SSOTokenManager (OpenAM Project 15.1.7-SNAPSHOT API)

java.lang.Object
- com.iplanet.sso.SSOTokenManager

```
public class SSOTokenManager
extends Object
```
SSOTokenManager is the final class that is the mediator between the SSO APIs and SSO providers. When an SSO client makes an API invocation, SSOTokenManager will delegate that call to the SSO provider/plug-in. The SSO provider will execute the call and return the results to SSOTokenManager, which in turn returns the results to the SSO client. This decouples the SSO clients from the actual SSO providers. You should be able to replace the SSO provider without having to modify the SSO client. However, the clients can invoke the class methods on the objects returned by the SSOTokenManager.
SSOTokenManager is a singleton class; there can be, at most, only one instance of SSOTokenManager in any given JVM.
SSOTokenManager currently supports only two kinds of provider: Grappa and OpenAM.
It is assumed that the provider classes or the JAR file is in the CLASSPATH so that they can be found automatically. Providers can be configured using providerimplclass property. This property must be set to the complete (absolute) package name of the main class of the provider. For example, if the provider class is com.iplanet.sso.providers.dpro.SSOProviderImpl, that entire class name including package prefixes MUST be specified. The main class MUST implement the com.iplanet.sso.SSOProvider interface and MUST have a public no-arg default constructor.
The class SSOTokenManager is a final class that provides interfaces to create and validate SSOTokens.
It is a singleton class; an instance of this class can be obtained by calling SSOTokenManager.getInstance().
Having obtained an instance of SSOTokenManager, its methods can be called to create SSOToken, get SSOToken given the SSOTokenID in string format, and to validate SSOTokens.

Field Summary

Fields
Modifier and Type Field and Description

static Debug debug
Debug class that can be used by SSOProvider implementations

Fields
Modifier and Type	Field and Description
`static Debug`	`debug` Debug class that can be used by SSOProvider implementations

Method Summary

All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`SSOToken`	`createSSOToken(javax.servlet.http.HttpServletRequest request)` Creates a single sign on token from `HttpServletRequest`
`SSOToken`	`createSSOToken(Principal user, String password)` Deprecated. This method has been deprecated. Please use the regular LDAP authentication mechanism instead. More information on how to use the authentication programming interfaces as well as the code samples can be obtained from the "Authenticating Using OpenAM Java SDK" chapter of the OpenAM Developer's Guide.
`SSOToken`	`createSSOToken(String tokenId)` Creates a single sign on token from the single sign on token ID.
`SSOToken`	`createSSOToken(String tokenId, String clientIP)` Creates a single sign on token from the single sign on token ID.
`void`	`destroyToken(SSOToken token)` Destroys a single sign on token.
`void`	`destroyToken(SSOToken destroyer, SSOToken destroyed)` Destroys a single sign on token.
`static SSOTokenManager`	`getInstance()` Returns the singleton instance of `SSOTokenManager`.
`Set`	`getValidSessions(SSOToken requester, String server)` Returns a list of single sign on token objects which correspond to valid Sessions accessible to requester.
`boolean`	`isValidToken(SSOToken token)` Returns true if a single sign on token is valid.
`boolean`	`isValidToken(SSOToken token, boolean resetIdleTime)` Returns true if a single sign on token is valid, resetting the token's idle time if and only if the flag allows us to.
`void`	`logout(SSOToken token)` Logs out of any OpenAM session associated with the token without destroying the token itself.
`void`	`refreshSession(SSOToken token)` Refresh the Session corresponding to the single sign on token from the Session Server.
`void`	`refreshSessionWithoutIdleReset(SSOToken token)` This function will never reset the idle time of the refreshed token.
`SSOToken`	`retrieveValidTokenWithoutResettingIdleTime(String tokenId)` Call this function if you want to retrieve a token whose id you know, you expect to be valid (this function will not create a new token for you) and you don't want its idle time accidentally reset.
`void`	`validateToken(SSOToken token)` Returns true if the single sign on token is valid.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - debug
```
public static final Debug debug
```
    Debug class that can be used by SSOProvider implementations
- Method Detail
  - getInstance
```
public static SSOTokenManager getInstance()
                                   throws SSOException
```
    Returns the singleton instance of SSOTokenManager.
    
    Returns:
    
    The singleton SSOTokenManager instance
    
    Throws:
    
    SSOException - if unable to get the singleton SSOTokenManager instance.
  - createSSOToken
```
public SSOToken createSSOToken(javax.servlet.http.HttpServletRequest request)
                        throws UnsupportedOperationException,
                               SSOException
```
    Creates a single sign on token from HttpServletRequest
    
    Parameters:
    
    request - The HttpServletRequest object which contains the session string.
    
    Returns:
    
    single sign on SSOToken
    
    Throws:
    
    SSOException - if the single sign on token cannot be created.
    
    UnsupportedOperationException - if this is an unsupported operation.
  - createSSOToken
```
public SSOToken createSSOToken(Principal user,
                               String password)
                        throws UnsupportedOperationException,
                               SSOException
```
    Deprecated. This method has been deprecated. Please use the regular LDAP authentication mechanism instead. More information on how to use the authentication programming interfaces as well as the code samples can be obtained from the "Authenticating Using OpenAM Java SDK" chapter of the OpenAM Developer's Guide.
    Creates a single sign on token after authenticating the principal with the given password. This method of creating a single sign on token should only be used for command line applications and it is forbidden to use this single sign on token in any other context (e.g. policy, federation, etc.). A token created with this method is only valid within the context of the calling application. Once the process exits the token will be destroyed. If token is created using this constructor then ONLY these methods of single sign on token is supported -
```
  getAuthType(),
  getHostName(),
  getIPAddress(),
  setProperty(String name, String value),
  getProperty(String name),
  isValid(),
  validate().
 
```
    Parameters:
    
    user - Principal representing a user or service
    
    password - The password supplied for the principal
    
    Returns:
    
    single sign on token
    
    Throws:
    
    SSOException - if the single sign on token cannot be created.
    
    UnsupportedOperationException - if this is an unsupported operation.
  - createSSOToken
```
public SSOToken createSSOToken(String tokenId)
                        throws UnsupportedOperationException,
                               SSOException
```
    Creates a single sign on token from the single sign on token ID. Note:-If you want to do Client's IP address validation for the single sign on token then use creatSSOToken(String, String) OR createSSOToken(HttpServletRequest).
    
    Parameters:
    
    tokenId - Token ID of the single sign on token
    
    Returns:
    
    single sign on token
    
    Throws:
    
    SSOException - if the single sign on token cannot be created.
    
    UnsupportedOperationException
  - createSSOToken
```
public SSOToken createSSOToken(String tokenId,
                               String clientIP)
                        throws UnsupportedOperationException,
                               SSOException
```
    Creates a single sign on token from the single sign on token ID.
    
    Parameters:
    
    tokenId - Token ID of the single sign on token
    
    clientIP - Client IP address. This must be the IP address of the client/user who is accessing the application.
    
    Returns:
    
    single sign on token
    
    Throws:
    
    SSOException - if the single sign on token cannot be created.
    
    UnsupportedOperationException
  - retrieveValidTokenWithoutResettingIdleTime
```
public SSOToken retrieveValidTokenWithoutResettingIdleTime(String tokenId)
                                                    throws UnsupportedOperationException,
                                                           SSOException
```
    Call this function if you want to retrieve a token whose id you know, you expect to be valid (this function will not create a new token for you) and you don't want its idle time accidentally reset.
    
    Parameters:
    
    tokenId - The token id of the token you suspect is valid.
    
    Returns:
    
    The valid token, or null if the token id turned out to be rubbish.
    
    Throws:
    
    UnsupportedOperationException
    
    SSOException
  - isValidToken
```
public boolean isValidToken(SSOToken token)
```
    Returns true if a single sign on token is valid. Your token may have its idle time reset. You have been warned.
    
    Parameters:
    
    token - The single sign on token object to be validated.
    
    Returns:
    
    true if the single sign on token is valid.
  - isValidToken
```
public boolean isValidToken(SSOToken token,
                            boolean resetIdleTime)
```
    Returns true if a single sign on token is valid, resetting the token's idle time if and only if the flag allows us to.
    
    Parameters:
    
    token - The single sign on token object to be validated.
    
    Returns:
    
    true if the single sign on token is valid.
    
    Since:
    
    12.0.0
  - validateToken
```
public void validateToken(SSOToken token)
                   throws SSOException
```
    Returns true if the single sign on token is valid.
    
    Parameters:
    
    token - The single sign on token object to be validated.
    
    Throws:
    
    SSOException - if the single sign on token is not valid.
  - destroyToken
```
public void destroyToken(SSOToken token)
                  throws SSOException
```
    Destroys a single sign on token.
    
    Parameters:
    
    token - The single sign on token object to be destroyed.
    
    Throws:
    
    SSOException - if there was an error while destroying the token, or the corresponding session reached its maximum session/idle time, or the session was destroyed.
  - refreshSession
```
public void refreshSession(SSOToken token)
                    throws SSOException
```
    Refresh the Session corresponding to the single sign on token from the Session Server. This method should only be used when the client cannot wait the "session cache interval" for updates on any changes made to the session properties in the session server. If the client is remote, calling this method results in an over the wire request to the session server.
    
    Parameters:
    
    token - single sign on token
    
    Throws:
    
    SSOException - if the session reached its maximum session time, or the session was destroyed, or there was an error while refreshing the session.
  - refreshSessionWithoutIdleReset
```
public void refreshSessionWithoutIdleReset(SSOToken token)
                                    throws SSOException
```
    This function will never reset the idle time of the refreshed token. Otherwise, see refreshSession(SSOToken)
    
    Parameters:
    
    token - single sign on token
    
    Throws:
    
    SSOException - if the session reached its maximum session time, or the session was destroyed, or there was an error while refreshing the session.
    
    Since:
    
    12.0.0
  - destroyToken
```
public void destroyToken(SSOToken destroyer,
                         SSOToken destroyed)
                  throws SSOException
```
    Destroys a single sign on token.
    
    Parameters:
    
    destroyer - The single sign on token object used to authorize the operation
    
    destroyed - The single sign on token object to be destroyed.
    
    Throws:
    
    SSOException - if the there was an error during communication with session service.
  - getValidSessions
```
public Set getValidSessions(SSOToken requester,
                            String server)
                     throws SSOException
```
    Returns a list of single sign on token objects which correspond to valid Sessions accessible to requester. Single sign on tokens returned are restricted: they can only be used to retrieve properties and destroy sessions they represent.
    
    Parameters:
    
    requester - The single sign on token object used to authorize the operation
    
    server - The server for which the valid sessions are to be retrieved
    
    Returns:
    
    Set The set of single sign on tokens representing valid Sessions.
    
    Throws:
    
    SSOException - if the there was an error during communication with session service.
  - logout
```
public void logout(SSOToken token)
            throws SSOException
```
    Logs out of any OpenAM session associated with the token without destroying the token itself.
    
    Parameters:
    
    token - the token to log out.
    
    Throws:
    
    SSOException - if an error occurs.
    
    Since:
    
    13.0.0

Class SSOTokenManager

Field Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

debug

Method Detail

getInstance

createSSOToken

createSSOToken

createSSOToken

createSSOToken

retrieveValidTokenWithoutResettingIdleTime

isValidToken

isValidToken

validateToken

destroyToken

refreshSession

refreshSessionWithoutIdleReset

destroyToken

getValidSessions

logout