Class TokenTransformationFilter
- java.lang.Object
-
- org.forgerock.openig.openam.TokenTransformationFilter
-
- All Implemented Interfaces:
org.forgerock.http.Filter
public class TokenTransformationFilter extends Object implements org.forgerock.http.Filter
ATokenTransformationFilteris responsible to transform a token issued by OpenAM into a token of another type.{ "type": "TokenTransformationFilter", "config": { "openamUri": "https://openam.example.com/openam/", "realm": "/my-realm", "username": "${attributes.username}", "password": "${attributes.password}", "idToken": "${attributes.id_token}", "from": "OPENIDCONNECT", "to": "SAML2", "instance": "oidc-to-saml", "amHandler": "#Handler", "cache-size": "${32000}", "cache-ttl": "${0}", } }The openamUri attribute is the OpenAM base URI against which authentication and STS requests will be issued.
The realm attribute is the OpenAM realm that contains both the subject (described through username and password attributes) and the STS instance (described with instance).
The idToken attribute is an
Expressionspecifying where to get the JWT id_token. Note that the referenced value has to be aString(the JWT encoded value).The instance attribute is the name of an STS instance: a pre-configured transformation available under a specific REST endpoint.
The amHandler attribute is a reference to a
Handlerheap object. That handler will be used for all REST calls to OpenAM (as opposed to thenextHandler of the filter method that is dedicated to continue the execution flow through the chain).After transformation, the returned issued_token (at the moment it is a
Stringthat contains the XML of the generated SAML assertions), is made available in theStsContextfor downstream handlers.The cache-size attribute is an
Expressionspecifying cache size, default value 32000The cache-ttl attribute is an
Expressionspecifying cache ttl in ms, default value 0 ms (cache disabled)If errors are happening during the token transformation, the error response is returned as-is to the caller, and informative messages are being logged for the administrator.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classTokenTransformationFilter.HeapletCreates and initializes a token transformation filter in a heap environment.
-
Constructor Summary
Constructors Constructor Description TokenTransformationFilter(org.forgerock.http.Handler handler, URI endpoint, Expression<String> idToken, String from, String to, com.google.common.cache.Cache<String,String> cache)Constructs a new TokenTransformationFilter transforming the OpenID Connect id_token fromidTokeninto a SAML 2.0 Assertions structure (intotarget).
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description org.forgerock.util.promise.Promise<org.forgerock.http.protocol.Response,org.forgerock.util.promise.NeverThrowsException>filter(org.forgerock.services.context.Context context, org.forgerock.http.protocol.Request request, org.forgerock.http.Handler next)
-
-
-
Constructor Detail
-
TokenTransformationFilter
public TokenTransformationFilter(org.forgerock.http.Handler handler, URI endpoint, Expression<String> idToken, String from, String to, com.google.common.cache.Cache<String,String> cache)Constructs a new TokenTransformationFilter transforming the OpenID Connect id_token fromidTokeninto a SAML 2.0 Assertions structure (intotarget).- Parameters:
handler- pipeline used to send the STS transformation requestendpoint- Fully qualified URI of the STS instance (including the _action=translate query string)idToken- Expression for reading OpenID Connect id_token (expects aString)
-
-
Method Detail
-
filter
public org.forgerock.util.promise.Promise<org.forgerock.http.protocol.Response,org.forgerock.util.promise.NeverThrowsException> filter(org.forgerock.services.context.Context context, org.forgerock.http.protocol.Request request, org.forgerock.http.Handler next)- Specified by:
filterin interfaceorg.forgerock.http.Filter
-
-