Package org.forgerock.openam.shared.sts

Class SharedSTSConstants

  • public final class SharedSTSConstants
extends Object
    Defines some constants shared between the openam-sts module and the sts ViewBean/Model in openam-console.

    • Field Detail

      • STS_PUBLISH_INVOCATION_CONTEXT

        public static final String STS_PUBLISH_INVOCATION_CONTEXT
        The name of the json field in the json rest-sts publish invocation that references the field which allows the marshalling logic in the {Rest|Soap}STSPublishServiceRequestHandler to distinguish between programmatic invocations via the client stk classes, which will publish with state generated by calling toJson() on an instance of the {Rest|Soap}STSInstanceConfig class, and the {Rest|Soap}SecurityTokenServiceViewBean, which will publish with state harvested from the ViewBean property sheet, and will thus be in the format of Map>.
        See Also:
        Constant Field Values

      • STS_PUBLISH_INVOCATION_CONTEXT_VIEW_BEAN

        public static final String STS_PUBLISH_INVOCATION_CONTEXT_VIEW_BEAN
        Used as the value for the STS_PUBLISH_INVOCATION_CONTEXT key for invocations to the rest sts publish service issued by the RestSecurityTokenServiceViewBean.
        See Also:
        Constant Field Values

      • STS_PUBLISH_INSTANCE_STATE

        public static final String STS_PUBLISH_INSTANCE_STATE
        Used as the key to the JsonValue corresponding to a wrapped Map> or the output of {Rest|Soap}STSInstanceConfig#toJson(), depending upon the invocation context.
        See Also:
        Constant Field Values

      • DEPLOYMENT_REALM

        public static final String DEPLOYMENT_REALM
        This field referenced in RestDeploymentConfig.DEPLOYMENT_REALM. It is the name of the key of the json field referencing the realm in which the rest instance is deployed, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • OIDC_ISSUER

        public static final String OIDC_ISSUER
        This field referenced in OpenIdConnectTokenConfig.ISSUER. It is the name of the key of the json field referencing the id of the OIDC token issuer, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • OIDC_TOKEN_LIFETIME

        public static final String OIDC_TOKEN_LIFETIME
        This field referenced in OpenIdConnectTokenConfig.TOKEN_LIFETIME. It is the name of the key of the json field referencing the token lifetime of issued oidc tokens, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • OIDC_CLIENT_SECRET

        public static final String OIDC_CLIENT_SECRET
        This field referenced in OpenIdConnectTokenConfig.CLIENT_SECRET. It is the name of the key of the json field referencing the secret used as HMAC signing key, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • OIDC_KEYSTORE_LOCATION

        public static final String OIDC_KEYSTORE_LOCATION
        This field referenced in OpenIdConnectTokenConfig.KEYSTORE_LOCATION. It is the name of the key of the json field referencing the keystore location, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • OIDC_KEYSTORE_PASSWORD

        public static final String OIDC_KEYSTORE_PASSWORD
        This field referenced in OpenIdConnectTokenConfig.KEYSTORE_PASSWORD. It is the name of the key of the json field referencing the keystore password, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • OIDC_SIGNATURE_KEY_ALIAS

        public static final String OIDC_SIGNATURE_KEY_ALIAS
        This field referenced in OpenIdConnectTokenConfig.SIGNATURE_KEY_ALIAS. It is the name of the key of the json field referencing the keystore signature key alias, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • OIDC_SIGNATURE_KEY_PASSWORD

        public static final String OIDC_SIGNATURE_KEY_PASSWORD
        This field referenced in OpenIdConnectTokenConfig.SIGNATURE_KEY_PASSWORD. It is the name of the key of the json field referencing the keystore singature key password, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • OIDC_SIGNATURE_ALGORITHM

        public static final String OIDC_SIGNATURE_ALGORITHM
        This field referenced in OpenIdConnectTokenConfig.SIGNATURE_ALGORITHM. It is the name of the key of the json field referencing the signature algorithm, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • OIDC_CLAIM_MAP

        public static final String OIDC_CLAIM_MAP
        This field referenced in OpenIdConnectTokenConfig.CLAIM_MAP. It is the name of the key of the json field referencing the claim map, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • OIDC_AUDIENCE

        public static final String OIDC_AUDIENCE
        This field referenced in OpenIdConnectTokenConfig.AUDIENCE. It is the name of the key of the json field referencing the audience of issued OIDC tokens, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • SAML2_TOKEN_LIFETIME

        public static final String SAML2_TOKEN_LIFETIME
        This field referenced in SAML2Config.TOKEN_LIFETIME. It is the name of the key of the json field referencing the token lifetime of issued saml2 assertions, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • SAML2_SIGN_ASSERTION

        public static final String SAML2_SIGN_ASSERTION
        This field referenced in SAML2Config.SIGN_ASSERTION. It is the name of the key of the json field referencing whether the issued assertion should be signed, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • SAML2_ENCRYPT_NAME_ID

        public static final String SAML2_ENCRYPT_NAME_ID
        This field referenced in SAML2Config.ENCRYPT_NAME_ID. It is the name of the key of the json field referencing whether the issued assertion should have its NameID encrypted, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • SAML2_ENCRYPT_ATTRIBUTES

        public static final String SAML2_ENCRYPT_ATTRIBUTES
        This field referenced in SAML2Config.ENCRYPT_ATTRIBUTES. It is the name of the key of the json field referencing whether the issued assertion should have its Attributes encrypted, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • SAML2_ENCRYPT_ASSERTION

        public static final String SAML2_ENCRYPT_ASSERTION
        This field referenced in SAML2Config.ENCRYPT_ASSERTION. It is the name of the key of the json field referencing whether the issued assertion should be encrypted, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • SAML2_ENCRYPTION_ALGORITHM

        public static final String SAML2_ENCRYPTION_ALGORITHM
        This field referenced in SAML2Config.ENCRYPTION_ALGORITHM. It is the name of the key of the json field referencing the type of encryption algorithm, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • SAML2_ENCRYPTION_ALGORITHM_STRENGTH

        public static final String SAML2_ENCRYPTION_ALGORITHM_STRENGTH
        This field referenced in SAML2Config.ENCRYPTION_ALGORITHM_STRENGTH. It is the name of the key of the json field referencing the strength of the encryption algorithm, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • SAML2_KEYSTORE_FILE_NAME

        public static final String SAML2_KEYSTORE_FILE_NAME
        This field referenced in SAML2Config.KEYSTORE_FILE_NAME. It is the name of the key of the json field referencing the keystore location for keys used to sign and encrypt SAML assertions, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • SAML2_KEYSTORE_PASSWORD

        public static final String SAML2_KEYSTORE_PASSWORD
        This field referenced in SAML2Config.KEYSTORE_PASSWORD. It is the name of the key of the json field referencing the keystore password, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • SAML2_SIGNATURE_KEY_ALIAS

        public static final String SAML2_SIGNATURE_KEY_ALIAS
        This field referenced in SAML2Config.SIGNATURE_KEY_ALIAS. It is the name of the key of the json field referencing the signature key alias, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • SAML2_SIGNATURE_KEY_PASSWORD

        public static final String SAML2_SIGNATURE_KEY_PASSWORD
        This field referenced in SAML2Config.SIGNATURE_KEY_PASSWORD. It is the name of the key of the json field referencing the signature key password, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • SAML2_SP_ENTITY_ID

        public static final String SAML2_SP_ENTITY_ID
        This field referenced in SAML2Config.SP_ENTITY_ID. It is the name of the key of the json field referencing the entity id of the SP for whom generated assertions are intended, which also matches the name of the AttributeSchema element defined in restSTS.xml
        See Also:
        Constant Field Values

      • SAML2_SP_ACS_URL

        public static final String SAML2_SP_ACS_URL
        This field referenced in SAML2Config.SP_ACS_URL. It is the name of the key of the json field referencing the url of the SP's assertion consumer service, which is required when issuing bearer assertions. Also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • SAML2_ENCRYPTION_KEY_ALIAS

        public static final String SAML2_ENCRYPTION_KEY_ALIAS
        This field referenced in SAML2Config.ENCRYPTION_KEY_ALIAS. It is the name of the key of the json field referencing the public key of the SP intented to consume issued assertions, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • SAML2_ATTRIBUTE_MAP

        public static final String SAML2_ATTRIBUTE_MAP
        This field referenced in SAML2Config.ATTRIBUTE_MAP. It is the name of the key of the json field referencing the map of saml2 attributes, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • DEPLOYMENT_URL_ELEMENT

        public static final String DEPLOYMENT_URL_ELEMENT
        This field referenced in RestDeploymentConfig.URI_ELEMENT. It is the name of the key of the json field referencing the realm-relative url element where a published rest instance is to be exposed, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • OFFLOADED_TWO_WAY_TLS_HEADER_KEY

        public static final String OFFLOADED_TWO_WAY_TLS_HEADER_KEY
        If a rest-sts instance is configured to support a token transformation with an x509 token as an input token type, the instance must be invoked via a two-way TLS exchange (i.e. where the client presents their certificate). If OpenAM is deployed behind a tls-offloading engine, the client certificate won't be set as a HttpServletRequest attribute referenced by the jakarta.servlet.request.X509Certificate key, but rather the rest sts instance must be configured with the name of the http header where the tls-offloading engine will store the client certificate prior to invoking OpenAM.
        See Also:
        Constant Field Values

      • TLS_OFFLOAD_ENGINE_HOSTS

        public static final String TLS_OFFLOAD_ENGINE_HOSTS
        If a rest-sts instance is configured to support a token transformation with an x509 token as an input token type, the instance must be invoked via a two-way TLS exchange (i.e. where the client presents their certificate). If OpenAM is deployed behind a tls-offloading engine, the client certificate won't be set as a HttpServletRequest attribute referenced by the jakarta.servlet.request.X509Certificate key, but rather the rest sts instance must be configured with the name of the http header where the tls-offloading engine will store the client certificate prior to invoking OpenAM. The rest-sts instance will undertake the further check to determine if the ip address invoking the rest-sts corresponds to the set of IP-addresses corresponding to the TLS-offload-engine hosts.
        See Also:
        Constant Field Values

      • ISSUER_NAME

        public static final String ISSUER_NAME
        This field referenced in SAML2Config.ISSUER_NAME. It is the name of the key of the json field referencing the IdP id of the SAML2 token issuer, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • SUPPORTED_TOKEN_TRANSFORMS

        public static final String SUPPORTED_TOKEN_TRANSFORMS
        This field referenced in RestSTSInstanceConfig.SUPPORTED_TOKEN_TRANSFORMS. It is the name of the key of the json field referencing the set of token transformations, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • CUSTOM_TOKEN_PROVIDERS

        public static final String CUSTOM_TOKEN_PROVIDERS
        This field referenced in RestSTSInstanceConfig.CUSTOM_TOKEN_PROVIDERS It is the name of the key of the json field referencing the set of custom token providers, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • CUSTOM_TOKEN_VALIDATORS

        public static final String CUSTOM_TOKEN_VALIDATORS
        This field referenced in RestSTSInstanceConfig.CUSTOM_TOKEN_VALIDATORS It is the name of the key of the json field referencing the set of custom token validators, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • CUSTOM_TOKEN_TRANSFORMS

        public static final String CUSTOM_TOKEN_TRANSFORMS
        This field referenced in RestSTSInstanceConfig.CUSTOM_TOKEN_TRANSFORMS It is the name of the key of the json field referencing the set of custom token translations, which also matches the name of the AttributeSchema element defined in restSTS.xml.
        See Also:
        Constant Field Values

      • REST_PUBLISH_SERVICE_URL_ELEMENT

        public static final String REST_PUBLISH_SERVICE_URL_ELEMENT
        The url element at which the rest publish service is exposed. Corresponds to the entry in web.xml defining the servlet-mapping for the sts-publish servlet.
        See Also:
        Constant Field Values

      • SOAP_PUBLISH_SERVICE_URL_ELEMENT

        public static final String SOAP_PUBLISH_SERVICE_URL_ELEMENT
        The url element at which the soap publish service is exposed. Corresponds to the entry in web.xml defining the servlet-mapping for the sts-publish servlet.
        See Also:
        Constant Field Values

      • PUBLISH_SERVICE_CREATE_ACTION_URL_ELEMENT

        public static final String PUBLISH_SERVICE_CREATE_ACTION_URL_ELEMENT
        The url constituent, appended to the REST_PUBLISH_SERVICE_URL_ELEMENT, which will trigger a POST to the rest-sts-publish crest service to create a new rest sts instance.
        See Also:
        Constant Field Values

      • APPLICATION_JSON

        public static final String APPLICATION_JSON
        The JSON HTTP content type header value.
        See Also:
        Constant Field Values

      • CREST_VERSION_HEADER_KEY

        public static final String CREST_VERSION_HEADER_KEY
        The name of the CREST header identifying the version of a targeted service.
        See Also:
        Constant Field Values

      • CUSTOM_WSDL_LOCATION

        public static final String CUSTOM_WSDL_LOCATION
        Name of configuration key referencing a custom wsdl file.
        See Also:
        Constant Field Values

      • CUSTOM_SERVICE_QNAME

        public static final String CUSTOM_SERVICE_QNAME
        Name of configuration key referencing a custom service name specified in a custom wsdl file.
        See Also:
        Constant Field Values

      • CUSTOM_PORT_QNAME

        public static final String CUSTOM_PORT_QNAME
        Name of configuration key referencing a custom service port specified in a custom wsdl file.
        See Also:
        Constant Field Values

      • SECURITY_POLICY_VALIDATED_TOKEN_CONFIG

        public static final String SECURITY_POLICY_VALIDATED_TOKEN_CONFIG
        Name of configuration key referencing the type of SupportingToken specified in the SecurityPolicy bindings protecting a soap-sts instance.
        See Also:
        Constant Field Values

      • SERVICE_QNAME

        public static final String SERVICE_QNAME
        Name of configuration key referencing the name of the service defined in the wsdl which should be exposed.
        See Also:
        Constant Field Values

      • PORT_QNAME

        public static final String PORT_QNAME
        Name of configuration key referencing the name of the port defined in the wsdl which should be exposed.
        See Also:
        Constant Field Values

      • WSDL_LOCATION

        public static final String WSDL_LOCATION
        Name of configuration key referencing the wsdl location.
        See Also:
        Constant Field Values

      • AM_DEPLOYMENT_URL

        public static final String AM_DEPLOYMENT_URL
        Name of configuration key referencing the url of the OpenAM deployment.
        See Also:
        Constant Field Values

      • CUSTOM_WSDL_FILE_INDICATOR

        public static final String CUSTOM_WSDL_FILE_INDICATOR
        One of the possible selections defined in propertySoapSecurityTokenService.xml, under the deployment-wsdl-location property, which allows the user to indicate that they wish to specify a custom wsdl location.
        See Also:
        Constant Field Values

      • WS_TRUST_NAMESPACE

        public static final String WS_TRUST_NAMESPACE
        The namespace defined by the WS-Trust specification.
        See Also:
        Constant Field Values

      • STANDARD_STS_SERVICE_QNAME

        public static final QName STANDARD_STS_SERVICE_QNAME
        The name of the sts service in all of the standard wsdl definitions.

      • STANDARD_STS_PORT_QNAME

        public static final QName STANDARD_STS_PORT_QNAME
        The name of the sts service port in all of the standard wsdl definitions.

      • DELEGATION_RELATIONSHIP_SUPPORTED

        public static final String DELEGATION_RELATIONSHIP_SUPPORTED
        Name of a property defined in propertySoapSecurityTokenService.xml and soapSTS.xml which indicates whether the soap-sts instance will plug-in token validators for ActAs/OnBehalfOf elements included in RequestSecurityToken invocations.
        See Also:
        Constant Field Values

      • DELEGATION_TOKEN_VALIDATORS

        public static final String DELEGATION_TOKEN_VALIDATORS
        Corresponds to entries in propertySoapSecurityTokenService.xml and soapSTS.xml which indicate which tokens can be included as ActAs/OnBehalfOf elements in a RST.
        See Also:
        Constant Field Values

      • CUSTOM_DELEGATION_TOKEN_HANDLERS

        public static final String CUSTOM_DELEGATION_TOKEN_HANDLERS
        Corresponds to entries in propertySoapSecurityTokenService.xml and soapSTS.xml which specify custom TokenDelegationHandler implementations which will validate token elements included as ActAs/OnBehalfOf elements in a RST.
        See Also:
        Constant Field Values

      • AM_INTERNAL_SOAP_STS_KEYSTORE

        public static final String AM_INTERNAL_SOAP_STS_KEYSTORE
        Name of keystore which stores the password encryption key for soap-sts deployments.
        See Also:
        Constant Field Values

      • AM_INTERNAL_SOAP_STS_KEYSTORE_TYPE

        public static final String AM_INTERNAL_SOAP_STS_KEYSTORE_TYPE
        The type of keystore used internally by the soap-sts.
        See Also:
        Constant Field Values

      • AM_INTERNAL_PEK_ALIAS

        public static final String AM_INTERNAL_PEK_ALIAS
        Alias for the soap-sts password encryption key.
        See Also:
        Constant Field Values

      • AM_INTERNAL_SOAP_STS_KEYSTORE_PW

        public static final String AM_INTERNAL_SOAP_STS_KEYSTORE_PW
        The soap-sts internal keystore pw.
        See Also:
        Constant Field Values