public final class SecurityTokenManager extends Object
SecurityTokenManager is a final class that
provides interfaces to manage Web Service Security (WSS) Tokens.| Constructor and Description |
|---|
SecurityTokenManager(Object credential)
Returns the security token manager instance, the default
XMLSignatureManager instance will be used for signing
and accessing the data store. |
SecurityTokenManager(Object credential,
XMLSignatureManager signatureManager)
Gets the security token manager instance, this constructor is only
applicable when the client is running in the same JVM as server.
|
| Modifier and Type | Method and Description |
|---|---|
SecurityAssertion |
getSAMLAuthenticationToken(NameIdentifier senderIdentity)
Creates a SAML Assertion for message authentication.
|
SecurityAssertion |
getSAMLAuthorizationToken(NameIdentifier senderIdentity,
SessionContext invocatorSession,
EncryptedResourceID encResourceID,
boolean includeAuthN,
boolean includeResourceAccessStatement,
String recipientProviderID)
Creates a SAML Assertion for message authorization, the assertion could
optionally contain an AuthenticationStatement which will be used for
message authentication.
|
SecurityAssertion |
getSAMLAuthorizationToken(NameIdentifier senderIdentity,
SessionContext invocatorSession,
String resourceID,
boolean includeAuthN,
boolean includeResourceAccessStatement,
String recipientProviderID)
Creates a SAML Assertion for message authorization, the assertion could
optionally contain an AuthenticationStatement which will be used for
message authentication.
|
SecurityAssertion |
getSAMLBearerToken(NameIdentifier senderIdentity,
SessionContext invocatorSession,
EncryptedResourceID encResourceID,
boolean includeAuthN,
boolean includeResourceAccessStatement,
String recipientProviderID)
Creates a SAML assertion.
|
SecurityAssertion |
getSAMLBearerToken(NameIdentifier senderIdentity,
SessionContext invocatorSession,
String resourceID,
boolean includeAuthN,
boolean includeResourceAccessStatement,
String recipientProviderID)
Creates a SAML assertion.
|
BinarySecurityToken |
getX509CertificateToken()
Returns the
X509 certificate Token. |
void |
setCertAlias(String certAlias)
Sets the alias of the certificate used for issuing
WSS
token, i.e. |
void |
setCertificate(X509Certificate cert)
Sets the certificate used for issuing
WSS token, i.e. |
public SecurityTokenManager(Object credential) throws SecurityTokenException
XMLSignatureManager instance will be used for signing
and accessing the data store.credential - The credential of the caller used
to see if access to this security token manager is allowed.SecurityTokenException - if unable to access the
the security token manager.public SecurityTokenManager(Object credential, XMLSignatureManager signatureManager) throws SecurityTokenException
credential - The credential of the caller used
to see if access to this security token manager is allowed.signatureManager - instance of XML digital
signature manager class, used for accessing the certificate
datastore and digital signing of the assertion.SecurityTokenException - if unable to access the
the security token manager.public void setCertAlias(String certAlias) throws SecurityTokenException
WSS
token, i.e. WSS X509 Token, WSS
SAML Token. If the certAlias is never set, a default
certificate will be used for issuing WSS tokens.certAlias - String alias name for the certificate.SecurityTokenException - if certificate for the
certAlias could not be found in key store.public void setCertificate(X509Certificate cert) throws SecurityTokenException
WSS token, i.e.
WSS X509 Token, WSS SAML Token.
If the certificate is never set, a default certificate will
be used for issuing WSS tokenscert - X509 certificateSecurityTokenException - if could not set Certificate.public BinarySecurityToken getX509CertificateToken() throws SecurityTokenException
X509 certificate Token.X509 certificate Token.SecurityTokenException - if the binary security token could
not be obtained.public SecurityAssertion getSAMLAuthenticationToken(NameIdentifier senderIdentity) throws SecurityTokenException, SAMLException
senderIdentity - name identifier of the sender.SecurityTokenException - if the assertion could not be
obtained.SAMLExceptionpublic SecurityAssertion getSAMLAuthorizationToken(NameIdentifier senderIdentity, SessionContext invocatorSession, String resourceID, boolean includeAuthN, boolean includeResourceAccessStatement, String recipientProviderID) throws SecurityTokenException, SAMLException
senderIdentity - name identifier of the sender.invocatorSession - SessionContext of the invocation identity, it
is normally obtained by the credential reference in the SAML
AttributeDesignator for discovery resource offering which is part
of the liberty ID-FF AuthenResponse.resourceID - id for the resource to be accessed.includeAuthN - if true include an AutheticationStatement in
the Assertion which will be used for message authentication.includeResourceAccessStatement - if true, a ResourceAccessStatement
will be included in the Assertion (for AuthorizeRequester
directive). If false, a SessionContextStatement will be included
in the Assertion (for AuthenticationSessionContext directive).
In the case when both AuthorizeRequester and
AuthenticationSessionContext directive need to be handled, use
"true" as parameter here since the SessionContext will always be
included in the ResourceAccessStatement.recipientProviderID - recipient's provider ID.SecurityAssertion object.SecurityTokenException - if the assertion could not be obtained.SAMLExceptionpublic SecurityAssertion getSAMLAuthorizationToken(NameIdentifier senderIdentity, SessionContext invocatorSession, EncryptedResourceID encResourceID, boolean includeAuthN, boolean includeResourceAccessStatement, String recipientProviderID) throws SecurityTokenException
senderIdentity - name identifier of the sender.invocatorSession - SessionContext of the invocation identity, it
is normally obtained by the credential reference in the SAML
AttributeDesignator for discovery resource offering which is part
of the liberty ID-FF AuthenResponse.encResourceID - Encrypted ID for the resource to be accessed.includeAuthN - if true, include an AutheticationStatement in the
Assertion which will be used for message authentication.includeResourceAccessStatement - if true, a ResourceAccessStatement
will be included in the Assertion (for AuthorizeRequester
directive). If false, a SessionContextStatement will be included
in the Assertion (for AuthenticationSessionContext directive).
In the case when both AuthorizeRequester and
AuthenticationSessionContext directive need to be handled, use
"true" as parameter here since the SessionContext will always be
included in the ResourceAccessStatement.recipientProviderID - recipient's provider ID.SecurityAssertion object.SecurityTokenException - if the assertion could not be obtained.public SecurityAssertion getSAMLBearerToken(NameIdentifier senderIdentity, SessionContext invocatorSession, String resourceID, boolean includeAuthN, boolean includeResourceAccessStatement, String recipientProviderID) throws SecurityTokenException, SAMLException
senderIdentity - name identifier of the sender.invocatorSession - SessionContext of the invocation identity, it
is normally obtained by the credential reference in the
SAML AttributeDesignator for discovery resource
offering which is part of the liberty ID-FF
AuthenResponse.resourceID - id for the resource to be accessed.includeAuthN - if true, include an AutheticationStatement in the
Assertion which will be used for message
authentication. if false, no AuthenticationStatement
will be included.includeResourceAccessStatement - if true, a ResourceAccessStatement
will be included in the Assertion (for
AuthorizeRequester directive). If false, a
SessionContextStatement will be included in the
Assertion (for AuthenticationSessionContext directive).
In the case when both AuthorizeRequester and
AuthenticationSessionContext directive need to be
handled, use "true" as parameter here since the
SessionContext will always be included in the
ResourceAccessStatement.recipientProviderID - recipient's provider ID.SecurityAssertion object.SecurityTokenException - if the assertion could not be obtainedSAMLExceptionpublic SecurityAssertion getSAMLBearerToken(NameIdentifier senderIdentity, SessionContext invocatorSession, EncryptedResourceID encResourceID, boolean includeAuthN, boolean includeResourceAccessStatement, String recipientProviderID) throws SecurityTokenException
senderIdentity - name identifier of the sender.invocatorSession - SessionContext of the invocation identity, it
is normally obtained by the credential reference in the
SAML AttributeDesignator for discovery resource
offering which is part of the liberty ID-FF
AuthenResponse.encResourceID - Encrypted ID for the resource to be accessed.includeAuthN - if true, include an AutheticationStatement in the
Assertion which will be used for message
authentication. if false, no AuthenticationStatement
will be included.includeResourceAccessStatement - if true, a ResourceAccessStatement
will be included in the Assertion (for
AuthorizeRequester directive). If false, a
SessionContextStatement will be included in the
Assertion (for AuthenticationSessionContext directive).
In the case when both AuthorizeRequester and
AuthenticationSessionContext directive need to be
handled, use "true" as parameter here since the
SessionContext will always be included in the
ResourceAccessStatement.recipientProviderID - recipient's provider ID.SecurityAssertion object.SecurityTokenException - if the assertion could not be obtainedCopyright © 2010–2025 Open Identity Platform Community. All rights reserved.