|
IBM WebSphere Application ServerTM Release 8 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.ibm.websphere.wssecurity.callbackhandler.SAMLIdAssertionCallbackHandler
public class SAMLIdAssertionCallbackHandler
This class is a callback handler for asserting SAMLToken to WebSphere WSCredential. This callback handler define rules to map SAMLToken attributes to WebSphere WSCredential. You use this handler to specify a list of trusted SAML issuer names from who attributes might be asserted to WSCredential. For SAML token issued from the listed trusted issuers, you can specify which attribute name and attribute name space define security realm, principal, and group memberships. All issuer names are trusted by default. The default principal name is NameId for SAML 2.0 or NameIdentifier for SAML 1.1. The default realm is set to be issuer name. If attribute to WSCredential mapping rule is not defined, the following default mapping rule is applied: 1. All issuers are trusted. 2. the realm is issuer name. 3. The principal is SAML NameID or NameIdentifier., and 4. The group memberships will be searched from a list of attribute names, including "group", "groups", "groupmembership", 'membership", "members", "memberof", "memberOf", "groupid", "role", "roles", "PrimaryGroupId", and "GroupIds".
The custom property "issuer" is trusted issuer name whose name is
issuer_n
where n
is an integer.
The custom property "principalName" is the attribute name for principal whose name is
principalNamen
where n
is an integer.
The custom property "principalNamespace" is the attribute name space for principal whose name is
principalNamespace_n
where n
is an integer.
The custom property "realmName" is the attribute name for realm whose name is
realmName_n
where n
is an integer.
The custom property "realmNamespace" is the attribute name space for realm whose name is
realmNamespace_n
where n
is an integer.
The custom property "groupName" is the attribute name for groups whose name is
groupName_n
where n
is an integer.
The custom property "groupNamespace" is the attribute name space for groups whose name is
groupNamespace_n
where n
is an integer.
The custom property "realmNameRange" is a white space delimited String that lists all names could be used as trusted realm whose name is
realmNameRange_n
where n
is an integer.
The custom property "uniqueId" is the attribute name for WebSphere credential's unique ID whose name is
uniqueId_n
where n
is an integer.
The custom property "uniqueIdNamespace" is the attribute name space for WebSphere credential's unique ID whose name is
uniqueIdNamespace_n
where n
is an integer.
SAMLToken
,
SAMLIdAssertionCallback
Field Summary | |
---|---|
static java.lang.String |
ACCESSID
|
static java.lang.String |
ACCESSIDNAMESPACE
|
static java.lang.String |
CROSS_DOMAIN_ID_ASSERTION
|
static java.lang.String |
GROUPNAMESPACE
|
static java.lang.String |
GROUPS
|
static java.lang.String |
ISSUER
|
static java.lang.String |
PRINCIPAL
|
static java.lang.String |
PRINCIPALNAMESPACE
|
static java.lang.String |
REALM
|
static java.lang.String |
REALM_RANGE
|
static java.lang.String |
REALMNAMESPACE
|
static java.lang.String |
USEISSUERNAMEFORREALM
|
static java.lang.String |
USENAMEQUALIFIERFORREALM
|
Constructor Summary | |
---|---|
SAMLIdAssertionCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
|
Method Summary | |
---|---|
void |
handle(javax.security.auth.callback.Callback[] callbacks)
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String ISSUER
public static final java.lang.String PRINCIPAL
public static final java.lang.String PRINCIPALNAMESPACE
public static final java.lang.String GROUPS
public static final java.lang.String GROUPNAMESPACE
public static final java.lang.String REALM
public static final java.lang.String REALMNAMESPACE
public static final java.lang.String CROSS_DOMAIN_ID_ASSERTION
public static final java.lang.String REALM_RANGE
public static final java.lang.String ACCESSID
public static final java.lang.String ACCESSIDNAMESPACE
public static final java.lang.String USENAMEQUALIFIERFORREALM
public static final java.lang.String USEISSUERNAMEFORREALM
Constructor Detail |
---|
public SAMLIdAssertionCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
Method Detail |
---|
public void handle(javax.security.auth.callback.Callback[] callbacks) throws java.io.IOException, javax.security.auth.callback.UnsupportedCallbackException
handle
in interface javax.security.auth.callback.CallbackHandler
java.io.IOException
javax.security.auth.callback.UnsupportedCallbackException
|
IBM WebSphere Application ServerTM Release 8 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |