com.ibm.websphere.wssecurity.callbackhandler
Class SAMLIdAssertionCallback
- java.lang.Object
-
- com.ibm.websphere.wssecurity.callbackhandler.SAMLIdAssertionCallback
-
- All Implemented Interfaces:
- javax.security.auth.callback.Callback
public class SAMLIdAssertionCallback extends java.lang.Object implements javax.security.auth.callback.Callback
This is a callback class for asserting SAMLToken to WebSphere WSCredential- See Also:
SAMLToken
,SAMLIdAssertionCallbackHandler
-
-
Field Summary
Fields Modifier and Type Field and Description static java.util.ArrayList<java.lang.String>
defaultGroupNameList
static java.lang.String
GROUP
static java.lang.String
GROUP_IDS
static java.lang.String
GROUPIDS
static java.lang.String
GROUPMEMBERSHIP
static java.lang.String
GROUPS
static java.lang.String
MEMBEROF
static java.lang.String
MEMBEROF_1
static java.lang.String
MEMBERS
static java.lang.String
MEMBERSHIP
static java.lang.String
PRIMARY_GROUP
static java.lang.String
ROLE
static java.lang.String
ROLES
static java.lang.String
WSCREDENTIAL_ACCESS_ID
static java.lang.String
WSCREDENTIAL_NAMESPACE
-
Constructor Summary
Constructors Constructor and Description SAMLIdAssertionCallback()
-
Method Summary
Methods Modifier and Type Method and Description java.util.ArrayList<java.lang.String[]>
getCredentialList()
Returns a list of trusted credential's identifiers, each identifier includes issuer name, optional SAML attribute name and attribute namespace for principal, optional SAML attribute name and attribute namespace for realm, and optional SAML attribute name and attribute namespace for group memberships.boolean
isCrossDomainIdAssertion()
boolean
isUseIssuerNameForRealm()
boolean
isUseNameQualifierForRealm()
void
setCredentialList(java.util.ArrayList<java.lang.String[]> credList)
Sets a list of trusted credential's identifiers, each identifier includes security domain name, optional SAML attribute name and attribute namespace for principal, optional SAML attribute name and attribute namespace for realm, and optional SAML attribute name and attribute namespace for group memberships.void
setCrossDomainIdAssertion(boolean flag)
sets flag of cross security domain ID assertion.void
setUseIssuerNameForRealm(boolean flag)
sets flag to use Issuer name for realm if SAML is issued from WSCredential.void
setUseNameQualifierForRealm(boolean flag)
sets flag to use NameQualifier for realm if SAML is not issued from WSCredential.
-
-
-
Field Detail
-
GROUPS
public static final java.lang.String GROUPS
- See Also:
- Constant Field Values
-
GROUP
public static final java.lang.String GROUP
- See Also:
- Constant Field Values
-
MEMBEROF
public static final java.lang.String MEMBEROF
- See Also:
- Constant Field Values
-
MEMBEROF_1
public static final java.lang.String MEMBEROF_1
- See Also:
- Constant Field Values
-
MEMBERSHIP
public static final java.lang.String MEMBERSHIP
- See Also:
- Constant Field Values
-
GROUPMEMBERSHIP
public static final java.lang.String GROUPMEMBERSHIP
- See Also:
- Constant Field Values
-
MEMBERS
public static final java.lang.String MEMBERS
- See Also:
- Constant Field Values
-
GROUPIDS
public static final java.lang.String GROUPIDS
- See Also:
- Constant Field Values
-
ROLE
public static final java.lang.String ROLE
- See Also:
- Constant Field Values
-
ROLES
public static final java.lang.String ROLES
- See Also:
- Constant Field Values
-
GROUP_IDS
public static final java.lang.String GROUP_IDS
- See Also:
- Constant Field Values
-
PRIMARY_GROUP
public static final java.lang.String PRIMARY_GROUP
- See Also:
- Constant Field Values
-
defaultGroupNameList
public static java.util.ArrayList<java.lang.String> defaultGroupNameList
-
WSCREDENTIAL_ACCESS_ID
public static final java.lang.String WSCREDENTIAL_ACCESS_ID
- See Also:
- Constant Field Values
-
WSCREDENTIAL_NAMESPACE
public static final java.lang.String WSCREDENTIAL_NAMESPACE
- See Also:
- Constant Field Values
-
-
Method Detail
-
setCredentialList
public void setCredentialList(java.util.ArrayList<java.lang.String[]> credList)
Sets a list of trusted credential's identifiers, each identifier includes security domain name, optional SAML attribute name and attribute namespace for principal, optional SAML attribute name and attribute namespace for realm, and optional SAML attribute name and attribute namespace for group memberships. The default principal is SAML NameIdentifer for SAML 1.1 or NameId for SAML 2.0 The default issuer name is any issuer name. The default realm name is SAML issuer name. The default group memberships are all attribute names: groups, group, memberof, groupmembership, membership, members, and groupid.- Parameters:
credList
- A list of trusted credential's identifiers.
-
getCredentialList
public java.util.ArrayList<java.lang.String[]> getCredentialList()
Returns a list of trusted credential's identifiers, each identifier includes issuer name, optional SAML attribute name and attribute namespace for principal, optional SAML attribute name and attribute namespace for realm, and optional SAML attribute name and attribute namespace for group memberships.- Returns:
- A list of trusted credential's identifiers
-
setCrossDomainIdAssertion
public void setCrossDomainIdAssertion(boolean flag)
sets flag of cross security domain ID assertion. The SAML NameID or NameIdentifier and SAML attributes will be used to generate WSCredential without user registry lookup if this property is set to true.- Parameters:
flag
- A flag if cross security domain ID assertion enabled
-
isCrossDomainIdAssertion
public boolean isCrossDomainIdAssertion()
- Returns:
- the flag if cross security domain ID assertion enabled.
-
setUseNameQualifierForRealm
public void setUseNameQualifierForRealm(boolean flag)
sets flag to use NameQualifier for realm if SAML is not issued from WSCredential. The SAML issuer name is used as foreign realm if this property is not set.- Parameters:
flag
- A flag if cross security domain ID assertion enabled
-
isUseNameQualifierForRealm
public boolean isUseNameQualifierForRealm()
- Returns:
- the flag if use NameQualifier for realm if SAML is not issued from WSCredential
-
setUseIssuerNameForRealm
public void setUseIssuerNameForRealm(boolean flag)
sets flag to use Issuer name for realm if SAML is issued from WSCredential. The NameQualifier is used as foreign realm if this property is not set.- Parameters:
flag
- A flag if cross security domain ID assertion enabled
-
isUseIssuerNameForRealm
public boolean isUseIssuerNameForRealm()
- Returns:
- the flag if use NameQualifier for realm if SAML is issued from WSCredential.
-
-