Package com.sun.identity.wsfederation.profile

Class SAML11RequestedSecurityToken

  • All Implemented Interfaces:
    RequestedSecurityToken
    public class SAML11RequestedSecurityToken
extends Object
implements RequestedSecurityToken
    SAML11RequestedSecurityToken represents a concrete RequestedSecurityToken - one containing a SAML 1.1 assertion.

    • Field Detail

      • xmlString

        protected String xmlString

      • signed

        protected boolean signed

      • assertionE

        protected Element assertionE

    • Constructor Detail

      • SAML11RequestedSecurityToken

        public SAML11RequestedSecurityToken​(Node token)
                             throws WSFederationException
        Creates a SAML11RequestedSecurityToken given a DOM Node
        Parameters:
        token - a DOM Node representing a RequestedSecurityToken
        Throws:
        WSFederationException

      • SAML11RequestedSecurityToken

        public SAML11RequestedSecurityToken​(String realm,
                                    String spTokenIssuerName,
                                    String idpEntityId,
                                    int notBeforeSkew,
                                    int effectiveTime,
                                    String certAlias,
                                    String authMethod,
                                    Date authInstant,
                                    NameIdentifier ni,
                                    List attributes)
                             throws WSFederationException
        Creates a SAML11RequestedSecurityToken.
        Parameters:
        realm - the realm of the entities.
        spTokenIssuerName - The name of the SP Token Issuer.
        idpEntityId - identity provifer entity ID - issuer of the token.
        notBeforeSkew - number of seconds to subtract from current time to form Assertion notBefore time.
        effectiveTime - length of time, in seconds, from Assertion's notBefore time to its notOnOrAfter time.
        certAlias - alias of the signing certificate. null means do not sign the assertion
        authMethod - mechanism by which the subject authenticated to the identity provider
        authInstant - time at which the subject authenticated to the identity provider
        ni - SAML 1.1 NameIdentitifer for the subject
        attributes - List of com.sun.identity.saml.assertion.Attribute to include in the Assertion
        Throws:
        WSFederationException - in case of error.

    • Method Detail

      • getTokenId

        public String getTokenId()
        Specified by:
        getTokenId in interface RequestedSecurityToken
        Returns:
        the unique identifier of the RequestedSecurityToken. Maps to the SAML 1.1 Assertion's AssertionID

      • getAssertion

        public Assertion getAssertion()
        Returns:
        the underlying SAML 1.1 Assertion

      • toString

        public String toString()
        This method marshalls the token, returning a String comprising the textual XML representation.
        Overrides:
        toString in class Object
        Returns:
        The textual XML representation of the token.

      • verifyToken

        public Map<String,​Object> verifyToken​(String realm,
                                            String hostEntityId,
                                            int timeskew)
                                     throws WSFederationException
        Verifies the token's validity, checking the signature, validity period etc.
        Specified by:
        verifyToken in interface RequestedSecurityToken
        Parameters:
        realm - the realm of the local entity
        hostEntityId - the local entity ID
        timeskew - permitted skew between service provider and identity provider clocks, in seconds
        Returns:
        a Map of relevant data including Subject and the List of Assertions.
        Throws:
        WSFederationException - in case of any error - invalid token signature, token expired etc.