SAMLIdAssertionCallbackHandler (IBM WebSphere Application Server, Release 8.5)

java.lang.Object
- com.ibm.websphere.wssecurity.callbackhandler.SAMLIdAssertionCallbackHandler

All Implemented Interfaces:

javax.security.auth.callback.CallbackHandler
```
public class SAMLIdAssertionCallbackHandler
extends java.lang.Object
implements javax.security.auth.callback.CallbackHandler
```
This class is a callback handler for asserting SAMLToken to WebSphere WSCredential. This callback handler define rules to map SAMLToken attributes to WebSphere WSCredential. You use this handler to specify a list of trusted SAML issuer names from who attributes might be asserted to WSCredential. For SAML token issued from the listed trusted issuers, you can specify which attribute name and attribute name space define security realm, principal, and group memberships. All issuer names are trusted by default. The default principal name is NameId for SAML 2.0 or NameIdentifier for SAML 1.1. The default realm is set to be issuer name. If attribute to WSCredential mapping rule is not defined, the following default mapping rule is applied: 1. All issuers are trusted. 2. the realm is issuer name. 3. The principal is SAML NameID or NameIdentifier., and 4. The group memberships will be searched from a list of attribute names, including "group", "groups", "groupmembership", 'membership", "members", "memberof", "memberOf", "groupid", "role", "roles", "PrimaryGroupId", and "GroupIds".
The custom property "issuer" is trusted issuer name whose name is issuer_n where n is an integer.

The custom property "principalName" is the attribute name for principal whose name is principalNamen where n is an integer.

The custom property "principalNamespace" is the attribute name space for principal whose name is principalNamespace_n where n is an integer.

The custom property "realmName" is the attribute name for realm whose name is realmName_n where n is an integer.

The custom property "realmNamespace" is the attribute name space for realm whose name is realmNamespace_n where n is an integer.

The custom property "groupName" is the attribute name for groups whose name is groupName_n where n is an integer.

The custom property "groupNamespace" is the attribute name space for groups whose name is groupNamespace_n where n is an integer.

The custom property "realmNameRange" is a white space delimited String that lists all names could be used as trusted realm whose name is realmNameRange_n where n is an integer.

The custom property "uniqueId" is the attribute name for WebSphere credential's unique ID whose name is uniqueId_n where n is an integer.

The custom property "uniqueIdNamespace" is the attribute name space for WebSphere credential's unique ID whose name is uniqueIdNamespace_n where n is an integer.

See Also:
SAMLToken, SAMLIdAssertionCallback

Field Summary

Fields
Modifier and Type	Field and Description
`static java.lang.String`	`ACCESSID`
`static java.lang.String`	`ACCESSIDNAMESPACE`
`static java.lang.String`	`CROSS_DOMAIN_ID_ASSERTION`
`static java.lang.String`	`GROUPNAMESPACE`
`static java.lang.String`	`GROUPS`
`static java.lang.String`	`ISSUER`
`static java.lang.String`	`PRINCIPAL`
`static java.lang.String`	`PRINCIPALNAMESPACE`
`static java.lang.String`	`REALM`
`static java.lang.String`	`REALM_RANGE`
`static java.lang.String`	`REALMNAMESPACE`
`static java.lang.String`	`USEISSUERNAMEFORREALM`
`static java.lang.String`	`USENAMEQUALIFIERFORREALM`

Constructor Summary

Constructors
Constructor and Description

SAMLIdAssertionCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)

Constructors
Constructor and Description
`SAMLIdAssertionCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)`

Method Summary

Methods
Modifier and Type Method and Description

void handle(javax.security.auth.callback.Callback[] callbacks)
- Methods inherited from class java.lang.Object
  clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods
Modifier and Type	Method and Description
`void`	`handle(javax.security.auth.callback.Callback[] callbacks)`

Field Detail

ISSUER

public static final java.lang.String ISSUER

PRINCIPAL

public static final java.lang.String PRINCIPAL

PRINCIPALNAMESPACE

public static final java.lang.String PRINCIPALNAMESPACE

GROUPS

public static final java.lang.String GROUPS

GROUPNAMESPACE

public static final java.lang.String GROUPNAMESPACE

REALM

public static final java.lang.String REALM

REALMNAMESPACE

public static final java.lang.String REALMNAMESPACE

CROSS_DOMAIN_ID_ASSERTION

public static final java.lang.String CROSS_DOMAIN_ID_ASSERTION

REALM_RANGE

public static final java.lang.String REALM_RANGE

ACCESSID

public static final java.lang.String ACCESSID

ACCESSIDNAMESPACE

public static final java.lang.String ACCESSIDNAMESPACE

USENAMEQUALIFIERFORREALM

public static final java.lang.String USENAMEQUALIFIERFORREALM

USEISSUERNAMEFORREALM

public static final java.lang.String USEISSUERNAMEFORREALM

Constructor Detail

SAMLIdAssertionCallbackHandler

public SAMLIdAssertionCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)

Method Detail

handle

public void handle(javax.security.auth.callback.Callback[] callbacks)
            throws java.io.IOException,
                   javax.security.auth.callback.UnsupportedCallbackException

Specified by:: handle in interface javax.security.auth.callback.CallbackHandler
Throws:: java.io.IOException; javax.security.auth.callback.UnsupportedCallbackException

Methods inherited from class java.lang.Object

ISSUER

PRINCIPAL

PRINCIPALNAMESPACE

GROUPS

GROUPNAMESPACE

REALM

REALMNAMESPACE

CROSS_DOMAIN_ID_ASSERTION

REALM_RANGE

ACCESSID

ACCESSIDNAMESPACE

USENAMEQUALIFIERFORREALM

USEISSUERNAMEFORREALM

SAMLIdAssertionCallbackHandler

handle