com.ibm.websphere.wssecurity.wssapi.token

Interface SAMLToken

    • Field Detail

      • GET_SAMLATTRIBUTES_PERM

        static final java.security.SecurityPermission GET_SAMLATTRIBUTES_PERM
        this is the java2 security permission needed to retrieve attributes from a SAML token.

    • Method Detail

      • getSamlID

        java.lang.String getSamlID()
        Retrieves the identifier associated with this SAML assertion.
        Returns:
        a string representing the ID for SAML 2.0, or AssertionID for SAML 1.1.

      • getAssertionQName

        javax.xml.namespace.QName getAssertionQName()
        Return SAML Assertion namespace, defined in a schema SAML-XSD.
        Returns:
        SAML Assertion namespace, defined in a schema SAML-XSD It is "urn:oasis:names:tc:SAML:1.0:assertion" for SAML 1.1, and "urn:oasis:names:tc:SAML:2.0:assertion" for SAML 2.0.

      • getSamlExpires

        java.util.Date getSamlExpires()
        Return SAML Expiration time.
        Returns:
        SAML Token expiration time, which is delimited by the NotOnOrAfter attribute in element.

      • getSamlCreated

        java.util.Date getSamlCreated()
        Retrieves the SAML assertion creation date.
        Returns:
        SAML Token creation Date based on the NotBefore attribute in element.

      • getConfirmationMethod

        java.lang.String getConfirmationMethod()
        Retrieves the Subject Confirmation Method used in this SAML token. based on the SAML token profile for versions 1.1 and 2.0.
        Returns:
        SAML SubjectConfirmation Method, and valid method is holder-of-key, bearer, or sender-vouches. the returned string is based on the OASIS SAML token profile 1.1 and SAML token profile 2.0.
        See Also:
        OASIS SAML Token Profile 1.1, OASIS SAML Token Profile 2.0

      • getHolderOfKeyBytes

        byte[] getHolderOfKeyBytes()
        Retrieves the key bytes from the Holder-of-Key Element of this SAML token.
        Returns:
        the shared secret key bytes for a symmetric holder-of-key assertion.

      • getSAMLIssuerName

        java.lang.String getSAMLIssuerName()
        Retrieves the name of issuer.
        Returns:
        issuer name of the SAML authority responsible for the claims in the SAML assertion.

      • getSAMLIssuerFormat

        java.lang.String getSAMLIssuerFormat()
        Retrieves the format of the issuer element for SAML 2.0 assertions.
        Returns:
        issuer format

      • getAuthenticationMethod

        java.lang.String getAuthenticationMethod()
        Retrieves the authentication method that was used to authenticate the token holder.
        Returns:
        the authentication method that took place prior to the token's creation. For example "password", "kerberos", "ltpa".

      • getAuthenticationInstant

        java.util.Date getAuthenticationInstant()
        Retrieves the authentication time when the token holder is authenticated.
        Returns:
        the authentication time when the token holder is authenticated.

      • getSubjectDNS

        java.lang.String getSubjectDNS()
        Retrieves DNSAddress in SubjectLocality.
        Returns:
        DNSAddress in SubjectLocality.

      • getSubjectIPAddress

        java.lang.String getSubjectIPAddress()
        Retrieves IPAddress in SubjectLocality.
        Returns:
        IPAddress in SubjectLocality.

      • getAudienceRestriction

        java.util.List<java.lang.String> getAudienceRestriction()
        Retrieves AudienceRestriction String name list.
        Returns:
        AudienceRestriction String name list.

      • isOneTimeUse

        boolean isOneTimeUse()
        Retrieves flag to indicate OneTimeUse or DoNotCacheCondition.
        Returns:
        flag to indicate OneTimeUse or DoNotCacheCondition.

      • hasProxyRestriction

        boolean hasProxyRestriction()
        Retrieves flag to indicate ProxyRestriction.
        Returns:
        flag to indicate ProxyRestriction.

      • getProxyRestrictionCount

        long getProxyRestrictionCount()
        Retrieves number of ProxyRestriction Count.
        Returns:
        number of ProxyRestriction Count.

      • getroxyRestrictionAudience

        java.util.List<java.lang.String> getroxyRestrictionAudience()
        Retrieves String list of ProxyRestriction Audience.
        Returns:
        String list of ProxyRestriction Audience.

      • getSAMLAttributes

        java.util.List<com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute> getSAMLAttributes()
        Retrieves the list of all attributes contained in the SAML token. When the token is in "readOnly" mode, a copy of the token's SAMLAttribute list is returned. Any updates made to the list will not be reflected in the token XML.

        This method method requires the "wssapi.SAMLToken.getSAMLAttributes" Java Security permission .

      • getStringAttributes

        java.util.Map<java.lang.String,java.lang.String> getStringAttributes()
        Retrieves a Map of SAML attributes that consist of single (key, string value) pairs only.
        Returns:
        a Map of SAML Attributes that consist of single key with single String value. To get a complete Attribute list, use method getSAMLAttributes().

      • getSAMLNameID

        com.ibm.wsspi.wssecurity.saml.data.SAMLNameID getSAMLNameID()
        Retrieves SAML NameId or NameIdentifier assertion associated with the token holder.
        Returns:
        SAML NameID or NameIdentifier assertion associated with the token holder.

      • setTokenReadOnly

        void setTokenReadOnly()
        sets the SAMLToken to read only mode, meaning when we get any kind of SAMLAtributes, we return only copies instead of direct references. This will prevent modifications to SAMLToken attributes held in the token.

      • isReadOnly

        boolean isReadOnly()
        Retrieves readOnly flag.
        Returns:
        readOnly flag.

      • getXMLInputStream

        java.io.InputStream getXMLInputStream()
                                      throws WSSException
        Retrieves InputSream form of SAML Assertion.
        Returns:
        an InputStream form of SAML Assertion.
        Throws:
        WSSException

      • getSignerCertificate

        java.security.cert.X509Certificate getSignerCertificate()
        Retrieves SAML signer's X.509 Certificate
        Returns:
        SAML signer's X.509 Certificate

      • addSAMLAttribute

        void addSAMLAttribute(com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute attr)
                      throws java.lang.Exception
        Adds a SAMLAttribute to the SAML token. If more than one AttributeStatment exists in the SAML token, the new attribute will be added to the first AttributeStatement in the XML. Since adding attributes to a token will invalidate a digital signature, if a digital signature is present in the XML, it will be removed.

        Encrypted Assertions and encrypted attributes are not supported.

        If you want the SAML token to contain a digital signature, after the token has been modified, create a new SAMLToken using SAMLTokenFactory.newSAMLToken(SAMLToken, RequesterConfig, ProviderConfig).

        This method requires the SecurityPermission("wssapi.SAMLToken.getSAMLAttributes) Java Security permission.
        Parameters:
        attr - is the SAMLAttribute to add to the token
        Throws:
        java.lang.Exception

      • addSAMLAttribute

        void addSAMLAttribute(java.util.List<com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute> attrList)
                      throws java.lang.Exception
        Adds a list of SAMLAttributes to the SAML token. If more than one AttributeStatment exists in the SAML token, the new attributes will be added to the first AttributeStatement in the XML. Since adding attributes to a token will invalidate a digital signature, if a digital signature is present in the XML, it will be removed.

        Encrypted Assertions and encrypted attributes are not supported.

        If you want the SAML token to contain a digital signature, after the token has been modified, create a new SAMLToken using SAMLTokenFactory.newSAMLToken(SAMLToken, RequesterConfig, ProviderConfig).

        This method requires the SecurityPermission("wssapi.SAMLToken.getSAMLAttributes") Java Security permission.
        Parameters:
        attrList - is the List of SAMLAttributes to add to the token
        Throws:
        java.lang.Exception

      • deleteSAMLAttribute

        void deleteSAMLAttribute(com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute attr)
                         throws java.lang.Exception
        Delete a SAMLAttribute that matches the input from a SAML token. For a SAML 2.0 token, the Name, FriendlyName, NameFormat, and AttributeNamespace will be matched. For a SAML 1.1 token, the AttributeName and AttributeNamespace will be matched; all other fields will be ignored. All matching SAMLAttributes will be deleted. Since deleting an attribute from a token will invalidate a digital signature, if a digital signature is present in the XML, it will be removed.

        Encrypted Assertions and encrypted attributes are not supported.

        If you want the SAML token to contain a digital signature, after the token has been modified, create a new SAMLToken using SAMLTokenFactory.newSAMLToken(SAMLToken, RequesterConfig, ProviderConfig).

        This method requires the SecurityPermission("wssapi.SAMLToken.getSAMLAttributes) Java Security permission.
        Parameters:
        attr - is the SAMLAttribute to delete from the token
        Throws:
        java.lang.Exception
IBM WebSphere Application ServerTM
Release 9.0