public final class SecurityTokenManagerClient extends Object
SecurityTokenManagerClient is a final
class that provides interfaces to create, get and destroy
Assertions.
The class provides mechanisms to manage the Assertions either
locally (i.e., within the same JVM process) or remotely on another instance
of OpenAM. The default constructor will manage the
Assertions locally if it detects SAML web services running locally,
else will use on of the configured OpenAM. The constructor which
accepts an URL will always use the URL to manage the assertions.
Having obtained an instance of AssertionManagerClient, its
methods can be called to create/get Assertion, and
AssertionArtifact, and to obtain decision from an
Query.
| Constructor and Description |
|---|
SecurityTokenManagerClient(Object credential)
Returns an instance of
SecurityTokenManagerClient |
SecurityTokenManagerClient(String url,
Object credential)
Returns an instance of
SecurityTokenManagerClient
that will use the provided URL for the management
of security tokens. |
| Modifier and Type | Method and Description |
|---|---|
SecurityAssertion |
getSAMLAuthenticationToken(NameIdentifier senderIdentity)
Creates a SAML Assertion for message authentication.
|
SecurityAssertion |
getSAMLAuthorizationToken(NameIdentifier senderIdentity,
SessionContext invocatorSession,
EncryptedResourceID encResourceID,
boolean includeAuthN,
boolean includeResourceAccessStatement,
String recipientProviderID)
Creates a SAML Assertion for message authorization, the assertion could
optionally contain an
AuthenticationStatement which will be
used for message authentication. |
SecurityAssertion |
getSAMLAuthorizationToken(NameIdentifier senderIdentity,
SessionContext invocatorSession,
String resourceID,
boolean includeAuthN,
boolean includeResourceAccessStatement,
String recipientProviderID)
Creates a SAML Assertion for message authorization, the assertion could
optionally contain an
AuthenticationStatement which will be
used for message authentication. |
BinarySecurityToken |
getX509CertificateToken()
Gets the
X509 certificate Token. |
void |
setCertAlias(String certAlias)
Sets the alias of the certificate used for issuing
WSS
token, i.e. |
void |
setCertificate(X509Certificate cert)
Sets the certificate used for issuing
WSS token, i.e. |
public SecurityTokenManagerClient(Object credential) throws SecurityTokenException
SecurityTokenManagerClientcredential - credential of the caller used to see
if access to this security token manager client is allowed.SecurityTokenException - if unable to access the
the security token manager client.public SecurityTokenManagerClient(String url, Object credential) throws SecurityTokenException
SecurityTokenManagerClient
that will use the provided URL for the management
of security tokens.url - the SecurityTokenManagerClient service URL that
will be used to get BinarySecurityToken and
SAMLSecurityToken.credential - credential of the caller used to see
if access to this security token manager client is allowed.SecurityTokenException - if unable to access the
the security token manager client.public void setCertAlias(String certAlias) throws SecurityTokenException
WSS
token, i.e. WSS X509 Token, WSS
SAML Token. If the certAlias is never set, a default
certificate will be used for issuing WSS tokens.certAlias - String alias name for the certificate.SecurityTokenException - if certificate for the
certAlias could not be found in key store.public void setCertificate(X509Certificate cert) throws SecurityTokenException
WSS token, i.e.
WSS X509 Token, WSS SAML Token.
If the certificate is never set, a default certificate will
be used for issuing WSS tokenscert - X509 certificateSecurityTokenException - if could not set Certificate.public BinarySecurityToken getX509CertificateToken() throws SecurityTokenException
X509 certificate Token.X509 certificate Token.SecurityTokenException - if the binary security token could
not be obtained.public SecurityAssertion getSAMLAuthenticationToken(NameIdentifier senderIdentity) throws SecurityTokenException, SAMLException
senderIdentity - name identifier of the sender.AuthenticationStatement.SecurityTokenException - if the assertion could not be obtained.SAMLException - if unable to generate the SAML Assertion.public SecurityAssertion getSAMLAuthorizationToken(NameIdentifier senderIdentity, SessionContext invocatorSession, String resourceID, boolean includeAuthN, boolean includeResourceAccessStatement, String recipientProviderID) throws SecurityTokenException, SAMLException
AuthenticationStatement which will be
used for message authentication.senderIdentity - name identifier of the sender.invocatorSession - SessionContext of the invocation
identity, it is normally obtained by the credential reference in
the SAML AttributeDesignator for discovery resource
offering which is part of the liberty ID-FF
AuthenResponse.resourceID - id for the resource to be accessed.includeAuthN - if true, include an
AutheticationStatement in the Assertion which will be
used for message authentication.includeResourceAccessStatement - if true, a
ResourceAccessStatement
will be included in the Assertion
(for AuthorizeRequester directive). If false,
a SessionContextStatement will be included in the
Assertion (for AuthenticationSessionContext
directive). In the case when both AuthorizeRequester
and AuthenticationSessionContext directive need to be
handled, use "true" as parameter here since the
SessionContext will always be included in the
ResourceAccessStatement.recipientProviderID - recipient's provider ID.SecurityAssertion object.SecurityTokenException - if the assertion could not be obtained.SAMLException - if unable to generate the SAML Assertion.public SecurityAssertion getSAMLAuthorizationToken(NameIdentifier senderIdentity, SessionContext invocatorSession, EncryptedResourceID encResourceID, boolean includeAuthN, boolean includeResourceAccessStatement, String recipientProviderID) throws SecurityTokenException, SAMLException
AuthenticationStatement which will be
used for message authentication.senderIdentity - name identifier of the sender.invocatorSession - SessionContext of the invocation
identity, it is normally obtained by the credential reference in
the SAML AttributeDesignator for discovery resource
offering which is part of the liberty ID-FF
AuthenResponse.encResourceID - Encrypted ID for the resource to be accessed.includeAuthN - if true, include an
AutheticationStatement in the
Assertion which will be used for message authentication.includeResourceAccessStatement - if true,
a ResourceAccessStatement will be included in the
Assertion (for AuthorizeRequester directive). If
false, a SessionContextStatement will be included in
the Assertion (for AuthenticationSessionContext
directive). In the case when both AuthorizeRequester
and AuthenticationSessionContext directive need to be
handled, use "true" as parameter here since the
SessionContext will always be included in the
ResourceAccessStatement.recipientProviderID - recipient's provider ID.SecurityAssertion object.SecurityTokenException - if the assertion could not be obtained.SAMLException - if unable to generate the SAML Assertion.Copyright © 2010–2025 Open Identity Platform Community. All rights reserved.