com.ibm.websphere.wssecurity.callbackhandler

Class SAMLConsumeCallback

  • java.lang.Object
    • com.ibm.websphere.wssecurity.callbackhandler.SAMLConsumeCallback
  • All Implemented Interfaces:
    javax.security.auth.callback.Callback

    public class SAMLConsumeCallback
extends java.lang.Object
implements javax.security.auth.callback.Callback
    This is a Callback class used to collect configuration data associated with the consumer of an incoming SAML token. It is important to note that an incoming token (inbound request) is checked for expiration using the token's own expiration date and the clock skew between the sending and the receiving system. The expiration date of the token must be above the current time minus the clock skew value. The default clock skew is set to: 3 minutes.
    A SAML token remains valid in the process if it was valid at the time the process received that token.
    See Also:
    SAMLToken, SAMLTokenFactory

    • Method Summary

      Methods 
      Modifier and Type Method and Description
      boolean enforceAudienceRestriction()
      Returns the flag whether AudienceRestriction assertion validation is required.
      boolean enforceOneTimeUse()
      Returns the flag whether OneTimeUse or DoNotCacheCondition assertion validation is required.
      java.lang.String getAlias()
      Returns the alias name used by the consumer of the SAML token in its keyStore.
      boolean getAllowUnencKey()
      Gets setting for allowing an Unencrypted key in a Holder of Key token.
      long getClockSkew()
      Returns the time in milliseconds that is allowed for clock skew between the token issuer and the consumer.
      java.lang.String getConfirmationMethod()
      Returns the ConfirmationMethod to be used when requesting/generating a SAML token.
      java.util.List<java.lang.String> getCRLPaths() 
      java.lang.String getKeyName()
      Returns the name of the key used by the token consumer.
      char[] getKeyPassword()
      Returns the password for recovering the key.
      char[] getKeyStorePassword()
      Returns the password for the keyStore used by the consumer of the SAML token.
      java.lang.String getKeyStorePath()
      Returns the file path for the keyStore used by the consumer of the SAML token.
      java.lang.String getKeyStoreReference()
      Returns the reference name of the keyStore used by the token consumer (e.g. a service).
      java.lang.String getKeyStoreType()
      Returns the type of the keyStore used by the consumer of the SAML token.
      com.ibm.wsspi.wssecurity.core.config.TrustedEntryConfig getTrustedEntries() 
      java.util.ArrayList<java.lang.String[]> getTrustedIssuers() 
      java.lang.String getTrustedSTSAlias()
      Returns the alias used to locate the key used by the SAML token issuer.
      char[] getTrustStorePassword()
      Returns the password for the trustStore used by the token consumer.
      java.lang.String getTrustStorePath()
      Returns the file path to the trustStore used by the token consumer.
      java.lang.String getTrustStoreRef()
      Returns the reference name of the trustStore used by the token consumer.
      java.lang.String getTrustStoreType()
      Returns the type of the trustStore used by the token consumer.
      java.util.List<java.lang.String> getX509Paths()
      Gets the set of intermediate certificate files
      boolean isSignatureRequired()
      Returns the flag whether signature on the SAML token from the issuer is required.
      boolean isTrustAnySigner()
      Returns the flag whether to trust any SAML token issuer.
      void setAlias(java.lang.String alias)
      Sets the key alias name in the consumer's keyStore.
      void setAllowUnencKey(boolean value)
      Sets setting for allowing an Unencrypted key in a Holder of Key token.
      void setClockSkew(long time)
      Sets the time in milliseconds that is allowed for clock skew between the token issuer and the consumer.
      void setConfirmationMethod(java.lang.String method)
      Sets the type of Subject ConfirmationMethod to be used by the token requester.
      void setCRLPath(java.util.List value)
      Sets revoked certificate list file.
      void setEnforceAudienceRestriction(boolean flag)
      Set the flag whether AudienceRestriction validation is required.
      void setEnforceOneTimeUse(boolean flag)
      Set the flag whether OneTimeUse or DoNotCacheCondition validation is required.
      void setIsSignatureRequired(boolean option)
      Set the flag whether signature by the SAML token issuer is required.
      void setKeyName(java.lang.String keyName)
      Sets the name of the key used by the token consumer.
      void setKeyPassword(char[] keyPassword)
      Sets the password for recovering the key.
      void setKeyStorePassword(char[] keyStorePassword)
      Sets the type of the keyStore used by the consumer of the SAML token.
      void setKeyStorePath(java.lang.String keyStorePath)
      Sets the file path for the keyStore used by the consumer of the SAML token..
      void setKeyStoreReference(java.lang.String keyStoreRef)
      Sets the reference name of the keyStore used by the token consumer (e.g. a service).
      void setKeyStoreType(java.lang.String keyStoreType)
      Sets the type of the keyStore by the consumer of the SAML token.
      void setTrustAnySigner(boolean option)
      Sets the flag whether to trust any SAML token issuer.
      void setTrustedEntries(com.ibm.wsspi.wssecurity.core.config.TrustedEntryConfig te) 
      void setTrustedIssuers(java.util.ArrayList<java.lang.String[]> issuers)
      Deprecated. 
      void setTrustedSTSAlias(java.lang.String alias)
      Sets alias name for the key used by the SAML token issuer
      void setTrustStorePassword(char[] passwd)
      Sets the password for the trustStore used by the token consumer.
      void setTrustStorePath(java.lang.String path)
      Sets the file path to the trustStore used by the token consumer.
      void setTrustStoreRef(java.lang.String ref)
      Sets the reference name of the truStstore used by the token consumer.
      void setTrustStoreType(java.lang.String type)
      Sets the type of the trustStore used by the token consumer.
      void setX509Path(java.util.List value)
      Sets intermediate certificate file list.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • SAMLConsumeCallback

        public SAMLConsumeCallback()

    • Method Detail

      • getKeyStoreReference

        public java.lang.String getKeyStoreReference()
        Returns the reference name of the keyStore used by the token consumer (e.g. a service).
        Returns:
        reference name of the keyStore of the token consumer.

      • setKeyStoreReference

        public void setKeyStoreReference(java.lang.String keyStoreRef)
        Sets the reference name of the keyStore used by the token consumer (e.g. a service).
        Parameters:
        keyStoreRef - string representing the reference name of the keyStore.

      • getKeyStorePath

        public java.lang.String getKeyStorePath()
        Returns the file path for the keyStore used by the consumer of the SAML token.
        Returns:
        String that contains the path of the keyStore.

      • setKeyStorePath

        public void setKeyStorePath(java.lang.String keyStorePath)
        Sets the file path for the keyStore used by the consumer of the SAML token..
        Parameters:
        keyStorePath - string representing the path to the keyStore.

      • getKeyStoreType

        public java.lang.String getKeyStoreType()
        Returns the type of the keyStore used by the consumer of the SAML token.
        Returns:
        type of the keyStore

      • setKeyStoreType

        public void setKeyStoreType(java.lang.String keyStoreType)
        Sets the type of the keyStore by the consumer of the SAML token.
        Parameters:
        keyStoreType - string representing the type of the keyStore

      • getKeyStorePassword

        public char[] getKeyStorePassword()
        Returns the password for the keyStore used by the consumer of the SAML token.
        Returns:
        charcter array that contains the password used to check the integrity or unlock the keyStore used by the consumer of a SAML token.

      • setKeyStorePassword

        public void setKeyStorePassword(char[] keyStorePassword)
        Sets the type of the keyStore used by the consumer of the SAML token.
        Parameters:
        keyStorePassword - character array that contains the password used to check the integrity or unlock the keyStore for the consumer of the SAML token.

      • getAlias

        public java.lang.String getAlias()
        Returns the alias name used by the consumer of the SAML token in its keyStore.
        Returns:
        alias string representing the key alias name.

      • setAlias

        public void setAlias(java.lang.String alias)
        Sets the key alias name in the consumer's keyStore.
        Parameters:
        alias - string representing the alias name.

      • getKeyPassword

        public char[] getKeyPassword()
        Returns the password for recovering the key.
        Returns:
        character array that contains the password used for recovering the key.

      • setKeyPassword

        public void setKeyPassword(char[] keyPassword)
        Sets the password for recovering the key.
        Parameters:
        keyPassword - character array that contains the password for recovering the key.

      • getKeyName

        public java.lang.String getKeyName()
        Returns the name of the key used by the token consumer.
        Returns:
        String that contains the key.

      • setKeyName

        public void setKeyName(java.lang.String keyName)
        Sets the name of the key used by the token consumer.
        Parameters:
        keyName - string that contains the name of the key.

      • getTrustStoreRef

        public java.lang.String getTrustStoreRef()
        Returns the reference name of the trustStore used by the token consumer.
        Returns:
        String containing the name of the trustStore reference.

      • setTrustStoreRef

        public void setTrustStoreRef(java.lang.String ref)
        Sets the reference name of the truStstore used by the token consumer.
        Parameters:
        ref - string that contains the reference name of the trustStore.

      • getTrustStorePath

        public java.lang.String getTrustStorePath()
        Returns the file path to the trustStore used by the token consumer.
        Returns:
        String that contains the path to the trustStore.

      • setTrustStorePath

        public void setTrustStorePath(java.lang.String path)
        Sets the file path to the trustStore used by the token consumer.
        Parameters:
        path - String that contains the path to the trustStore.

      • getTrustStoreType

        public java.lang.String getTrustStoreType()
        Returns the type of the trustStore used by the token consumer.
        Returns:
        String that contains the type of the trustStore.

      • setTrustStoreType

        public void setTrustStoreType(java.lang.String type)
        Sets the type of the trustStore used by the token consumer.
        Parameters:
        type - a string that contains the type of trustStore.

      • getTrustStorePassword

        public char[] getTrustStorePassword()
        Returns the password for the trustStore used by the token consumer.
        Returns:
        character array that contains the password used to check the integrity of the trustStore or to unlock it.

      • setTrustStorePassword

        public void setTrustStorePassword(char[] passwd)
        Sets the password for the trustStore used by the token consumer.
        Parameters:
        storePassword - a character array that contains the password used to check the integrity of the trustStore or to unlock it.

      • getTrustedSTSAlias

        public java.lang.String getTrustedSTSAlias()
        Returns the alias used to locate the key used by the SAML token issuer.
        Returns:
        String that contains the alias for the key used by the issuer of the SAML token.

      • setTrustedSTSAlias

        public void setTrustedSTSAlias(java.lang.String alias)
        Sets alias name for the key used by the SAML token issuer
        Parameters:
        alias - a string that contains the alias name.

      • isTrustAnySigner

        public boolean isTrustAnySigner()
        Returns the flag whether to trust any SAML token issuer.
        Returns:
        boolean value indicating whether to trust any SAML issuer.

      • setTrustAnySigner

        public void setTrustAnySigner(boolean option)
        Sets the flag whether to trust any SAML token issuer.
        Parameters:
        option - boolean for the flag whether to trust any SAML token issuer.

      • isSignatureRequired

        public boolean isSignatureRequired()
        Returns the flag whether signature on the SAML token from the issuer is required.
        Returns:
        the flag whether SAML issuer should sign the SAML assertion. The default behavior is that Signature from SAML issuer is required.

      • setIsSignatureRequired

        public void setIsSignatureRequired(boolean option)
        Set the flag whether signature by the SAML token issuer is required.
        Parameters:
        option - boolean flag whether the signature by the SAML token issuer is required.

      • getClockSkew

        public long getClockSkew()
        Returns the time in milliseconds that is allowed for clock skew between the token issuer and the consumer. The clock skew is used when checking for the expiration of the token on an Inbound request. The expiration time of the token needs to be above the current time minus the clock skew.
        Returns:
        the time in milliseconds allowed for clock skew. The default clock skew is 3 minutes.

      • setClockSkew

        public void setClockSkew(long time)
        Sets the time in milliseconds that is allowed for clock skew between the token issuer and the consumer. The clock skew is used when checking for the expiration of the token on an Inbound request. The expiration time of the token needs to be above the current time minus the clock skew.
        Parameters:
        time - a long integer representing time for the clockSkew value in milliseconds.

      • enforceOneTimeUse

        public boolean enforceOneTimeUse()
        Returns the flag whether OneTimeUse or DoNotCacheCondition assertion validation is required.
        Returns:
        the flag whether OneTimeUse or DoNotCacheCondition assertion validation is required. The default behavior is that OneTimeUse or DoNotCacheCondition assertion validation from SAML issuer is required.

      • enforceAudienceRestriction

        public boolean enforceAudienceRestriction()
        Returns the flag whether AudienceRestriction assertion validation is required.
        Returns:
        the flag whether AudienceRestriction assertion validation is required. The default behavior is that AudienceRestriction from SAML issuer is required.

      • setEnforceOneTimeUse

        public void setEnforceOneTimeUse(boolean flag)
        Set the flag whether OneTimeUse or DoNotCacheCondition validation is required.
        Parameters:
        option - boolean flag whether OneTimeUse or DoNotCacheCondition validation is required.

      • setEnforceAudienceRestriction

        public void setEnforceAudienceRestriction(boolean flag)
        Set the flag whether AudienceRestriction validation is required.
        Parameters:
        option - boolean flag whether AudienceRestriction validation is required.

      • getTrustedIssuers

        public java.util.ArrayList<java.lang.String[]> getTrustedIssuers()
        Returns:
        a list of trusted SAML Issuers, each contains Issuer name and/or Signer certificate's SubjectDN

      • setTrustedIssuers

        @Deprecated
public void setTrustedIssuers(java.util.ArrayList<java.lang.String[]> issuers)
        Deprecated. 

      • getConfirmationMethod

        public java.lang.String getConfirmationMethod()
        Returns the ConfirmationMethod to be used when requesting/generating a SAML token.
        Returns:
        the required Subject ConfirmationMethod. The valid values are "holder-of-key", "bearer", or "sender-vouches"

      • setConfirmationMethod

        public void setConfirmationMethod(java.lang.String method)
        Sets the type of Subject ConfirmationMethod to be used by the token requester.
        Parameters:
        method - a string identifying the Subject ConfirmationMethod.

      • getCRLPaths

        public java.util.List<java.lang.String> getCRLPaths()

      • getX509Paths

        public java.util.List<java.lang.String> getX509Paths()
        Gets the set of intermediate certificate files
        Returns:
        List of X509 Certificate files

      • setX509Path

        public void setX509Path(java.util.List value)
        Sets intermediate certificate file list.
        Parameters:
        X509 - Certificate List

      • setCRLPath

        public void setCRLPath(java.util.List value)
        Sets revoked certificate list file.
        Parameters:
        revoked - certificate list file

      • setAllowUnencKey

        public void setAllowUnencKey(boolean value)
        Sets setting for allowing an Unencrypted key in a Holder of Key token.
        Parameters:
        value - boolean flag whether to allow an Unencrypted key in a Holder of Key token

      • getAllowUnencKey

        public boolean getAllowUnencKey()
        Gets setting for allowing an Unencrypted key in a Holder of Key token. Default behavior is to allow an unencrypted key.

      • setTrustedEntries

        public void setTrustedEntries(com.ibm.wsspi.wssecurity.core.config.TrustedEntryConfig te)

      • getTrustedEntries

        public com.ibm.wsspi.wssecurity.core.config.TrustedEntryConfig getTrustedEntries()
IBM WebSphere Application ServerTM
Release 8.5