers(java.util.ArrayList<java.lang.String[]> issuers)

getConfirmationMethod

public java.lang.String getConfirmationMethod()
Returns the ConfirmationMethod to be used when requesting/generating a SAML token.

Returns:
the required Subject ConfirmationMethod. The valid values are "holder-of-key", "bearer", or "sender-vouches"

setConfirmationMethod

public void setConfirmationMethod(java.lang.String method)
Sets the type of Subject ConfirmationMethod to be used by the token requester.

Parameters:
method - a string identifying the Subject ConfirmationMethod.

setEncryptionAlgorithm

public void setEncryptionAlgorithm(java.lang.String encryptionAlgorithm)
Sets the algorithm for the encryption

Parameters:
encryptionAlgorithm - encryption algorithm

getEncryptionAlgorithm

public java.lang.String getEncryptionAlgorithm()
Returns the algorithm for the encryption

Returns:
encryption algorithm

getCRLPaths

public java.util.List<java.lang.String> getCRLPaths()
Gets the set of revoked certificate lists files

Returns:
List of revoked certificate list files

getX509Paths

public java.util.List<java.lang.String> getX509Paths()
Gets the set of intermediate certificate files

Returns:
List of X509 Certificate files

setX509Path

public void setX509Path(java.util.List value)
Sets intermediate certificate file list.

Parameters:
X509 - Certificate List

setCRLPath

public void setCRLPath(java.util.List value)
Sets revoked certificate list file.

Parameters:
revoked - certificate list file

IBM WebSphere Application ServerTM
Release 7