public interface SecurityTokenProvider
SecurityTokenProvider is a provider interface
for managing WSS security tokens.| Modifier and Type | Method and Description |
|---|---|
SecurityAssertion |
getSAMLAuthenticationToken(NameIdentifier senderIdentity)
Creates a SAML Assertion for message authentication.
|
SecurityAssertion |
getSAMLAuthorizationToken(NameIdentifier senderIdentity,
SessionContext invocatorSession,
EncryptedResourceID encResourceID,
boolean includeAuthN,
boolean includeResourceAccessStatement,
String recipientProviderID)
Creates a SAML Assertion for message authorization, the assertion could
optionally contain an
AuthenticationStatement which will be
used for message authentication. |
SecurityAssertion |
getSAMLAuthorizationToken(NameIdentifier senderIdentity,
SessionContext invocatorSession,
String resourceID,
boolean includeAuthN,
boolean includeResourceAccessStatement,
String recipientProviderID)
Creates a SAML Assertion for message authorization, the assertion could
optionally contain an
AuthenticationStatement which will be
used for message authentication. |
SecurityAssertion |
getSAMLBearerToken(NameIdentifier senderIdentity,
SessionContext invocatorSession,
EncryptedResourceID encResourceID,
boolean includeAuthN,
boolean includeResourceAccessStatement,
String recipientProviderID)
Creates a SAML assertion.
|
SecurityAssertion |
getSAMLBearerToken(NameIdentifier senderIdentity,
SessionContext invocatorSession,
String resourceID,
boolean includeAuthN,
boolean includeResourceAccessStatement,
String recipientProviderID)
Creates a SAML assertion.
|
BinarySecurityToken |
getX509CertificateToken()
Gets the
X509 certificate Token. |
void |
initialize(Object credential,
XMLSignatureManager sigManager)
Initializes the
SecurityTokenProvider. |
void |
setCertAlias(String certAlias)
Sets the alias of the certificate used for issuing
WSS
token, i.e. |
void |
setCertificate(X509Certificate cert)
Sets the certificate used for issuing
WSS token, i.e. |
void initialize(Object credential, XMLSignatureManager sigManager) throws SecurityTokenException
SecurityTokenProvider.credential - The credential of the caller used
to see if access to this security token provider is allowed.sigManager - instance of XML digital
signature manager class, used for accessing the certificate
data store and digital signing of the assertion.SecurityTokenException - if the caller does not have
privilege to access the security authority manager.void setCertAlias(String certAlias) throws SecurityTokenException
WSS
token, i.e. WSS X509 Token, WSS
SAML Token. If the certAlias is never set, a default
certificate will be used for issuing WSS tokens.certAlias - String alias name for the certificateSecurityTokenException - if certificate for the
certAlias could not be found in key store.void setCertificate(X509Certificate cert) throws SecurityTokenException
WSS token, i.e.
WSS X509 Token, WSS SAML Token.
If the certificate is never set, a default certificate will
be used for issuing WSS tokens.cert - X509Certificate object.SecurityTokenException - if the certificate could not be set.BinarySecurityToken getX509CertificateToken() throws SecurityTokenException
X509 certificate Token.X509 certificate Token.SecurityTokenException - if the token could not be
obtained.SecurityAssertion getSAMLAuthenticationToken(NameIdentifier senderIdentity) throws SecurityTokenException, SAMLException
senderIdentity - name identifier of the sender.AuthenticationStatement.SecurityTokenException - if the assertion could not be
obtained.SAMLException - If there was an error while retrieving the assertion.SecurityAssertion getSAMLAuthorizationToken(NameIdentifier senderIdentity, SessionContext invocatorSession, String resourceID, boolean includeAuthN, boolean includeResourceAccessStatement, String recipientProviderID) throws SecurityTokenException, SAMLException
AuthenticationStatement which will be
used for message authentication.senderIdentity - name identifier of the sender.invocatorSession - SessionContext of the invocation
identity, it is normally obtained by the credential reference in
the SAML AttributeDesignator for discovery resource
offering which is part of the liberty ID-FF
AuthnResponse.resourceID - id for the resource to be accessed.includeAuthN - if true, include an
AutheticationStatement in
the Assertion which will be used for message
authentication. if false, no AuthenticationStatement
will be included.includeResourceAccessStatement - if true, a
ResourceAccessStatement will be included in the
Assertion (for AuthorizeRequester directive). If
false, a SessionContextStatement will be included in
the Assertion (for AuthenticationSessionContext
directive). In the case when both AuthorizeRequester
and AuthenticationSessionContext directive need to be
handled, use "true" as parameter here since the
SessionContext will always be included in the
ResourceAccessStatement.recipientProviderID - recipient's provider ID.SecurityAssertion object.SecurityTokenException - if the assertion could not be obtainedSAMLException - If there was an error while retrieving the assertion.SecurityAssertion getSAMLAuthorizationToken(NameIdentifier senderIdentity, SessionContext invocatorSession, EncryptedResourceID encResourceID, boolean includeAuthN, boolean includeResourceAccessStatement, String recipientProviderID) throws SecurityTokenException
AuthenticationStatement which will be
used for message authentication.senderIdentity - name identifier of the sender.invocatorSession - SessionContext of the invocation
identity, it is normally obtained by the credential reference in
the SAML AttributeDesignator for discovery resource
offering which is part of the liberty ID-FF
AuthenResponse.encResourceID - Encrypted ID for the resource to be accessed.includeAuthN - if true, include an
AutheticationStatement in the Assertion which will be
used for message authentication. if false, no
AuthenticationStatement will be included.includeResourceAccessStatement - if true, a
ResourceAccessStatement will be included in the
Assertion (for AuthorizeRequester directive). If
false, a SessionContextStatement will be included i
the Assertion (for AuthenticationSessionContext
directive). In the case when both AuthorizeRequester
and AuthenticationSessionContext directive need to be
handled, use "true" as parameter here since the
SessionContext will always be included in the
ResourceAccessStatement.recipientProviderID - recipient's provider ID.SecurityAssertion object.SecurityTokenException - if the assertion could not be obtainedSecurityAssertion getSAMLBearerToken(NameIdentifier senderIdentity, SessionContext invocatorSession, String resourceID, boolean includeAuthN, boolean includeResourceAccessStatement, String recipientProviderID) throws SecurityTokenException, SAMLException
confirmationMethod will be
set to urn:oasis:names:tc:SAML:1.0:cm:bearer.senderIdentity - name identifier of the sender.invocatorSession - SessionContext of the invocation
identity, it is normally obtained by the credential reference in
the SAML AttributeDesignator for discovery resource
offering which is part of the liberty ID-FF
AuthenResponse.resourceID - id for the resource to be accessed.includeAuthN - if true, include an
AutheticationStatement in the Assertion which will
be used for message authentication. if false, no
AuthenticationStatement will be included.includeResourceAccessStatement - if true, a
ResourceAccessStatement will be included in the
Assertion (for AuthorizeRequester directive). If
false, a SessionContextStatement will be included in
the Assertion (for AuthenticationSessionContext
directive). In the case when both AuthorizeRequester
and AuthenticationSessionContext directive need to be
handled, use "true" as parameter here since the
SessionContext will always be included in the
ResourceAccessStatement.recipientProviderID - recipient's provider ID.SecurityAssertion object.SecurityTokenException - if the assertion could not be obtainedSAMLException - if the assertion could not be obtainedSecurityAssertion getSAMLBearerToken(NameIdentifier senderIdentity, SessionContext invocatorSession, EncryptedResourceID encResourceID, boolean includeAuthN, boolean includeResourceAccessStatement, String recipientProviderID) throws SecurityTokenException
confirmationMethod will be
set to urn:oasis:names:tc:SAML:1.0:cm:bearer.senderIdentity - name identifier of the sender.invocatorSession - SessionContext of the invocation
identity, it is normally obtained by the credential reference in
the SAML AttributeDesignator for discovery resource
offering which is part of the liberty ID-FF
AuthenResponse.encResourceID - Encrypted ID for the resource to be accessed.includeAuthN - if true, include an
AutheticationStatement in the Assertion which will
be used for message authentication. if false, no
AuthenticationStatement will be included.includeResourceAccessStatement - if true, a
ResourceAccessStatement will be included in the
Assertion (for AuthorizeRequester directive). If
false, a SessionContextStatement will be included
in the Assertion (for AuthenticationSessionContext
directive). In the case when both AuthorizeRequester
and AuthenticationSessionContext directive need to be
handled, use "true" as parameter here since the
SessionContext will always be included in the
ResourceAccessStatement.recipientProviderID - recipient's provider ID.SecurityAssertion object.SecurityTokenException - if the assertion could not be obtainedCopyright © 2010-2018, ForgeRock All Rights Reserved.