Package com.sun.identity.wss.sts.spi

Class FAMSTSAttributeProvider

  • All Implemented Interfaces:
    com.sun.xml.ws.api.security.trust.STSAttributeProvider
    public class FAMSTSAttributeProvider
extends Object
implements com.sun.xml.ws.api.security.trust.STSAttributeProvider
    The STS attribute provider is used to retrieve an authenticated user or profile attributes and gives it to the assertion generator so that these attributes could be part of SAML attribute statements. The attribute checks first if the end user's SSOToken is present in the OnBehalfOf element in the WS-Trust request and generates SAML Attributes from the user profile. This is the case usually if the STS and web services client is deployed locally on the same or trusted Federal OpenAM instances. If not, it tries to retrieve the web services client profile attributes if it exists.

    • Constructor Detail

      • FAMSTSAttributeProvider

        public FAMSTSAttributeProvider()

    • Method Detail

      • getClaimedAttributes

        public Map<QName,​List<String>> getClaimedAttributes​(Subject subject,
                                                          String appliesTo,
                                                          String tokenType,
                                                          com.sun.xml.ws.api.security.trust.Claims claims)
        Returns all claimed attributes for a given subject.
        Specified by:
        getClaimedAttributes in interface com.sun.xml.ws.api.security.trust.STSAttributeProvider

      • getSSOToken

        protected SSOToken getSSOToken​(String token,
                               String appTokenId)
                        throws SSOException
        Check if agent token ID is appended to the token string. if yes, we use it as a restriction context. This is meant for cookie hijacking feature where agent appends the agent token ID to the user sso token before sending it over to the server for validation.
        Throws:
        SSOException