Class SAMLIdAssertionCallbackHandler
- java.lang.Object
-
- com.ibm.websphere.wssecurity.callbackhandler.SAMLIdAssertionCallbackHandler
-
- All Implemented Interfaces:
- javax.security.auth.callback.CallbackHandler
public class SAMLIdAssertionCallbackHandler extends java.lang.Object implements javax.security.auth.callback.CallbackHandler
This class is a callback handler for asserting SAMLToken to WebSphere WSCredential. This callback handler define rules to map SAMLToken attributes to WebSphere WSCredential. You use this handler to specify a list of trusted SAML issuer names from who attributes might be asserted to WSCredential. For SAML token issued from the listed trusted issuers, you can specify which attribute name and attribute name space define security realm, principal, and group memberships. All issuer names are trusted by default. The default principal name is NameId for SAML 2.0 or NameIdentifier for SAML 1.1. The default realm is set to be issuer name. If attribute to WSCredential mapping rule is not defined, the following default mapping rule is applied: 1. All issuers are trusted. 2. the realm is issuer name. 3. The principal is SAML NameID or NameIdentifier., and 4. The group memberships will be searched from a list of attribute names, including "group", "groups", "groupmembership", 'membership", "members", "memberof", "memberOf", "groupid", "role", "roles", "PrimaryGroupId", and "GroupIds".The custom property "issuer" is trusted issuer name whose name is
issuer_n
wheren
is an integer.The custom property "principalName" is the attribute name for principal whose name is
principalNamen
wheren
is an integer.The custom property "principalNamespace" is the attribute name space for principal whose name is
principalNamespace_n
wheren
is an integer.The custom property "realmName" is the attribute name for realm whose name is
realmName_n
wheren
is an integer.The custom property "realmNamespace" is the attribute name space for realm whose name is
realmNamespace_n
wheren
is an integer.The custom property "groupName" is the attribute name for groups whose name is
groupName_n
wheren
is an integer.The custom property "groupNamespace" is the attribute name space for groups whose name is
groupNamespace_n
wheren
is an integer.The custom property "realmNameRange" is a white space delimited String that lists all names could be used as trusted realm whose name is
realmNameRange_n
wheren
is an integer.The custom property "uniqueId" is the attribute name for WebSphere credential's unique ID whose name is
uniqueId_n
wheren
is an integer.The custom property "uniqueIdNamespace" is the attribute name space for WebSphere credential's unique ID whose name is
uniqueIdNamespace_n
wheren
is an integer.- See Also:
SAMLToken
,SAMLIdAssertionCallback
-
-
Field Summary
Fields Modifier and Type Field and Description static java.lang.String
ACCESSID
static java.lang.String
ACCESSIDNAMESPACE
static java.lang.String
CROSS_DOMAIN_ID_ASSERTION
static java.lang.String
GROUPNAMESPACE
static java.lang.String
GROUPS
static java.lang.String
ISSUER
static java.lang.String
PRINCIPAL
static java.lang.String
PRINCIPALNAMESPACE
static java.lang.String
REALM
static java.lang.String
REALM_RANGE
static java.lang.String
REALMNAMESPACE
static java.lang.String
USEISSUERNAMEFORREALM
static java.lang.String
USENAMEQUALIFIERFORREALM
-
Constructor Summary
Constructors Constructor and Description SAMLIdAssertionCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
-
Method Summary
Methods Modifier and Type Method and Description void
handle(javax.security.auth.callback.Callback[] callbacks)
-
-
-
Field Detail
-
ISSUER
public static final java.lang.String ISSUER
-
PRINCIPAL
public static final java.lang.String PRINCIPAL
-
PRINCIPALNAMESPACE
public static final java.lang.String PRINCIPALNAMESPACE
-
GROUPS
public static final java.lang.String GROUPS
-
GROUPNAMESPACE
public static final java.lang.String GROUPNAMESPACE
-
REALM
public static final java.lang.String REALM
-
REALMNAMESPACE
public static final java.lang.String REALMNAMESPACE
-
CROSS_DOMAIN_ID_ASSERTION
public static final java.lang.String CROSS_DOMAIN_ID_ASSERTION
-
REALM_RANGE
public static final java.lang.String REALM_RANGE
-
ACCESSID
public static final java.lang.String ACCESSID
-
ACCESSIDNAMESPACE
public static final java.lang.String ACCESSIDNAMESPACE
-
USENAMEQUALIFIERFORREALM
public static final java.lang.String USENAMEQUALIFIERFORREALM
-
USEISSUERNAMEFORREALM
public static final java.lang.String USEISSUERNAMEFORREALM
-
-
Constructor Detail
-
SAMLIdAssertionCallbackHandler
public SAMLIdAssertionCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
-
-
Method Detail
-
handle
public void handle(javax.security.auth.callback.Callback[] callbacks) throws java.io.IOException, javax.security.auth.callback.UnsupportedCallbackException
- Specified by:
handle
in interfacejavax.security.auth.callback.CallbackHandler
- Throws:
java.io.IOException
javax.security.auth.callback.UnsupportedCallbackException
-
-