com.ibm.websphere.wssecurity.callbackhandler

Class SAMLIdAssertionCallbackHandler

  • java.lang.Object
    • com.ibm.websphere.wssecurity.callbackhandler.SAMLIdAssertionCallbackHandler
  • All Implemented Interfaces:
    javax.security.auth.callback.CallbackHandler


    public class SAMLIdAssertionCallbackHandler
    extends java.lang.Object
    implements javax.security.auth.callback.CallbackHandler
    This class is a callback handler for asserting SAMLToken to WebSphere WSCredential. This callback handler define rules to map SAMLToken attributes to WebSphere WSCredential. You use this handler to specify a list of trusted SAML issuer names from who attributes might be asserted to WSCredential. For SAML token issued from the listed trusted issuers, you can specify which attribute name and attribute name space define security realm, principal, and group memberships. All issuer names are trusted by default. The default principal name is NameId for SAML 2.0 or NameIdentifier for SAML 1.1. The default realm is set to be issuer name. If attribute to WSCredential mapping rule is not defined, the following default mapping rule is applied: 1. All issuers are trusted. 2. the realm is issuer name. 3. The principal is SAML NameID or NameIdentifier., and 4. The group memberships will be searched from a list of attribute names, including "group", "groups", "groupmembership", 'membership", "members", "memberof", "memberOf", "groupid", "role", "roles", "PrimaryGroupId", and "GroupIds".

    The custom property "issuer" is trusted issuer name whose name is issuer_n where n is an integer.

    The custom property "principalName" is the attribute name for principal whose name is principalNamen where n is an integer.

    The custom property "principalNamespace" is the attribute name space for principal whose name is principalNamespace_n where n is an integer.

    The custom property "realmName" is the attribute name for realm whose name is realmName_n where n is an integer.

    The custom property "realmNamespace" is the attribute name space for realm whose name is realmNamespace_n where n is an integer.

    The custom property "groupName" is the attribute name for groups whose name is groupName_n where n is an integer.

    The custom property "groupNamespace" is the attribute name space for groups whose name is groupNamespace_n where n is an integer.

    The custom property "realmNameRange" is a white space delimited String that lists all names could be used as trusted realm whose name is realmNameRange_n where n is an integer.

    The custom property "uniqueId" is the attribute name for WebSphere credential's unique ID whose name is uniqueId_n where n is an integer.

    The custom property "uniqueIdNamespace" is the attribute name space for WebSphere credential's unique ID whose name is uniqueIdNamespace_n where n is an integer.

    See Also:
    SAMLToken, SAMLIdAssertionCallback
    • Field Detail

      • ISSUER

        public static final java.lang.String ISSUER
      • PRINCIPAL

        public static final java.lang.String PRINCIPAL
      • PRINCIPALNAMESPACE

        public static final java.lang.String PRINCIPALNAMESPACE
      • GROUPS

        public static final java.lang.String GROUPS
      • GROUPNAMESPACE

        public static final java.lang.String GROUPNAMESPACE
      • REALM

        public static final java.lang.String REALM
      • REALMNAMESPACE

        public static final java.lang.String REALMNAMESPACE
      • CROSS_DOMAIN_ID_ASSERTION

        public static final java.lang.String CROSS_DOMAIN_ID_ASSERTION
      • REALM_RANGE

        public static final java.lang.String REALM_RANGE
      • ACCESSID

        public static final java.lang.String ACCESSID
      • ACCESSIDNAMESPACE

        public static final java.lang.String ACCESSIDNAMESPACE
      • USENAMEQUALIFIERFORREALM

        public static final java.lang.String USENAMEQUALIFIERFORREALM
      • USEISSUERNAMEFORREALM

        public static final java.lang.String USEISSUERNAMEFORREALM
    • Constructor Detail

      • SAMLIdAssertionCallbackHandler

        public SAMLIdAssertionCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
    • Method Detail

      • handle

        public void handle(javax.security.auth.callback.Callback[] callbacks)
                    throws java.io.IOException,
                           javax.security.auth.callback.UnsupportedCallbackException
        Specified by:
        handle in interface javax.security.auth.callback.CallbackHandler
        Throws:
        java.io.IOException
        javax.security.auth.callback.UnsupportedCallbackException
IBM WebSphere Application ServerTM
Release 9.0