Package org.forgerock.openam.sts.token.provider

Class TokenServiceConsumerImpl

    • Method Detail

      • getSAML2BearerAssertion

        public String getSAML2BearerAssertion​(String ssoTokenString,
                                      String stsInstanceId,
                                      String realm,
                                      String authnContextClassRef,
                                      String callerSSOTokenString)
                               throws TokenCreationException
        Description copied from interface: TokenServiceConsumer
        Invoke the TokenService to produce a SAML2 Bearer assertion
        Specified by:
        getSAML2BearerAssertion in interface TokenServiceConsumer
        Parameters:
        ssoTokenString - The session id corresponding to the to-be-asserted subject
        stsInstanceId - The instance id of the STS making the invocation
        realm - The realm of the STS making the invocation
        authnContextClassRef - The SAML2 AuthnContext class ref to be included in the SAML2 assertion
        callerSSOTokenString - The session id corresponding to the caller. The TokenService will be protected by an authz module.
        Returns:
        The string representation of the issued token.
        Throws:
        TokenCreationException - if the token could not be created.

      • getSAML2SenderVouchesAssertion

        public String getSAML2SenderVouchesAssertion​(String ssoTokenString,
                                             String stsInstanceId,
                                             String realm,
                                             String authnContextClassRef,
                                             String callerSSOTokenString)
                                      throws TokenCreationException
        Description copied from interface: TokenServiceConsumer
        Invoke the TokenService to produce a SAML2 Bearer assertion
        Specified by:
        getSAML2SenderVouchesAssertion in interface TokenServiceConsumer
        Parameters:
        ssoTokenString - The session id corresponding to the to-be-asserted subject
        stsInstanceId - The instance id of the STS making the invocation
        realm - The realm of the STS making the invocation
        authnContextClassRef - The SAML2 AuthnContext class ref to be included in the SAML2 assertion
        callerSSOTokenString - The session id corresponding to the caller. The TokenService will be protected by an authz module.
        Returns:
        The string representation of the issued token.
        Throws:
        TokenCreationException - if the token could not be created.

      • getSAML2HolderOfKeyAssertion

        public String getSAML2HolderOfKeyAssertion​(String ssoTokenString,
                                           String stsInstanceId,
                                           String realm,
                                           String authnContextClassRef,
                                           ProofTokenState proofTokenState,
                                           String callerSSOTokenString)
                                    throws TokenCreationException
        Description copied from interface: TokenServiceConsumer
        Invoke the TokenService to produce a SAML2 Bearer assertion
        Specified by:
        getSAML2HolderOfKeyAssertion in interface TokenServiceConsumer
        Parameters:
        ssoTokenString - The session id corresponding to the to-be-asserted subject
        stsInstanceId - The instance id of the STS making the invocation
        realm - The realm of the STS making the invocation
        authnContextClassRef - The SAML2 AuthnContext class ref to be included in the SAML2 assertion
        proofTokenState - The ProofTokenState used as the proof token in the HoK assertion.
        callerSSOTokenString - The session id corresponding to the caller. The TokenService will be protected by an authz module.
        Returns:
        The string representation of the issued token.
        Throws:
        TokenCreationException - if the token could not be created.

      • getOpenIdConnectToken

        public String getOpenIdConnectToken​(String ssoTokenString,
                                    String stsInstanceId,
                                    String realm,
                                    String authnContextClassRef,
                                    Set<String> authnMethodReferences,
                                    long authnTimeInSeconds,
                                    String nonce,
                                    String callerSSOTokenString)
                             throws TokenCreationException
        Description copied from interface: TokenServiceConsumer
        Invoke the TokenService to produce a OpenId Connect Token
        Specified by:
        getOpenIdConnectToken in interface TokenServiceConsumer
        Parameters:
        ssoTokenString - The session id corresponding to the to-be-asserted subject
        stsInstanceId - The instance id of the STS making the invocation
        realm - The realm of the STS making the invocation
        authnContextClassRef - The OpenIdConnect AuthnContext class ref to be included in the OIDC token. Corresponds to the acr claim specified here http://openid.net/specs/openid-connect-core-1_0.html#IDToken Can be null.
        authnMethodReferences - State corresponding to the amr claim included in the OIDC token as defined here: http://openid.net/specs/openid-connect-core-1_0.html#IDToken. Can be null
        authnTimeInSeconds - used to set the auth_time claim as specified here: http://openid.net/specs/openid-connect-core-1_0.html#IDToken.
        nonce - Used to set the nonce claim as specified here: http://openid.net/specs/openid-connect-core-1_0.html#IDToken. This value will be taken from the original sts invocation.
        callerSSOTokenString - The session id corresponding to the caller. The TokenService will be protected by an authz module.
        Returns:
        The string representation of the issued token.
        Throws:
        TokenCreationException - if the token could not be created.

      • validateToken

        public boolean validateToken​(String tokenId,
                             String callerSSOTokenString)
                      throws TokenValidationException
        Description copied from interface: TokenServiceConsumer
        Invoke the TokenService to validate a token. In the 13 release, as no SAML2 authN module is present, this method will only check the CTS to determine if the token has been persisted.
        Specified by:
        validateToken in interface TokenServiceConsumer
        Parameters:
        tokenId - The id of the to-be-canceled token.
        callerSSOTokenString - The session id corresponding to the caller. The TokenService will be protected by an authz module.
        Returns:
        true if the token is valid.
        Throws:
        TokenValidationException

      • cancelToken

        public void cancelToken​(String tokenId,
                        String callerSSOTokenString)
                 throws TokenCancellationException
        Description copied from interface: TokenServiceConsumer
        Invoke the TokenService to cancel a token. In the 13 release, this will only remove the token with the specified id from the CTS.
        Specified by:
        cancelToken in interface TokenServiceConsumer
        Parameters:
        tokenId - The id of the to-be-canceled token.
        callerSSOTokenString - The session id corresponding to the caller. The TokenService will be protected by an authz module.
        Throws:
        TokenCancellationException - in case the token could not be canceled.