public class LibSecurityTokenProvider extends Object implements SecurityTokenProvider
LibSecurityTokenProvider is an default
implementation for SecurityTokenProvider.| Modifier and Type | Field and Description |
|---|---|
protected static SecurityAttributePlugin |
attributePlugin |
protected String |
authTime |
protected String |
authType |
protected KeyProvider |
keystore |
protected XMLSignatureManager |
sigManager |
| Constructor and Description |
|---|
LibSecurityTokenProvider() |
| Modifier and Type | Method and Description |
|---|---|
SecurityAssertion |
getSAMLAuthenticationToken(NameIdentifier senderIdentity)
Creates a SAML Assertion for message authentication.
|
SecurityAssertion |
getSAMLAuthorizationToken(NameIdentifier senderIdentity,
SessionContext invocatorSession,
EncryptedResourceID encResourceID,
boolean includeAuthN,
boolean includeResourceAccessStatement,
String recipientProviderID)
Creates a SAML Assertion for message authorization, the assertion could
optionally contain an AuthenticationStatement which will be used for
message authentication.
|
SecurityAssertion |
getSAMLAuthorizationToken(NameIdentifier senderIdentity,
SessionContext invocatorSession,
String resourceID,
boolean includeAuthN,
boolean includeResourceAccessStatement,
String recipientProviderID)
Creates a SAML Assertion for message authorization, the assertion could
optionally contain an AuthenticationStatement which will be used for
message authentication.
|
SecurityAssertion |
getSAMLBearerToken(NameIdentifier senderIdentity,
SessionContext invocatorSession,
EncryptedResourceID encResourceID,
boolean includeAuthN,
boolean includeResourceAccessStatement,
String recipientProviderID)
Creates a SAML assertion.
|
SecurityAssertion |
getSAMLBearerToken(NameIdentifier senderIdentity,
SessionContext invocatorSession,
String resourceID,
boolean includeAuthN,
boolean includeResourceAccessStatement,
String recipientProviderID)
Creates a SAML assertion.
|
BinarySecurityToken |
getX509CertificateToken()
Gets the X509 certificate Token
|
void |
initialize(Object credential,
XMLSignatureManager sigManager)
Initializes the
LibSecurityTokenProvider. |
void |
setCertAlias(String certAlias)
Sets the alias of the certificate used for issuing WSS token, i.e.
|
void |
setCertificate(X509Certificate cert)
Sets the certificate used for issuing WSS token, i.e.
|
protected XMLSignatureManager sigManager
protected KeyProvider keystore
protected String authTime
protected String authType
protected static SecurityAttributePlugin attributePlugin
public void initialize(Object credential, XMLSignatureManager sigManager) throws SecurityTokenException
LibSecurityTokenProvider.initialize in interface SecurityTokenProvidercredential - The credential of the caller used to see if
access to this security token provider is allowedsigManager - XMLSignatureManager instance of XML digital
signature manager class, used for accessing the certificate
datastore and digital signing of the assertion.SecurityTokenException - if the caller does not have
privilege to access the security authority managerpublic void setCertAlias(String certAlias) throws SecurityTokenException
setCertAlias in interface SecurityTokenProvidercertAlias - String alias name for the certificateSecurityTokenException - if certificate for the
certAlias could not be found in key store.public void setCertificate(X509Certificate cert) throws SecurityTokenException
setCertificate in interface SecurityTokenProvidercert - X509 certificateSecurityTokenException - if could not get cert alias from
corresponding Certificate.public BinarySecurityToken getX509CertificateToken() throws SecurityTokenException
getX509CertificateToken in interface SecurityTokenProviderSecurityTokenException - if the token could not be obtained .public SecurityAssertion getSAMLAuthenticationToken(NameIdentifier senderIdentity) throws SecurityTokenException
getSAMLAuthenticationToken in interface SecurityTokenProvidersenderIdentity - name identifier of the sender.SecurityTokenException - if the assertion could not be obtainedpublic SecurityAssertion getSAMLAuthorizationToken(NameIdentifier senderIdentity, SessionContext invocatorSession, String resourceID, boolean includeAuthN, boolean includeResourceAccessStatement, String recipientProviderID) throws SecurityTokenException
getSAMLAuthorizationToken in interface SecurityTokenProvidersenderIdentity - name identifier of the sender.invocatorSession - SessionContext of the invocation identity, it
is normally obtained by the credential reference in
the SAML AttributeDesignator for discovery resource
offering which is part of the liberty ID-FF
AuthenResponse.resourceID - id for the resource to be accessed.includeAuthN - if true, include an AutheticationStatement in
the Assertion which will be used for message
authentication. if false, no AuthenticationStatement
will be included.includeResourceAccessStatement - if true, a ResourceAccessStatement
will be included in the Assertion (for
AuthorizeRequester directive). If false, a
SessionContextStatement will be included in the
Assertion (for AuthenticationSessionContext directive).
In the case when both AuthorizeRequester and
AuthenticationSessionContext directive need to be
handled, use "true" as parameter here since the
SessionContext will always be included in the
ResourceAccessStatement.recipientProviderID - recipient's provider ID.Assertion object.SecurityTokenException - if the assertion could not be obtained.public SecurityAssertion getSAMLAuthorizationToken(NameIdentifier senderIdentity, SessionContext invocatorSession, EncryptedResourceID encResourceID, boolean includeAuthN, boolean includeResourceAccessStatement, String recipientProviderID) throws SecurityTokenException
getSAMLAuthorizationToken in interface SecurityTokenProvidersenderIdentity - name identifier of the sender.invocatorSession - SessionContext of the invocation identity, it
is normally obtained by the credential reference in the
SAML AttributeDesignator for discovery resource offering
which is part of the liberty ID-FF AuthenResponse.encResourceID - Encrypted ID for the resource to be accessed.includeAuthN - if true, include an AutheticationStatement in the
Assertion which will be used for message authentication.
if false, no AuthenticationStatement will be included.includeResourceAccessStatement - if true, a ResourceAccessStatement
will be included in the Assertion (for
AuthorizeRequester directive). If false, a
SessionContextStatement will be included in the
Assertion (for AuthenticationSessionContext directive).
In the case when both AuthorizeRequester and
AuthenticationSessionContext directive need to be
handled, use "true" as parameter here since the
SessionContext will always be included in the
ResourceAccessStatement.recipientProviderID - recipient's provider ID.Assertion objectSecurityTokenException - if the assertion could not be obtainedpublic SecurityAssertion getSAMLBearerToken(NameIdentifier senderIdentity, SessionContext invocatorSession, String resourceID, boolean includeAuthN, boolean includeResourceAccessStatement, String recipientProviderID) throws SecurityTokenException
getSAMLBearerToken in interface SecurityTokenProvidersenderIdentity - name identifier of the sender.invocatorSession - SessionContext of the invocation identity, it
is normally obtained by the credential reference in the
SAML AttributeDesignator for discovery resource
offering which is part of the liberty ID-FF
AuthenResponse.resourceID - id for the resource to be accessed.includeAuthN - if true, include an AutheticationStatement in the
Assertion which will be used for message
authentication. if false, no AuthenticationStatement
will be included.includeResourceAccessStatement - if true, a ResourceAccessStatement
will be included in the Assertion (for
AuthorizeRequester directive). If false, a
SessionContextStatement will be included in the
Assertion (for AuthenticationSessionContext directive).
In the case when both AuthorizeRequester and
AuthenticationSessionContext directive need to be
handled, use "true" as parameter here since the
SessionContext will always be included in the
ResourceAccessStatement.recipientProviderID - recipient's provider ID.SecurityAssertionSecurityTokenException - if the assertion could not be obtainedpublic SecurityAssertion getSAMLBearerToken(NameIdentifier senderIdentity, SessionContext invocatorSession, EncryptedResourceID encResourceID, boolean includeAuthN, boolean includeResourceAccessStatement, String recipientProviderID) throws SecurityTokenException
getSAMLBearerToken in interface SecurityTokenProvidersenderIdentity - name identifier of the sender.invocatorSession - SessionContext of the invocation identity, it
is normally obtained by the credential reference in the
SAML AttributeDesignator for discovery resource
offering which is part of the liberty ID-FF
AuthenResponse.encResourceID - Encrypted ID for the resource to be accessed.includeAuthN - if true, include an AutheticationStatement in the
Assertion which will be used for message
authentication. if false, no AuthenticationStatement
will be included.includeResourceAccessStatement - if true, a ResourceAccessStatement
will be included in the Assertion (for
AuthorizeRequester directive). If false, a
SessionContextStatement will be included in the
Assertion (for AuthenticationSessionContext directive).
In the case when both AuthorizeRequester and
AuthenticationSessionContext directive need to be
handled, use "true" as parameter here since the
SessionContext will always be included in the
ResourceAccessStatement.recipientProviderID - recipient's provider ID.Assertion object.SecurityTokenException - if the assertion could not be obtainedCopyright © 2010–2025 Open Identity Platform Community. All rights reserved.